如何在 Jenkins 的 docker 容器内执行命令
[英]How to execute commands inside docker container from Jenkins
问题描述
My requirement is to manually add certificate to the keystroe in Java which is in container.
我的要求是手动将证书添加到容器中 Java 中的 keytroe。 For this , I am using below commands.为此,我使用以下命令。
sudo docker exec -it my-container-name bash --> to go inside container sudo docker exec -it my-container-name bash --> 进入容器
cd /java/lib/security -- > chnage directory to java security path cd /java/lib/security --> chnage目录到java安全路径
keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias testcert -file /cert/test-Base64.cer --> install certificate keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias testcert -file /cert/test-Base64.cer --> 安装证书
The above commands are working fine.上述命令工作正常。 Now, I would like to automate this from Jenkins.现在,我想从 Jenkins 自动执行此操作。 I mean, i want these commands to be executed after ' sudo docker-compose up -d ' .我的意思是,我希望在 ' sudo docker-compose up -d ' 之后执行这些命令。
Can anyone please help.任何人都可以请帮忙。
2 个解决方案
解决方案1
0 2019-07-01 13:16:43
如果您在容器启动后仍想这样做,请使用
sudo docker exec -it my-container-name bash -c "cd /java/lib/security; keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias testcert -file /cert/test-Base64.cer"
解决方案2
0 2019-07-01 13:38:23
You should generally find ways to avoid docker exec , especially for scripted use like this.您通常应该找到避免docker exec ,尤其是对于像这样的脚本使用。 (It's very conceivable that automated tasks will delete and recreate containers and won't have your manual setup steps. This is doubly true in clustered environments like Docker Swarm or Kubernetes.) (可以想象,自动化任务将删除和重新创建容器,并且不需要手动设置步骤。在 Docker Swarm 或 Kubernetes 等集群环境中更是如此。)
In the case where you have some existing keystore file that you just want to inject into the container, the easiest way is to push it in at startup time using the docker run -v option.如果您有一些现有的密钥库文件只想注入到容器中,最简单的方法是在启动时使用docker run -v选项将其推入。 You'd need a fully populated keystore file already.您已经需要一个完全填充的密钥库文件。
docker run \
-v $PWD/keystore.jks:/usr/lib/java/jre/lib/security/keystore.jks \
...
If you can't inject a fully populated keystore file at startup time, you can write a script that runs at container startup time.如果您无法在启动时注入完全填充的密钥库文件,您可以编写一个在容器启动时运行的脚本。 It looks for some well-known directory, runs the keytool command on every file there, and then runs the command it was passed as command-line arguments.它寻找一些众所周知的目录,在那里的每个文件上运行keytool命令,然后运行它作为命令行参数传递的命令。
#!/bin/sh
if [ -d /cert ]; then
for f in /cert/*.cer; do
keytool ... -file "$f"
done
fi
exec "$@"
In your Dockerfile, COPY this script in and make it the ENTRYPOINT.在您的 Dockerfile 中,复制此脚本并将其设为入口点。 If you previously had an ENTRYPOINT ["java", ...] line, change that to a CMD.如果您之前有ENTRYPOINT ["java", ...]行, ENTRYPOINT ["java", ...]更改为 CMD。 This will look something like这看起来像
FROM java:8
...
COPY entrypoint.sh /app
ENTRYPOINT ["/app/entrypoint.sh"]
CMD ["java", "-jar", "/app/myapp.jar"]
Then when you run the container, inject the /cert directory然后当你运行容器时,注入/cert目录
docker run \
-v $PWD/cert:/cert \
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.