4

我有以下詹金斯文件

pipeline {
    agent {
        dockerfile {
            args "-u root -v /var/run/docker.sock:/var/run/docker.sock"
        }
    }
    environment {
        ESXI_CREDS = credentials('ESXI_CREDS')
        PACKER_LOG = 1
    }
    stages {
        stage('Build Base image') {
            steps {
               sh "ansible-galaxy install -r ./requirements.yml"
        }
    }
}

参考.yml

- src:     
  ssh://tfsserver/_git/ansible-sshd
  scm: git
  name: ansible-sshd

它使用以下 Dockerfile

FROM hashicorp/packer:full

RUN apk --no-cache add git openssh-client rsync jq py2-pip py-boto py2-six py2-cryptography py2-bcrypt py2-asn1crypto py2-jsonschema py2-pynacl py2-asn1 py2-markupsafe py2-paramiko py2-dateutil py2-docutils py2-futures py2-rsa py2-libxml2 libxml2 libxslt && \
    apk --no-cache add gcc python2-dev musl-dev linux-headers libxml2-dev libxslt-dev && \
    pip install ansible jsonmerge awscli boto3 hvac ansible-modules-hashivault molecule python-gilt python-jenkins lxml openshift docker docker-compose mitogen yamale ansible-lint && \
    apk del gcc python2-dev musl-dev linux-headers libxml2-dev libxslt-dev

USER root

ENTRYPOINT []

运行上面的 jensfile 构建时,它似乎卡在了我们的 tfs 服务器的身份验证中,并出现以下错误

+ ansible-galaxy install -r ./requirements.yml
[WARNING]: - ansible-sshd was NOT installed successfully: - command
/usr/bin/git clone
ssh://tfsserver/_git/ansible-sshdtmp5VN20Z (rc=128)
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

我正在将 git 与 tfs 一起使用,但我不知道如何使用 git repo 对代理进行身份验证,也不想将私钥存储在构建代理上并将其卷映射到 docker 容器甚至不确定如果这样可行,我什至尝试在构建期间将私钥动态添加到容器中,但它似乎不起作用

 withCredentials([sshUserPrivateKey(credentialsId: 'tfs', keyFileVariable: 'keyfile')]) {
   sh "mkdir -p ~/.ssh && cp ${keyfile} ~/.ssh/id_rsa"
   sh "ansible-galaxy install -r ./requirements.yml"
 }
4

1 回答 1

0

我遇到了同样的问题,但最终使用 sed 解决了。

withCredentials([usernamePassword(credentialsId: 'GIT_AUTHENTICATION', passwordVariable: 'password', usernameVariable: 'username')])
{
    sh "sed -i 's/${git_url}/${username}:${password}@${git_url}/g' roles/requirements.yml"
    sh "ansible-galaxy install -c -r roles/requirements.yml -p roles/"
    sh "ansible-playbook site.yml -i ${inventory}"
}

大多数远程存储库允许 url 身份验证或 oAuth 令牌 url,两者的工作方式相同:

{protocol}://${username}:${password}@{gitl_url}/${repo}

例子:

https://username:password@github.com/username/repository.git

如果您的密码包含特殊字符,请使用https://www.urlencoder.org/ 并记住只需将其与 一起使用withCredentials,以便混淆敏感数据。

于 2019-09-03T01:10:29.363 回答