jenkins user permissions, credential management, and deploying remote warehouse code to the server

0. Install gitlab

0.Environment: 10.0.0.60

1.install gitlab
[root@gitlab opt]# wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-13.0.3-ce.0.el7.x86_64.rpm

2.install GitLab
# Install dependent packages
[root@gitlab opt]#  yum install -y curl policycoreutils-python openssh-server perl
[root@gitlab opt]# yum install postfix -y
# Turn off firewall
[root@gitlab opt]#  systemctl disable --now firewalld
# Close selinux
[root@gitlab opt]#  sed -i 's#enforcing#disabled#g' /etc/sysconfig/selinux
# Temporarily Closed
[root@gitlab opt]#  setenforce 0
# install
[root@gitlab opt]#  yum install -y gitlab-ce-13.0.3-ce.0.el7.x86_64.rpm 
# Modify profile
[root@gitlab opt]# vim /etc/gitlab/gitlab.rb 
external_url 'http://10.0.0.60'
nginx['listen_port'] = 80
# Refresh configuration (default startup)
gitlab-ctl reconfigure
#View details (client tools)
[root@gitlab opt]# gitlab-ctl 
#View services
[root@gitlab opt]# gitlab-ctl service-list
#View service status
[root@gitlab opt]# gitab-ctl status
#Out of Service
[root@gitlab opt]# gitlab-ctl stop nginx
#Open service
[root@gitlab opt]# gitlab-ctl start nginx

jenkins knowledge

1, User rights

1. Create user

System management - > User Management - > new user




2. Create permission group

To use the permission group, you need to install the role based strategy permission plug-in

1. Enable authorization policy plug-in
System management - > global security configuration - > authorization policy - > role based strategy
2. Create and manage permission groups
System management - > manage and assign roles - > Manage roles - > roles (permission groups)

1) Enable role based strategy permission plug-in



2) Create and manage permission groups




3) Assign role group permissions

System management - > manage and assign roles - > assign roles





4) Assigning permissions using wildcards

. *: matches items that begin with what

1. Create jyh1 user:

2. Create jyh1 the management permission group

3. Create and assign roles


4. Login jyh1 account test

3. Voucher management

1.Username with password:User name and password
2.SSH Username with private key: use SSH User and key
3.Secret file:Text files that need to be kept confidential when used Jenkins The file will be copied to a temporary directory, and then the file path will be set to a variable. After the construction is completed, the copied Secret file Will be deleted.
4.Secret text:An encrypted text string that needs to be saved, such as a nailing robot or Github of api token Certificate:By uploading the certificate file
5.X.509: Certificates are generally used when using third-party cloud services.
6.Certificate: docker Private warehouse password storage type.

System management - > Manage credentials - > system credentials - > Global credentials - > Add credentials

1) Deploy the code through http connection and build the project (pull the ready-made source code from gitlab to deploy the project)

System management - > Manage credentials - > system credentials - > Global credentials - > Add credentials - > username with password




1.Generate secret key pair
[root@jenkins admin_6297016367257135384]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:6nv6J93ZcRL+ladaQfLif9Ubm27kVPlChDY2/M9Bb0U root@jenkins
The key's randomart image is:
+---[RSA 2048]----+
|           . . .E|
|            B ...|
|           o.=o +|
|             ++o+|
|        S   .oo=*|
|       .   . .=*X|
|      .  . ..o=BO|
|     .  o o ooo*o|
|      +=.o  ..+o |
+----[SHA256]-----+
[root@jenkins admin_6297016367257135384]# 
[root@jenkins admin_6297016367257135384]# cd 
[root@jenkins ~]# ll -a .ssh/
Total consumption 8
drwx------  2 root root   38 7 June 26-15:38 .
dr-xr-x---. 7 root root  238 7 June 26-15:38 ..
-rw-------  1 root root 1675 7 June 26-15:38 id_rsa
-rw-r--r--  1 root root  394 7 June 26-15:38 id_rsa.pub
[root@jenkins ~]# cat id_rsa
cat: id_rsa: There is no such file or directory
[root@jenkins ~]# ll -a .ssh/id_rsa
-rw------- 1 root root 1675 7 June 26-15:38 .ssh/id_rsa
[root@jenkins ~]# cat .ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAr1Zyq9AsDEyNPQV7o2ciGZgz0L0rOpSJ95pSSnJjUE6BQQkl
rd+R0m6yMaGbHLB8JYzGzMj6XBsTu4jAMCoAQJZrffrucGAOFuX49DE1n3hKgob3
+dtS20mZ1KGn8Q6TVowVuRieawIN/8PL6QoCZ7J3+7JVQD/B5W1Z2/QqAnpHriQi
Fzef2iDH2kaV0PPaExvkD5iEBN4bAjONc3apAH4r1uI9PQhHdSrFmmEm9J/KdNKe
7upZixRukHUuAoeZCIHo4enQgAG16A6qnIsM4drLPe/tcNWs1+i/TaQ+ocFZq3zF
knalIiu8UOHZ4PIVBDmqFjLrDRmVWBgukTOfdQIDAQABAoIBAEOLuwtDW+S1DOgI
F7RAQ9u2TafJaEDd/jR7p930KRxD0fla68AK06NMb6s9BYNM3dadX+x+NCyNZdGm
AdvMImK/T9OtenOiHWtm1rxDxNOVRKb6FceUXVwLA47tY8QyiEIcHzY6LLUuinQQ
WpqA96I5F43ICp2AslKPCMH6UsC29UVCv91M9gvO76RQHapcCV/CN05MFhB+ZfDX
VNDnhI0QqBzbzC2uTUKOnkKi+Ak+ivPBbnwaTrUk1oxdjXM+mlWU8rD5gZFvIQK/
tNLcv7jsPealvNTIxa6NL/BGYVEVe0BoS5fGOWZDqvKd/BJ9vK9Qdpl0KRwySUfh
0PWl0PUCgYEA3aA1Jf+0UNNW7S5Oh8GVnHG3KAOWLuhKNif4qmW1xiJ7OTPpqmHF
5G4AdujNIHkmLEubP1Zv54qOatAtrTLxGBfSpz58aKZaEF8hdpc2vGDrfRELQ20/
fi7PslwdNSVBB7llF63KuG7+FFvwyK/LGpvHWh0s43lLkiMHWxreGvMCgYEAyohX
WkUdC4xhewACnu7VHM9XVtYPsW3FztDzB43/ndwfl0q5nXpot0f6757BozYaSpiB
zrEzh4OgNXweUS0TlSWfKWeuej6UXcbQENHalHv8prJ1ZSEBm+IlUy1jxmBVur3o
TlhUBVB/N/hCETKDTz9RY6esmc9pp2ZQV+yTpfcCgYACepE9nI+Ku+JkArmUISEo
P8lZpDigy65Qzr+kQED5N1eDe0YoxrEs7eIJcm8g5tn7ctkIq1HTGCShozRvlHtH
1rRfdH51uS6Wskmwht5w2vCnVHJ4zZcBNUrTZt5YwtLoYDV2P1ZeG7exyJl31SeD
Y6ymIF9pJ+kleEjTxwgm6wKBgQC52QafVRBkCnthDQ9anDp+51xz2JYp8Fs1ftOk
OQ844kcy42UUNsFkfe6sd3ektv7FONDUxBJO5d/bdHu1bbGsiQtWSUf38PjgXJGM
/aSf4G5k4RmMpQ7+5jPt8Za+8KN6as2DJtZi0g0LZQnrEfkgfS/ITJK7yXJgJCjR
pcuO3QKBgHz9CEbXGN+1Prk1qHvzOgHMJKvspun6isnw6mKZCfqcV4c1kRqi/Q4c
uTn1p/V5tES6M7zjoaG4tniVrcMPDQEe/WdlXhCuIjyCebGCV/VSHElLxYZPjzrd
MI595InSxw1TbhFfm6vfTkglubPmYkltFLNWOqzxoaPsNzv1MRGl
-----END RSA PRIVATE KEY-----


2.Add private key to jenkins(No spaces allowed)
[root@jenkins ~]# cat /root/.ssh/id_rsa
 See the figure below

3.Add public key to gitlab
[root@jenkins ~]# cat /root/.ssh/id_rsa.pub 
See the figure below


*******Important note: installation is required git tool***************
yum install git -y




  • First, copy the http link address of the project source code warehouse on gitlab

  • Open Jenkins and select the project to deploy


stay jenkins You can see the code in the directory
[root@jenkins ~]# cd /var/lib/jenkins/workspace/
[root@jenkins workspace]# ll
 Total consumption 0
drwxr-xr-x 3 jenkins jenkins 35 7 June 26-20:29 shnaghai-004
drwxr-xr-x 2 jenkins jenkins  6 7 June 26-20:30 shnaghai-004@tmp
[root@jenkins workspace]# cd shnaghai-004
[root@jenkins shnaghai-004]# ll
 Total consumption 4
-rw-r--r-- 1 jenkins jenkins 14 7 June 26-20:29 README.md

2) Deploy the code through SSH connection and build the project (pull the ready-made source code deployment project from gitlab)

System management - > Manage credentials - > system credentials - > Global credentials - > Add credentials - > SSH username with private key



  • First go to gitlab and copy the ssh link address of the project source code warehouse
  • Open Jenkins and select the project to deploy






[root@jenkins ~]# cd  /var/lib/jenkins/workspace/
[root@jenkins workspace]# ll
drwxr-xr-x 3 jenkins jenkins 35 7 June 26-21:13 shnaghai-005
drwxr-xr-x 2 jenkins jenkins  6 7 June 26-21:13 shnaghai-005@tmp
[root@jenkins workspace]# cd shnaghai-005
[root@jenkins shnaghai-005]# ll
 Total consumption 4
-rw-r--r-- 1 jenkins jenkins 24 7 June 26-21:13 README.md

3) Log in to server SSH (pull source code from another server)

Take Jenkins SSH connection to gitlab as an example

1.First, do a password free login on the server
 stay Jenkins Generate a key pair on the server and push the public key to gitlab The server
[root@jenkins ]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.60



4) Deploy the project with source code pulled from gitlab remote warehouse to other servers (gitlab)

1. Sometimes the back-end code needs to be compiled. Suppose to compile it manually first


2. Enter jenkins to check:
[root@jenkins ~]# cd /var/lib/jenkins/workspace/shnaghai-005
[root@jenkins shnaghai-005]# ll
Total consumption 8
-rw-r – R -- 1 Jenkins Jenkins 13 July 26 22:10 Deamon html
-rw-r – R -- 1 Jenkins Jenkins 24 July 26 21:13 readme md
[root@jenkins shnaghai-005]# cat deamon.html
Hypothetical compilation
[root@jenkins shnaghai-005]# ###

Conclusion: before construction, all operations are performed on the jenkins service, and after construction, all operations are performed on the deployed server.

Post build actions:

[root@gitlab ~]# hostname -I
10.0.0.60 172.16.1.60
[root@gitlab ~]#
[root@gitlab ~]# pwd
/root
[root@gitlab ~]# ll
Total consumption 710068
-rw-r – R -- 1 root 22 July 26 22:25 Deamon html
[root@gitlab ~]# cat deamon.html
Suppose you are executing a command

5) Simple deployment = = = = generally not desirable

jenkins ======== on gitlab

1. Prepare nginx directory

[root@gitlab ~]# mkdir -p /usr/share/nginx/html

2. System management on jenkins = system configuration publish ssh over configure ssh server

3. Select the corresponding item in jenkins and right-click configure to build==

jenkins see
[root@jenkins ~]# cd /var/lib/jenkins/workspace/shnaghai-005
[root@jenkins shnaghai-005]# ll
 Total consumption 8
-rw-r--r-- 1 jenkins jenkins 13 7 June 26-23:13 deamon.html
-rw-r--r-- 1 jenkins jenkins 24 7 June 26-21:13 README.md
[root@jenkins shnaghai-005]# cat deamon.html 
Hypothetical compilation
[root@jenkins shnaghai-005]# cat README.md 
# hello wordld project


gitlab see
[root@gitlab html]# cd /usr/share/nginx/html/
[root@gitlab html]# ll
 Total consumption 8
-rw-r--r-- 1 root root 123 7 June 26-23:32 deamon.html
-rw-r--r-- 1 root root  24 7 June 26-23:15 README.md
drwxr-xr-x 3 root root  19 7 June 26-23:31 usr
[root@gitlab html]# cat deamon.html 
Hypothetical compilation
 Suppose you are executing a command
 Suppose you are executing a command
 Suppose you are executing a command
 Suppose you are executing a command
 Suppose you are executing a command
[root@gitlab html]# cat README.md 
# hello wordld project

[root@gitlab html]# cd usr/
[root@gitlab usr]# ll
 Total consumption 0
drwxr-xr-x 3 root root 19 7 June 26-23:31 share
[root@gitlab usr]# cd share/
[root@gitlab share]# ll
 Total consumption 0
drwxr-xr-x 3 root root 18 7 June 26-23:31 nginx
[root@gitlab share]# cd nginx/
[root@gitlab nginx]# ll
 Total consumption 0
drwxr-xr-x 2 root root 42 7 June 26-23:31 html
[root@gitlab nginx]# cd html/
[root@gitlab html]# ll
 Total consumption 8
-rw-r--r-- 1 root root 13 7 June 26-23:32 deamon.html
-rw-r--r-- 1 root root 24 7 June 26-23:32 README.md

Keywords: DevOps

Added by phpnoobie on Mon, 03 Jan 2022 18:12:01 +0200

Popular Keywords

©2024 Programming VIP