0

我正在尝试创建一个 CI/CD 管道来构建战争文件并将其从 GitLab 部署到 EC2。

创建war文件后,我想将其复制到EC2中的某个文件夹,以便从那里将其复制到tomcat服务器。

以下是“.gitlab-ci.yml”文件。

stages:
    - build
    - deploy

build:
    stage: build
    image: maven:3-jdk-8
    script:
        - mvn install
    artifacts:
        paths:
            - target/

deploy:
    stage: deploy

    before_script:
        # Generate SSH Key
        - mkdir -p ~/.ssh
        - echo -e "$EC2_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
        - chmod 600 ~/.ssh/id_rsa
        - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
    script:
        - scp target/gitlabec2pipeline.war ec2-user@$EC2_DEPLOY_SERVER:/gitlabec2pipeline.war
        - bash .gitlab-deploy-ec2.sh

我添加了 AWS_ACCESS_KEY_ID 和 AWS_SECRET_KEY 变量。但是当上述管道运行时,在部署阶段 scp 命令给出“权限被拒绝”错误。关于如何解决这个问题的任何想法?

错误信息:

Running with gitlab-runner 14.5.2 (e91107dd)
  on blue-3.shared.runners-manager.gitlab.com/default zxwgkjAP
Resolving secrets
00:00
Preparing the "docker+machine" executor
Using Docker executor with image ruby:2.5 ...
Pulling docker image ruby:2.5 ...
Using docker image sha256:27d049ce98db4e55ddfaec6cd98c7c9cfd195bc7e994493776959db33522383b for ruby:2.5 with digest ruby@sha256:ecc3e4f5da13d881a415c9692bb52d2b85b090f38f4ad99ae94f932b3598444b ...
Preparing environment
00:01
Running on runner-zxwgkjap-project-31676452-concurrent-0 via runner-zxwgkjap-shared-1639429231-955193ca...
Getting source from Git repository
00:02
$ eval "$CI_PRE_CLONE_SCRIPT"
Fetching changes with git depth set to 50...
Initialized empty Git repository in /builds/te2122/deploytoaws/.git/
Created fresh repository.
Checking out dc27fd6f as master...
Skipping Git submodules setup
Downloading artifacts
00:02
Downloading artifacts for build (1880203000)...
Downloading artifacts from coordinator... ok        id=1880203000 responseStatus=200 OK token=9RSALYus
Executing "step_script" stage of the job script
00:02
Using docker image sha256:27d049ce98db4e55ddfaec6cd98c7c9cfd195bc7e994493776959db33522383b for ruby:2.5 with digest ruby@sha256:ecc3e4f5da13d881a415c9692bb52d2b85b090f38f4ad99ae94f932b3598444b ...
$ mkdir -p ~/.ssh
$ echo -e "$EC2_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
$ chmod 600 ~/.ssh/id_rsa
$ [[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
$ scp target/gitlabec2pipeline.war ec2-user@$EC2_DEPLOY_SERVER:/gitlabec2pipeline.war
Warning: Permanently added '54.205.169.131' (ECDSA) to the list of known hosts.
scp: /gitlabec2pipeline.war: Permission denied
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: exit code 1

谢谢你。

4

1 回答 1

0

我添加了 AWS_ACCESS_KEY_ID 和 AWS_SECRET_KEY 变量。

AWS 密钥在这里无关紧要,因为当您使用 ssh(或scp)连接到 EC2 实例时,您使用 SSH 密钥进行身份验证。

如果您确定使用了正确的键值,则说明您的环境变量$EC2_SSH_PRIVATE_KEY格式不正确。常见问题是变量中的换行符和使用 CRLF(通常可以在复制/粘贴 Web UI 中的键时添加)而不是 LF。

为了更可靠地解决这个问题,您可以:

  1. 使用文件类型变量,然后将文件复制到~/.sshOR
  2. base64 在将密钥放入 CI 变量之前对其进行编码。这避免了换行符和 CRLF 的任何可能问题。然后在作业中对其进行解码,将值放入文件中。

更新:

看起来您的用户对服务器上的目标目录没有权限。您需要授予适当的权限ec2-user或选择用户有权写入文件的其他目标位置。

于 2021-12-13T10:22:35.523 回答