Gitlab CI/CD - 用户和权限最佳实践
[英]Gitlab CI/CD - user and permissions best practices
问题描述
I am trying to find some guide or documentation that discusses best practices for setting up gitlab CI/CD to auto deploy a web server (nginx) / Centos or any Linux. Setting up the CI/CD as user root is easy, but i don't like the idea of having a root key in gitlab.
我试图找到一些指南或文档,讨论设置 gitlab CI/CD 以自动部署 web 服务器 (nginx) / Centos 或任何 Linux 的最佳实践。将 CI/CD 设置为用户 root 很容易,但我不我不喜欢在 gitlab 中拥有根密钥的想法。
If i create a 'gitlab' user and assign it to the same group as NGINX, I am stuck because i can't CHOWN -R nginx to the folder and files once all the files deploy.如果我创建一个“gitlab”用户并将其分配给与 NGINX 相同的组,我就会卡住,因为一旦部署所有文件,我就无法 CHOWN -R nginx 到文件夹和文件。 So what are my options here?那么我在这里有什么选择呢? I suppose i could add the ssh key as user NGINX, but seems odd.我想我可以将 ssh 密钥添加为用户 NGINX,但看起来很奇怪。
Are there any decent ways to do this?有什么体面的方法可以做到这一点吗?
1 个解决方案
解决方案1
1 2020-09-02 07:03:02
Ideally, you would:理想情况下,您会:
connect as nginx directly to make the installation
直接连接为 nginx 进行安装don't manage the private/public key through GitLab, but through a deployment tool like Ansible (see " How to use GitLab and Ansible to create infrastructure as code ")
不要通过 GitLab 管理私钥/公钥,而是通过 Ansible 之类的部署工具(参见“ 如何使用 GitLab 和 Ansible 创建基础设施即代码”)
That way, no chown to do, and the keys are managed in Ansible, which knows how to connect to the target machines.那样的话,就不用 chown 了,密钥在 Ansible 中管理,它知道如何连接到目标机器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.