问题描述
我正在尝试将厨师与詹金斯融合在一起.
I am trying to integrate chef with Jenkins.
我的情况是,我在Chef中创建了一些食谱,并希望通过Jenkins执行Chef运行列表.我已经安装了厨师插件( https://github.com/melezhik/chef-plugin/ ),并提供了所需的参数.但是,当我现在在Jenkins中构建时,会抛出主机密钥验证失败错误".
My scenario is, I have created few recipes in Chef and want to execute the chef run list through Jenkins. I have installed chef plugin(https://github.com/melezhik/chef-plugin/) in Jenkins and provided the required parameters.But when I do I build now in Jenkins, it throws me "Host key verification failed error".
我还尝试通过Jenkins作为外壳程序命令执行"sudo Chef-client",即使这样我也收到相同的错误.
I also tried the other way round by just executing "sudo chef-client" as a shell command through Jenkins, even then I receive the same error.
我还尝试将Jenkins放置在具有Chef节点的同一服务器上,即使问题仍然相同.
Also I tried putting the Jenkins on the same server where chef node is available, even the issue remains the same.
有人可以指导我吗?
推荐答案
chef集成插件使用命令行ssh
从Jenkins连接到客户端计算机以运行sudo chef-client
.您需要完成此ssh
连接和sudo
命令,而不会从Jenkins主机发出任何密码提示,因为您首先运行Jenkins的用户确认Jenkins Web界面将能够执行此操作.
The chef integration plugin uses command line ssh
to connect from Jenkins to the client machine to run sudo chef-client
. You need to complete this ssh
connection and a sudo
command without any password prompts from the Jenkins host, as the user you run Jenkins with first to confirm the Jenkins web interface will be able to do it.
以下内容与从厨师服务器到节点的knife ssh
设置基本相同,除了您要用jenkins服务器/用户替换厨师服务器/用户.
The following is basically the same as the knife ssh
setup from a chef server to nodes, except you are replacing the chef server/user with the jenkins server/user.
以Jenkins用户身份登录 jenkinshost 上的终端.
Log into a terminal on your jenkinshost, as the Jenkins user.
-
如果您还没有私钥/公钥设置,生成一个.
ssh-keygen -t rsa -b 2048 -C "jenkinuser@jenkinshost" -N ''
然后将公钥id_rsa.pub
添加到 chefuser @ clienthost 的~/.ssh/authorized_keys
文件中.
Then add the public key id_rsa.pub
to chefuser@clienthost's ~/.ssh/authorized_keys
file.
ssh-copy-id chefuser@clienthost
如果您尚未使用ssh
登录到 clienthost ,则可能需要手动执行此操作.
You may need to do this manually if you can't already login to clienthost with ssh
.
清理旧客户端的所有痕迹(您的错误消息表明这可能是一个问题)
Clean up any traces of old clients (your error message indicates this might be an issue)
ssh-keygen -R clienthost
测试ssh
连接,并接受主机密钥.
Test the ssh
connection, and accept the host key.
ssh chefuser@clienthost
现在在 clienthost 上,设置sudo
,以便chefuser
可以以root
Now on clienthost, setup sudo
so chefuser
can run chef-client
as root
visudo
然后添加该行(您的chef-client
路径可能不同)
Then add the line (Your chef-client
path might be different)
chefuser ALL=(ALL) NOPASSWD: /usr/local/bin/chef-client
在 jenkinshost 上,确认ssh chefuser@clienthost sudo chef-client -v
运行没有密码提示.
On jenkinshost, confirm ssh chefuser@clienthost sudo chef-client -v
runs without password prompts.
$ ssh chefuser@clienthost sudo /usr/local/bin/chef-client -v
Chef: 11.16.0
一旦您能够做到这一点,Jenkins插件也应该能够做到.
Once you can do that, the Jenkins plugin should be able to as well.
要在Jenkins上运行Chef-client的每台计算机,都需要添加该公钥并测试手动的ssh
连接,直到它正常工作而不提示您.
Every machine you want to run chef-client on from Jenkins will need that public key added and the manual ssh
connection tested until it works without prompting you.
不幸的是,Jenkins Chef插件不允许您为ssh连接提供许多配置选项,因此您必须依靠Jenkins用户的一个默认密钥来进行所有操作(id_rsa
)或说您想使用其他配置在每个主机上键入密钥,通过~/.ssh/config
中的 ssh_config
配置主机特定的ssh连接详细信息
Unfortunately that Jenkins chef plugin doesn't allow you many config options for the ssh connection so you have to either rely on the one default key for the Jenkins user for everything (id_rsa
) or say you wanted to use a different key on each host, configure host specific ssh connection details via ssh_config
in ~/.ssh/config
这篇关于詹金斯厨师整合的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!