基于ssh key 拉取代码
实现jenkins服务器到gitlab服务器的基于密钥的验证,可以让jenkins连接到gitlab执行操作
在jenkins服务上生成 ssh key
#在jenkins服务器上生成密钥对
[root@jenkins-ubunutu1804 ~]#ssh-keygen
[root@jenkins-ubunutu1804 ~]#cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/LAA5tcFrSLye3QE9a+RH8LSYzwewJ4MBSBvVP7pImKMqg21WozWw56RKqiSsj9ewO8zL43yfAwOjetrKr2Ovbxw9bOaxj0r1CobpXsD5H7pS4Cq0lLJxSmFwCLroz1C9ecGhBWBmaCbkOaJ0Q6JLTO830w7noTFYZq4/NWTGtE4xpVDDNUFTAS4j4T/0QQF6YvXIqw0EzdKKkuZLw9Rl9f2j7D1eNJX3QyY2LSgxPsXE77PzlKeJue0FKa0JwzNeKNS01rM9ztoc0VQVhxjOgjY+rhoUtBFYwxXQLmwtBq82dh6qVBKrCDpNIPE+XaXFZVMyZ0Ahs3vD2iIP9Xz/ root@jenkins-ubunutu1804在gitlab服务器上添加上面生成的ssh key
在jenkins服务器上测试 ssh key
测试可以不使用用户名密码后直接获取代码
先在gitlab查看项目的下载地址:code>git@10.0.0.100:testgroup/testproject.git
在jenkins服务器上执行克隆,不再需要用户和密码
[root@jenkins-ubunutu1804 ~]#git clone git@10.0.0.100:testgroup/testproject.git
Cloning into 'testproject'...
remote: Enumerating objects: 9, done.
remote: Counting objects: 100% (9/9), done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 9 (delta 0), reused 9 (delta 0)
Receiving objects: 100% (9/9), done.
[root@jenkins-ubunutu1804 ~]#ls
testproject
[root@jenkins-ubunutu1804 ~]#tree testproject/
testproject/
├── index.html
└── README.md
0 directories, 2 files
[root@jenkins-ubunutu1804 ~]#配置jenkins到gitlab非交互式拉取代码
jenkins 服务器添加凭据
Jenkins-凭据-jenkins—全局凭据—添加凭据
复制root的私钥
[root@jenkins-ubunutu1804 ~]#cat .ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvywAObXBa0i8nt0BPWvkR/C0mM8HsCeDAUgb1T+6SJijKoNt
VqM1sOekSqokrI/XsDvMy+N8nwMDo3rayq9jr28cPWzmsY9K9QqG6V7A+R+6UuAq
tJSycUphcAi66M9QvXnBoQVgZmgm5DmidEOiS0zvN9MO56ExWGauPzVkxrROMaVQ
wzVBUwEuI+E/9EEBemL1yKsNBM3SipLmS8PUZfX9o+w9XjSV90MmNi0oMT7FxO+z
85SnibntBSmtCcMzXijUtNazPc7aHNFUFYcYzoI2Pq4aFLQRWMMV0C5sLQavNnYe
qlQSqwg6TSDxPl2lxWVTMmdAIbN7w9oiD/V8/wIDAQABAoIBAQCCFLyqiCRujfXa
22Mmmi2hTgZ1HBqNILWhv6FAv7ZQA5yzJu7VTwUPtO8z5wZBbTdEscwuyEJaKMDn
Eoeh9yoLi71ZhqqLE4fbqSgXz+PbIF22WtZ0PeIV+JjIlQgptjeoVhsNKA1qYWBl
V1pVZlgeiOEVyUWREzvyfRv/4qMKGSOs9zHbsvSD7eqh8tq7P4jS4fNz6OM8JfqF
GLsbQUX8AlNxTraR9nv/hQx5KhUb5jqFV2yr3FK4IVziL91aM6nheH2DADj5th99
6u5+/zueRP30RX0F1Y6ny7FOxAe2ZIkQnGg/RlYxxdV3BZhnNiwjJ520gyC59RsD
bYaDdBwhAoGBAPSlJUcOiE+RJcQT5yeReHqOqaBoG4hw6fZyMfzX/cTHuE8iJvYB
78h7Nuw4z0TsSlpQdDgF3X5hbJn/VG10rxbbYIxFPO4b7X0WjEIS/QmxBIBChORj
3mhzSGf1DAuHE+chovNb5bjIxVArX+2TZHYieWaOC2YEEFgrpSv2b3CXAoGBAMgL
fZN//pBstXQk0Yz3kZx6++aJcZ0kUZVUU7rrGOo3SSeaXOEgYDtcd86Uj8jCTPYs
4od+kfUzn0ixMCYjpfhca8WexIPrJ2Gd5toVqEZDV3QkwyT6T+BGVYHy2NwPGtH4
wYdjhNuNwiTap79EzCMOg85x/yrVw883BofxHfvZAoGBAPK1LGh0WHNnsqn2fOta
fMZJ5qtG3ZndO5/N5x3LQu4InieT4EdL4JFq/DAapDbinVlAXCyAVR/ek5msIBx/
GH16oyxGPI6VkmT5C6k5oWQOBEMiuyjCk5HYXUsVZx/AoNQ7IKiC0UMjm+1POto9
0fsJdJtz7IcHHRf8JN+amzB9AoGAbuJnpiXxjk6juhBak1/7N5i4Ho6bCnbCPhrz
Go4MTm98vlYDG8rdbKoRwtF4bdi93kr8+gv/jcIijaGhxdJGwkdAeddKqLDlMGfd
OY99qgzT4g4qmUmikveJmDFrYXeB71eKtqhEUYrfTZxiFVRmLxxxlTJ9NVouYqLm
nN3bN+kCgYAm+ffg75HKTyZFTBm3u/SGegeyZ1rAiiuIfn220Dt1Y8NwDoPhNTo0
AQ8lNCEQxC4KKok2a4GJViKaVHeTWYOGvOXKZHG3Gs+caQq0jUGmLJC5CBiRm4n5
TpOBqfsMBe3SjDSwaCfEsHU4zoTTWb67dRhf1pVsGD24vj3m2Hbhgw==
-----END RSA PRIVATE KEY-----
添加私钥
4.3.2 jenkins创建任务
配置git项目地址和用户
添加完成的证书没有报错表示认证通过
测试构建项目
点击立即构建
验证构建结果
服务器验证数据
[root@jenkins-ubunutu1804 ~]#ll -d /var/lib/jenkins/workspace/testproject-test
drwxr-xr-x 3 jenkins jenkins 4096 Mar 7 18:11 /var/lib/jenkins/workspace/testproject-test/
[root@jenkins-ubunutu1804 ~]#ll /var/lib/jenkins/workspace/testproject-test
total 20
drwxr-xr-x 3 jenkins jenkins 4096 Mar 7 18:11 ./
drwxr-xr-x 4 jenkins jenkins 4096 Mar 7 18:11 ../
drwxr-xr-x 8 jenkins jenkins 4096 Mar 7 18:11 .git/
-rw-r--r-- 1 jenkins jenkins 48 Mar 7 18:11 index.html
-rw-r--r-- 1 jenkins jenkins 17 Mar 7 18:11 EADME.md将代码部署至后端服务器
先和后端服务器实现基于key验证
[root@jenkins-ubunutu1804 ~]#ssh-copy-id 10.0.0.102
[root@jenkins-ubunutu1804 ~]#ssh 10.0.0.102
Last login: Sat Mar 7 18:46:25 2020 from 10.0.0.1
[root@web-ubuntu1804 ~]#exit
logout
Connection to 10.0.0.102 closed.
在后端服务器查看文件是否复制成功
[root@web-ubuntu1804 ~]#ll /var/www/html/
total 20
drwxr-xr-x 2 root root 4096 Mar 7 18:58 ./
drwxr-xr-x 3 root root 4096 Mar 7 16:12 ../
-rw-r--r-- 1 root root 48 Mar 7 18:58 index.html
-rw-r--r-- 1 root root 612 Mar 7 16:12 index.nginx-debian.html
-rw-r--r-- 1 root root 17 Mar 7 18:58 README.md
访问后端服务器页面验证是否成功
范例:针对tomcat后端服输,构建执行shell脚本内容
ssh-copy-id tomcat服务器IP #实现到生产服务器的免密钥认证
cd /var/lib/jenkins/workspace/linux36-job1/
tar czvf code.tar.gz index.html
scp code.tar.gz www@192.168.7.105:/data/tomcat/tomcat_appdir/
scp code.tar.gz www@192.168.7.106:/data/tomcat/tomcat_appdir/
ssh www@192.168.7.105 "/etc/init.d/tomcat stop && rm -rf /data/tomcat/tomcat_webdir/myapp/* && cd /data/tomcat/tomcat_appdir && tar xvf code.tar.gz -C /data/tomcat/tomcat_webdir/myapp/"
ssh www@192.168.7.106 "/etc/init.d/tomcat stop && rm -rf /data/tomcat/tomcat_webdir/myapp/* && cd /data/tomcat/tomcat_appdir && tar xvf code.tar.gz -C /data/tomcat/tomcat_webdir/myapp/"
ssh www@192.168.7.105 "/etc/init.d/tomcat start"
ssh www@192.168.7.106 "/etc/init.d/tomcat start"更新代码再次构建,查看后端服务器是否能自动更新
#在之前曾经执行git clone的主机上执行下面操作,更新代码
[root@ubuntu1804 ~]#cd /data/testproject/
[root@ubuntu1804 testproject]#vim index.html
[root@ubuntu1804 testproject]#cat index.html
<h1>index.html v1 </h1>
<h1>index.html v2 </h1>
<h1>index.html v3 </h1>
[root@ubuntu1804 testproject]#git add .
[root@ubuntu1804 testproject]#git commit -m v3
[master 36d0b96] v3
1 file changed, 1 insertion(+)
[root@ubuntu1804 testproject]#git push
Username for 'http://10.0.0.100': wang
Password for 'http://wang@10.0.0.100':
Counting objects: 3, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 301 bytes | 301.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To http://10.0.0.100/testgroup/testproject.git
44dbd92..36d0b96 master -> master
[root@ubuntu1804 testproject]#
再次访问后端服务器页面,验证是否成功
本文链接:http://www.yunweipai.com/35768.html
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/52609.html