Maven在Google App Engine上自动部署
[英]Maven automated deploy on google app engine
问题描述
I know that to deploy onto app-engine you can run the maven command: 
我知道要部署到应用程序引擎上,您可以运行maven命令:
mvn appengine:update
Which then prompts for the auth code and launches a browser to confirm you want to publish onto the app engine. 然后,它会提示您输入身份验证代码,并启动浏览器以确认您要发布到应用程序引擎上。 I'm looking to automate this fully so it can just be run as a command from maven. 我希望将其完全自动化,以便可以从maven作为命令运行。 I have the appengine-maven-plugin setup but there doesn't seem to be any functionality to skip the manual step. 我有appengine-maven-plugin设置,但似乎没有任何功能可以跳过手动步骤。
Has anyone managed to solve this? 有没有人设法解决这个问题? I know you can deploy right from Jenkins but we're looking for a solution that could be automates if our Jenkins server was down 我知道您可以直接从Jenkins进行部署,但是我们正在寻找一种解决方案,如果我们的Jenkins服务器停机,该解决方案可以自动执行
Thanks 谢谢
1 个解决方案
解决方案1
1 2015-09-24 17:24:47
The authentication flow which redirects you to the browser for login and consent is call three-legged Oauth because it involves three steps: 1) request for a token 2) login and consent 3) API call with token. 将您重定向到浏览器以进行登录和同意的身份验证流程称为三足式Oauth,因为它涉及三个步骤:1)请求令牌2)登录和同意3)使用令牌进行API调用。
An authentication flow which does not involve user login and consent is called two-legged Oauth (server to server): 1) request for a token, signed with a private key 2) API call with token. 不涉及用户登录和同意的身份验证流称为两足Oauth(服务器到服务器):1)请求令牌,并用私钥签名2)使用令牌的API调用。 Server to server auth requires that you setup a service account with appropriate permissions (scopes). 服务器到服务器的身份验证要求您设置具有适当权限(范围)的服务帐户。 You must also safely distribute the private key for that service account so that you can sign your requests. 您还必须安全地分发该服务帐户的私钥,以便您可以签署请求。 See the OAuth2ServiceAccount instructions 请参阅OAuth2ServiceAccount说明
The Bitnami Jenkins image actually does quite a bit for you out of the box. 实际上,Bitnami Jenkins图像为您提供了很多便利。 When you setup Push-to-Deploy you launch an instance with gcloud. 设置即按即部署时 ,将使用gcloud启动实例。 That launch command specifies the scopes you want that images to have access too with the --scopes parameter, including "https://www.googleapis.com/auth/appengine.admin" . 该启动命令使用--scopes参数(包括"https://www.googleapis.com/auth/appengine.admin"指定了您希望图像也可以访问的范围。 Permission to these scopes is given to the default project service account. 这些作用域的权限授予默认的项目服务帐户。 When Jenkins deploys your code, the service account credentials are made available through the Jenkins Google Oauth Plugin. Jenkins部署您的代码时,可以通过Jenkins Google Oauth插件使用服务帐户凭据。
You can build another tool that will push code programatically. 您可以构建另一个将以编程方式推送代码的工具。 You will need to create a service account which generates a JSON Web Token (JWT) Again see the Outh2ServiceAccount instructions. 您将需要创建一个生成JSON Web令牌(JWT)的服务帐户。再次请参见Outh2ServiceAccount说明。 The JWT is your private credential and you need to find a secure place to store it. JWT是您的私人证书,您需要找到一个安全的位置进行存储。 The App Engine SDK knows how to use JWTs to get auth tokens. App Engine SDK知道如何使用JWT获取身份验证令牌。
During runtime you can pass the path to the JWT file as the --service_account_json_key_file parameter to appcfg.py. 在运行时,您可以将路径传递为JWT文件,作为--app_cfg.py的--service_account_json_key_file参数。 To plumb that parameter through the Maven plugin you'll have to use -DadditionalParams="--service_account_json_key_file " which is available on the tip of github.com/GoogleCloudPlatform/appengine-maven-plugin/master. 要通过Maven插件查看该参数,您必须使用-DadditionalParams =“-service_account_json_key_file”(位于github.com/GoogleCloudPlatform/appengine-maven-plugin/master上)。 (Will be in App Engine release 1.9.27, but you can pull from Github until then.) (将在App Engine 1.9.27版中使用,但您可以在此之前从Github中拉出。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.