WebFaction
Community site: login faq

I'm trying to figure out how to use the exec function of PHP to execute a git pull from a private Bitbucket repository. The plan is to set the Bitbucket repository to run a POST Service that calls a PHP file on the site that initiates a git pull when the Bitbucket repository is updated.

When I execute the git pull command via PHP, I get:

array(2) { [0]=> string(30) "Permission denied (publickey)." [1]=> string(42) "fatal: The remote end hung up unexpectedly" }

Obviously the issue is with the passphrase for the key, which as far as I know cannot be sent through on the command line. In reading/searching for a couple of hours on this, I know that I need to figure out how to integrate the ssh key correctly so the passphrase does not have to be entered manually everytime. I have no problem setting up my terminal to do this manually using ssh-agent, ssh-add and such, however, I'm confused if I need to do something with php exec using ssh-agent, ssh-add, etc to get this to work correctly. Does it have to do with the apache user executing the command? If so, how do I go about getting apache to have it's own ssh key? Do I need to create a shell script with multiple commands (ssh-agent, ssh-add, git pull) and just execute that everytime? Is there an easier, or better, way that I'm missing that lets Bitbucket execute a POST service and automatically updates my Webfaction production server via a PHP script?

I know it's not the best solution having the Bitbucket repo do a POST to a PHP file on my site just to update the files on the production server, and if it was just myself working on development for my company I would simply do it all from the command line via terminal. However, I have several employees who are not command line savvy and I would love for our company workflow to allow them to simply do a push to the Bitbucket repository from our in house development server and have Bitbucket hit a PHP file that execs a git pull command to update the Webfaction production server. I also simply do not want to give them SSH access to the production server since they really don't have a clue what they are doing.

Thanks in advance for any help or advice.

asked 06 Aug '12, 23:37

p0llk4t
1112
accept rate: 100%

I'm not familiar with executing such a command via PHP, but it could be because the command is not running in a suitable shell. Can you try having PHP execute a shell script directly using /bin/bash and then see if you can successfully scp a file to another server which has your key? If you can get this to work, it means that ssh keys are working and you should be able to pull from Bitbucket.

That said, I personally think that this is the wrong approach to the problem. If you simply host the git repository on your webfaction server, you can make a very simple post-receive hook which updates the code of the site whenever changes are pushed. A full guide to this is available here.

(06 Aug '12, 23:56) ryans ♦♦

I will try the test you suggest with scp and see if that works.

The main reason I want to use Bitbucket for the git repository is to have the repository hosted separately. We also have several different hosting providers, so it would be nice to have 1 central repository that is independent of the hosting. If I can't figure out a good way to do what I'm attempting, I may just settle for using git on Webfaction.

Thank you for your suggestion for testing. I'm going to give that a shot.

(07 Aug '12, 00:44) p0llk4t

Figured out a way to do this that will work for Bitbucket and should work for any other private remote repos, like Github.

First I used ssh-keygen to specifically create a key pair that has no passphrase. Bitbucket's documentation recommended doing this for using with scripts. It reads as follows:

"You might create multiple identities(keys) if you wanted to execute DVCS actions on a repo with a script – the script would use a public key with an empty passphrase allowing it to run without human intervention."

So use ssh-keygen and hit enter twice without setting a passphrase.

Next, create a config file in your .ssh directory simply called config with parameters like so:

Host bitbucket.org 
 User WEBFACTIONUSERNAME
 IdentityFile ~/.ssh/script_key

In my case, I generated a separate key called script_key just to use for scripts, but the default might be something like:

 IdentityFile ~/.ssh/id_dsa

Apparently the indentation of the second 2 lines is necessary for the config file.

Be sure to copy your SSH key.pub data into your remote repositories authorized keys list.

My PHP test exec file looks like this:

putenv('PATH='. getenv('PATH') .':/home/WEBFACTIONUSERNAME/webapps/testapp/');
exec('git pull 2>&1', $output);
var_dump($output);

If you see an error when your PHP file runs like this:

"The file has bad permissions"

You many need to do the following:

chmod 600 * inside the .ssh folder.

Hope this might help someone else trying to do this.

permanent link
This answer is marked "community wiki".

answered 07 Aug '12, 01:32

p0llk4t
1112
accept rate: 100%

edited 07 Aug '12, 01:35

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×262
×111

question asked: 06 Aug '12, 23:37

question was seen: 20,705 times

last updated: 07 Aug '12, 01:35

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM