如何链接Gitlab CD中的应用程序repo的部署脚本/ repo? [英] How to link a deployment script/repo from an application repo in Gitlab CD?
问题描述
-
Repo A
与通用应用程序。 -
Repo B
与可执行部署脚本。
在RepoA CI / CD赛跑者内部,我想从Repo B运行可执行的脚本。这是最好还是最简单的方法?
我正在尝试的是为RepoB创建一个额外的ssh密钥,并通过秘密变量。不幸的是,我必须创建一个虚拟用户,只能访问RepoB。
有没有其他方法可以做到这一点?似乎这应该是一个很常见的部署工作流程。
你是对的,这是一个很常见的用例。 Gitlab使用所谓的部署密钥
来实现这一点(更多信息 here )。
我已经回答了一个类似的问题 here 。
以下是针对您的具体需求的一个版本。
首先生成一个SSH密钥对。您可以使用 ssh-keygen -t rsa
。
然后转到Repo B的gitlab页面,找到部署密钥
设置。在那里你应该粘贴你刚生成的公钥。
然后去Repo A找到变量
页面。创建一个名为 SSH_PRIVATE_KEY
的新私有变量,然后粘贴您生成的私钥。
最后,在您的 .gitlab-ci.yml
文件中添加以下内容,以便您的私人密钥可用于您的CI环境:
- '其中ssh-agent || (apt-get update -y&& apt-get install openssh-client -y)'
#运行ssh-agent(在构建环境中)
- eval $(ssh-agent -s )
#将存储在SSH_PRIVATE_KEY变量中的SSH密钥添加到代理存储
- ssh-add<(echo$ SSH_PRIVATE_KEY)
- mkdir -p〜/ .ssh
- '[[-f /.dockerenv]]&& echo -eHost * \\\
\tStrictHostKeyChecking no\\\
\\\
> 〜/ .ssh / config'
您的Repo现在应该设置一个CI环境,以便可以拉回复B。
Let's say you have:
Repo A
with a generic application.Repo B
with an Ansible deployment script.
Inside the RepoA CI/CD runner, I want to run the Ansible script from Repo B. What's the best/easiest way to do this?
What I am trying is to create an extra ssh key for RepoB only and feed it into the runner via Secret Variables. Unfortunately, I would have to create a dummy user, that only has access to RepoB for that.
Is there any other ways I could do that? It seems like that should be a pretty common workflow for deployments.
You're right, that's a pretty common use case. Gitlab uses what it calls Deploy Keys
to achieve this (more info here).
I've answered a similar question here.
Below is a version of that answer tuned to your specific needs.
First generate a SSH key pair. You can use ssh-keygen -t rsa
for that.
Then go to Repo B's gitlab page and locate the Deploy Keys
setting. There you should paste the public key you just generated.
Then go to Repo A locate the Variables
page. Create a new private variable with the name SSH_PRIVATE_KEY
for instance and paste the private key you generated there.
Finally, in your .gitlab-ci.yml
file add the following so that your private key will be available to your CI environment:
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- ssh-add <(echo "$SSH_PRIVATE_KEY")
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
Your Repo A CI environment should now be setup so that in can pull Repo B.
这篇关于如何链接Gitlab CD中的应用程序repo的部署脚本/ repo?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!