干货分享建议收藏：Jenkins集成GitLab

共计 4166 个字符，预计需要花费 11 分钟才能阅读完成。

Jenkins 免密拉取 GitLab 项目

1. 在 Jenkins 上为 GitLab 创建一个专有的拉取代码的账号 Jenkins 需要构建哪些项目就在 GitLab 给予账号相应权限 我这里已经创建过 Jenkins 用户，下面用它登录后添加 SSH-KEY

2. 在 Jenkins 服务器上生成 ssh-key

[root@jenkins ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IUQIuu0SAdSbZvENbIjFYTrUrnuqKGBmZtwPj6lvz60 root@jenkins
The key's randomart image is:
+---[RSA 2048]----+
|ooB=+oo          |
|ooo*.=           |
|oo. * + .        |
| +.* . o .       |
|+ *     S        |
|.@ o             |
|O o *            |
|oo =.o.          |
|=o*..E..         |
+----[SHA256]-----+

查看公钥

[root@jenkins ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ckQQf4N93Rjf0ts3Lk4siL6FZmZiBiB+ouwTgw9kKof2NeJTguf0aNfDsgSEet4+bJ53ZKztsFZE/C+sqk7grqeLeYDFBWgdZBz1dmCYT51tRFmZPDEDclOIMc2tz0G50g6DFA1dvIfkzeVbKjBNN0o80FSAwAzrtjMrkyaDcrOmYekiSPM8JYJTTcFLCzIBXz7SXOmKH5vyoAIVpdcwnIhkHNLKfD0MdzGb7Kz/pKMnLubodcxyNir6fqw76qwMe1DE0NtQzpaCrTYhVnAizVqCDek0GMZjTG1vWYNn6a8G7omV3Gde1XjcmjAj6ftVQiVLBRJaIGKI4R/B//nd root@jenkins

将 Jenkins 的公钥填入 GitLab 账号中

3. 测试 SSH-KEY 到 jenkins 服务器上拉取项目来测试 ssh-key 免密是否生效

[root@jenkins ~]# yum install git -y
[root@jenkins ~]# git clone git@106.14.10.124:dev01/sample.git
正克隆到 'sample'...
The authenticity of host '106.14.10.124 (106.14.10.124)' can't be established.
ECDSA key fingerprint is SHA256:bO22/HlgAAGXi9CXTxDE6wvNCUcTs2OajL9PinZMN/0.
ECDSA key fingerprint is MD5:ec:4f:14:0a:b6:72:cf:6e:da:5b:fa:5b:be:b9:2f:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '106.14.10.124' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 0
接收对象中: 100% (6/6), done.

如上，ssh-key 已生效

配置 jenkins 自动拉取代码

1.jenkins 服务器添加证书 系统配置——》Manage Credentials

系统配置——》Manage Credentials——》Jenkins——》全局凭证——》添加凭证

这样的话 Jenkins 服务器拉取 GitLab 的代码就不需要再进行认证了。

Jenkins 安装 GitLab 插件

1. 安装插件 插件名称：

•GitLab

•Gitlab Hook

•Gitlab Authentication

•GitLab Logo

安装完成后重启 Jenkins

GitLab 为 Jenkins 生成 Token

1. 我们使用 Jenkins 用户登录 GitLab 然后使用 Jenkins 用户创建 Token

2. 复制创建的 Token

3. 打开 Jenkins 系统管理——》系统配置

输入以下相关内容

选择凭证，测试后保存

4. 查看凭证 现在有以下两种方式与 GitLab 进行认证

•通过 GitLab 上 Jenkins 用户的密钥(GitLab 绑定 Jenkins 用户的公钥，Jenkins 绑定 GitLab 上 Jenkins 用户的私钥)、

•通过 GitLab 上 Jenkins 用户的 API Token 绑定到 Jenkins 上的 GitLab authentication 插件上进行连接。
Jenkins 构建流水线
创建 Project 新建任务——》流水线

2. 选择流水线语法

3. 生成流水线脚本

复制生成的 git 脚本

4. 编写 Pipline 脚本 我这里脚本如下

node {stage('拉取代码'){git credentialsId: 'b907af22-5a74-4eee-aa5f-a822c764279c', url: 'git@172.19.95.139:dev01/sample.git'
        echo "Code Pull"
    }
    stage('代码扫描'){echo "Code Scanning"
    }
    stage('代码构建'){echo "Code Build"
    }
    stage('是否部署'){input '是否部署'
    }    
    stage('开始部署'){sh '/opt/jenkins/sample/sample_release.sh'
    }
}

将以上脚本写流水线中

上面脚本最后执行了 /opt/jenkins/sample/sample_release.sh 脚本，我们到执行任务的 Jenkins 服务器上去编写这个部署脚本。脚本如下：jenkins 服务器将 /usr/local/src/sample.zip 文件拷贝到了 172.19.182.107 上

[root@jenkins /]# cat /opt/jenkins/sample/sample_release.sh
#!/usr/bin/env bash

scp /usr/local/src/sample.zip root@172.19.182.107:/usr/local/

这里我们需要先让 Jenkins 服务器与 172.19.182.107 做免密登录, 将 Jenkins 的公钥拷贝到 172.19.182.107 服务中的 /root/.ssh/authorized_keys 文件中

#Jenkins 的公钥(这里为 root 的公钥,Jenkins 进程就需要用 root 用户运行)
[root@jenkins /]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ckQQf4N93Rjf0ts3Lk4siL6FZmZiBiB+ouwTgw9kKof2NeJTguf0aNfDsgSEet4+bJ53ZKztsFZE/C+sqk7grqeLeYDFBWgdZBz1dmCYT51tRFmZPDEDclOIMc2tz0G50g6DFA1dvIfkzeVbKjBNN0o80FSAwAzrtjMrkyaDcrOmYekiSPM8JYJTTcFLCzIBXz7SXOmKH5vyoAIVpdcwnIhkHNLKfD0MdzGb7Kz/pKMnLubodcxyNir6fqw76qwMe1DE0NtQzpaCrTYhVnAizVqCDek0GMZjTG1vWYNn6a8G7omV3Gde1XjcmjAj6ftVQiVLBRJaIGKI4R/B//nd root@jenkins

#172.19.182.107 服务器的 authorized_keys 文件
cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ckQQf4N93Rjf0ts3Lk4siL6FZmZiBiB+ouwTgw9kKof2NeJTguf0aNfDsgSEet4+bJ53ZKztsFZE/C+sqk7grqeLeYDFBWgdZBz1dmCYT51tRFmZPDEDclOIMc2tz0G50g6DFA1dvIfkzeVbKjBNN0o80FSAwAzrtjMrkyaDcrOmYekiSPM8JYJTTcFLCzIBXz7SXOmKH5vyoAIVpdcwnIhkHNLKfD0MdzGb7Kz/pKMnLubodcxyNir6fqw76qwMe1DE0NtQzpaCrTYhVnAizVqCDek0GMZjTG1vWYNn6a8G7omV3Gde1XjcmjAj6ftVQiVLBRJaIGKI4R/B//nd root@jenkins

# 测试免密登录
[root@jenkins /]# ssh root@172.19.182.107
Last login: Tue Jun 30 20:26:12 2020 from 172.19.206.72

Welcome to Alibaba Cloud Elastic Compute Service !

Jenkins 执行任务

1. 进入到任务中

2. 点击立即构建

3. 是否部署