英文:
connecting to a remote server using openvpn in a github actions workflow
问题
这是我的GitHub Actions中的CI工作流程:
name: CI
on:
push:
branches: ["main"]
jobs:
docker-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Poetry
uses: snok/install-poetry@v1
- name: create requirements
run: poetry export --without-hashes --format=requirements.txt > requirements.txt
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build and push image
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}
- name: Deploy to Staging
uses: appleboy/ssh-action@v0.1.10
env:
OVPN_CONFIG: ${{ secrets.VPN_CONFIG }}
VPN_USERNAME: ${{ secrets.VPN_USERNAME }}
VPN_PASSWORD: ${{ secrets.VPN_PASSWORD }}
with:
host: ${{ secrets.STAGING_SERVER_HOST }}
username: ${{ secrets.STAGING_SERVER_USERNAME }}
password: ${{ secrets.STAGING_SERVER_PASSWORD }}
envs: OVPN_CONFIG,VPN_USERNAME,VPN_PASSWORD
script: |
echo "${OVPN_CONFIG}" > vpn-config.ovpn
echo "${VPN_USERNAME}" > vpn-credentials.txt
echo "${VPN_PASSWORD}" >> vpn-credentials.txt
openvpn --config vpn-config.ovpn --auth-user-pass vpn-credentials.txt
sleep 5
ls -la
docker pull ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:latest
docker run -d ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:latest
# Cleanup: Delete the temporary VPN credentials file
rm vpn-credentials.txt
这个工作流程用于构建Docker镜像并在每次推送到主分支时将其上传到Docker Hub,这部分工作正常运行。然后,我希望使用SSH连接到预计托管应用程序的服务器,但为了实现这一点,我必须使用OpenVPN建立VPN连接。这部分似乎有问题,因为连接似乎没有建立。我在这里做错了什么吗?
以下是部分工作流程日志:
***[command]/usr/bin/docker run --name ed866e71fb8133109f4ad988af16a3b2ab46f2_a1dfd1 --label ed866e --workdir /github/workspace --rm -e "VENV" -e "OVPN_CONFIG" -e "VPN_USERNAME" -e "VPN_PASSWORD" ...
======CMD======
echo "${OVPN_CONFIG}" > vpn-config.ovpn
echo "${VPN_USERNAME}" > vpn-credentials.txt
echo "${VPN_PASSWORD}" >> vpn-credentials.txt
openvpn --config vpn-config.ovpn --*** vpn-credentials.txt
sleep 5
ls -la
*** docker pull ***/***:latest
*** docker run -d --name meteor-bot ***/***:latest
*** Cleanup: Delete the temporary VPN credentials file
rm vpn-credentials.txt
======END======
2023/06/15 17:14:46 dial tcp ***:22: i/o timeout
英文:
This is my CI workflow in Github Actions:
name: CI
on:
push:
branches: [ "main" ]
jobs:
docker-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Poetry
uses: snok/install-poetry@v1
- name: create requirements
run: poetry export --without-hashes --format=requirements.txt > requirements.txt
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build and push image
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}
- name: Deploy to Staging
uses: appleboy/ssh-action@v0.1.10
env:
OVPN_CONFIG: ${{ secrets.VPN_CONFIG }}
VPN_USERNAME: ${{ secrets.VPN_USERNAME }}
VPN_PASSWORD: ${{ secrets.VPN_PASSWORD }}
with:
host: ${{ secrets.STAGING_SERVER_HOST }}
username: ${{ secrets.STAGING_SERVER_USERNAME }}
password: ${{ secrets.STAGING_SERVER_PASSWORD }}
envs: OVPN_CONFIG,VPN_USERNAME,VPN_PASSWORD
script: |
echo "${OVPN_CONFIG}" > vpn-config.ovpn
echo "${VPN_USERNAME}" > vpn-credentials.txt
echo "${VPN_PASSWORD}" >> vpn-credentials.txt
openvpn --config vpn-config.ovpn --auth-user-pass vpn-credentials.txt
sleep 5
ls -la
docker pull ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:latest
docker run -d ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:latest
# Cleanup: Delete the temporary VPN credentials file
rm vpn-credentials.txt
The workflow is intended to build a Docker image and upload it to Docker Hub after every push to the main branch, which is working correctly.
After that i want to connect to the server that's supposed to host the app using SSH but in order to do that I have to establish a VPN connection using OpenVPN. This is what's giving me trouble because the connection doesn't seem to get established.
Am i doing something wrong here?
Here's some of the worklow logs:
***[command]/usr/bin/docker run --name ed866e71fb8133109f4ad988af16a3b2ab46f2_a1dfd1 --label ed866e --workdir /github/workspace --rm -e "VENV" -e "OVPN_CONFIG" -e "VPN_USERNAME" -e "VPN_PASSWORD" -e "INPUT_HOST" -e "INPUT_USERNAME" -e "INPUT_PASSWORD" -e "INPUT_ENVS" -e "INPUT_SCRIPT" -e "INPUT_PORT" -e "INPUT_PASSPHRASE" -e "INPUT_SYNC" -e "INPUT_USE_INSECURE_CIPHER" -e "INPUT_CIPHER" -e "INPUT_TIMEOUT" -e "INPUT_COMMAND_TIMEOUT" -e "INPUT_KEY" -e "INPUT_KEY_PATH" -e "INPUT_FINGERPRINT" -e "INPUT_PROXY_HOST" -e "INPUT_PROXY_PORT" -e "INPUT_PROXY_USERNAME" -e "INPUT_PROXY_PASSWORD" -e "INPUT_PROXY_PASSPHRASE" -e "INPUT_PROXY_TIMEOUT" -e "INPUT_PROXY_KEY" -e "INPUT_PROXY_KEY_PATH" -e "INPUT_PROXY_FINGERPRINT" -e "INPUT_PROXY_CIPHER" -e "INPUT_PROXY_USE_INSECURE_CIPHER" -e "INPUT_SCRIPT_STOP" -e "INPUT_ENVS_FORMAT" -e "INPUT_DEBUG" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/***/***":"/github/workspace" ed866e:71fb8133109f4ad988af16a3b2ab46f2
======CMD======
echo "${OVPN_CONFIG}" > vpn-config.ovpn
echo "${VPN_USERNAME}" > vpn-credentials.txt
echo "${VPN_PASSWORD}" >> vpn-credentials.txt
openvpn --config vpn-config.ovpn --*** vpn-credentials.txt
sleep 5
ls -la
*** docker pull ***/***:latest
*** docker run -d --name meteor-bot ***/***:latest
*** Cleanup: Delete the temporary VPN credentials file
rm vpn-credentials.txt
======END======
2023/06/15 17:14:46 dial tcp ***:22: i/o timeout
答案1
得分: 1
这是使用分离的 OpenVPN 操作的示例:
name: OpenVPN
on:
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install OpenVPN
run: |
sudo apt update
sudo apt install -y openvpn openvpn-systemd-resolved
- name: Setup VPN config
run: |
echo "${{ secrets.OVPN_CA }}" > ca.crt
echo "${{ secrets.OVPN_CERT }}" > user.crt
- name: Connect to VPN
uses: "kota65535/github-openvpn-connect-action@v2"
with:
config_file: .github/workflows/ovpn/client.ovpn
username: ${{ secrets.OVPN_USERNAME }}
password: ${{ secrets.OVPN_PASSWORD }}
client_key: ${{ secrets.OVPN_USER_KEY }}
- name: multiple command
uses: appleboy/ssh-action@v0.1.10
with:
host: ${{ secrets.SSH_RELAY }}
username: ${{ secrets.SSH_RELAY_USER }}
password: ${{ secrets.SSH_RELAY_PWD }}
port: ${{ secrets.SSH_RELAY_PORT }}
script: |
whoami
ls -al
- name: Kill VPN connection
if: always()
run: |
sudo killall openvpn
英文:
Here is an example using a separated OpenVPN action:
name: OpenVPN
on:
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install OpenVPN
run: |
sudo apt update
sudo apt install -y openvpn openvpn-systemd-resolved
- name: Setup VPN config
run: |
echo "${{ secrets.OVPN_CA }}" > ca.crt
echo "${{ secrets.OVPN_CERT }}" > user.crt
- name: Connect to VPN
uses: "kota65535/github-openvpn-connect-action@v2"
with:
config_file: .github/workflows/ovpn/client.ovpn
username: ${{ secrets.OVPN_USERNAME }}
password: ${{ secrets.OVPN_PASSWORD }}
client_key: ${{ secrets.OVPN_USER_KEY }}
- name: multiple command
uses: appleboy/ssh-action@v0.1.10
with:
host: ${{ secrets.SSH_RELAY }}
username: ${{ secrets.SSH_RELAY_USER }}
password: ${{ secrets.SSH_RELAY_PWD }}
port: ${{ secrets.SSH_RELAY_PORT }}
script: |
whoami
ls -al
- name: Kill VPN connection
if: always()
run: |
sudo killall openvpn
答案2
得分: 0
结果证明,在尝试SSH之前,我需要实际建立VPN连接,而不是将其作为SSH脚本的一部分使用,因此我只是添加了这一步骤:
- name: 建立VPN连接
run: |
sudo apt update
sudo apt install -y openvpn openvpn-systemd-resolved
echo "${{ secrets.VPN_CONFIG }}" > vpn-config.ovpn
echo "${{ secrets.VPN_USERNAME }}" > vpn-credentials.txt
echo "${{ secrets.VPN_PASSWORD }}" >> vpn-credentials.txt
sudo openvpn --config vpn-config.ovpn --auth-user-pass vpn-credentials.txt --daemon
sleep 15
英文:
Turns out I needed to actually establish the VPN connection before attempting SSH not use it as part of the script inside the SSH so I just added this step:
- name: Establish VPN connection
run: |
sudo apt update
sudo apt install -y openvpn openvpn-systemd-resolved
echo "${{ secrets.VPN_CONFIG }}" > vpn-config.ovpn
echo "${{ secrets.VPN_USERNAME }}" > vpn-credentials.txt
echo "${{ secrets.VPN_PASSWORD }}" >> vpn-credentials.txt
sudo openvpn --config vpn-config.ovpn --auth-user-pass vpn-credentials.txt --daemon
sleep 15
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论