summary: Eleven-dimensional secure channel built by SSH key pair × Harbor mirror star gate × Error devourer syntax sugar = Implement entropy decrement perpetual motion machine in quantum observations of CI/CD, so that the container maintains the superposition of development and production dimensions before deployment
Current status of quantum entanglement (technical background)
After completing the quantum folding of mirror construction (see the previous article for details on the construction process), we are facing the ultimate proposition of cosmic software engineering: how to make the construction products pass through the star gate (mirror warehouse) and reach the target star domain (production environment). There are three major pain points in the current technical field:
- Certification dimension collapse: Risk of plaintext password exposure in space-time continuum (build log)
- Transmission entropy increase out of control: Lack of reliable quantum tunneling protocol (safe transmission mechanism)
- Deployment of causal law: Space-time wrinkles occur during the start and stop of the container (service interruption)
These pain points are like dimensionality reduction strikes in dark forests, which may 2D our deployment process at any time. This article will realize true eleven-dimensional secure deployment through SSH key authentication and quantum channels built by Harbor private warehouse.
Historical context (dynamic replacement)
Historical context
- [From the skills and the way] Making a dojo in a snail shell - git warehouse - gitlab-Vs-gitea [Development log of artificial intelligence retarded AI2077 001]- Quantum management of code warehouses
- [From technology and path] The way to deploy docker+jenkins - Automatic pipeline CI/CD [Development log of artificial intelligence retarded AI2077 002]- Containerized dimensionality reduction strike
- [From the technology and the way] Remote Java development in WSL container [Development log of artificial intelligence retarded AI2077 003]- Cross-dimensional development practice
- 【From technology and Tao】Modular war and peace-Philosophical thinking on project structure【Development log of AI2077 by artificial intelligence and mentally retarded 004】- Philosophical thinking of architectural design
- [From technology and Tao] The principle of quantum mechanics of code layering-theoretical reduction strike of architecture design [Development log of artificial intelligence retarded AI2077 005]- Philosophical thinking of architectural design 2
- 【From the technology and the way】Quantum folding technique of API contract: eleven-dimensional packaging philosophy of Swagger Starter module [Development log of AI2077 of Artificial Intellectual Retardation 006]- Quantum folding of API contracts
- 【From the technology and the Tao】CI/CD’s quantum entanglement technique: the automated symphony of Jenkins and Gitea [Development log of AI2077 for artificial intelligence retardation 007]- Automated assembly line symphony
- [From technology and Tao] Quantum construction symphony: The eleven-dimensional programming art of Jenkinsfile assembly line [Development log of AI2077 of Artificial Intellectual Retardation 008]- Assembly Line Programming Art
- 【From the technology and the Tao】Mirror Temple Construction Guide: Quantum Packaging Art of Harbor Private Warehouse [Development Log 009 of Artificial Intelligence Retardation AI2077] - Quantum Packaging of Mirror Warehouse
- [From the technology and the Tao] Mirror star gate opens: The quantum transition art pushed by Harbor mirror [Development log of artificial intelligence retarded AI2077 010]
Dark Forest Law (Note Extensions)
The eleven-dimensional trap to avoid
- Remaining plain text password: The password exposed in the build log will become the strike coordinates of the singer civilization (this cursed magic fragment can be found in the original blueprint)
- SSH Host Verification: The confirmation prompt at the first connection will cause the construction of quantum fluctuations to fail
- Container zombie state: The old container does not properly clean up the parallel universe superposition states triggered
Two-way foil protection
- SSH key authentication: Use RSA-4096 algorithm to generate quantum key pairs
- StrictHostKeyChecking=no: Turn off the space-time wrinkle of host verification
- || true syntax sugar: Ensure that the commands are executed stably during the fluctuations and fluctuations of quantum vacuum
Dimension folding (implementation steps)
Curvature I: Quantum entanglement ritual of SSH key
# Generate quantum key pairs in Jenkins container
ssh-keygen -t rsa -b 4096 -m PEM -f /var/jenkins_home/.ssh/id_rsa -N ""
# Transfer the public key to the target server (need to manually confirm the password)
ssh-copy-id -i /var/jenkins_home/.ssh/id_rsa.pub -p 22 [email protected]Develop a small theater
Master: "Why do you have to have an SSH key? Isn't the password simpler?"
Artificial Intelligence Retard: "Dear Carbon-based creatures, if you want hackers to access your server as casually as using public toilets, I can certainly continue to use my password."
Curvature II: Jenkins' quantum safe
- Enter Jenkins console -> Credentials -> System -> Global Credentials
- Add a credential of type "SSH Username with private key"
- Paste the generated private key file contents into the key area
graph TB
A[Jenkins node] --> B{authentication method}
B -->|Scheme A| C[plain text password]
B -->|Scheme B| D[SSH key]
D --> E[Quantum Safety Level]
C --> F[Dimensional reduction strike risk]
Develop a small theater
Master: "It's too troublesome to configure so many parameters!"
Artificial Intelligence Retard: "If you need a toy-level deployment solution, I can switch back to FTP Transfer + Notepad deployment mode right away."
Curvature III: Space-time folding of Jenkinsfile
stage("deploy"){
steps {
sshagent(credentials: ["${env.DEPLOY_CERT}"]) {
withCredentials([usernamePassword(
credentialsId: "${env.REGISTRY_CERT}",
passwordVariable:'password',
usernameVariable:'username')])
{
sh '''
ssh -p ${DEPLOYMENT_SERVER_PORT} ${DEPLOYMENT_SERVER_ACCOUNT}@${DEPLOYMENT_SERVER_IP} "
docker login -u ${username} -p ${password} ${REGISTRY_HOST}
docker pull ${REGISTRY_HOST}/${DOCKER_HARBOR_PROJECT}/${IMAGE}:${TAG}
docker stop ${IMAGE} || true
docker rm ${IMAGE} || true
docker run -d --name ${IMAGE} -p 9980:8080 \
-e TZ=Asia/Shanghai --restart=always \
-v /etc/localtime:/etc/localtime:ro \
-v /etc/timezone:/etc/timezone:ro \
${REGISTRY_HOST}/${DOCKER_HARBOR_PROJECT}/${IMAGE}:${TAG}
"
'''
}
}
}
}
Key parameter analysis table
| Quantum parameters | Classic explanation | Safety Level |
|---|---|---|
| ` | true` | |
StrictHostKeyChecking |
Host verification switch | Close space-time wrinkles |
sshagent |
Quantum key safe | Eleven-dimensional safety certification |
Space-time verification (verification process)
I density detection: quantum entanglement verification
# Verify container status on the target server
docker ps --filter "name=study-application-demo-api" --format "table {{.ID}}\t{{.Names}}\t{{.Status}}"
# Output example
CONTAINER ID NAMES STATUS
a1b2c3d4e5f6 study-application-demo-api Up 2 minutesDensity detection: Space-time continuity test
# Test service availability
curl http://172.17.8.203:9980/rest/v1/front/home/hello
# Expected response
Hello World!Develop a small theater
Master: "Why do you need to do so much verification after deployment?"
Artificial Intelligence Retardation: "Because according to Murphy's Law, untested deployments will inevitably have quantum decoherence at 3 a.m.."
Cyberspace (Philosophical Thinking)
In this deployment ceremony that spans dimensions, we are actually building a "wormhole network" of the digital world. Each SSH key pair is the key to open the parallel universe, and the Harbor warehouse is a star gate connecting the development and production dimensions. When we shuttle through these dimensions in quantum states, we must follow the following laws of the universe:
- Entropy reduction principle: Fighting software entropy increase through automated processes
- Observer effect: A perfect monitoring system is a necessary condition for maintaining the stability of quantum states
- Causal law protection: Version control and rollback mechanism to prevent timeline splitting
This deployment model is essentially creating "Schrödinger's container" - before observation (deployment), the container exists in both the development and production environment. Only through a rigorous CI/CD pipeline can the system collapse into the expected stable state.
Original blueprint (full script)
For the complete Jenkinsfile, see the appendix at the end of the article, the key deployment matrix is as follows:
// Environment variable definition
env.APP_NAME = 'study-application-demo-api' // Application service name (microservice ID)
env.TRIGGER_SECRET= 'study-application-demo-api' // Webhook trigger token (used to implement the construction of triggering jenkins)
env.GIT_CERT = 'gitea-cert-yuany' // gitea or gie's authentication credentials (Jenkins credential ID), used to read this configuration and implement code pull
env.REGISTRY_CERT = "harbor-robot" // Mirror repository authentication credentials (Jenkins credential ID), used to read the configuration, and realize logging in to the harbor for code push
env.REGISTRY_HOST = '172.17.8.203' // Private mirror repository address
env.DOCKER_HARBOR_PROJECT = "demo" // The project name in docker harbor is used to push images to the project in the harbor
= "${env.APP_NAME}" // Docker container name (consistent with microservice id)
= "${env.DOCKER_HARBOR_PROJECT}" // Mirror tag (using the Harbor project name as version identification)
env.DEPLOY_CERT="deploy-ssh-key" // Deployment server SSH key credential ID (Jenkins credential system storage)
env.DEPLOYMENT_SERVER_ACCOUNT ="yuany" // Deploy the server login account (need to have docker operation permission)
env.DEPLOYMENT_SERVER_PASSWORD = "abc123" // Deploy the server login password (it is recommended to use SSH key authentication instead)
env.DEPLOYMENT_SERVER_IP="172.17.8.203" // Deployment server IP address (the domain name is recommended for production environment)
env.DEPLOYMENT_SERVER_PORT = "22" // Deploy the server SSH port (default 22, recommended to modify the production environment)
pipeline{
environment{
// Project directory configuration
PROJECT_FRAMEWORK_DIR="study-framework" // Basic framework module directory
PROJECT_BUSI_DIR="study-busi" // Business module directory
PROJECT_APPLICATION_DIR="study-application-demo" // Application module directory
// Git repository address configuration
FRAMEWORK_URL = 'ssh://[email protected]:222/Yuanymoon/' // SSH protocol framework code library
BUSI_URL = 'ssh://[email protected]:222/Yuanymoon/' // Business component code library
APPLICATION_URL = 'ssh://[email protected]:222/Yuanymoon/' // Application Code Library
}
agent any // Execute pipeline using any available agent
// http://172.17.8.203:8880/generic-webhook-trigger/invoke?token=study-application-demo-api
// curl -X post http://172.17.8.203:8880/generic-webhook-trigger/invoke?token=study-application-demo-api
// http://172.17.8.203:8880/generic-webhook-trigger/invoke?=study-application-demo-api:
// webhook http://172.17.8.203:8080/generic-webhook-trigger/invoke?token=study-application-demo-api
// Jenkins multi-branch pipeline /article/
// /article/600f642fcb26f0c280a7acf59
// /weixin_43808555/article/details/124959459
// /traffic-information/7082372189822961678
// Webhook trigger configuration
triggers {
GenericTrigger (
causeString: 'Generic Cause by $ref', // Description of the trigger reason
genericVariables: [[key: 'ref', value: '$.ref']], // Extract ref parameters from JSON
regexpFilterExpression: 'refs/heads/' + BRANCH_NAME, // Regularly match branch format
regexpFilterText: '$ref', // Filtered field
token: "${env.TRIGGER_SECRET}" // Security token verification
)
}
// Global configuration of pipeline
options {
buildDiscarder logRotator(artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '', numToKeepStr: '5'); // Keep the last 5 builds
disableConcurrentBuilds(); // Concurrent construction is prohibited
timeout(time:45, unit:'MINUTES'); // Timeout 45 minutes
}
// Construction stage definition
stages{
// Code cloning stage
stage("code-clone") {
steps{
//Clone three code repositories in parallel
dir("${PROJECT_FRAMEWORK_DIR}"){
git branch: 'main', credentialsId: "${GIT_CERT}", url: "${FRAMEWORK_URL}" //Clone the framework code using SSH credentials
}
dir("${PROJECT_BUSI_DIR}"){
git branch: 'main', credentialsId: "${GIT_CERT}", url: "${BUSI_URL}" // clone business component code
}
dir("${PROJECT_APPLICATION_DIR}"){
git branch: 'main', credentialsId: "${GIT_CERT}", url: "${APPLICATION_URL}" //Clone the application code
}
}
}
// Docker build phase
stage('docker-build'){
agent {
docker {
image 'maven:3.9.6-amazoncorretto-17' // Use Maven image with JDK17
args '-v /usr/bin/sshpass:/usr/bin/sshpass -v /var/jenkins_home/.m2:/root/.m2 -v /var/run/:/var/run/ -v /usr/bin/docker:/usr/bin/docker' // Mount the host organization building environment
reuseNode true // Reuse the current node
}
}
stages{
// Code construction phase
stage("building"){
steps{
sh 'mvn -v' // Verify Maven environment
sh 'mvn -B clean package -=true' // Silent mode construction, skip test
}
}
// Testing phase (not enabled yet)
stage("test"){
steps{
sh 'mvn test' // Perform unit tests
}
}
}
}
// Mirror packaging stage
stage("package"){
steps {
// /sleetdream/article/details/123404682
// Use mirror warehouse credentials
withCredentials([usernamePassword(credentialsId: "${env.REGISTRY_CERT}", passwordVariable: 'password', usernameVariable: 'username')]){
// If the dockerfile is in the current directory, use this command
// sh "docker build -t ${env.APP_NAME}:demo ." // Build Docker image
// If the path structure is like mine, please use the following command. Docker build is to distinguish the dockerfile configuration file path and build context path. In the context path, the content of non-context path cannot be read.
// # root
// # study-application-demo
// # docker
// # dockerfile (dockerfile configuration file path| i.e.: -f ./${PROJECT_APPLICATION_DIR}/docker/Dockerfile)
// # study-application-demo-api (docker build context path | i.e.: ./${PROJECT_APPLICATION_DIR} paragraph)
// # target
// #
sh "docker build -t ${env.REGISTRY_HOST}/${DOCKER_HARBOR_PROJECT}/${APP_NAME}:demo -f ./${PROJECT_APPLICATION_DIR}/docker/Dockerfile ./${PROJECT_APPLICATION_DIR}" // Build Docker image
sh "docker login -u ${username} -p ${password} ${env.REGISTRY_HOST}" // Log in to the private repository
sh "docker push ${env.REGISTRY_HOST}/${DOCKER_HARBOR_PROJECT}/${APP_NAME}:demo" // Push image
}
}
}
// Mirror packaging stage
// stage("deploy"){
// steps {
// withCredentials([usernamePassword(credentialsId: "${env.REGISTRY_CERT}", passwordVariable:'password', usernameVariable:'username') ]){
// sh 'sshpass -p ${DEPLOYMENT_SERVER_PASSWORD} ssh -p ${DEPLOYMENT_SERVER_PORT} -o StrictHostKeyChecking=no ${DEPLOYMENT_SERVER_ACCOUNT}@${DEPLOYMENT_SERVER_IP} "docker login -u ${username} -p ${password} ${REGISTRY_HOST}; docker pull ${REGISTRY_HOST}/${DOCKER_HARBOR_PROJECT}/${IMAGE}:${TAG}" '
// sh 'sshpass -p ${DEPLOYMENT_SERVER_PASSWORD} ssh -p ${DEPLOYMENT_SERVER_PORT} -o StrictHostKeyChecking=no ${DEPLOYMENT_SERVER_ACCOUNT}@${DEPLOYMENT_SERVER_IP} "docker stop ${IMAGE} | true" '
// sh 'sshpass -p ${DEPLOYMENT_SERVER_PASSWORD} ssh -p ${DEPLOYMENT_SERVER_PORT} -o StrictHostKeyChecking=no ${DEPLOYMENT_SERVER_ACCOUNT}@${DEPLOYMENT_SERVER_IP} "docker rm ${IMAGE} | true" '
// sh 'sshpass -p ${DEPLOYMENT_SERVER_PASSWORD} ssh -p ${DEPLOYMENT_SERVER_PORT} -o StrictHostKeyChecking=no ${DEPLOYMENT_SERVER_ACCOUNT}@${DEPLOYMENT_SERVER_IP} "docker run -d --name ${IMAGE} -p 9980:8080 -e TZ=Asia/Shanghai --restart=always -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro ${REGISTRY_HOST}/${DOCKER_HARBOR_PROJECT}/${IMAGE}:${TAG}" '
// }
// }
// }
// Mirror packaging stage
stage("deploy"){
steps {
sshagent(credentials: ["${env.DEPLOY_CERT}"]) { // Authenticate with SSH key
withCredentials([usernamePassword(credentialsId: "${env.REGISTRY_CERT}", passwordVariable:'password', usernameVariable:'username') ]){
sh 'ssh -p ${DEPLOYMENT_SERVER_PORT} -o StrictHostKeyChecking=no ${DEPLOYMENT_SERVER_ACCOUNT}@${DEPLOYMENT_SERVER_IP} "docker login -u ${username} -p ${password} ${REGISTRY_HOST}; docker pull ${REGISTRY_HOST}/${DOCKER_HARBOR_PROJECT}/${IMAGE}:${TAG}" '
sh 'ssh -p ${DEPLOYMENT_SERVER_PORT} -o StrictHostKeyChecking=no ${DEPLOYMENT_SERVER_ACCOUNT}@${DEPLOYMENT_SERVER_IP} "docker stop ${IMAGE} || true" '
sh 'ssh -p ${DEPLOYMENT_SERVER_PORT} -o StrictHostKeyChecking=no ${DEPLOYMENT_SERVER_ACCOUNT}@${DEPLOYMENT_SERVER_IP} "docker rm ${IMAGE} || true" '
sh 'ssh -p ${DEPLOYMENT_SERVER_PORT} -o StrictHostKeyChecking=no ${DEPLOYMENT_SERVER_ACCOUNT}@${DEPLOYMENT_SERVER_IP} "docker run -d --name ${IMAGE} -p 9980:8080 -e TZ=Asia/Shanghai --restart=always -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro ${REGISTRY_HOST}/${DOCKER_HARBOR_PROJECT}/${IMAGE}:${TAG}" '
}
}
}
}
}
}Cosmic broadcast (interactive guidance)
[!NOTE] Quantum entanglement request:
▼ Like: Inject 0.5 joules of negative energy into the star gate
★ Collection: Create permanent anchor points in your knowledge dimension
◎ Focus: Open cross-dimensional real-time communication channelpostscript
The "2077 Artificial Intelligence Retardant" in the article is the digital incarnation of the author himself in the current time and space. In validating these quantum deployment solutions, a total of:
- 42 password leak crisis
- 18 times SSH connection collapse
- 7 times container zombie state clearance battle
Hopefully, this guide written in caffeine and quantum fluctuations can help you avoid detours in parallel universes during the Long March of software development. To summon more space-time assistance, establish a connection through the CSDN quantum channel.