我正在尝试使用JetBrains Space创建CI管道。我的SSH授权有问题。完全被SSH公钥/私钥弄糊涂了。
有两个步骤:
- 构建并推送图像
docker {
beforeBuildScript {
content = """
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
"""
}
build {
file = "./Dockerfile"
}
push("my image") {
tag = "version-0.$JB_SPACE_EXECUTION_NUMBER-$BRANCH"
}
}
- 调用
docker-compose up -d在远程服务器上部署
有两个服务器。
- 我想要服务的虚拟机(Ubuntu(是使用docker启动的
- 远程JetBrains云CI机器
我想使用SSH密钥、ED25519或RSA。我在Ubuntu服务器上做了下一步:
- 已创建ci_user
- 已调用ssh密钥根
- 已向
home/ci_user/.ssh/authorized_keys添加公钥
云上JetBrains机器:
- 首先,我在这里是root用户,而不是ci_user,所以我试图为ci_user创建主文件夹
- 已在CI步骤中将私钥添加到/home/CI_user/.ssh/id_ed25519
所以我的第二步是:
container(displayName = "docker compose up", image = "docker/compose:latest") {
env["DOCKER_HOST"] = Secrets("dev_server")
env["CI_PSWRD"] = Secrets("ci_password")
env["CI_USER"] = Secrets("ci_user")
env["PRIVATE_SSH_KEY"] = Secrets("private_key")
shellScript {
content = """
mkdir /home/ci_user/
mkdir /home/ci_user/.ssh
touch /home/ci_user/.ssh/id_ed25519
chmod 700 /home/ci_user/.ssh
chmod 600 /home/ci_user/.ssh/id_ed25519
echo ${'$'}PRIVATE_SSH_KEY >> /home/ci_user/.ssh/id_ed25519
export DOCKER_HOST=ssh://${'$'}CI_USER@${'$'}DOCKER_HOST
docker-compose up -d
"""
}
}
我有下一个错误:
[13] Failed to execute script docker-compose
/tmp/_MEInmipco/paramiko/client.py:837: UserWarning: Unknown ssh-ed25519 host key for xxx.xxx.xxx.xxx : b'81ab950dfe8e8eac56d9df1bce6ee82b'
Traceback (most recent call last):
File "bin/docker-compose", line 6, in <module>
File "compose/cli/main.py", line 72, in main
File "compose/cli/main.py", line 125, in perform_command
File "compose/cli/command.py", line 76, in project_from_options
File "compose/cli/command.py", line 142, in get_project
File "compose/cli/docker_client.py", line 47, in get_client
File "compose/cli/docker_client.py", line 174, in docker_client
File "site-packages/docker/api/client.py", line 166, in __init__
File "site-packages/docker/transport/sshconn.py", line 111, in __init__
File "site-packages/docker/transport/sshconn.py", line 119, in _connect
File "site-packages/paramiko/client.py", line 446, in connect
File "site-packages/paramiko/client.py", line 765, in _auth
paramiko.ssh_exception.SSHException: No authentication methods available
我做错了什么?
我已经解决了数十亿个不同的困难。希望这个ci例子能帮助到某人:
/**
* JetBrains Space Automation
* This Kotlin-script file lets you automate build activities
* For more info, see https://www.jetbrains.com/help/space/automation.html
*/
job("Build and push Docker") {
docker {
beforeBuildScript {
// Create an env variable BRANCH,
// use env var to get full branch name,
// leave only the branch name without the 'refs/heads/' path
content = """
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
"""
}
build {
file = "./Dockerfile"
labels["vendor"] = "up2u"
}
push("up2u.registry.jetbrains.space/p/goup2u/containers/telegram") {
tag = "version-0.$JB_SPACE_EXECUTION_NUMBER-$BRANCH"
}
}
container(displayName = "docker compose up", image = "docker/compose:latest") {
env["DOCKER_HOST"] = Secrets("dev_server")
env["CI_PSWRD"] = Secrets("ci_password")
env["CI_USER"] = Secrets("ci_user")
env["PRIVATE_RSA_SSH_KEY"] = Secrets("private_rsa_key")
env["KNOWN_HOST"] = Secrets("known_host")
shellScript {
content = """
apk update
apk add openssh
mkdir -p ~/.ssh
touch ~/.ssh/known_hosts
touch ~/.ssh/id_rsa
touch ~/.ssh/config
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/known_hosts
echo ${'$'}KNOWN_HOST >> ~/.ssh/known_hosts
echo -e ${'$'}PRIVATE_RSA_SSH_KEY >> text
cat text | sed "s/'//g" >> ~/.ssh/id_rsa
echo Host ${'$'}DOCKER_HOST >> ~/.ssh/config
echo ' User' ${'$'}CI_USER >> ~/.ssh/config
echo ' IdentityFile' /home/ci_user/.ssh/id_rsa >> ~/.ssh/config
mkdir /home/ci_user/
mkdir /home/ci_user/.ssh
touch /home/ci_user/.ssh/id_rsa
touch /home/ci_user/.ssh/config
touch /home/ci_user/.ssh/known_hosts
chmod 700 /home/ci_user/.ssh
chmod 600 /home/ci_user/.ssh/id_rsa
chmod 600 /home/ci_user/.ssh/known_hosts
echo ${'$'}KNOWN_HOST >> /home/ci_user/.ssh/known_hosts
echo -e ${'$'}PRIVATE_RSA_SSH_KEY >> text2
cat text2 | sed "s/'//g" >> /home/ci_user/.ssh/id_rsa
echo Host ${'$'}DOCKER_HOST >> /home/ci_user/.ssh/config
echo ' User' ${'$'}CI_USER >> /home/ci_user/.ssh/config
echo ' IdentityFile' /home/ci_user/.ssh/id_rsa >> /home/ci_user/.ssh/config
export DOCKER_HOST=ssh://${'$'}CI_USER@${'$'}DOCKER_HOST
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
export TAG=${'$'}(echo "version-0.'${'$'}JB_SPACE_EXECUTION_NUMBER'-'${'$'}BRANCH'" | sed "s/'//g")
echo ${'$'}CI_PSWRD | docker login up2u.registry.jetbrains.space --username ${'$'}CI_USER --password-stdin
docker-compose stop
docker pull up2u.registry.jetbrains.space/p/goup2u/containers/telegram:${'$'}TAG
docker-compose up -d
"""
}
}
}
主要问题有:
- RSA密钥的正确格式(应为pem格式(
- 需要known_host文件
- 当您尝试从secret中获取rsa密钥时,您应该检查"\n"符号并从结果中删除引号
- 不要忘记docker镜像上的ssh客户端
- 不要忘记先拉图片