How I setup CICD on my Linode/Akami Virtual Private Server (VPS)
First, Find (or Make) the Keys
This is the hardest step to get out of the house. I never know where my car keys are at, and even though there is a great spot to hang them then never seem to rest there.
I made ssh keys for the root user on my local system. I used a non-default name for the key (vps_root) since I use SSH to more than one VPS from this machine. I Also used a passphrase on the key since it is root, I will not be doing that for the deploy user later since it is just for Jenkins to access and move files.
ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/myLocalUser/.ssh/id_rsa): /home/myLocalUser/.ssh/vps_root
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/myLocalUser/.ssh/vps_root
Your public key has been saved in /home/myLocalUser/.ssh/vps_root.pub
The key fingerprint is:
SHA256:MW...<lots of randomish chars> ...lU myLocalUser@my-laptop
The key's randomart image is:
+---[RSA 2048]----+
| .+o==+.o. ..o|
| .*o*..oo oo|
| o +.=*. . ...o|
| ..S .E+ . |
| .o *.o . |
| . .... |
| .. |
+----[SHA256]-----+I then copied these keys to my VPS.
ssh-copy-id -i ~/.ssh/vps_root root@<ip address of my VPS>The output should be similar to:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/myLocalUser/.ssh/vps_root.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@<ip address of my VPS>'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@<ip address of my VPS>'"
and check to make sure that only the key(s) you wanted were added.So that last bit is a lie in my case. If you did not specify a different key name then ssh root@<ip address of my VPS> will work. In my case I have to use ssh -i ~/.ssh/vps_root root@<ip address of my VPS>.
The -i flag is used to specify the key (identity, actually) to use.
Now that we can login with ssh, we turn of password authentication to the server for a little extra security. ** DO NOT DO THIS IF YOU ARE LOGGING IN WITH SSH ** You will lose access to the VPS if ssh is not working. I know, its confusing but right now you can either use a password to login or an ssh key and this next step takes one of those options away, so you need to be sure you’re not using it.
Second, Create the deploy User on the VPS
Now we need to create the deploy user on the VPS so our Jenkins pipeline can deploy the website. Obviously we are not going to give Jenkins root access to the VPS.
login to the VPS as the root user, and run the following:
This creates the user
sudo adduser deployNow we add the user to the sudo group
sudo usermod -aG sudo deployIf you are using docker you should add the user to the docker group also:
sudo usermod -aG docker deployNext we add the deploy user public key to the authorized_keys file on the VPS.
ssh-copy-id -i ~/.ssh/vps_root deploy@<ip address of my VPS>(Or alternativly, if you do not have ssh-copy-id installed, you can use the following command instead)
cat ~/.ssh/vps_root.pub | ssh deploy@<ip address of my VPS> 'mkdir -p ~/.ssh && cat >> .ssh/authorized_keys'
# then you need to set the permissions on the authorized_keys file
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys