1、创建服务器之间的免密通信
目标服务器的IP:10.0.0.123
shell>ssh-keygen -t rsa -b 2048 -C "512911049@qq.com"
shell>scp -r id_rsa.pub root@10.0.0.123:/root/.ssh/authorized_keys[root@docker npm-main]# ssh-keygen -t rsa -b 2048 -C "512911049@qq.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Eg42sTnVfaTbSCW7+mSfx6DcRPiNK80wHEmV0qgnFOI 512911049@qq.com
The key's randomart image is:
+---[RSA 2048]----+
| . o..o.=+. |
| * .o ==+ |
| B E. o+= |
| . = .o.==. |
| o S+++.o |
| . .+ = . |
| ..oO + |
| ++.=.o |
| ..o. |
+----[SHA256]-----+
[root@docker .ssh]# scp -r id_rsa.pub root@10.0.0.123:/root/.ssh/authorized_keys
The authenticity of host '10.0.0.123 (10.0.0.123)' can't be established.
ECDSA key fingerprint is SHA256:4lxKxp55i4TKKZF74hzKD8AIY+wRX7tFe1EW5bxk2Ys.
ECDSA key fingerprint is MD5:ec:19:12:e2:70:ce:b1:24:72:f9:7d:46:d4:41:d2:7a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.123' (ECDSA) to the list of known hosts.
root@10.0.0.123's password:
id_rsa.pub 100% 398 77.4KB/s 00:00
[root@docker .ssh]# 测试ssh是否成功
shell>ssh root@10.0.0.1232、把私钥放在变量中
shell>cd /root/.ssh
shell>cat id_rsa把里面的内容设置成gitlab-runner变量
注意最后一行是有回车的
3、.gitlab-ci.yml
stages:
- push
- deploy
building:
image: node:alpine
cache:
paths:
- node_modules
artifacts:
paths:
- dist
stage: push
script:
- npm install --registry=https://registry.npm.taobao.org
#默认是缓存在/home/.npm下的,gitlabci默认是项目的/node_modules也可以用过下面方式重新定义cache
#- npm config set cache "$PWD/npm_cache"
- npm run build
deploy:
stage: deploy
image: node:latest
before_script:
# 给runner配置私钥
- 'which ssh-agent ||( yum updaste -y && yum install openssh-client git -y)'
- eval $(ssh-agent -s)
# - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- echo "$SSH_PRIVATE_KEY" | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
#
- ssh-keyscan 192.168.8.27 >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- echo 'start scp'
- scp -r dist root@192.168.8.27:/data/nginx/html/demo2
build:
stage: build
image: node:10
cache:
paths:
- npm_cache
script:
- npm config set cache "$PWD/npm_cache"
- npm install --registry=https://registry.npm.taobao.org
- npm run build
- apt-get update && apt-get install sshpass
- sshpass -p '123456' scp -r -o StrictHostKeyChecking=no ./dist/* nginx@10.0.0.123:/data/app/nginx/html增量备份例子:
build:
stage: build
image: node:10
cache:
paths:
- npm_cache
script:
- npm config set cache "$PWD/npm_cache"
- npm install --registry=https://registry.npm.taobao.org
- npm run build
- apt-get update && apt-get install sshpass
- sshpass -p '123456' ssh -o StrictHostKeyChecking=no nginx@10.0.0.123 'rsync -a /data/app/nginx/html/* /data/app/nginx/backup/html-$(date '+%Y%m%d%H%M%S')/; rm -rf /data/app/nginx/html/*'
- sshpass -p '123456' scp -o StrictHostKeyChecking=no -r ./dist/* nginx@10.0.0.123:/data/app/nginx/htmlDockerfile制作Nginx镜像
FROM nginx
COPY ./dist /usr/share/nginx/html
VOLUME /usr/share/nginx/html
VOLUME /etc/nginx
WROKDIR /usr/share/nginx/html然后使用docker build -t nginx:v1 .