我有一个gitlab存储库,其中包含部署基础设施的可见代码和地形代码。(CI/CD)我把ssh密钥存储在我的gitlab中。当我的jenkins代理测试ssh连接时,它工作正常。然而,当它启动"可行的剧本"时;命令,连接无法建立,因为此错误:
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0mConnecting to remote host via SSH...
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m Host: ip address
> [0m[1.google_compute_instance.instance
> (remote-exec):[0m [0m User: devops
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m Password: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m Private key: true
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m Certificate: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m SSH Agent: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m Checking Host Key: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m Target Platform: unix
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0mConnected!
[0m[1google_compute_instance.instance (local-exec):[0m [0mfatal: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added (ED25519) to the list of known hosts.rn@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@rn@ WARNING: UNPROTECTED PRIVATE KEY FILE! @rn@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@rnPermissions 0644 for Ansible/lab_ssh_key' are too open.rnIt is required that your private key files are NOT accessible by others.rnThis private key will be ignored.rnLoad key "/var/jenkins_home/workspace/Ansible/lab_ssh_key": bad permissionsrn Permission denied (publickey).", "unreachable": true}
[0m[1google_compute_instance.instance (local-exec):[0m [0mPLAY RECAP *********************************************************************
[0m[1google_compute_instance.instance (local-exec):[0m [0m : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
我没有找到一种方法来保护我的私钥在gitlab。我试着用chmod改变它的权限,但之后我无法在gitlab上上传它。对此有什么解决方案或其他想法吗?提前谢谢。
我的解决方案是:
-
我将密钥存储在jenkins中。(凭证部分)
-
然后我使用"withcredential "在jenkins文件中检索它命令。之后,我继续在我的gitlab中复制密钥。