node.js 如何在 Jenkins 管道中使用 SSH?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/44237417/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I use SSH in a Jenkins pipeline?
提问by lbar
I have some Jenkins jobs defined using a Jenkins Pipeline Model Definition, which builds NPM projects. I use Docker containers to build these projects (using a common image with just Node.js + npm + yarn).
我有一些使用 Jenkins 管道模型定义定义的 Jenkins 作业,它构建 NPM 项目。我使用 Docker 容器来构建这些项目(使用只有 Node.js + npm + yarn 的通用镜像)。
The results of the builds are contained in the dist/folder that I zipped using a zippipeline command.
构建的结果包含在dist/我使用zip管道命令压缩的文件夹中。
I want to copy this ZIP file to another server using SSH/SCP (with private key authentication). My private key is added to the Jenkins environment (credentials manager), but when I use Docker containers, an SSH connection cannot be established.
我想使用 SSH/SCP(使用私钥身份验证)将此 ZIP 文件复制到另一台服务器。我的私钥添加到Jenkins环境(凭证管理器)中,但是当我使用Docker容器时,无法建立SSH连接。
I tried to add agent { label 'master' }to use the master Jenkins node for file transfer, but it seems to create a clean workspace with new Git fetch, and without my built files.
我尝试添加agent { label 'master' }以使用主 Jenkins 节点进行文件传输,但它似乎使用新的 Git fetch 创建了一个干净的工作区,并且没有我构建的文件。
After I tried the SSH Agent Plugin, I have this output:
在我尝试了 SSH 代理插件之后,我得到了这个输出:
Identity added: /srv/jenkins3/workspace/myjob-TFD@tmp/private_key_370451445598243031.key (rsa w/o comment)
[ssh-agent] Started.
[myjob-TFD] Running shell script
+ scp -r dist test@myremotehost:/var/www/xxx
$ docker exec bfda17664965b14281eef8670b34f83e0ff60218b04cfa56ba3c0ab23d94d035 env SSH_AGENT_PID=1424 SSH_AUTH_SOCK=/tmp/ssh-k658r0O76Yqb/agent.1419 ssh-agent -k
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 1424 killed;
[ssh-agent] Stopped.
Host key verification failed.
lost connection
How do I add a remote host as authorized?
如何添加授权的远程主机?
回答by user9948238
I had a similar issue. I did not use label 'master', and I identified that the file transfer works across slaves, when I do it like this:
我有一个类似的问题。我没有使用标签“master”,当我这样做时,我发现文件传输可以跨从属设备进行:
Step 1 - create SSH keys in remote host server, include the key to authorized_keys
第 1 步 - 在远程主机服务器中创建 SSH 密钥,包括authorized_keys 的密钥
Step 2 - Create credential using SSH keys in Jenkins, use the private key from the remote host
第 2 步 - 在 Jenkins 中使用 SSH 密钥创建凭证,使用来自远程主机的私钥
The below step is added to the pipeline:
将以下步骤添加到管道中:
stage ('Deploy') {
steps{
sshagent(credentials : ['use-the-id-from-credential-generated-by-jenkins']) {
sh 'ssh -o StrictHostKeyChecking=no [email protected] uptime'
sh 'ssh -v [email protected]'
sh 'scp ./source/filename [email protected]:/remotehost/target'
}
}
}
回答by haschibaschi
Use the SSH agent plugin:
使用 SSH 代理插件:
When using this plugin you can use the global credentials.
使用此插件时,您可以使用全局凭据。
回答by Patryk Wla?
To add a remote host to known hosts and hopefully cope with your error try to manually ssh from the Jenkins host to the target host as the Jenkins user.
要将远程主机添加到已知主机并希望解决您的错误,请尝试以 Jenkins 用户的身份手动从 Jenkins 主机 ssh 到目标主机。
Get on the host where Jenkins is installed. Type
进入安装 Jenkins 的主机。类型
sudo su jenkins
Now use ssh or scp like
现在使用 ssh 或 scp 之类的
ssh username@server
You should be prompted like this:
您应该会收到这样的提示:
The authenticity of host 'server (ip)' can't be established. ECDSA key fingerprint is SHA256:some-weird-string. Are you sure you want to continue connecting (yes/no)?
无法确定主机“服务器(ip)”的真实性。ECDSA 密钥指纹是 SHA256:some-weird-string。您确定要继续连接吗(是/否)?
Type yes. The server will be permanently added as a known host. Don't even bother passing a password, just Ctrl+ Cand try running a Jenkins job.
输入是。该服务器将被永久添加为已知主机。甚至不用费心传递密码,只需Ctrl+C并尝试运行 Jenkins 作业。
回答by Generic Ratzlaugh
Like @haschibaschi recommends, I also use the ssh-agent plugin. I have a need to use my personal UID credentials on the remote machine, because it doesn't have any UID Jenkins account. The code looks like this (using, for example, my personal UID="myuid" and remote server hostname="non_jenkins_svr":
就像@haschibaschi 推荐的那样,我也使用了 ssh-agent 插件。我需要在远程机器上使用我的个人 UID 凭据,因为它没有任何 UID Jenkins 帐户。代码如下所示(例如,使用我的个人 UID="myuid" 和远程服务器主机名="non_jenkins_svr":
sshagent(['e4fbd939-914a-41ed-92d9-8eededfb9243']) {
// 'myuid@' required for scp (this is from UID jenkins to UID myuid)
sh "scp $WORKSPACE/example.txt myuid@non_jenkins_svr:${dest_dir}"
}
The ID e4fbd939-914a-41ed-92d9-8eededfb9243 was generated by the Jenkins credentials manager after I created a global domain credentials entry.
ID e4fbd939-914a-41ed-92d9-8eeeddfb9243 是在我创建全局域凭据条目后由 Jenkins 凭据管理器生成的。
After creating the credentials entry, the ID is found under the "ID" column on the credentials page. When creating the entry, I selected type 'SSH Username with private key' ('Kind' field), and copied the RSA private key I had created for this purpose under the myuid account on host non_jenkins_svrwithout a passphrase.
创建凭据条目后,可在凭据页面的“ID”列下找到 ID。创建条目时,我选择了类型“带私钥的 SSH 用户名”(“种类”字段),并复制了我为此目的在主机上的 myuid 帐户下创建的 RSA 私钥,non_jenkins_svr没有密码。
