Remove unneeded SSH setup step

This commit is contained in:
continuist 2025-07-04 22:57:27 -04:00
parent 7cc06431da
commit 3fc060bb64

View file

@ -56,10 +56,9 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy
## Quick Start
1. **Set up CI/CD Linode** (Steps 1-9)
2. **Set up Production Linode** (Steps 10-16)
3. **Configure SSH key exchange** (Step 14)
4. **Set up Forgejo repository secrets** (Step 18)
5. **Test the complete pipeline** (Step 19)
2. **Set up Production Linode** (Steps 10-15)
3. **Set up Forgejo repository secrets** (Step 17)
4. **Test the complete pipeline** (Step 18)
## What's Included
@ -1339,37 +1338,11 @@ sudo systemctl restart docker
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
### Step 14: Set Up SSH Key Authentication
#### 14.1 Add CI/CD Public Key
```bash
# Create .ssh directory for PROD_SERVICE_USER
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# Add the CI/CD public key (copy from CI/CD Linode)
echo "YOUR_CI_CD_PUBLIC_KEY" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
```
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
#### 14.2 Test SSH Connection
From the CI/CD Linode, test the SSH connection:
```bash
ssh production
```
**Expected output**: You should be able to SSH to the production server without a password prompt.
### Step 15: Set Up Forgejo Runner for Production Deployment
### Step 14: Set Up Forgejo Runner for Production Deployment
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
#### 15.1 Install Forgejo Runner
#### 14.1 Install Forgejo Runner
```bash
# Download the latest Forgejo runner
@ -1385,7 +1358,7 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner
forgejo-runner --version
```
#### 15.2 Set Up Runner Directory for PROD_SERVICE_USER
#### 14.2 Set Up Runner Directory for PROD_SERVICE_USER
```bash
# Create runner directory owned by PROD_SERVICE_USER
@ -1393,14 +1366,14 @@ sudo mkdir -p /opt/forgejo-runner
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner
```
#### 15.3 Get Registration Token
#### 14.3 Get Registration Token
1. Go to your Forgejo repository
2. Navigate to **Settings → Actions → Runners**
3. Click **"New runner"**
4. Copy the registration token
#### 15.4 Register the Production Runner
#### 14.4 Register the Production Runner
```bash
# Switch to PROD_SERVICE_USER
@ -1420,9 +1393,9 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner
sudo chmod 600 /opt/forgejo-runner/.runner
```
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 15.3.
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 14.3.
#### 15.5 Create Systemd Service
#### 14.5 Create Systemd Service
```bash
# Create systemd service file
@ -1453,7 +1426,7 @@ sudo systemctl start forgejo-runner.service
sudo systemctl status forgejo-runner.service
```
#### 15.6 Test Runner Configuration
#### 14.6 Test Runner Configuration
```bash
# Check if the runner is running
@ -1480,7 +1453,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
The production runner will automatically handle the deployment process when you push to the main branch.
#### 15.7 Understanding the Production Docker Compose Setup
#### 14.7 Understanding the Production Docker Compose Setup
The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups:
@ -1505,9 +1478,9 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
4. Waits for all services to be healthy
5. Verifies the deployment was successful
### Step 16: Configure Security
### Step 15: Configure Security
#### 16.1 Configure Firewall
#### 15.1 Configure Firewall
```bash
sudo ufw --force enable
@ -1520,23 +1493,23 @@ sudo ufw allow 3000/tcp
sudo ufw allow 3001/tcp
```
#### 16.2 Configure Fail2ban
#### 15.2 Configure Fail2ban
```bash
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
```
### Step 17: Test Production Setup
### Step 16: Test Production Setup
#### 17.1 Test Docker Installation
#### 16.1 Test Docker Installation
```bash
docker --version
docker compose --version
```
#### 17.2 Test Harbor Access
#### 16.2 Test Harbor Access
```bash
# Test pulling an image from the CI/CD Harbor registry
@ -1545,14 +1518,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
#### 17.3 Test Application Deployment
#### 16.3 Test Application Deployment
```bash
cd /opt/APP_NAME
docker compose up -d
```
#### 17.4 Verify Application Status
#### 16.4 Verify Application Status
```bash
docker compose ps