Jenkins免密拉取GitLab项目
1.在Jenkins上为GitLab创建一个专有的拉取代码的账号
Jenkins需要构建哪些项目就在GitLab给予账号相应权限 我这里已经创建过Jenkins用户,下面用它登录后添加SSH-KEY
2.在Jenkins服务器上生成ssh-key
[root@jenkins ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IUQIuu0SAdSbZvENbIjFYTrUrnuqKGBmZtwPj6lvz60 root@jenkins
The key's randomart image is:
+---[RSA 2048]----+
|ooB=+oo |
|ooo*.= |
|oo. * + . |
| +.* . o . |
|+ * S |
|.@ o |
|O o * |
|oo =.o. |
|=o*..E.. |
+----[SHA256]-----+
查看公钥
[root@jenkins ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ckQQf4N93Rjf0ts3Lk4siL6FZmZiBiB+ouwTgw9kKof2NeJTguf0aNfDsgSEet4+bJ53ZKztsFZE/C+sqk7grqeLeYDFBWgdZBz1dmCYT51tRFmZPDEDclOIMc2tz0G50g6DFA1dvIfkzeVbKjBNN0o80FSAwAzrtjMrkyaDcrOmYekiSPM8JYJTTcFLCzIBXz7SXOmKH5vyoAIVpdcwnIhkHNLKfD0MdzGb7Kz/pKMnLubodcxyNir6fqw76qwMe1DE0NtQzpaCrTYhVnAizVqCDek0GMZjTG1vWYNn6a8G7omV3Gde1XjcmjAj6ftVQiVLBRJaIGKI4R/B//nd root@jenkins
将Jenkins的公钥填入GitLab账号中
3.测试SSH-KEY
到jenkins服务器上拉取项目来测试ssh-key免密是否生效
[root@jenkins ~]# yum install git -y
[root@jenkins ~]# git clone git@106.14.10.124:dev01/sample.git
正克隆到 'sample'...
The authenticity of host '106.14.10.124 (106.14.10.124)' can't be established.
ECDSA key fingerprint is SHA256:bO22/HlgAAGXi9CXTxDE6wvNCUcTs2OajL9PinZMN/0.
ECDSA key fingerprint is MD5:ec:4f:14:0a:b6:72:cf:6e:da:5b:fa:5b:be:b9:2f:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '106.14.10.124' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 0
接收对象中: 100% (6/6), done.
如上,ssh-key已生效
配置jenkins自动拉取代码
1.jenkins 服务器添加证书
系统配置——》Manage Credentials
系统配置——》Manage Credentials——》Jenkins——》全局凭证——》添加凭证
这样的话Jenkins服务器拉取GitLab的代码就不需要再进行认证了。
Jenkins安装GitLab插件
1.安装插件
插件名称:
- GitLab
- Gitlab Hook
- Gitlab Authentication
-
GitLab Logo
安装完成后重启Jenkins
GitLab为Jenkins生成Token
1.我们使用Jenkins用户登录GitLab
然后使用Jenkins用户创建Token
2.复制创建的Token
3.打开Jenkins
系统管理——》系统配置
输入以下相关内容
选择凭证,测试后保存
4.查看凭证
现在有以下两种方式与GitLab进行认证
- 通过GitLab上Jenkins用户的密钥(GitLab绑定Jenkins用户的公钥,Jenkins绑定GitLab上Jenkins用户的私钥)、
-
通过GitLab上Jenkins用户的
API Token
绑定到Jenkins上的
GitLab authentication
插件上进行连接。
Jenkins构建流水线
1.创建Project
新建任务——》流水线
2.选择流水线语法
3.生成流水线脚本
复制生成的git脚本
4.编写Pipline脚本
我这里脚本如下
node {
stage('拉取代码'){
git credentialsId: 'b907af22-5a74-4eee-aa5f-a822c764279c', url: 'git@172.19.95.139:dev01/sample.git'
echo "Code Pull"
}
stage('代码扫描'){
echo "Code Scanning"
}
stage('代码构建'){
echo "Code Build"
}
stage('是否部署'){
input '是否部署'
}
stage('开始部署'){
sh '/opt/jenkins/sample/sample_release.sh'
}
}
将以上脚本写流水线中
上面脚本最后执行了
/opt/jenkins/sample/sample_release.sh
脚本,我们到执行任务的Jenkins服务器上去编写这个部署脚本。 脚本如下:jenkins服务器将
/usr/local/src/sample.zip
文件拷贝到了172.19.182.107上
[root@jenkins /]# cat /opt/jenkins/sample/sample_release.sh
#!/usr/bin/env bash
scp /usr/local/src/sample.zip root@172.19.182.107:/usr/local/
这里我们需要先让Jenkins服务器与172.19.182.107做免密登录,将Jenkins的公钥拷贝到
172.19.182.107
服务中的
/root/.ssh/authorized_keys
文件中
#Jenkins的公钥(这里为root的公钥,Jenkins进程就需要用root用户运行)
[root@jenkins /]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ckQQf4N93Rjf0ts3Lk4siL6FZmZiBiB+ouwTgw9kKof2NeJTguf0aNfDsgSEet4+bJ53ZKztsFZE/C+sqk7grqeLeYDFBWgdZBz1dmCYT51tRFmZPDEDclOIMc2tz0G50g6DFA1dvIfkzeVbKjBNN0o80FSAwAzrtjMrkyaDcrOmYekiSPM8JYJTTcFLCzIBXz7SXOmKH5vyoAIVpdcwnIhkHNLKfD0MdzGb7Kz/pKMnLubodcxyNir6fqw76qwMe1DE0NtQzpaCrTYhVnAizVqCDek0GMZjTG1vWYNn6a8G7omV3Gde1XjcmjAj6ftVQiVLBRJaIGKI4R/B//nd root@jenkins
#172.19.182.107服务器的authorized_keys文件
cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ckQQf4N93Rjf0ts3Lk4siL6FZmZiBiB+ouwTgw9kKof2NeJTguf0aNfDsgSEet4+bJ53ZKztsFZE/C+sqk7grqeLeYDFBWgdZBz1dmCYT51tRFmZPDEDclOIMc2tz0G50g6DFA1dvIfkzeVbKjBNN0o80FSAwAzrtjMrkyaDcrOmYekiSPM8JYJTTcFLCzIBXz7SXOmKH5vyoAIVpdcwnIhkHNLKfD0MdzGb7Kz/pKMnLubodcxyNir6fqw76qwMe1DE0NtQzpaCrTYhVnAizVqCDek0GMZjTG1vWYNn6a8G7omV3Gde1XjcmjAj6ftVQiVLBRJaIGKI4R/B//nd root@jenkins
#测试免密登录
[root@jenkins /]# ssh root@172.19.182.107
Last login: Tue Jun 30 20:26:12 2020 from 172.19.206.72
Welcome to Alibaba Cloud Elastic Compute Service !
Jenkins执行任务
1.进入到任务中
2.点击立即构建
3.是否部署
※更多文章和资料|点击后方文字直达 ↓↓↓
100GPython自学资料包
阿里云K8s实战手册
[阿里云CDN排坑指南]
CDN
ECS运维指南
DevOps实践手册
Hadoop大数据实战手册
Knative云原生应用开发指南
OSS 运维实战手册
云原生架构白皮书
Zabbix企业级分布式监控系统源码文档
Linux&Python自学资料包
10G面试题戳领