我有以下 jenkinsfile
pipeline {
agent {
dockerfile {
args "-u root -v /var/run/docker.sock:/var/run/docker.sock"
}
}
environment {
ESXI_CREDS = credentials('ESXI_CREDS')
PACKER_LOG = 1
}
stages {
stage('Build Base image') {
steps {
sh "ansible-galaxy install -r ./requirements.yml"
}
}
}
参考资料.yml
- src:
ssh://tfsserver/_git/ansible-sshd
scm: git
name: ansible-sshd
它使用以下 Dockerfile
FROM hashicorp/packer:full
RUN apk --no-cache add git openssh-client rsync jq py2-pip py-boto py2-six py2-cryptography py2-bcrypt py2-asn1crypto py2-jsonschema py2-pynacl py2-asn1 py2-markupsafe py2-paramiko py2-dateutil py2-docutils py2-futures py2-rsa py2-libxml2 libxml2 libxslt &&
apk --no-cache add gcc python2-dev musl-dev linux-headers libxml2-dev libxslt-dev &&
pip install ansible jsonmerge awscli boto3 hvac ansible-modules-hashivault molecule python-gilt python-jenkins lxml openshift docker docker-compose mitogen yamale ansible-lint &&
apk del gcc python2-dev musl-dev linux-headers libxml2-dev libxslt-dev
USER root
ENTRYPOINT []
当运行上面的 jensfile 构建时,它似乎卡在我们的 tfs 服务器的身份验证上并得到以下错误
+ ansible-galaxy install -r ./requirements.yml
[WARNING]: - ansible-sshd was NOT installed successfully: - command
/usr/bin/git clone
ssh://tfsserver/_git/ansible-sshdtmp5VN20Z (rc=128)
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
我正在将 git 与 tfs 一起使用,我不知道如何使用 git 存储库对代理进行身份验证,也不想将私钥存储在构建代理上并将其批量映射到 docker 容器,甚至不确定这是否有效我什至尝试在构建过程中将私钥动态添加到容器中,但它似乎不起作用
withCredentials([sshUserPrivateKey(credentialsId: 'tfs', keyFileVariable: 'keyfile')]) {
sh "mkdir -p ~/.ssh && cp ${keyfile} ~/.ssh/id_rsa"
sh "ansible-galaxy install -r ./requirements.yml"
}
我遇到了同样的问题,但最终使用 sed 解决了。
withCredentials([usernamePassword(credentialsId: 'GIT_AUTHENTICATION', passwordVariable: 'password', usernameVariable: 'username')])
{
sh "sed -i 's/${git_url}/${username}:${password}@${git_url}/g' roles/requirements.yml"
sh "ansible-galaxy install -c -r roles/requirements.yml -p roles/"
sh "ansible-playbook site.yml -i ${inventory}"
}
大多数远程存储库允许 url 身份验证或 oAuth 令牌 url,两者的工作方式相同:
{protocol}://${用户名}:${password}@{gitl_url}/${repo}
例:
https://username:password@github.com/username/repository.git
如果您的密码包含特殊字符,请使用 https://www.urlencoder.org/请记住,只需将其与 withCredentials
一起使用,以便混淆敏感数据。