如何从 Gitlab CD 中的应用程序存储库链接部署脚本/存储库? [英] How to link a deployment script/repo from an application repo in Gitlab CD?
问题描述
假设您有:
Repo A带有通用应用程序.Repo B带有 Ansible 部署脚本.
Repo Awith a generic application.Repo Bwith an Ansible deployment script.
在 RepoA CI/CD runner 中,我想从 Repo B 运行 Ansible 脚本.最好/最简单的方法是什么?
Inside the RepoA CI/CD runner, I want to run the Ansible script from Repo B. What's the best/easiest way to do this?
我正在尝试为 RepoB 创建一个额外的 ssh 密钥,并通过 秘密变量.不幸的是,我必须创建一个虚拟用户,该用户只能为此访问 RepoB.
What I am trying is to create an extra ssh key for RepoB only and feed it into the runner via Secret Variables. Unfortunately, I would have to create a dummy user, that only has access to RepoB for that.
还有其他方法可以做到吗?看起来这应该是一个非常常见的部署工作流程.
Is there any other ways I could do that? It seems like that should be a pretty common workflow for deployments.
推荐答案
你说得对,这是一个非常常见的用例.Gitlab 使用它所谓的 Deploy Keys 来实现这一点(更多信息 这里).
You're right, that's a pretty common use case. Gitlab uses what it calls Deploy Keys to achieve this (more info here).
我已经回答了一个类似的问题 这里.
I've answered a similar question here.
以下是根据您的特定需求调整的答案版本.
Below is a version of that answer tuned to your specific needs.
首先生成一个 SSH 密钥对.您可以为此使用 ssh-keygen -t rsa.
First generate a SSH key pair. You can use ssh-keygen -t rsa for that.
然后转到 Repo B 的 gitlab 页面并找到 Deploy Keys 设置.您应该粘贴刚刚生成的公钥.
Then go to Repo B's gitlab page and locate the Deploy Keys setting. There you should paste the public key you just generated.
然后转到 Repo A 找到 Variables 页面.例如,创建一个名为 SSH_PRIVATE_KEY 的新私有变量,然后粘贴您生成的私有密钥.
Then go to Repo A locate the Variables page. Create a new private variable with the name SSH_PRIVATE_KEY for instance and paste the private key you generated there.
最后,在您的 .gitlab-ci.yml 文件中添加以下内容,以便您的私钥可用于您的 CI 环境:
Finally, in your .gitlab-ci.yml file add the following so that your private key will be available to your CI environment:
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- ssh-add <(echo "$SSH_PRIVATE_KEY")
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
现在应该设置您的 Repo A CI 环境,以便可以拉出 Repo B.
Your Repo A CI environment should now be setup so that in can pull Repo B.
这篇关于如何从 Gitlab CD 中的应用程序存储库链接部署脚本/存储库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
