GitHub Actions 工作流程:远程服务器升级/重启并继续下一步

tag-icon tag-icon linux ubuntu github
GitHub Actions 工作流程:远程服务器升级/重启并继续下一步

我正在开始开发工作流 yml 脚本。主要想法是有一个手动触发的“远程服务器”构建文件,在“主机服务器”中设置所有必要的应用程序,该服务器稍后将处理 docker 容器,其他工作流将由合并触发器处理。

我面临的问题是服务器配置的第一步。手动操作如下:

apt update
apt apt upgrade -y
sudo reboot

等待服务器重新启动(重新上线)以便加载新内核并继续安装。

我正在尝试在 GitHub Actions Workflow 中自动执行设置。到目前为止,我的文件如下所示:

name: Host Server Build V1.0.0

on:
  workflow_dispatch:

jobs:
  build:
      runs-on: ubuntu-latest
      
      env:
        CONFIG_SERVER_SSH_KEY: '${{ secrets.CONFIG_SERVER_SSH_KEY }}'
        CONFIG_SERVER_BACKEND_IP: '${{ secrets.CONFIG_SERVER_BACKEND_IP }}'

      steps:
        - name: Ubuntu Update / Upgrade / Reboot (back-end)
          shell: bash
          run: |
            BACKEND_HOST_SERVER_SH_SCRIPT=' \
            sudo DEBIAN_FRONTEND=noninteractive apt update && sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"; \
            sleep 5; \
            sudo reboot || true; \
            ';
            echo "${{ env.CONFIG_SERVER_SSH_KEY }}" > id_rsa_server_private_key_temp.pem;
            chmod 600 id_rsa_server_private_key_temp.pem;
            ssh -v -t -t -i id_rsa_server_private_key_temp.pem -o ConnectTimeout=300 -o StrictHostKeyChecking=no ubuntu@${{ env.CONFIG_SERVER_BACKEND_IP }} "$BACKEND_HOST_SERVER_SH_SCRIPT"
            # rm id_rsa_server_private_key_temp.pem;
            echo "Status check: Reboot initiated.";
            sleep 60;
            # Verify if the server is back online
            # until ping -c 1 ${{ env.CONFIG_SERVER_BACKEND_IP }} & > /dev/null; do
            #   echo "Server not yet available, retrying in 15 seconds...";
            #   sleep 15;
            # done;
            # echo "Status check: Server is back online.";
            echo 'Waiting for server to come back online...';
            until ssh -o StrictHostKeyChecking=no -i id_rsa_server_private_key_temp.pem ubuntu@${{ env.CONFIG_SERVER_BACKEND_IP }} 'echo "Server is back online"'; do
              echo "Server not yet available, retrying in 30 seconds...";
              sleep 30;
            done
            echo 'Status check: Server is back online, proceeding with the workflow.';
            rm id_rsa_server_private_key_temp.pem;
            
        - name: Docker - Install
          shell: bash
          run: |
            BACKEND_HOST_SERVER_SH_SCRIPT=' \
            sudo apt install -y apt-transport-https ca-certificates curl software-properties-common; \
            curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg; \
            echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null; \
            sudo apt install -y docker-ce docker-ce-cli containerd.io; \
            ';
            echo "${{ secrets.CONFIG_SERVER_SSH_KEY }}" > id_rsa_server_private_key_temp.pem;
            chmod 600 id_rsa_server_private_key_temp.pem;
            ssh -v -t -t -i id_rsa_server_private_key_temp.pem -o StrictHostKeyChecking=no ubuntu@${{ env.CONFIG_SERVER_BACKEND_IP }} "$BACKEND_HOST_SERVER_SH_SCRIPT"
            rm id_rsa_server_private_key_temp.pem;
            echo "Status check: Docker and dependencies installed successfully.";

我必须修改apt upgrade -y部分内容,因为它会卡在提示上。

但是,运行器在重启后似乎遇到了错误,无法继续执行下一步。错误如下所示:

NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 6.***.***-1***17-aws
NEEDRESTART-KEXP: 6.***.***-1***18-aws
NEEDRESTART-KSTA: 3
NEEDRESTART-SVC: acpid.service
NEEDRESTART-SVC: chrony.service
NEEDRESTART-SVC: cron.service
NEEDRESTART-SVC: dbus.service
NEEDRESTART-SVC: [email protected]
NEEDRESTART-SVC: networkd-dispatcher.service
NEEDRESTART-SVC: packagekit.service
NEEDRESTART-SVC: polkit.service
NEEDRESTART-SVC: rsyslog.service
NEEDRESTART-SVC: serial-getty@ttyS***.service
NEEDRESTART-SVC: snapd.service
NEEDRESTART-SVC: systemd-logind.service
NEEDRESTART-SVC: unattended-upgrades.service
NEEDRESTART-SVC: user@1***.service
debug1: channel ***: free: client-session, nchannels 1
Connection to *** closed by remote host.
Connection to *** closed.
Transferred: sent ***9***, received 1***584 bytes, in 83.*** seconds
Bytes per second: sent 34.9, received 1***9.3
debug1: Exit status -1

有人知道怎么做吗?或者这种方法是否正确?也许分成两个工作?最初,我想将“等待”部分放入单独的步骤中,如下所示:

- name: Server - Wait for it to be Back Online (back-end)
  shell: bash
            
  run: |
    echo "${{ secrets.CONFIG_SERVER_SSH_KEY }}" > id_rsa_server_private_key_temp.pem
    chmod 600 id_rsa_server_private_key_temp.pem
    echo 'Waiting for server to come back online...';
    until ssh -o StrictHostKeyChecking=no -i id_rsa_server_private_key_temp.pem ubuntu@${{ env.CONFIG_SERVER_BACKEND_IP }} 'echo "Server is back online"'; do
      echo "Server not yet available, retrying in 30 seconds...";
      sleep 30;
    done
    echo 'Status check: Server is back online, proceeding with the workflow.';
    rm id_rsa_server_private_key_temp.pem;

服务器上下文:

  • AWS/EC2
  • Ubuntu
  • 全新安装

在 Daniel B 的帮助下得到的解决方案:

在 Daniel B 的帮助下找到的解决方案:我的 YML 文件步骤最终是什么样的。

steps:
  - name: Ubuntu Update / Upgrade / Reboot (back-end)
    shell: bash
    run: |
      BACKEND_HOST_SERVER_SH_SCRIPT=' \
      sudo DEBIAN_FRONTEND=noninteractive apt update && sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"; \
      ';
      echo "${{ env.CONFIG_SERVER_SSH_KEY }}" > id_rsa_server_private_key_temp.pem;
      chmod 600 id_rsa_server_private_key_temp.pem;
      ssh -v -t -t -i id_rsa_server_private_key_temp.pem -o ConnectTimeout=300 -o StrictHostKeyChecking=no ubuntu@${{ env.CONFIG_SERVER_BACKEND_IP }} "$BACKEND_HOST_SERVER_SH_SCRIPT"
      ssh -v -t -t -i id_rsa_server_private_key_temp.pem -o ConnectTimeout=300 -o StrictHostKeyChecking=no ubuntu@${{ env.CONFIG_SERVER_BACKEND_IP }} "sudo reboot" || true;
      echo "Status check: Reboot initiated.";
      sleep 60;
      echo 'Status check: Waiting for server to come back online...';
      until ssh -o StrictHostKeyChecking=no -i id_rsa_server_private_key_temp.pem ubuntu@${{ env.CONFIG_SERVER_BACKEND_IP }} 'echo "Server is back online"'; do
        echo "Status check: Server not yet available, retrying in 30 seconds...";
        sleep 30;
      done
      echo 'Status check: Server is back online, proceeding with the workflow.';
      rm id_rsa_server_private_key_temp.pem;

答案1

您的问题在于这两个陈述:

BACKEND_HOST_SERVER_SH_SCRIPT=' \
            sudo DEBIAN_FRONTEND=noninteractive apt update && sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"; \
            sleep 5; \
            sudo reboot || true; \
            ';

ssh -v -t -t -i id_rsa_server_private_key_temp.pem -o ConnectTimeout=300 -o StrictHostKeyChecking=no ubuntu@${{ env.CONFIG_SERVER_BACKEND_IP }} "$BACKEND_HOST_SERVER_SH_SCRIPT"

您正在尝试使用 修复错误reboot || true,但这不起作用。您收到的错误不真的来自reboot命令,但来自重启本身。它会终止所有用户会话以及 SSH 守护进程。这意味着 SSH 客户端将报告错误,因为连接关闭的方式有些不雅观。

您必须忽略该错误,但如果失败,您仍然希望失败apt。因此,您需要将这些拆分到两个 SSH 连接中:

ssh $the_host "sudo apt …"


ssh $the_host "sudo reboot" || true

您也可以让整个步骤失败jobs.<job_id>.steps[*].continue-on-error,但这通常不是一个好主意。

相关内容