git 为 Github 私有存储库验证 Jenkins CI
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5212304/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Authenticate Jenkins CI for Github private repository
提问by bx2
I'd like for Jenkins to automagically fetch data from my private repository hosted on Github. But I have no idea how to accomplish that task.. Tried the documentation, generating ssh-key for jenkins user and all what I can see is: "unable to clone the repo". I've checked URLs - they are valid.
我想让 Jenkins 从我托管在 Github 上的私人存储库中自动获取数据。但我不知道如何完成该任务.. 尝试文档,为 jenkins 用户生成 ssh-key,我能看到的所有内容是:“无法克隆 repo”。我检查了 URL - 它们是有效的。
Any clues, maybe you know some docs/blogs/whatever which are describing this kind of stuff?
任何线索,也许您知道一些描述此类内容的文档/博客/任何内容?
回答by Mark Longair
Perhaps GitHub's support for deploy keysis what you're looking for? To quote that page:
也许 GitHub 对部署密钥的支持正是您想要的?引用该页面:
When should I use a deploy key?
Simple, when you have a server that needs pull access to a single private repo. This key is attached directly to the repository instead of to a personal user account.
我什么时候应该使用部署密钥?
很简单,当您的服务器需要对单个私有存储库进行拉取访问时。此密钥直接附加到存储库而不是个人用户帐户。
If that's what you're already trying and it doesn't work, you might want to update your question with more details of the URLs being used, the names and location of the key files, etc.
如果这是您已经在尝试的并且不起作用,您可能需要使用所使用的 URL、密钥文件的名称和位置等的更多详细信息来更新您的问题。
Now for the technical part: How to use your SSH key with Jenkins?
现在是技术部分:如何在 Jenkins 中使用您的 SSH 密钥?
If you have, say, a jenkinsunix user, you can store your deploy key in ~/.ssh/id_rsa. When Jenkins tries to clone the repo via ssh, it will try to use that key.
如果您有一个jenkinsunix 用户,您可以将您的部署密钥存储在~/.ssh/id_rsa. 当 Jenkins 尝试通过 ssh 克隆 repo 时,它将尝试使用该密钥。
In some setups, you cannot run Jenkins as an own user account, and possibly also cannot use the default ssh key location ~/.ssh/id_rsa. In such cases, you can create a key in a different location, e.g. ~/.ssh/deploy_key, and configure sshto use that with an entry in ~/.ssh/config:
在某些设置中,您不能以自己的用户帐户运行 Jenkins,也可能无法使用默认的 ssh 密钥位置~/.ssh/id_rsa。在这种情况下,您可以在不同的位置创建一个密钥,例如~/.ssh/deploy_key,并配置ssh为将其与 中的条目一起使用~/.ssh/config:
Host github-deploy-myproject
HostName github.com
User git
IdentityFile ~/.ssh/deploy_key
IdentitiesOnly yes
Because all you authenticate to all Github repositories using [email protected]and you don't want the above key to be used for all your connections to Github, we created a host alias github-deploy-myproject. Your clone URL now becomes
因为您对所有使用的 Github 存储库进行身份验证,[email protected]并且您不希望将上述密钥用于与 Github 的所有连接,所以我们创建了一个主机别名github-deploy-myproject。您的克隆 URL 现在变为
git clone github-deploy-myproject:myuser/myproject
and that is also what you put as repository URLinto Jenkins.
这也是您将存储库 URL放入 Jenkins 的内容。
(Note that you must notput ssh://in front in order for this to work.)
(请注意,您不得将ssh://放在前面才能使其正常工作。)
回答by Edward Samson
One thing that got this working for me is to make sure that github.comis in ~jenkins/.ssh/known_hosts.
让这个对我有用的一件事是确保它github.com在~jenkins/.ssh/known_hosts.
回答by Sergii Mostovyi
If you need Jenkins to access more then 1 project you will need to:
1. add public key to one github user account
2. add this user as Owner (to access all projects) or as a Collaborator in every project.
如果您需要 Jenkins 访问超过 1 个项目,您需要:
1. 将公钥添加到一个 github 用户帐户
2. 将此用户添加为所有者(以访问所有项目)或作为每个项目中的合作者。
Many public keys for one system user will not work because GitHub will find first matched deploy key and will send back error like "ERROR: Permission to user/repo2 denied to user/repo1"
一个系统用户的许多公钥将不起作用,因为 GitHub 会找到第一个匹配的部署密钥,并会发回诸如“错误:用户/repo2 的权限被拒绝给用户/repo1”之类的错误
回答by Ray
Jenkins creates a user Jenkins on the system. The ssh key must be generated for the Jenkins user. Here are the steps:
Jenkins 在系统上创建一个用户 Jenkins。必须为 Jenkins 用户生成 ssh 密钥。以下是步骤:
sudo su jenkins -s /bin/bash
cd ~
mkdir .ssh // may already exist
cd .ssh
ssh-keygen
Now you can create a Jenkins credential using the SSH key On Jenkins dashboard Add Credentials
现在,您可以使用 Jenkins 仪表板上的 SSH 密钥创建 Jenkins 凭证添加凭证
select this option
选择这个选项
Private Key: From the Jenkins master ~/.ssh
私钥:来自 Jenkins master ~/.ssh
回答by Jon
I had a similar problem with gitlab. It turns out I had restricted the users that are allowed to login via ssh. This won't affect github users, but in case people end up here for gitlab (and the like) issues, ensure you add gitto the AllowUserssetting in /etc/ssh/sshd_config:
我在 gitlab 上遇到了类似的问题。事实证明,我限制了允许通过 ssh 登录的用户。这不会影响 github 用户,但如果人们最终因为 gitlab(等)问题来到这里,请确保您添加git到AllowUsers设置中/etc/ssh/sshd_config:
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
AllowUsers batman git
回答by orlanthi
An alternative to the answer from sergey_mo is to create multiple ssh keys on the jenkins server.
sergey_mo 答案的替代方法是在 jenkins 服务器上创建多个 ssh 密钥。
(Though as the first commenter to sergey_mo's answer said, this may end up being more painful than managing a single key-pair.)
(尽管正如 sergey_mo 回答的第一个评论者所说,这最终可能比管理单个密钥对更痛苦。)
