Using secrets, detailed help is needed

Question

Using secrets, detailed help is needed

lg007 opened this issue 6 years ago · comments

I would like to ask for some detailed help in using drone.rsync.

I think I already read almost all posts and documentation regarding its use (including #3 and #4), but I am not able to solve my problem.

I am using drone 0:7 (server and agent), running on a dedicated drone server, accessing a target server ("a_server.a_domain.com").

Here are some lines of my pipeline (I didn't list the build part, that works fine):

deploy:
image: drillster/drone-rsync
hosts: [ "a_server.a_domain.com" ]
key: ${RSYNC_KEY}
user: ubuntu
port: 22
source: a/source
target: /a/target
exclude: [ ".git"]
delete: true
recursive: true

When committing a change to the bitbucket repository to where the drone server is integrated, at the deploy stage I get the following error: "No private key specified!"

Before committing the change, I added the secret keys with drone CLI, in the following way:

drone secret add path_to/repository rsync_key @/path/to/.ssh/id_rsa --image drillster/drone-rsync

I also run:
drone secret add path_to/repository RSYNC_KEY @/path/to/.ssh/id_rsa --image drillster/drone-rsync
in case the secret is referenced with capital letters.

I changed key: ${RSYNC_KEY} to [RSYNC_KEY] and [ RSYNC_KEY ] without any luck, because I get the following error:

rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.2]

What am I doing wrong?

Of course I established an SSH connection with a private key before doing the above (SSH access from the drone server to the target server works fine, even I set it to be sudo without prompting a password).

Any help is appreciated.

Michael de Wit · Answer 1 · Tue Aug 21 2018 21:05:42 GMT+0800 (China Standard Time)

I think your problem lies in a missing secrets property of your deploy step. I understand this can be very confusing, as Drone switched the way it deals with secrets several times. IIRC, Drone 0.7 requires you to specify which secrets you want to use in the secrets property of a step:

deploy:
  image: drillster/drone-rsync
  hosts: [ "a_server.a_domain.com" ]
- key: ${RSYNC_KEY}
  user: ubuntu
  port: 22
  source: a/source
  target: /a/target
  exclude: [ ".git"]
  delete: true
  recursive: true
+ secrets:
+   - source: RSYNC_KEY
+     target: plugin_key

Let me know if this worked for you.

lg007 · Answer 2 · Tue Aug 21 2018 21:33:40 GMT+0800 (China Standard Time)

Thanks,

Before I try, one more silly question: the minus sign before "source: RSYNC_KEY" is necessary? I am asking because it is not there before "target"? Or should I put it before "target:" as well?

lg007 · Answer 3 · Wed Aug 22 2018 02:27:02 GMT+0800 (China Standard Time)

Many thanks for your suggestion, it solved my problem!

Khorne · Answer 4 · Thu Oct 11 2018 22:06:37 GMT+0800 (China Standard Time)

I have a similar issue (described here: https://discourse.drone.io/t/deploy-with-rsync-fails-consistently/2771 )
Changing the secrets as described above didn't solve it for me unfortunately. Any ideas?