Update remote Git repository with Jenkins
1,160 views
Skip to first unread message
Daniel Koch
May 11, 2016, 1:18:04 AM5/11/16
to Jenkins Users
Hi,
I want to setup a simple Jenkins job for managing (f.e. updating) my existing remote git repository (Bitbucket server) with the following criterias:
- Authentication on the remote using ssh key authentication
- Git authentication using configured access key
I installed the following plugins:
Setup SSH Agent Plugin (ssh-agent)
SSH plugin (ssh)
What I did so far:
- Configure ssh key identity to login to the remote maschine (private key, password)
- Configure a SSH host for the remote under "Manage Jenkins"
- Configure a Jenkins job with "Build Environment": Selecting the configured ssk key (1.) under "SSH Agent"
- Under "Build" I add a "Execute shell script on remote host using ssh". Here I add for example git fetch
- I also add the public key on the remote under authorized_keys
- On Bitbucker server I add the ssh public key as an "Access key"
What happens if I "run" the job:
Started by user <Jenkins username>
Building in workspace <path>/workspace/<Jenkins job>
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent] Java/JNR ssh-agent
[ssh-agent] Started.
[ssh-agent] Using credentials <ssh key user from 1.>
executing script:
git fetch
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
[SSH] exit-status: 128
Build step 'Execute shell script on remote host using ssh' marked build as failure
[ssh-agent] Stopped.
Finished: FAILURE
I think the problem is the proper authentication against the git repository. I would expect here that the job is using the identity of the configured ssh key identity?!
Thanks,
Daniel
Mark Waite
May 11, 2016, 7:16:20 AM5/11/16
to Jenkins Users
Rather than preform the got fetch in a shell script, you will have better luck with the git plugin. It allows you to define the repository and credentials, then it does the work
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3312a938-ffd7-4872-820b-591a8b855581%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Daniel Koch
May 11, 2016, 12:35:11 PM5/11/16
to Jenkins Users
Hi Mark,
Yes. You mean this one? I also tried this and get the following error:
Failed to connect to repository : Command "/usr/local/bin/git -c core.askpass=true ls-remote -h ssh://git@<host>:7999/<repository>.git HEAD" returned status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I think the error itself is clear but I am pretty sure that I add the the user to the "Access keys" in Bitbucket server.
Thanks,
Daniel
Mark Waite
May 11, 2016, 1:28:49 PM5/11/16
to Jenkins Users
That's the correct plugin. It works in many thousands of installations, so I'm reasonably confident it should work in your installation as well.
You may want to check that you've registered the credential correctly in the Jenkins server and that the git version you're using is at least git version 1.7.10. Versions older than 1.7.10 don't supoprt authentication with the git plugin.
Mark Waite
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7e9378a7-ab74-4a23-8182-35fd3ff332c8%40googlegroups.com.
Daniel Koch
May 11, 2016, 4:24:16 PM5/11/16
to Jenkins Users
Hi Mark,
yes. I think the problem is not by the plugin :-)
I recreated a new public key and tried again the git plugin. This works now. It updates a git clone in the Jenkins workspace, as expected.
But back to my initial plan. I want to trigger an git update, chekout, ... on a remote server. This should also be possible?
Here I get the same error.
Without Jenkins (only cli) I would for example login with ssh -A to activate the ssh agent forwarding and I'll able lo connect to the git repository (permissions provided).
How would you solve that scenario?
Thanks,
Daniel
Mark Waite
May 11, 2016, 4:28:59 PM5/11/16
to Jenkins Users
Jenkins credentials work on slaves as well on master. The same credentials are used on master and on all slaves.
Mark Waite
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7d9dc97f-14e2-418b-9b95-f6607f110773%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages