我正在尝试使用 JetBrains Space 创建 CI 管道。我对 SSH 授权有疑问。完全被 SSH 公钥/私钥弄糊涂了。
有两个步骤:
docker {
beforeBuildScript {
content = """
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
"""
}
build {
file = "./Dockerfile"
}
push("my image") {
tag = "version-0.\$JB_SPACE_EXECUTION_NUMBER-\$BRANCH"
}
}
docker-compose up -d
部署在远程服务器上。 有两台服务器。
我想使用 SSH key 、ED25519 或 RSA。我在 Ubuntu 服务器上做了以下步骤:
home/ci_user/.ssh/authorized_keys
在云 JetBrains 机器上:
所以我的第二步是:
container(displayName = "docker compose up", image = "docker/compose:latest") {
env["DOCKER_HOST"] = Secrets("dev_server")
env["CI_PSWRD"] = Secrets("ci_password")
env["CI_USER"] = Secrets("ci_user")
env["PRIVATE_SSH_KEY"] = Secrets("private_key")
shellScript {
content = """
mkdir /home/ci_user/
mkdir /home/ci_user/.ssh
touch /home/ci_user/.ssh/id_ed25519
chmod 700 /home/ci_user/.ssh
chmod 600 /home/ci_user/.ssh/id_ed25519
echo ${'$'}PRIVATE_SSH_KEY >> /home/ci_user/.ssh/id_ed25519
export DOCKER_HOST=ssh://${'$'}CI_USER@${'$'}DOCKER_HOST
docker-compose up -d
"""
}
}
我有下一个错误:[13] Failed to execute script docker-compose
/tmp/_MEInmipco/paramiko/client.py:837: UserWarning: Unknown ssh-ed25519 host key for xxx.xxx.xxx.xxx : b'81ab950dfe8e8eac56d9df1bce6ee82b'
Traceback (most recent call last):
File "bin/docker-compose", line 6, in <module>
File "compose/cli/main.py", line 72, in main
File "compose/cli/main.py", line 125, in perform_command
File "compose/cli/command.py", line 76, in project_from_options
File "compose/cli/command.py", line 142, in get_project
File "compose/cli/docker_client.py", line 47, in get_client
File "compose/cli/docker_client.py", line 174, in docker_client
File "site-packages/docker/api/client.py", line 166, in __init__
File "site-packages/docker/transport/sshconn.py", line 111, in __init__
File "site-packages/docker/transport/sshconn.py", line 119, in _connect
File "site-packages/paramiko/client.py", line 446, in connect
File "site-packages/paramiko/client.py", line 765, in _auth
paramiko.ssh_exception.SSHException: No authentication methods available
我究竟做错了什么?
最佳答案
我已经解决了十亿个不同的困难。
希望这个 ci 示例对某人有所帮助:
/**
* JetBrains Space Automation
* This Kotlin-script file lets you automate build activities
* For more info, see https://www.jetbrains.com/help/space/automation.html
*/
job("Build and push Docker") {
docker {
beforeBuildScript {
// Create an env variable BRANCH,
// use env var to get full branch name,
// leave only the branch name without the 'refs/heads/' path
content = """
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
"""
}
build {
file = "./Dockerfile"
labels["vendor"] = "up2u"
}
push("up2u.registry.jetbrains.space/p/goup2u/containers/telegram") {
tag = "version-0.\$JB_SPACE_EXECUTION_NUMBER-\$BRANCH"
}
}
container(displayName = "docker compose up", image = "docker/compose:latest") {
env["DOCKER_HOST"] = Secrets("dev_server")
env["CI_PSWRD"] = Secrets("ci_password")
env["CI_USER"] = Secrets("ci_user")
env["PRIVATE_RSA_SSH_KEY"] = Secrets("private_rsa_key")
env["KNOWN_HOST"] = Secrets("known_host")
shellScript {
content = """
apk update
apk add openssh
mkdir -p ~/.ssh
touch ~/.ssh/known_hosts
touch ~/.ssh/id_rsa
touch ~/.ssh/config
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/known_hosts
echo ${'$'}KNOWN_HOST >> ~/.ssh/known_hosts
echo -e ${'$'}PRIVATE_RSA_SSH_KEY >> text
cat text | sed "s/'//g" >> ~/.ssh/id_rsa
echo Host ${'$'}DOCKER_HOST >> ~/.ssh/config
echo ' User' ${'$'}CI_USER >> ~/.ssh/config
echo ' IdentityFile' /home/ci_user/.ssh/id_rsa >> ~/.ssh/config
mkdir /home/ci_user/
mkdir /home/ci_user/.ssh
touch /home/ci_user/.ssh/id_rsa
touch /home/ci_user/.ssh/config
touch /home/ci_user/.ssh/known_hosts
chmod 700 /home/ci_user/.ssh
chmod 600 /home/ci_user/.ssh/id_rsa
chmod 600 /home/ci_user/.ssh/known_hosts
echo ${'$'}KNOWN_HOST >> /home/ci_user/.ssh/known_hosts
echo -e ${'$'}PRIVATE_RSA_SSH_KEY >> text2
cat text2 | sed "s/'//g" >> /home/ci_user/.ssh/id_rsa
echo Host ${'$'}DOCKER_HOST >> /home/ci_user/.ssh/config
echo ' User' ${'$'}CI_USER >> /home/ci_user/.ssh/config
echo ' IdentityFile' /home/ci_user/.ssh/id_rsa >> /home/ci_user/.ssh/config
export DOCKER_HOST=ssh://${'$'}CI_USER@${'$'}DOCKER_HOST
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
export TAG=${'$'}(echo "version-0.'${'$'}JB_SPACE_EXECUTION_NUMBER'-'${'$'}BRANCH'" | sed "s/'//g")
echo ${'$'}CI_PSWRD | docker login up2u.registry.jetbrains.space --username ${'$'}CI_USER --password-stdin
docker-compose stop
docker pull up2u.registry.jetbrains.space/p/goup2u/containers/telegram:${'$'}TAG
docker-compose up -d
"""
}
}
}
主要问题是:关于docker - JetBrains 空间。 docker-compose 与 -H 标志部署在远程服务器上,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67245520/