喷气式飞机空间。docker compose带有-H标志以部署在远程服务器上
我正在尝试使用JetBrains空间创建CI管道。我在SSH授权方面有问题。完全被SSH公钥/私钥搞糊涂了 有两个步骤:喷气式飞机空间。docker compose带有-H标志以部署在远程服务器上,docker,ubuntu,ssh,docker-compose,jetbrains-ide,Docker,Ubuntu,Ssh,Docker Compose,Jetbrains Ide,我正在尝试使用JetBrains空间创建CI管道。我在SSH授权方面有问题。完全被SSH公钥/私钥搞糊涂了 有两个步骤: 创建和推送图像 调用docker compose up-d在远程服务器上部署 有两台服务器 我的虚拟机(Ubuntu),我想要的服务是使用docker启动的 远程JetBrains云CI机 我想使用SSH密钥,ED25519或RSA。我在Ubuntu服务器上做了以下步骤: 已创建ci_用户 我们已经调用了ssh-keygen 已将公钥添加到home/ci\u user/.s
docker compose up-d
在远程服务器上部署- 已创建ci_用户
- 我们已经调用了ssh-keygen
- 已将公钥添加到
home/ci\u user/.ssh/authorized\u keys
- 首先,我是这里的root用户,而不是ci\u用户,因此我正在尝试为ci\u用户创建主文件夹
- 已在CI步骤中将私钥添加到/home/CI_user/.ssh/id_ed25519
container(displayName = "docker compose up", image = "docker/compose:latest") {
env["DOCKER_HOST"] = Secrets("dev_server")
env["CI_PSWRD"] = Secrets("ci_password")
env["CI_USER"] = Secrets("ci_user")
env["PRIVATE_SSH_KEY"] = Secrets("private_key")
shellScript {
content = """
mkdir /home/ci_user/
mkdir /home/ci_user/.ssh
touch /home/ci_user/.ssh/id_ed25519
chmod 700 /home/ci_user/.ssh
chmod 600 /home/ci_user/.ssh/id_ed25519
echo ${'$'}PRIVATE_SSH_KEY >> /home/ci_user/.ssh/id_ed25519
export DOCKER_HOST=ssh://${'$'}CI_USER@${'$'}DOCKER_HOST
docker-compose up -d
"""
}
}
我有下一个错误:
[13] Failed to execute script docker-compose
/tmp/_MEInmipco/paramiko/client.py:837: UserWarning: Unknown ssh-ed25519 host key for xxx.xxx.xxx.xxx : b'81ab950dfe8e8eac56d9df1bce6ee82b'
Traceback (most recent call last):
File "bin/docker-compose", line 6, in <module>
File "compose/cli/main.py", line 72, in main
File "compose/cli/main.py", line 125, in perform_command
File "compose/cli/command.py", line 76, in project_from_options
File "compose/cli/command.py", line 142, in get_project
File "compose/cli/docker_client.py", line 47, in get_client
File "compose/cli/docker_client.py", line 174, in docker_client
File "site-packages/docker/api/client.py", line 166, in __init__
File "site-packages/docker/transport/sshconn.py", line 111, in __init__
File "site-packages/docker/transport/sshconn.py", line 119, in _connect
File "site-packages/paramiko/client.py", line 446, in connect
File "site-packages/paramiko/client.py", line 765, in _auth
paramiko.ssh_exception.SSHException: No authentication methods available
[13]无法执行脚本docker compose
/tmp/_meinmicco/paramiko/client.py:837:UserWarning:xxx.xxx.xxx.xxx的未知ssh-ed25519主机密钥:b'81ab950dfe8e8eac56d9df1bce6ee82b'
回溯(最近一次呼叫最后一次):
文件“bin/docker compose”,第6行,在
main中第72行的文件“compose/cli/main.py”
文件“compose/cli/main.py”,第125行,在perform_命令中
文件“compose/cli/command.py”,第76行,在项目中
get_项目中第142行的文件“compose/cli/command.py”
文件“compose/cli/docker_client.py”,第47行,在get_client中
docker_client中第174行的文件“compose/cli/docker_client.py”
文件“site packages/docker/api/client.py”,第166行,in__init__
文件“site packages/docker/transport/sshconn.py”,第111行,in__init__
文件“site packages/docker/transport/sshconn.py”,第119行,in\u connect
文件“site packages/paramiko/client.py”,第446行,在connect中
文件“site packages/paramiko/client.py”,第765行,in_auth
paramiko.ssh_exception.SSHException:没有可用的身份验证方法
我做错了什么?我解决了数十亿个不同的困难。 希望此ci示例能够帮助某人:
/**
* JetBrains Space Automation
* This Kotlin-script file lets you automate build activities
* For more info, see https://www.jetbrains.com/help/space/automation.html
*/
job("Build and push Docker") {
docker {
beforeBuildScript {
// Create an env variable BRANCH,
// use env var to get full branch name,
// leave only the branch name without the 'refs/heads/' path
content = """
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
"""
}
build {
file = "./Dockerfile"
labels["vendor"] = "up2u"
}
push("up2u.registry.jetbrains.space/p/goup2u/containers/telegram") {
tag = "version-0.\$JB_SPACE_EXECUTION_NUMBER-\$BRANCH"
}
}
container(displayName = "docker compose up", image = "docker/compose:latest") {
env["DOCKER_HOST"] = Secrets("dev_server")
env["CI_PSWRD"] = Secrets("ci_password")
env["CI_USER"] = Secrets("ci_user")
env["PRIVATE_RSA_SSH_KEY"] = Secrets("private_rsa_key")
env["KNOWN_HOST"] = Secrets("known_host")
shellScript {
content = """
apk update
apk add openssh
mkdir -p ~/.ssh
touch ~/.ssh/known_hosts
touch ~/.ssh/id_rsa
touch ~/.ssh/config
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/known_hosts
echo ${'$'}KNOWN_HOST >> ~/.ssh/known_hosts
echo -e ${'$'}PRIVATE_RSA_SSH_KEY >> text
cat text | sed "s/'//g" >> ~/.ssh/id_rsa
echo Host ${'$'}DOCKER_HOST >> ~/.ssh/config
echo ' User' ${'$'}CI_USER >> ~/.ssh/config
echo ' IdentityFile' /home/ci_user/.ssh/id_rsa >> ~/.ssh/config
mkdir /home/ci_user/
mkdir /home/ci_user/.ssh
touch /home/ci_user/.ssh/id_rsa
touch /home/ci_user/.ssh/config
touch /home/ci_user/.ssh/known_hosts
chmod 700 /home/ci_user/.ssh
chmod 600 /home/ci_user/.ssh/id_rsa
chmod 600 /home/ci_user/.ssh/known_hosts
echo ${'$'}KNOWN_HOST >> /home/ci_user/.ssh/known_hosts
echo -e ${'$'}PRIVATE_RSA_SSH_KEY >> text2
cat text2 | sed "s/'//g" >> /home/ci_user/.ssh/id_rsa
echo Host ${'$'}DOCKER_HOST >> /home/ci_user/.ssh/config
echo ' User' ${'$'}CI_USER >> /home/ci_user/.ssh/config
echo ' IdentityFile' /home/ci_user/.ssh/id_rsa >> /home/ci_user/.ssh/config
export DOCKER_HOST=ssh://${'$'}CI_USER@${'$'}DOCKER_HOST
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
export TAG=${'$'}(echo "version-0.'${'$'}JB_SPACE_EXECUTION_NUMBER'-'${'$'}BRANCH'" | sed "s/'//g")
echo ${'$'}CI_PSWRD | docker login up2u.registry.jetbrains.space --username ${'$'}CI_USER --password-stdin
docker-compose stop
docker pull up2u.registry.jetbrains.space/p/goup2u/containers/telegram:${'$'}TAG
docker-compose up -d
"""
}
}
}
主要问题是:
- RSA密钥的正确格式(应为pem格式)
- 需要已知的_主机文件
- 当您尝试从secret获取rsa密钥时,应该检查“\n”符号并从结果中删除引号
- 不要忘记docker映像上的ssh客户端
- 别忘了先拉图片
/**
* JetBrains Space Automation
* This Kotlin-script file lets you automate build activities
* For more info, see https://www.jetbrains.com/help/space/automation.html
*/
job("Build and push Docker") {
docker {
beforeBuildScript {
// Create an env variable BRANCH,
// use env var to get full branch name,
// leave only the branch name without the 'refs/heads/' path
content = """
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
"""
}
build {
file = "./Dockerfile"
labels["vendor"] = "up2u"
}
push("up2u.registry.jetbrains.space/p/goup2u/containers/telegram") {
tag = "version-0.\$JB_SPACE_EXECUTION_NUMBER-\$BRANCH"
}
}
container(displayName = "docker compose up", image = "docker/compose:latest") {
env["DOCKER_HOST"] = Secrets("dev_server")
env["CI_PSWRD"] = Secrets("ci_password")
env["CI_USER"] = Secrets("ci_user")
env["PRIVATE_RSA_SSH_KEY"] = Secrets("private_rsa_key")
env["KNOWN_HOST"] = Secrets("known_host")
shellScript {
content = """
apk update
apk add openssh
mkdir -p ~/.ssh
touch ~/.ssh/known_hosts
touch ~/.ssh/id_rsa
touch ~/.ssh/config
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/known_hosts
echo ${'$'}KNOWN_HOST >> ~/.ssh/known_hosts
echo -e ${'$'}PRIVATE_RSA_SSH_KEY >> text
cat text | sed "s/'//g" >> ~/.ssh/id_rsa
echo Host ${'$'}DOCKER_HOST >> ~/.ssh/config
echo ' User' ${'$'}CI_USER >> ~/.ssh/config
echo ' IdentityFile' /home/ci_user/.ssh/id_rsa >> ~/.ssh/config
mkdir /home/ci_user/
mkdir /home/ci_user/.ssh
touch /home/ci_user/.ssh/id_rsa
touch /home/ci_user/.ssh/config
touch /home/ci_user/.ssh/known_hosts
chmod 700 /home/ci_user/.ssh
chmod 600 /home/ci_user/.ssh/id_rsa
chmod 600 /home/ci_user/.ssh/known_hosts
echo ${'$'}KNOWN_HOST >> /home/ci_user/.ssh/known_hosts
echo -e ${'$'}PRIVATE_RSA_SSH_KEY >> text2
cat text2 | sed "s/'//g" >> /home/ci_user/.ssh/id_rsa
echo Host ${'$'}DOCKER_HOST >> /home/ci_user/.ssh/config
echo ' User' ${'$'}CI_USER >> /home/ci_user/.ssh/config
echo ' IdentityFile' /home/ci_user/.ssh/id_rsa >> /home/ci_user/.ssh/config
export DOCKER_HOST=ssh://${'$'}CI_USER@${'$'}DOCKER_HOST
export BRANCH=${'$'}(echo ${'$'}JB_SPACE_GIT_BRANCH | cut -d'/' -f 3)
export TAG=${'$'}(echo "version-0.'${'$'}JB_SPACE_EXECUTION_NUMBER'-'${'$'}BRANCH'" | sed "s/'//g")
echo ${'$'}CI_PSWRD | docker login up2u.registry.jetbrains.space --username ${'$'}CI_USER --password-stdin
docker-compose stop
docker pull up2u.registry.jetbrains.space/p/goup2u/containers/telegram:${'$'}TAG
docker-compose up -d
"""
}
}
}