I want to include following commands in different stages of gitlab CI.

...
  script: |
    ssh -t ${SOME_USER}@${REMOTE_HOST} '([ -f "${FILE_PATH}/someFile.yaml" ] && cp -v "${FILE_PATH}/someFile.yaml" ${FILE_PATH}/someFile_yaml_$CI_COMMIT_TIMESTAMP.txt)'
...
  script: scp -v ${TF_ROOT}${LOCAL_FILE_PATH} ${SOME_USER}@${REMOTE_HOST}:${FILE_PATH}/
...
  script: ssh -t ${SOME_USER}@${REMOTE_HOST} sudo chown -cv runner:runner ${FILE_PATH}/someFile.yaml
...
  script: ssh -t ${SOME_USER}@${REMOTE_HOST} sudo systemctl restart some-service
...

Issue is when I execute this command individually manually, I have to provide password due to these being remote commands ssh and some require sudo and this approach wouldn’t work in a non-interactive mode such CI execution.

So how can I execute these commands in Gitlab CI without password prompts?

CodePudding user response：

As per your question what I understand is you just want to pass the password to run the command.

we have to different approach to solve this thing first you can use sshpass command along with all the commands if your ssh user has password sudo.

Have mentioned some commands below for reference:

sshpass -p 'password' scp file.tar.gz [email protected]:/file/location
sshpass -p 'password' ssh user@ip command 

and

another way you can create a passwordless sudo user to run the command and use pem key that would be more secure and much better.

you can search over internet for making user passwordless along with sudo permission

i hope this solve your issue

CodePudding user response：

Why not use cron? You can run your scripts as root without ever asking for a password.

You could do something like the following as root:

crontab -e, then:

(every 45 minutes)

*/45 * * * * /path/to/script1

(every 25 minutes, and so on)

*/25 * * * * /path/to/script2

etc, etc