记录jenkins中部署时遇到的问题
记录jenkins中部署时遇到的问题
stage('部署') {
steps {
sshagent(credentials: ['deploy-user']) {
sh '''
# 在生产服务器执行部署
ssh -o StrictHostKeyChecking=no -p 2222 zhpj@192.168.31.225 "
cd /volume1/docker/data/plangz
pwd
ls -l
./deploy.sh ${env.FULL_VERSION}
"
'''
}
}
}
报错信息:
[Pipeline] stage
[Pipeline] { (部署)
[Pipeline] sshagent
[ssh-agent] Using credentials zhpj
$ docker exec 0498a14e062f700ee36f4680d4e98eb4cf0d8a88a17ea5b38a794f8b5bf647ea ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-wpwaNWMM7DHz/agent.808
SSH_AGENT_PID=814
Running ssh-add (command line suppressed)
Identity added: /var/jenkins_home/workspace/plangz@tmp/private_key_13319281083847023461.key (root@b9eeb2631a02)
[ssh-agent] Started.
[Pipeline] {
[Pipeline] sh
/var/jenkins_home/workspace/plangz@tmp/durable-ff04542a/script.sh.copy: 3: Bad substitution
[Pipeline] }
$ docker exec --env ******** --env ******** 0498a14e062f700ee36f4680d4e98eb4cf0d8a88a17ea5b38a794f8b5bf647ea ssh-agent -k
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 814 killed;
[ssh-agent] Stopped.
[Pipeline] // sshagent
[Pipeline] }
错误信息 Bad substitution 表示在 shell 脚本中发生了无效的变量替换。这通常是由于变量引用语法错误或变量未定义造成的。
问题出在 ${env.FULL_VERSION} 这个变量引用上。在 Jenkins Pipeline 中:
- 当使用
'''(三重单引号)时,Groovy 不会进行变量插值 -
${env.FULL_VERSION} 会被当作纯文本传递给 shell - 在 shell 环境中尝试执行
${env.FULL_VERSION} 会导致 "Bad substitution" 错误。
将 sh ''' 改为 sh """。
要上传到的目录存在,但是通过 scp 上传时报错:No such file or directory
stage('部署') {
steps {
sshagent(credentials: ['deploy-user']) {
sh '''
# 检查目标服务器上的文件系统挂载情况
echo "检查目标服务器文件系统挂载情况:"
ssh -p 2222 zhpj@192.168.31.225 "df -h /volume1/docker/data/plangz/"
# 检查SSH配置是否有限制
echo "检查SSH配置是否有限制:"
ssh -p 2222 zhpj@192.168.31.225 "grep -E 'ChrootDirectory|Subsystem' /etc/ssh/sshd_config"
# 尝试创建一个测试文件
echo "尝试创建测试文件:"
ssh -p 2222 zhpj@192.168.31.225 "touch /volume1/docker/data/plangz/test_file && echo 'test' > /volume1/docker/data/plangz/test_file"
# 上传文件
echo "尝试使用scp上传文件:"
scp -v -P 2222 \$(pwd)/docker-compose.prod.yaml zhpj@192.168.31.225:/volume1/docker/data/plangz/
# 验证文件上传
echo "验证文件上传结果:"
ssh -p 2222 zhpj@192.168.31.225 "ls -l /volume1/docker/data/plangz/"
'''
# sh """
# # 测试SSH连接
# ssh -p 2222 zhpj@192.168.31.225 "echo 'SSH connection successful'"
# # 测试目录写入权限
# ssh -p 2222 zhpj@192.168.31.225 "touch /volume1/docker/data/plangz/test_file && rm /volume1/docker/data/plangz/test_file"
# ssh -p 2222 zhpj@192.168.31.225 "cd /volume1/docker/data/plangz/ && pwd && ls -la"
# scp -P 2222 docker-compose.prod.yaml zhpj@192.168.31.225:/volume1/docker/data/plangz/
# # 验证文件上传
# ssh -p 2222 zhpj@192.168.31.225 "ls -l /volume1/docker/data/plangz/docker-compose.prod.yaml"
# # 在生产服务器执行部署
# ssh -p 2222 zhpj@192.168.31.225 "
# cd /volume1/docker/data/plangz
# pwd
# ls -l
# ./deploy.sh ${env.FULL_VERSION}
# "
# """
}
}
}
构建日志:
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (部署)
[Pipeline] sshagent
[ssh-agent] Using credentials zhpj
$ docker exec 2450da2d592cb03e3f3b2a9f342437e60cbc208e95b239cdc483abe7705f130a ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-reCnJcErgxhN/agent.809
SSH_AGENT_PID=815
Running ssh-add (command line suppressed)
Identity added: /var/jenkins_home/workspace/plangz@tmp/private_key_7524035605666780541.key (root@b9eeb2631a02)
[ssh-agent] Started.
[Pipeline] {
[Pipeline] sh
+ ssh -p 2222 zhpj@192.168.31.225 echo 'SSH connection successful'
SSH connection successful
+ ssh -p 2222 zhpj@192.168.31.225 touch /volume1/docker/data/plangz/test_file && rm /volume1/docker/data/plangz/test_file
+ ssh -p 2222 zhpj@192.168.31.225 cd /volume1/docker/data/plangz/ && pwd && ls -la
/volume1/docker/data/plangz
total 16
drwxrwxrwx 2 zhpj admin 4096 Jun 7 16:22 .
drwxrwxrwx 17 zhpj admin 4096 Jun 6 19:21 ..
-rwxrwxrwx 1 zhpj admin 500 Jun 7 15:12 deploy.sh
-rwxrwxrwx 1 zhpj admin 117 Jun 6 19:25 .env
+ scp -P 2222 docker-compose.prod.yaml zhpj@192.168.31.225:/volume1/docker/data/plangz/
scp: dest open "/volume1/docker/data/plangz/": No such file or directory
scp: failed to upload file docker-compose.prod.yaml to /volume1/docker/data/plangz/
[Pipeline] }
$ docker exec --env ******** --env ******** 2450da2d592cb03e3f3b2a9f342437e60cbc208e95b239cdc483abe7705f130a ssh-agent -k
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 815 killed;
[ssh-agent] Stopped.
[Pipeline] // sshagent
[Pipeline] }
检查 SSH 配置和文件系统
stage('部署') {
steps {
sshagent(credentials: ['deploy-user']) {
sh '''
# 检查目标服务器上的文件系统挂载情况
echo "检查目标服务器文件系统挂载情况:"
ssh -p 2222 zhpj@192.168.31.225 "df -h /volume1/docker/data/plangz/"
# 检查SSH配置是否有限制
echo "检查SSH配置是否有限制:"
ssh -p 2222 zhpj@192.168.31.225 "grep -E 'ChrootDirectory|Subsystem' /etc/ssh/sshd_config"
# 尝试创建一个测试文件
echo "尝试创建测试文件:"
ssh -p 2222 zhpj@192.168.31.225 "touch /volume1/docker/data/plangz/test_file && echo 'test' > /volume1/docker/data/plangz/test_file"
# 上传文件
echo "尝试使用scp上传文件:"
scp -v -P 2222 \$(pwd)/docker-compose.prod.yaml zhpj@192.168.31.225:/volume1/docker/data/plangz/
# 验证文件上传
echo "验证文件上传结果:"
ssh -p 2222 zhpj@192.168.31.225 "ls -l /volume1/docker/data/plangz/"
'''
}
}
}
对应构建日志:
[Pipeline] sh
+ echo 检查目标服务器文件系统挂载情况:
检查目标服务器文件系统挂载情况:
+ ssh -p 2222 zhpj@192.168.31.225 df -h /volume1/docker/data/plangz/
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/ug_21EFBB_1745024660_pool1-volume1 901G 33G 868G 4% /volume1
+ echo 检查SSH配置是否有限制:
检查SSH配置是否有限制:
+ ssh -p 2222 zhpj@192.168.31.225 grep -E 'ChrootDirectory|Subsystem' /etc/ssh/sshd_config
#ChrootDirectory none
Subsystem sftp /usr/lib/openssh/sftp-server
+ echo 尝试创建测试文件:
尝试创建测试文件:
+ ssh -p 2222 zhpj@192.168.31.225 touch /volume1/docker/data/plangz/test_file && echo 'test' > /volume1/docker/data/plangz/test_file
+ echo 尝试使用scp上传文件:
尝试使用scp上传文件:
+ pwd
+ scp -v -P 2222 /var/jenkins_home/workspace/plangz/docker-compose.prod.yaml zhpj@192.168.31.225:/volume1/docker/data/plangz/
Executing: program /usr/bin/ssh host 192.168.31.225, user zhpj, command sftp
OpenSSH_9.2p1 Debian-2+deb12u6, OpenSSL 3.0.16 11 Feb 2025
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.31.225 [192.168.31.225] port 2222.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u6
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u5
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2+deb12u5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.31.225:2222 as 'zhpj'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly12222@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly12222@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:dwef3YVjGPVLnwxnaX0WfD8g1IlNWTpWqw46lh9K2NI
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[192.168.31.225]:2222' is known and matches the ED25519 host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: root@b9eeb2631a02 RSA SHA256:+P43RkcGNbjNDVow1lwYOC8zewARMbQbVe60wT9bzdA agent
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com,ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: root@b9eeb2631a02 RSA SHA256:+P43RkcGNbjNDVow1lwYOC8zewARMbQbVe60wT9bzdA agent
debug1: Server accepts key: root@b9eeb2631a02 RSA SHA256:+P43RkcGNbjNDVow1lwYOC8zewARMbQbVe60wT9bzdA agent
Authenticated to 192.168.31.225 ([192.168.31.225]:2222) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: client_input_hostkeys: searching /root/.ssh/known_hosts for [192.168.31.225]:2222 / (none)
debug1: client_input_hostkeys: searching /root/.ssh/known_hosts2 for [192.168.31.225]:2222 / (none)
debug1: client_input_hostkeys: hostkeys file /root/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: Remote: /home/zhpj/.ssh/authorized_keys:3: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/zhpj/.ssh/authorized_keys:3: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending environment.
debug1: Sending subsystem: sftp
debug1: pledge: fork
scp: debug1: stat remote: Unknown status
scp: dest open "/volume1/docker/data/plangz/": No such file or directory
scp: failed to upload file /var/jenkins_home/workspace/plangz/docker-compose.prod.yaml to /volume1/docker/data/plangz/
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 4728, received 4656 bytes, in 0.3 seconds
Bytes per second: sent 17294.7, received 17031.3
debug1: Exit status 0
[Pipeline] }
$ docker exec --env ******** --env ******** 075cc192e9a0a498d2b4ab64a669cf11d142b82eb9194bf2fe291e8f72618510 ssh-agent -k
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 821 killed;
[ssh-agent] Stopped.
[Pipeline] // sshagent
[Pipeline] }
虽然交互式 SSH 会话可以成功访问和创建/volume1/docker/data/plangz/目录,但scp命令却始终无法访问该目录。这是一个典型的 SSH 子系统环境差异问题。
关键发现:
-
sshd_config中的Subsystem sftp配置使用的是默认的sftp-server - 交互式 SSH 会话可以成功创建和操作目录
-
scp命令(基于 SFTP 子系统)却失败
这种差异通常是由于 SSH 服务在执行不同子系统(如 shell 和 sftp)时使用不同的环境配置或限制。
方式一:将 Subsystem 配置由 sftp-server 改为 internal-sftp
zhpj@DX4600-7ECC:~$ cat /etc/ssh/sshd_config | grep Subsystem
Subsystem sftp /usr/lib/openssh/sftp-server
zhpj@DX4600-7ECC:~$
zhpj@DX4600-7ECC:~$
zhpj@DX4600-7ECC:~$ sudo vim /etc/ssh/sshd_config
zhpj@DX4600-7ECC:~$
zhpj@DX4600-7ECC:~$ cat /etc/ssh/sshd_config | grep Subsystem
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
zhpj@DX4600-7ECC:~$
zhpj@DX4600-7ECC:~$ sudo systemctl restart sshd
zhpj@DX4600-7ECC:~$
调整之后再构建,文件可以成功上传上去:
zhpj@DX4600-7ECC:~$ ll -a /volume1/docker/data/plangz/
total 20
drwxrwxrwx 2 zhpj admin 4096 Jun 7 16:57 .
drwxrwxrwx 17 zhpj admin 4096 Jun 6 19:21 ..
-rwxrwxrwx 1 zhpj admin 500 Jun 7 15:12 deploy.sh
-rwxrwxrwx 1 zhpj admin 2121 Jun 7 16:57 docker-compose.prod.yaml
-rwxrwxrwx 1 zhpj admin 121 Jun 7 16:57 .env
zhpj@DX4600-7ECC:~$
方式二:使用 cat + ssh 重定向
使用:
cat docker-compose.prod.yaml | ssh -p 2222 zhpj@192.168.31.225 "mkdir -p /volume1/docker/data/plangz && cat > /volume1/docker/data/plangz/docker-compose.yaml"
替换之前的:
scp -v -P 2222 \$(pwd)/docker-compose.prod.yaml zhpj@192.168.31.225:/volume1/docker/data/plangz/
浙公网安备 33010602011771号