Jenkins pipeline and ssh creds
220 views
Skip to first unread message
Kurt T Stam
Jul 8, 2016, 3:17:04 PM7/8/16
to fab...@googlegroups.com
Hey guys,
I'm running a jenkins pipeline with a private git repo. I found that ssh
keys on the master only work when use the git binary, rather then jgit
which is a jenkins global config setting. How do I make a permanent
jenkins config change? Or does anyone know of a better workaround.
Thx,
--Kurt
I'm running a jenkins pipeline with a private git repo. I found that ssh
keys on the master only work when use the git binary, rather then jgit
which is a jenkins global config setting. How do I make a permanent
jenkins config change? Or does anyone know of a better workaround.
Thx,
--Kurt
James Rawlings
Jul 8, 2016, 3:23:04 PM7/8/16
to Kurt T Stam, fab...@googlegroups.com
Hey Kurt, what's the config change that you need to make?
> --
> You received this message because you are subscribed to the Google Groups "fabric8" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to fabric8+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "fabric8" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to fabric8+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
James Strachan
Jul 8, 2016, 3:30:30 PM7/8/16
to Kurt T Stam, fab...@googlegroups.com
can't we point jgit at the same ssh keys somehow? Not sure where jgit looks for the keys mind you ;)
--
You received this message because you are subscribed to the Google Groups "fabric8" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fabric8+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ioannis Canellos
Jul 8, 2016, 3:31:23 PM7/8/16
to James Rawlings, Kurt T Stam, fab...@googlegroups.com
I would assume that you would have to go via the credentials plugin.
--
Ioannis Canellos
Kurt T Stam
Jul 8, 2016, 3:34:12 PM7/8/16
to James Rawlings, fab...@googlegroups.com
Under 'Manage Jenkins > Configure
System', I add 'Git' and pointed it to the binary, and I moved it
first in the list.
Kurt T Stam
Jul 8, 2016, 3:35:46 PM7/8/16
to James Strachan, fab...@googlegroups.com
Y .. all I can find thus far is that
jgit allows you to set the keys per job. Which is good for a cloud
deployment, just haven't figured out how this works exactly.
Kurt T Stam
Jul 8, 2016, 3:38:53 PM7/8/16
to James Strachan, fab...@googlegroups.com
Well actually I did figure that out,
you're required to point it to a specific credential in the job
definition, so you can't leave it 'none' anymore, and assume it
will pick up you keys in your .ssh directory. This is why I asked
James R before how to script a global credentials and how to
script using it for the job definition.
James Rawlings
Jul 8, 2016, 3:50:03 PM7/8/16
to Kurt T Stam, James Strachan, fab...@googlegroups.com
using the global credentials is a PITA as the id's change so can't really be referenced inside the Jenkinsfile, ideally we should be able to use one way to manage credentials on kubernetes and openshift and that being secrets.
If it works after adding the Git configuration you could just find what that looks like in the Jenkins config.xml of the Jenkins master, then add it into the jenkins image, my guess it'll be added in here https://github.com/fabric8io/jenkins-docker/blob/master/config/config.xml
then
docker build -t fabric8/jenkins-docker:test .
edit your Jenkins RC image name to point to the image above and see if that works?
Jimmi Dyson
Jul 8, 2016, 3:54:22 PM7/8/16
to James Rawlings, Kurt T Stam, James Strachan, fab...@googlegroups.com
I wonder if it would be possible to have a Kubernetes Secret type of Jenkins credential provided in the Kubernetes plugin (or elsewhere)?
Kurt T Stam
Jul 8, 2016, 3:55:27 PM7/8/16
to James Rawlings, James Strachan, fab...@googlegroups.com
On 7/8/16 3:50 PM, James Rawlings
wrote:
using the global credentials is a PITA as the id's change so can't really be referenced inside the Jenkinsfile, ideally we should be able to use one way to manage credentials on kubernetes and openshift and that being secrets.
I may not fully grasp what runs where, but the issue is on the
master, not the builder. The creds are ok in the builder. The fact
that the jenkins file is mentioned in the job's configuration makes
me think that it is configured outside of the Jenkinsfile.
If it works after adding the Git configuration you could just find what that looks like in the Jenkins config.xml of the Jenkins master, then add it into the jenkins image, my guess it'll be added in here https://github.com/fabric8io/jenkins-docker/blob/master/config/config.xm
thendocker build -t fabric8/jenkins-docker:test .
edit your Jenkins RC image name to point to the image above and see if that works?
OK will give that a shot.
Kurt T Stam
Jul 8, 2016, 4:14:30 PM7/8/16
to James Rawlings, James Strachan, fab...@googlegroups.com
Hi James,
https://github.com/fabric8io/jenkins-docker/blob/master/config/hudson.plugins.git.GitTool.xml
points to jgit.
https://github.com/fabric8io/jenkins-docker/blob/master/config/hudson.plugins.git.GitTool.xml
points to jgit.
On 7/8/16 3:50 PM, James Rawlings wrote:
Reply all
Reply to author
Forward
0 new messages