我正在构建一个与你类似的项目,我的管道阶段封装在容器中,由Kubernetes编排,并且我能够使用ssh-agent Jenkins插件从我的私有bitbucket服务器获取模块,通过git+ssh无缝地在基于
hashicorp/terraform:light
镜像的容器中进行操作。当我尝试从同一bitbucket服务器下载我的roles时,我遇到了与
ansible/ansible-runner
镜像相同的问题。
我尝试做与terraform和ssh-agent相同的事情。
我的相关管道片段如下:
container('ansible') {
...
sshagent([ssh_key]) {
...
stage('get ansible roles') {
sh 'ansible-galaxy install -r requirements.yaml -p roles/'
...
}
}
}
它失败了,
ansible-galaxy
实际上隐藏了问题:
+ ansible-galaxy install -r requirements.yaml -p roles/
[WARNING]: - ans_rol_test was NOT installed successfully: - command
/usr/bin/git clone ssh://git@mybitbucketserver.org/project/ans_rol_test.git
ans_rol_test failed in directory /root/.ansible/tmp/ansible-local-
106DvbAa0/tmp09xwe_ (rc=128)
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
在我看到这只是普通的git clone之后,我尝试从流水线中克隆存储库:
+ /usr/bin/git clone ssh://git@mybitbucketserver.org/project/ans_rol_test.git
Cloning into 'ans_rol_test'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
然后我尝试直接SSH连接到Bitbucket服务器。
+ ssh git@mybitbucketserver.org
Pseudo-terminal will not be allocated because stdin is not a terminal.
Host key verification failed.
当我通过参数 -oStrictHostKeyChecking=no
进行 SSH 登录时,主机密钥仍然会被保存,但是由于 sshd 的原因,ssh 客户端返回 255
并导致管道失败,所以我在末尾添加了 || true
。
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added 'mybitbucketserver.org,10.5.132.51' (RSA) to the list of known hosts.
shell request failed on channel 0
+ true
在此之后,主机密钥将被“验证”,因此
git clone ssh://
可以正常工作,因此
ansible-galaxy
也可以正常使用。
...
stage('get ansible roles') {
sh 'ssh -oStrictHostKeyChecking=no git@mybitbucketserver.org || true'
sh 'ansible-galaxy install -r requirements.yaml -p roles/'
...
}
...
输出:
+ ssh -oStrictHostKeyChecking=no git@mybitbucketserver.org
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added 'mybitbucketserver.org,10.5.132.51' (RSA) to the list of known hosts.
shell request failed on channel 0
+ true
[Pipeline] sh
+ /usr/bin/git clone ssh://git@mybitbucketserver.org/project/ans_rol_test.git
Cloning into 'ans_rol_test'...
[Pipeline] sh
+ ansible-galaxy install -r requirements.yaml -p roles/
- extracting ans_rol_test to /home/jenkins/agent/workspace/configuration/roles/ans_rol_test
- ans_rol_test (1.0.0) was installed successfully
值得注意的是,通过设置
GIT_SSH_COMMAND
环境变量可以使用自定义的 SSH 命令来与 Git 服务器进行通信。
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
无法工作。