Jenkins免密拉取GitLab项目

1.在Jenkins上为GitLab创建一个专有的拉取代码的账号 Jenkins需要构建哪些项目就在GitLab给予账号相应权限 我这里已经创建过Jenkins用户,下面用它登录后添加SSH-KEY

Jenkins集成GitLab_java-w1020

2.在Jenkins服务器上生成ssh-key

[root@jenkins ~]# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:IUQIuu0SAdSbZvENbIjFYTrUrnuqKGBmZtwPj6lvz60 root@jenkinsThe key's randomart image is:+---[RSA 2048]----+|ooB=+oo          ||ooo*.= ||oo. * + . || +.* . o . ||+ *     S        ||.@ o             ||O o * ||oo =.o. ||=o*..E.. |+----[SHA256]-----+

查看公钥

[root@jenkins ~]# cat /root/.ssh/id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ckQQf4N93Rjf0ts3Lk4siL6FZmZiBiB+ouwTgw9kKof2NeJTguf0aNfDsgSEet4+bJ53ZKztsFZE/C+sqk7grqeLeYDFBWgdZBz1dmCYT51tRFmZPDEDclOIMc2tz0G50g6DFA1dvIfkzeVbKjBNN0o80FSAwAzrtjMrkyaDcrOmYekiSPM8JYJTTcFLCzIBXz7SXOmKH5vyoAIVpdcwnIhkHNLKfD0MdzGb7Kz/pKMnLubodcxyNir6fqw76qwMe1DE0NtQzpaCrTYhVnAizVqCDek0GMZjTG1vWYNn6a8G7omV3Gde1XjcmjAj6ftVQiVLBRJaIGKI4R/B//nd root@jenkins

将Jenkins的公钥填入GitLab账号中

-w1314

3.测试SSH-KEY 到jenkins服务器上拉取项目来测试ssh-key免密是否生效

[root@jenkins ~]# yum install git -y[root@jenkins ~]# git clone git@106.14.10.124:dev01/sample.git正克隆到 'sample'...The authenticity of host '106.14.10.124 (106.14.10.124)' can't be established.ECDSA key fingerprint is SHA256:bO22/HlgAAGXi9CXTxDE6wvNCUcTs2OajL9PinZMN/0.ECDSA key fingerprint is MD5:ec:4f:14:0a:b6:72:cf:6e:da:5b:fa:5b:be:b9:2f:db.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '106.14.10.124' (ECDSA) to the list of known hosts.remote: Enumerating objects: 6, done.remote: Counting objects: 100% (6/6), done.remote: Compressing objects: 100% (4/4), done.remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 0接收对象中: 100% (6/6), done.

如上,ssh-key已生效

配置jenkins自动拉取代码

1.jenkins 服务器添加证书 系统配置——》Manage Credentials

-w1617

系统配置——》Manage Credentials——》Jenkins——》全局凭证——》添加凭证

-w1617

这样的话Jenkins服务器拉取GitLab的代码就不需要再进行认证了。

Jenkins安装GitLab插件

1.安装插件 插件名称:

GitLabGitlab HookGitlab AuthenticationGitLab Logo

-w1599

安装完成后重启Jenkins


GitLab为Jenkins生成Token

1.我们使用Jenkins用户登录GitLab 然后使用Jenkins用户创建Token

-w1621

2.复制创建的Token

-w1615

3.打开Jenkins 系统管理——》系统配置

-w1425

输入以下相关内容

-w1152

选择凭证,测试后保存

-w1377

4.查看凭证 现在有以下两种方式与GitLab进行认证

通过GitLab上Jenkins用户的密钥(GitLab绑定Jenkins用户的公钥,Jenkins绑定GitLab上Jenkins用户的私钥)、通过GitLab上Jenkins用户的API Token绑定到Jenkins上的GitLab authentication插件上进行连接。

-w1512


Jenkins构建流水线

1.创建Project 新建任务——》流水线

Jenkins集成GitLab_java_02-w1395

2.选择流水线语法

Jenkins集成GitLab_java_03-w1164

3.生成流水线脚本

Jenkins集成GitLab_java_04-w1626

复制生成的git脚本

4.编写Pipline脚本 我这里脚本如下

node {    stage('拉取代码'){        git credentialsId: 'b907af22-5a74-4eee-aa5f-a822c764279c', url: 'git@172.19.95.139:dev01/sample.git'        echo "Code Pull" }    stage('代码扫描'){        echo "Code Scanning" }    stage('代码构建'){        echo "Code Build" }    stage('是否部署'){        input '是否部署' }     stage('开始部署'){        sh '/opt/jenkins/sample/sample_release.sh' }}

将以上脚本写流水线中

-w1507

上面脚本最后执行了/opt/jenkins/sample/sample_release.sh脚本,我们到执行任务的Jenkins服务器上去编写这个部署脚本。脚本如下:jenkins服务器将/usr/local/src/sample.zip文件拷贝到了172.19.182.107上

[root@jenkins /]# cat /opt/jenkins/sample/sample_release.sh#!/usr/bin/env bash
scp /usr/local/src/sample.zip root@172.19.182.107:/usr/local/

这里我们需要先让Jenkins服务器与172.19.182.107做免密登录,将Jenkins的公钥拷贝到172.19.182.107服务中的/root/.ssh/authorized_keys文件中

#Jenkins的公钥(这里为root的公钥,Jenkins进程就需要用root用户运行)[root@jenkins /]# cat /root/.ssh/id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ckQQf4N93Rjf0ts3Lk4siL6FZmZiBiB+ouwTgw9kKof2NeJTguf0aNfDsgSEet4+bJ53ZKztsFZE/C+sqk7grqeLeYDFBWgdZBz1dmCYT51tRFmZPDEDclOIMc2tz0G50g6DFA1dvIfkzeVbKjBNN0o80FSAwAzrtjMrkyaDcrOmYekiSPM8JYJTTcFLCzIBXz7SXOmKH5vyoAIVpdcwnIhkHNLKfD0MdzGb7Kz/pKMnLubodcxyNir6fqw76qwMe1DE0NtQzpaCrTYhVnAizVqCDek0GMZjTG1vWYNn6a8G7omV3Gde1XjcmjAj6ftVQiVLBRJaIGKI4R/B//nd root@jenkins
#172.19.182.107服务器的authorized_keys文件cat /root/.ssh/authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ckQQf4N93Rjf0ts3Lk4siL6FZmZiBiB+ouwTgw9kKof2NeJTguf0aNfDsgSEet4+bJ53ZKztsFZE/C+sqk7grqeLeYDFBWgdZBz1dmCYT51tRFmZPDEDclOIMc2tz0G50g6DFA1dvIfkzeVbKjBNN0o80FSAwAzrtjMrkyaDcrOmYekiSPM8JYJTTcFLCzIBXz7SXOmKH5vyoAIVpdcwnIhkHNLKfD0MdzGb7Kz/pKMnLubodcxyNir6fqw76qwMe1DE0NtQzpaCrTYhVnAizVqCDek0GMZjTG1vWYNn6a8G7omV3Gde1XjcmjAj6ftVQiVLBRJaIGKI4R/B//nd root@jenkins
#测试免密登录[root@jenkins /]# ssh root@172.19.182.107Last login: Tue Jun 30 20:26:12 2020 from 172.19.206.72
Welcome to Alibaba Cloud Elastic Compute Service !

Jenkins执行任务

1.进入到任务中

Jenkins集成GitLab_java_05-w1362

2.点击立即构建

Jenkins集成GitLab_java_06-w961

3.是否部署

Jenkins集成GitLab_java_07-w1385Jenkins集成GitLab_java_08