Error memorandum that occurred when creating a CI / CD environment [Rails + CircleCI + Capistrano + AWS]

Introduction

I was able to implement automatic deployment (to EC2 on AWS) in the rails app that I was creating, so I wanted to automate the test and deploy from Circle CI to deployment (CI / CD environment), so I implemented it.

The implementation itself was made by referring to the article of the predecessor. [CircleCI] rails5.2 / Capistrano / Automatic deployment to AWS by CICD environment

I tried to deploy automatically with CircleCI + Capistrano + AWS (EC2) + Rails

The above article has a good explanation including the code, so here I will leave a memorandum about the error that I personally fell in love with.

environment

CircleCI　2.0 Capistrano 3.14.1 Ruby 2.6.5 Rails 6.0.0

① It is said that there is no rspec_junit_formatter

Error when running the test

Error reading historical timing data: file does not exist
Requested weighting by historical based timing, but they are not present. Falling back to weighting by name.
No examples found.
bundler: failed to load command: rspec (/home/circleci/circleci-demo-ruby-rails/vendor/bundle/ruby/2.5.0/bin/rspec)
LoadError: cannot load such file -- rspec_junit_formatter

In conclusion, add rspec_junit_formatter to the gemfile.

Gemfile

group :test do
  gem 'rspec_junit_formatter'  #add to
end

According to the official

Test metadata is not automatically collected in CircleCI 2.0 until you enable the JUnit formatters. For RSpec, Minitest, and Django, add the following configuration to enable the formatters Official Reference

Apparently CircleCI collects test results from XML files. However, it does not collect automatically, but it seems that it will be automatically sucked by inserting this JUnit formatters.

(2) I cannot ssh login to ec2 at the time of deployment.

Error when running bundle exec cap production deploy

cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as ec2-user@××××××××××: Authentication failed for user ec2-user@××××××××××


Caused by:
Net::SSH::AuthenticationFailed: Authentication failed for user ec2-user@××××××××××

There are two possibilities I have listed

1. ** The ssh key set in Circle CI is incorrect **
2. ** Wrong specification of key to be used when deploying with Capistrano **

To check 1, try connecting to CircleCI with ssh and seeing if you can log in to EC2 from inside the container. (Refer to here. How to SSH to Circle CI test environment)

When you press the toggle of Rerun on the build screen, it will appear as shown in the picture below, so press "Rerun Job with SSH".

Then, the public key will be passed, so ssh connection from the terminal with this.

#ssh connection to circle ci ok
circleci@××××××××××:~$

#Ssh connection to ec2
circleci@××××××××××:~$ ssh -i <keypair> ec2-user@<IP address>

#Ssh connection ok with the key set in circle ci on ec2
[ec2-user@ip-×××××××××× ~]$

It seems that the key you set is correct at least that you could connect to ec2, so for the time being, "** The ssh key set in Circle CI is wrong **" seems to be okay.

Next, make sure that you specified the wrong key to use when deploying with ** Capistrano in 2 **. First of all Check the specification on the Capistrano side.

deploy.rb

set :ssh_options, auth_methods: ['publickey'],keys:['~/.ssh/id_rsa']          

Next, check what name the ssh key set in Circle CI is saved.

#Ssh connection to circle ci
circleci@××××××××××:~$ cd .ssh
circleci@××××××××××:~/.ssh$ ls
config  id_rsa  id_rsa_××××××××××  known_hosts

#upper(id_rsa_××××××××××)Added in the cirleci settings

Apparently the registered ssh key is the one with fingerprint added. After all, it was caused by the wrong specification of the key used when deploying with ** Capistrano ** of 2.

deploy.rb

#Change before
set :ssh_options, auth_methods: ['publickey'],keys:['~/.ssh/id_rsa'] 

#After change(fingerprint is ":What is omitted)
set :ssh_options, auth_methods: ['publickey'],keys:['~/.ssh/id_rsa_×××××××××']          

With this, the build was successful and the deployment was completed.

Postscript

When it comes to security issues such as fingerprints and public keys, it still tends to get messy. It seems that slack notification can be done after deployment, so I think I'll try it.