From 6390fb19bbb12f9875eca2b7cd405eb4a8452436 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20=C5=A0trauch?= <cx@initd.cz>
Date: Fri, 30 Jun 2023 23:27:11 +0200
Subject: [PATCH] Fix production deployment

---
 .drone.yml | 38 ++++++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index c17a301..d7dbd8a 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -104,19 +104,30 @@ steps:
 - name: deploy
   image: debian:buster
   environment:
+    PROXY: saturn.rosti.cz
     NODES: node-18.rosti.cz node-19.rosti.cz
     SSH_KEY:
       from_secret: SSH_KEY
+    HOST_KEYS: |
+      node-18.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp0KZ82dxmBJMJXuqHMiukRqVGHxyfN/nyjqPPemEz1AG2kA80od7Z9TPXYpM6Drnz0Dfcipuys7w8tbcWQGz7W+Tv1x6NWWI2r4WVfVlRkP52zdNUM/ASH88xNVmKK5FfjNyYM0khGnBcdV+ZcH/Mb7ZLLraol7B/uLahFYA5y1v+hH5ZftT8YnpOmVsx0m7PhE1zB6f5VFscSIJ5LQjhHaXkOd5zxxYJtxG6BjzqKdx5AJ2pPa6astzX4EAstpk6KzImCZ12mEEtg7bT3rLuGXg+j1DWFcHpDs0JJxF3GKGooHqbB5s26mTigqTjnytJsIzMgtfslmsLCsJGGO3B
+      node-18.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM4ukB6uTrCzVPjsANlkD6WYoE5bNbzr62ja/nYmEKe+zvgYAb67aXLAt+pals5Hvx5cuZstQkwuTkThBcyltsg=
+      node-18.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBAdTePM+EllZc+ZQsxuhdfiw9cRX5lAx2c9drWARSWL
+      node-19.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6ASSidNCyGTyxlWhpm0wH/jW8a25GwAdgH29bC3pLniewTvFcKNFcW3gLjEzIb1v2um98d/OkjeUC2wBJfcoLIkfb7x3pSqQhGVYeD+vbzOMNHIEiyicnqc8bqBN/21kCaZ37KRpz2UEVgPcbawzR3v8toBUL9uSoPbnMrc6p05hTTd2zTiHPnZrmY21vQDqDYCM8YOd0KT60cSW+62B+B8t5nHOOfTZVAEvL5LK56vlFuiYDEumorSN++xpSV6IoZOKqO4WbwLh1OQn/0q85bMzkzTbBbLO7jZl1SepqbBdIg6VtsiWIWtbGf8XgBNgbNEHARoskznvL6whBiwW5
+      node-19.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLvXp6VGcBToKNE8T1/T6ghO3MRA+lWrwCPdXRLKb1QbGKUMI/1XXdouVWNhzDdjlOeQzrAyYG9BjYdu0HS3Z9E=
+      node-19.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8Ti8HnOClESyv+ORPKKC23ScvyxvsPR+hInrnh8ab3
+      node-20.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaCUbo/dSs1jtOBpmMPYrS4fTSnMTh747JkDcRPeExREaHJiJaoKGhr7C2+tBgp/AsoIZ6Wnr9DZemNHRkb1BpAL63bqr/MRpxmanFn1hrV1/2GA79RwH6TIZ7CUe3TR0oGRX9KL+jRRGbeEC5Wqzx1nQ4wN2frkI/ZvqKsBMMRvmRC6qT1lS0w/4s4urYtzrW9AhXMx2UF+IpKo8K9MclTZ0oXggekSg04TuFT9b2DJWZFcfazm10THvC74PULvxWXh7CL22PhraMcJIwoON8rP8SEYbkV6XOUZ9ieBXZ7+kWv+leD4LsQznHGkl6eh3/A/4BC0Dlua1oiRaxsJ6V6Y033PfQIdBN3ejHEMfkgKPBCdNNi5N35JoNhnB32Tg3h6UXQjDc8I6nGu0V96PaMGOOhXRBKDT/KAsRpd781C5aTWj0fgthTBXs2IvQltPgvKvY0cpKztfZ8cjYaFBHqwDwZbRO6E2c820bWtSwb//LKcbeZV5lSl3rI8zcnsM=
+      node-20.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFVisMN6X3k1wxeFlm9iscEy7YrFoYcYG0EORWzqArKstO0tklPQypuO7sqskjqsICoOsAgx5xQu8gPSa5C3kV8=
+      node-20.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAa8Y7z8peAHWfFjkaKDFS4n6sKglkOtmQw7DgBMzjSt
   commands:
   - apt update && apt install -y ssh
   - |
       for NODE in $NODES; do
         echo "\033[0;32mDeploying $NODE\033[0m"
         mkdir -p ~/.ssh && echo "$SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
-        echo "\033[1;33m.. scanning SSH keys\033[0m"
-        ssh-keyscan $NODE > ~/.ssh/known_hosts
+        echo "\033[1;33m.. setting up SSH host keys\033[0m"
+        echo "$HOST_KEYS" > ~/.ssh/known_hosts
         echo "\033[1;33m.. copying the binary\033[0m"
-        scp node-api root@$NODE:/usr/local/bin/node-api_
+        rsync -ave "ssh -J root@$PROXY" node-api root@$NODE:/usr/local/bin/node-api_
         echo "\033[1;33m.. replacing the binary\033[0m"
         ssh root@$NODE mv /usr/local/bin/node-api_ /usr/local/bin/node-api
         echo "\033[1;33m.. restarting service\033[0m"
@@ -149,23 +160,34 @@ steps:
 - name: deploy
   image: debian:bullseye
   environment:
+    PROXY: saturn.rosti.cz
     NODES: node-20.rosti.cz
     SSH_KEY:
       from_secret: SSH_KEY
+    HOST_KEYS: |
+      node-18.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp0KZ82dxmBJMJXuqHMiukRqVGHxyfN/nyjqPPemEz1AG2kA80od7Z9TPXYpM6Drnz0Dfcipuys7w8tbcWQGz7W+Tv1x6NWWI2r4WVfVlRkP52zdNUM/ASH88xNVmKK5FfjNyYM0khGnBcdV+ZcH/Mb7ZLLraol7B/uLahFYA5y1v+hH5ZftT8YnpOmVsx0m7PhE1zB6f5VFscSIJ5LQjhHaXkOd5zxxYJtxG6BjzqKdx5AJ2pPa6astzX4EAstpk6KzImCZ12mEEtg7bT3rLuGXg+j1DWFcHpDs0JJxF3GKGooHqbB5s26mTigqTjnytJsIzMgtfslmsLCsJGGO3B
+      node-18.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM4ukB6uTrCzVPjsANlkD6WYoE5bNbzr62ja/nYmEKe+zvgYAb67aXLAt+pals5Hvx5cuZstQkwuTkThBcyltsg=
+      node-18.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBAdTePM+EllZc+ZQsxuhdfiw9cRX5lAx2c9drWARSWL
+      node-19.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6ASSidNCyGTyxlWhpm0wH/jW8a25GwAdgH29bC3pLniewTvFcKNFcW3gLjEzIb1v2um98d/OkjeUC2wBJfcoLIkfb7x3pSqQhGVYeD+vbzOMNHIEiyicnqc8bqBN/21kCaZ37KRpz2UEVgPcbawzR3v8toBUL9uSoPbnMrc6p05hTTd2zTiHPnZrmY21vQDqDYCM8YOd0KT60cSW+62B+B8t5nHOOfTZVAEvL5LK56vlFuiYDEumorSN++xpSV6IoZOKqO4WbwLh1OQn/0q85bMzkzTbBbLO7jZl1SepqbBdIg6VtsiWIWtbGf8XgBNgbNEHARoskznvL6whBiwW5
+      node-19.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLvXp6VGcBToKNE8T1/T6ghO3MRA+lWrwCPdXRLKb1QbGKUMI/1XXdouVWNhzDdjlOeQzrAyYG9BjYdu0HS3Z9E=
+      node-19.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8Ti8HnOClESyv+ORPKKC23ScvyxvsPR+hInrnh8ab3
+      node-20.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaCUbo/dSs1jtOBpmMPYrS4fTSnMTh747JkDcRPeExREaHJiJaoKGhr7C2+tBgp/AsoIZ6Wnr9DZemNHRkb1BpAL63bqr/MRpxmanFn1hrV1/2GA79RwH6TIZ7CUe3TR0oGRX9KL+jRRGbeEC5Wqzx1nQ4wN2frkI/ZvqKsBMMRvmRC6qT1lS0w/4s4urYtzrW9AhXMx2UF+IpKo8K9MclTZ0oXggekSg04TuFT9b2DJWZFcfazm10THvC74PULvxWXh7CL22PhraMcJIwoON8rP8SEYbkV6XOUZ9ieBXZ7+kWv+leD4LsQznHGkl6eh3/A/4BC0Dlua1oiRaxsJ6V6Y033PfQIdBN3ejHEMfkgKPBCdNNi5N35JoNhnB32Tg3h6UXQjDc8I6nGu0V96PaMGOOhXRBKDT/KAsRpd781C5aTWj0fgthTBXs2IvQltPgvKvY0cpKztfZ8cjYaFBHqwDwZbRO6E2c820bWtSwb//LKcbeZV5lSl3rI8zcnsM=
+      node-20.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFVisMN6X3k1wxeFlm9iscEy7YrFoYcYG0EORWzqArKstO0tklPQypuO7sqskjqsICoOsAgx5xQu8gPSa5C3kV8=
+      node-20.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAa8Y7z8peAHWfFjkaKDFS4n6sKglkOtmQw7DgBMzjSt
   commands:
   - apt update && apt install -y ssh
   - |
       for NODE in $NODES; do
         echo "\033[0;32mDeploying $NODE\033[0m"
         mkdir -p ~/.ssh && echo "$SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
-        echo "\033[1;33m.. scanning SSH keys\033[0m"
-        ssh-keyscan $NODE > ~/.ssh/known_hosts
+        echo "\033[1;33m.. setting up SSH host keys\033[0m"
+        echo "$HOST_KEYS" > ~/.ssh/known_hosts
         echo "\033[1;33m.. copying the binary\033[0m"
-        scp node-api root@$NODE:/usr/local/bin/node-api_
+        rsync -ave "ssh -J root@$PROXY" node-api root@$NODE:/usr/local/bin/node-api_
         echo "\033[1;33m.. replacing the binary\033[0m"
-        ssh root@$NODE mv /usr/local/bin/node-api_ /usr/local/bin/node-api
+        ssh -J root@$PROXY root@$NODE mv /usr/local/bin/node-api_ /usr/local/bin/node-api
         echo "\033[1;33m.. restarting service\033[0m"
-        ssh root@$NODE systemctl restart node-api
+        ssh -J root@$PROXY root@$NODE systemctl restart node-api
       done
 
 depends_on: