Jenkins CI/CD 04 - Using SSH Commands to Operate another VM Instance in GCP
Enable Jenkins to perform remote operations on a remote host through SSH, replacing manual deployment.
In a non-automated deployment scenario, manually connecting to the server host’s internals is required every time.
Executing deployment commands or running deployment command executables not only involves inconvenience but also carries the risk of human error.
With Jenkins’ pipeline, we can replace manual execution, making deployments easier and more pleasant.
Package Installation
Yes, you guessed it; we need to install a package again.
Spoiler alert: Don’t install it just yet. Consider it after reading the next paragraph.
This time, we need to install support for the pipeline: SSH Pipeline Steps
.
The installation process is the same as for other packages.
In the side menu, select Manage Jenkins -> Manage Plugins and search for ssh-steps.
Then install the SSH Pipeline StepsVersion package.
Using gcloud for Login
Then it suddenly occurred to me that we had installed gcloud earlier, and gcloud itself has the capability to directly connect via SSH to other instances within the same project! No need to install additional packages! Congratulations!
If you haven’t installed the gcloud command yet, you can refer to the tutorial in a previous article: Jenkins CI/CD 03 - Building and Pushing Docker Images to GCR .
The prerequisite for using gcloud for SSH commands is to have the corresponding permissions set in your Identity and Access Management (IAM).
If the commands in the following steps are denied, you’ll have to figure it out yourself.
If you see an error message, adjust the permissions on the IAM page as suggested.
First, switch the user to Jenkins on the Jenkins host:
sudo su jenkins
Then, enter the command:
gcloud compute ssh INTERNAL_INSTANCE_NAME --zone=ZONE --internal-ip
The first time you connect, it will prompt you to generate and add an SSH key.
This is where IAM permissions issues are most likely to occur.
If you can’t log in, it means you need to adjust the permissions for the key you previously set.
After setting up the IAM correctly, follow the prompts to generate an SSH key, which will be automatically added to the metadata in Compute Engine. Afterward, you will be able to log in directly.
Connecting with gcloud Commands in the Pipeline
// jenkinsfile
pipeline {
agent any
stages {
stage('Deploy branch: develop to beta') {
when {
branch 'develop'
}
steps {
echo "ssh to store-beta-api instance."
withCredentials([file(credentialsId: 'jenkins-gcr', variable: 'GC_KEY')]) {
sh "gcloud compute ssh store-beta-api --zone=asia-east1-b --internal-ip --command 'cd /data/store-backend && sudo sh ./_scripts/deploy_beta.sh'"
}
echo "Deploy beta done"
}
}
}
}
A crucial point to note is that you need to use --command to specify the remote command, and it should be a single command string.
because the connection is terminated after executing that line. The state doesn’t persist!
In the example, we demonstrate SSH connection using gcloud commands to a VM instance named store-beta-api within the same GCP project in the asia-east1-b region, accessed through its internal static IP address.
Once the connection is successful, two commands are executed: one to enter the /data/store-backend directory and the other to run the ./_scripts/deploy_beta.sh executable file within that directory.
In small-scale services or internal testing environments, you typically have only one VM instance running.
With this example, you can automatically connect to the host’s internals for deployment when the trigger conditions are met.
Reference: gcloud compute ssh
