How to setup a server for deployment and to do a cold deploy with Capistrano?

Question

What is the proper way to deploy:setup and to do a cold deploy with Capistrano?

Using

this deploy.rb
Capistrano v2.14.2
Vagrant to virtualize my server,

this is my scenario:

when running deploy:setup, Capistrano makes use of root privileges to prepare the directory structure for deployment:

$ cap deploy:setup
  * 2013-02-28 14:50:21 executing `deploy:setup'
  * executing "sudo -p 'sudo password: ' mkdir -p /home/vagrant/example /home/vagrant/example/releases /home/vagrant/example/shared /home/vagrant/example/shared/system /home/vagrant/example/shared/log /home/vagrant/example/shared/pids"
    servers: ["example.com"]
    [example.com] executing command
    command finished in 29ms
  * executing "sudo -p 'sudo password: ' chmod g+w /home/vagrant/example /home/vagrant/example/releases /home/vagrant/example/shared /home/vagrant/example/shared/system /home/vagrant/example/shared/log /home/vagrant/example/shared/pids"
    servers: ["example.com"]
    [example.com] executing command
    command finished in 11ms

yet upon deploy:cold Capistrano attempts to checkout (from git in this case) and write as the vagrant user – the user specified in deploy.rb:

$ cap deploy:cold
  * 2013-02-28 14:50:47 executing `deploy:cold'
  * 2013-02-28 14:50:47 executing `deploy:update'
 ** transaction: start
  * 2013-02-28 14:50:47 executing `deploy:update_code'
    updating the cached checkout on all servers
    executing locally: "git ls-remote git@github.com:mariusbutuc/realtime-faye.git master"
    command finished in 2360ms
  * executing "if [ -d /home/vagrant/example/shared/cached-copy ]; then cd /home/vagrant/example/shared/cached-copy && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard a7c05516bc31c2c18f89057c02f84bfad83a6b59 && git clean -q -d -x -f; else git clone -q git@github.com:mariusbutuc/realtime-faye.git /home/vagrant/example/shared/cached-copy && cd /home/vagrant/example/shared/cached-copy && git checkout -q -b deploy a7c05516bc31c2c18f89057c02f84bfad83a6b59; fi"
    servers: ["example.com"]
    [example.com] executing command
 ** [example.com :: out] fatal: could not create work tree dir '/home/vagrant/example/shared/cached-copy'.: Permission denied
    command finished in 26ms
*** [deploy:update_code] rolling back
  * executing "rm -rf /home/vagrant/example/releases/20130228195049; true"
    servers: ["example.com"]
    [example.com] executing command
    command finished in 7ms
failed: "sh -c 'if [ -d /home/vagrant/example/shared/cached-copy ]; then cd /home/vagrant/example/shared/cached-copy && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard a7c05516bc31c2c18f89057c02f84bfad83a6b59 && git clean -q -d -x -f; else git clone -q git@github.com:mariusbutuc/realtime-faye.git /home/vagrant/example/shared/cached-copy && cd /home/vagrant/example/shared/cached-copy && git checkout -q -b deploy a7c05516bc31c2c18f89057c02f84bfad83a6b59; fi'" on example.com

Of course, the deploy:check report bares no surprises: the vagrant user cannot write in the directories created during deploy:setup since the two users belong to different groups – root:root versus vagrant:vagrant:

$ cap deploy:check
  [...]
The following dependencies failed. Please check them and try again:
--> You do not have permissions to write to `/home/vagrant/example'. (example.com)
--> You do not have permissions to write to `/home/vagrant/example/releases'. (example.com)
--> `/home/vagrant/example/shared' is not writable (example.com)

What is the reasoning behind this, and what prerequisite is not satisfied yet so the deployment passes this issue?

I've had exactly this same problem... I don't understand why the directories are created as the root user instead of as the user specified in the `deploy.rb` file. I'm assuming it's a bug? I end up just SSH-ing in and changing the permissions manually. — aardvarkk, Feb 28 '13 at 21:37

score 1 · Accepted Answer · answered Mar 04 '13 at 07:12

1

The deploy:setup task probably should not be using sudo to create the app directory, since that is likely causing it to be owned by root.

You can turn that off in your deploy.rb file with:

set :use_sudo, false

answered Mar 04 '13 at 07:12

Stuart M

11,458
6
45
59

Thank you. It works, and it's a lot more elegant than my workaround. – Marius Butuc Mar 05 '13 at 00:13

score 0 · Answer 2 · edited May 23 '17 at 12:12

Since there are no group setting in Capistrano my workaround is to extend such a setting, for example:

set :user,  'vagrant'
set :group, 'vagrant'

and then create a task to "fix" the ownership after running deploy:setup:

after "deploy:setup", :setup_ownership
task :setup_ownership do
  run "#{sudo} chown -R #{user}:#{group} #{deploy_to} && chmod -R g+s #{deploy_to}"
end

But the only thing better than fixing an issue is not having it in the first place, so Stuart's answer is both wiser and more elegant.

How to setup a server for deployment and to do a cold deploy with Capistrano?

2 Answers2

Linked