type
status
date
slug
summary
tags
category
icon
password
1. 写在前面
sshagent可以完成常见的两个需求:
- scp本地文件到remote server
- ssh remote server 执行shell命令
如官网所说,只支持秘钥,故使用前确保安装了插件、创建了秘钥,见Jenkins | Manage Jenkins | Manage Credentials
Note that only Private Key based credentials can be used.
steps { sshagent(credentials: ['ssh-credentials-id']) { sh ''' [ -d ~/.ssh ] || mkdir ~/.ssh && chmod 0700 ~/.ssh ssh-keyscan -t rsa,dsa example.com >> ~/.ssh/known_hosts ssh [email protected] ... ''' } }
上述官方例子真正执行ssh前使用了known_hosts,这是为了避免授信弹出,可以用
-o StrictHostKeyChecking=no 代替。2. 样本
parameters配置后,第一次build时,左边窗口可能只显示“立即构建”而不是“build with parameters”。可以run一次,失败后左边的“立即构建”理论会变成“build with parameters”,如果没变,考虑里面参数是否适配。
def label = "jenkins-slave-${UUID.randomUUID().toString()}" properties([ parameters([ string(defaultValue: 'test0424', name: 'tar', description: "打包名称"), string(defaultValue: 'chawn', name: 'user', description: "ssh user"), string(defaultValue: '192.168.123.14', name: 'server1', description: "前端ECS") ]) ]) podTemplate(label: label, cloud: 'kubernetes', volumes: [ hostPathVolume(hostPath: '/usr/share/zoneinfo/Asia/Shanghai',mountPath: '/etc/localtime') ] ) { node(label) { stage('Run shell') { sh 'sleep 2s' sh 'echo hello world.' } stage('test ssh'){ //模拟npm生成dist文件,打包 sh """ touch a.txt b.txt tar zcvf ${params.tar}.tar.gz a.txt b.txt ls -lth """ stage('ssh2remote'){ sshagent(credentials: ['mysshkey']) { //scp dist包到目的服务器,再ssh登录到remote server执行删除、解压等命令 //使用参数时带上花括号,即${agrs} sh """ scp -o StrictHostKeyChecking=no ${params.tar}.tar.gz ${params.user}@${params.server1}:/tmp/ ssh -o StrictHostKeyChecking=no ${params.user}@${params.server1} <<- EOF rm -f /tmp/{a.txt,b.txt} tar -zxvf /tmp/${params.tar}.tar.gz -C /tmp/ ls -lht /tmp EOF """.stripIndent() } } } } }
- 可以看到使用sshagent就是直接使用了此插件的功能,和container无关。
- 注意EOF和
.stripIndent()配合使用
- 只能使用秘钥可能不适用某些场景。
- sshagent符合传统的shell使用习惯,基本不需要额外的学习成本。
如果觉得parameters用起来麻烦,可以换成def,显然parameters模块功能更强大。
/* properties([ parameters([ string(defaultValue: 'test0424', name: 'tar', description: "打包名称"), string(defaultValue: 'chawn', name: 'user', description: "ssh user"), string(defaultValue: '192.168.123.14', name: 'server1', description: "前端ECS") ]) ]) */ def tar = 'test0424' def user = 'chawn' def server1 = '192.168.123.14'
3. 样本log
Running on jenkins-slave-106aa68d-581f-4735-9433-cd1a0c1472f8-cg47l-zdt5t in /home/jenkins/agent/workspace/demo [Pipeline] { [Pipeline] stage [Pipeline] { (Run shell) [Pipeline] sh + sleep 2s [Pipeline] sh + echo hello world. hello world. [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (test ssh) [Pipeline] sh + touch a.txt b.txt + tar zcvf test0424.tar.gz a.txt b.txt a.txt b.txt + ls -lth total 4.0K -rw-r--r-- 1 jenkins jenkins 126 Apr 24 14:50 test0424.tar.gz -rw-r--r-- 1 jenkins jenkins 0 Apr 24 14:50 a.txt -rw-r--r-- 1 jenkins jenkins 0 Apr 24 14:50 b.txt [Pipeline] stage [Pipeline] { (ssh2remote) [Pipeline] sshagent [ssh-agent] Using credentials chawn [ssh-agent] Looking for ssh-agent implementation... [ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine) $ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-D0qOhtvOgK8R/agent.91 SSH_AGENT_PID=93 Running ssh-add (command line suppressed) Identity added: /home/jenkins/agent/workspace/demo@tmp/private_key_16417331379494790807.key (/home/jenkins/agent/workspace/demo@tmp/private_key_16417331379494790807.key) [ssh-agent] Started. [Pipeline] { [Pipeline] sh + scp -o StrictHostKeyChecking=no test0424.tar.gz [email protected]:/tmp/ Warning: Permanently added '192.168.123.14' (ECDSA) to the list of known hosts. + ssh -o StrictHostKeyChecking=no [email protected] Pseudo-terminal will not be allocated because stdin is not a terminal. a.txt b.txt total 4.0K -rw-r--r-- 1 chawn chawn 126 Apr 24 14:50 test0424.tar.gz -rw-r--r-- 1 chawn chawn 0 Apr 24 14:50 a.txt -rw-r--r-- 1 chawn chawn 0 Apr 24 14:50 b.txt [Pipeline] } $ ssh-agent -k unset SSH_AUTH_SOCK; unset SSH_AGENT_PID; echo Agent pid 93 killed; [ssh-agent] Stopped. [Pipeline] // sshagent [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // node [Pipeline] } [Pipeline] // podTemplate [Pipeline] End of Pipeline Finished: SUCCESS