Remove unneeded SSH setup step
This commit is contained in:
parent
7cc06431da
commit
3fc060bb64
1 changed files with 20 additions and 47 deletions
|
@ -56,10 +56,9 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy
|
|||
## Quick Start
|
||||
|
||||
1. **Set up CI/CD Linode** (Steps 1-9)
|
||||
2. **Set up Production Linode** (Steps 10-16)
|
||||
3. **Configure SSH key exchange** (Step 14)
|
||||
4. **Set up Forgejo repository secrets** (Step 18)
|
||||
5. **Test the complete pipeline** (Step 19)
|
||||
2. **Set up Production Linode** (Steps 10-15)
|
||||
3. **Set up Forgejo repository secrets** (Step 17)
|
||||
4. **Test the complete pipeline** (Step 18)
|
||||
|
||||
## What's Included
|
||||
|
||||
|
@ -1339,37 +1338,11 @@ sudo systemctl restart docker
|
|||
|
||||
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
|
||||
|
||||
### Step 14: Set Up SSH Key Authentication
|
||||
|
||||
#### 14.1 Add CI/CD Public Key
|
||||
|
||||
```bash
|
||||
# Create .ssh directory for PROD_SERVICE_USER
|
||||
mkdir -p ~/.ssh
|
||||
chmod 700 ~/.ssh
|
||||
|
||||
# Add the CI/CD public key (copy from CI/CD Linode)
|
||||
echo "YOUR_CI_CD_PUBLIC_KEY" >> ~/.ssh/authorized_keys
|
||||
chmod 600 ~/.ssh/authorized_keys
|
||||
```
|
||||
|
||||
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
|
||||
|
||||
#### 14.2 Test SSH Connection
|
||||
|
||||
From the CI/CD Linode, test the SSH connection:
|
||||
|
||||
```bash
|
||||
ssh production
|
||||
```
|
||||
|
||||
**Expected output**: You should be able to SSH to the production server without a password prompt.
|
||||
|
||||
### Step 15: Set Up Forgejo Runner for Production Deployment
|
||||
### Step 14: Set Up Forgejo Runner for Production Deployment
|
||||
|
||||
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
|
||||
|
||||
#### 15.1 Install Forgejo Runner
|
||||
#### 14.1 Install Forgejo Runner
|
||||
|
||||
```bash
|
||||
# Download the latest Forgejo runner
|
||||
|
@ -1385,7 +1358,7 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner
|
|||
forgejo-runner --version
|
||||
```
|
||||
|
||||
#### 15.2 Set Up Runner Directory for PROD_SERVICE_USER
|
||||
#### 14.2 Set Up Runner Directory for PROD_SERVICE_USER
|
||||
|
||||
```bash
|
||||
# Create runner directory owned by PROD_SERVICE_USER
|
||||
|
@ -1393,14 +1366,14 @@ sudo mkdir -p /opt/forgejo-runner
|
|||
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner
|
||||
```
|
||||
|
||||
#### 15.3 Get Registration Token
|
||||
#### 14.3 Get Registration Token
|
||||
|
||||
1. Go to your Forgejo repository
|
||||
2. Navigate to **Settings → Actions → Runners**
|
||||
3. Click **"New runner"**
|
||||
4. Copy the registration token
|
||||
|
||||
#### 15.4 Register the Production Runner
|
||||
#### 14.4 Register the Production Runner
|
||||
|
||||
```bash
|
||||
# Switch to PROD_SERVICE_USER
|
||||
|
@ -1420,9 +1393,9 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner
|
|||
sudo chmod 600 /opt/forgejo-runner/.runner
|
||||
```
|
||||
|
||||
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 15.3.
|
||||
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 14.3.
|
||||
|
||||
#### 15.5 Create Systemd Service
|
||||
#### 14.5 Create Systemd Service
|
||||
|
||||
```bash
|
||||
# Create systemd service file
|
||||
|
@ -1453,7 +1426,7 @@ sudo systemctl start forgejo-runner.service
|
|||
sudo systemctl status forgejo-runner.service
|
||||
```
|
||||
|
||||
#### 15.6 Test Runner Configuration
|
||||
#### 14.6 Test Runner Configuration
|
||||
|
||||
```bash
|
||||
# Check if the runner is running
|
||||
|
@ -1480,7 +1453,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
|
|||
|
||||
The production runner will automatically handle the deployment process when you push to the main branch.
|
||||
|
||||
#### 15.7 Understanding the Production Docker Compose Setup
|
||||
#### 14.7 Understanding the Production Docker Compose Setup
|
||||
|
||||
The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups:
|
||||
|
||||
|
@ -1505,9 +1478,9 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
|
|||
4. Waits for all services to be healthy
|
||||
5. Verifies the deployment was successful
|
||||
|
||||
### Step 16: Configure Security
|
||||
### Step 15: Configure Security
|
||||
|
||||
#### 16.1 Configure Firewall
|
||||
#### 15.1 Configure Firewall
|
||||
|
||||
```bash
|
||||
sudo ufw --force enable
|
||||
|
@ -1520,23 +1493,23 @@ sudo ufw allow 3000/tcp
|
|||
sudo ufw allow 3001/tcp
|
||||
```
|
||||
|
||||
#### 16.2 Configure Fail2ban
|
||||
#### 15.2 Configure Fail2ban
|
||||
|
||||
```bash
|
||||
sudo systemctl enable fail2ban
|
||||
sudo systemctl start fail2ban
|
||||
```
|
||||
|
||||
### Step 17: Test Production Setup
|
||||
### Step 16: Test Production Setup
|
||||
|
||||
#### 17.1 Test Docker Installation
|
||||
#### 16.1 Test Docker Installation
|
||||
|
||||
```bash
|
||||
docker --version
|
||||
docker compose --version
|
||||
```
|
||||
|
||||
#### 17.2 Test Harbor Access
|
||||
#### 16.2 Test Harbor Access
|
||||
|
||||
```bash
|
||||
# Test pulling an image from the CI/CD Harbor registry
|
||||
|
@ -1545,14 +1518,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
|
|||
|
||||
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
|
||||
|
||||
#### 17.3 Test Application Deployment
|
||||
#### 16.3 Test Application Deployment
|
||||
|
||||
```bash
|
||||
cd /opt/APP_NAME
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
#### 17.4 Verify Application Status
|
||||
#### 16.4 Verify Application Status
|
||||
|
||||
```bash
|
||||
docker compose ps
|
||||
|
|
Loading…
Add table
Reference in a new issue