Diagram:
Generate SSH key in 'gitlab-runner' account on GitLab runner host:
sudo su - gitlab-runner -c "ssh-keygen -N '' -f ~/.ssh/push_to_git"Add the public key as a Deploy Key (deploy keys allowed to access the git project in order to automate deployment of code):
Go to your "www" project,
Go to "Settings" tab,
Go to "Repository" sub-tab,
Select "Expand" option for "Deploy Keys".
Add the public key "push_to_git.pub" (you have to add the public key and give it a title) and check the "Write access allowed" checkbox.
Be careful pasting from the Strigo Web terminal, as it will introduce line endings which will mangle your SSH key.
Run the following as root@Prod to add GitLab Server's host key:
sudo su - root -c "ssh-keyscan -H gitlab.example.com >> ~root/.ssh/known_hosts"As root on Prod web server, generate a key called pull_from_git.
sudo su - root -c "ssh-keygen -N '' -f ~root/.ssh/pull_from_git"Add pull_from_git.pub as a "Deploy Key" and leave "Write access allowed" checkbox
unchecked.
To add a deploy key:
- Go to your "www" project,
- Go to "Settings" tab,
- Go to "Repository" sub-tab,
- Select "Expand" option for "Deploy Keys".
- Add the public key "pull_from_git.pub" (including giving it a title, and unmangle the line breaks if pasting from Strigo Web terminal),
- Select "Add key"
Test your access:
sudo GIT_SSH_COMMAND="ssh -i ~root/.ssh/pull_from_git" git clone [email protected]:root/www.git /tmp/wwwLater, we'll use this trust relationship to download code from Git to the Web server document root.
GIT_SSH_COMMAND requires Git v2.3.0 or newer. If you have an older Git, you can specify SSH key for pulling from GitLab in your SSH client configuration file.