Problems with RSA key in EC2-Plugin

379 views
Skip to first unread message

stephanos

unread,
Apr 7, 2011, 8:31:44 AM4/7/11
to Jenkins Users
I was just trying to setup Jenkins (1.405) with the ec2-plugin - but I
can't connect connect to EC2, after specifying my configuration I just
get this:

java.io.IOException: problem creating RSA private key:
java.io.IOException: No password finder specified, but a password is
required
at org.bouncycastle.openssl.PEMReader.readObject(Unknown Source)
at hudson.plugins.ec2.EC2PrivateKey.getFingerprint(EC2PrivateKey.java:
47)
at hudson.plugins.ec2.EC2PrivateKey.find(EC2PrivateKey.java:70)
at hudson.plugins.ec2.SlaveTemplate.provision(SlaveTemplate.java:126)
at hudson.plugins.ec2.EC2Cloud.doProvision(EC2Cloud.java:188)
....

What is there to do?

Cheers,
Stephan

stephanos

unread,
Apr 8, 2011, 9:54:33 AM4/8/11
to Jenkins Users
any ideas, please :-?

stephanos

unread,
Apr 10, 2011, 10:42:37 AM4/10/11
to Jenkins Users
Well, it seems like I was using the wrong private key (mixed them up
somehow).
-> maybe the error message could be improved in this regard?

After I 'fixed' this problem I had another:
[the private key entered below isn't registered to EC2 (fingerprint is
ae:d7:ad:ce:2e:fb:15:b4:9d:41:57:cf:a3:62:e6:69:01:a8:f1:36)]
It turned out that EC2 key pairs are tied to a region - and since I
wanted to use a different region than the key pair was created in I
received this error.
-> again: maybe the message could be improved - like '...isn't
registered to EC2 region XY'

Cheers

stephanos

unread,
Apr 10, 2011, 11:02:32 AM4/10/11
to Jenkins Users
ARGH, next problem:
[No such AMI, or not usable with this accessId: ami-21779c48]

I tried 'ami-7db75014' (from Jenkins Wiki), ami-15f4127c, ami-ccf405a5
and many more...
I don't know what's wrong yet.

Kohsuke Kawaguchi

unread,
Apr 13, 2011, 2:06:19 AM4/13/11
to jenkins...@googlegroups.com, stephanos

I guess the EC2 plugin doesn't support the password-protected private key.

I've improved the error report to indicate that problem more clearly. If
people find it too painful to convert the private key to unencrypted
form, please file a ticket so that the plugin gets improved to accept a
password for the private key. It's not that hard to do so, but I'm being
lazy :-)


--
Kohsuke Kawaguchi | CloudBees, Inc. | http://cloudbees.com/

Kohsuke Kawaguchi

unread,
Apr 13, 2011, 2:10:35 AM4/13/11
to jenkins...@googlegroups.com, stephanos
On 04/10/2011 07:42 AM, stephanos wrote:
> Well, it seems like I was using the wrong private key (mixed them up
> somehow).
> -> maybe the error message could be improved in this regard?
>
> After I 'fixed' this problem I had another:
> [the private key entered below isn't registered to EC2 (fingerprint is
> ae:d7:ad:ce:2e:fb:15:b4:9d:41:57:cf:a3:62:e6:69:01:a8:f1:36)]
> It turned out that EC2 key pairs are tied to a region - and since I
> wanted to use a different region than the key pair was created in I
> received this error.
> -> again: maybe the message could be improved - like '...isn't
> registered to EC2 region XY'

Done. Thanks for the suggestion.

> Cheers
>
>
> On Apr 8, 3:54 pm, stephanos<stephan.beh...@googlemail.com> wrote:
>> any ideas, please :-?
>>
>> On Apr 7, 2:31 pm, stephanos<stephan.beh...@googlemail.com> wrote:
>>
>>
>>
>>
>>
>>
>>
>> > I was just trying to setup Jenkins (1.405) with the ec2-plugin - but I
>> > can't connect connect to EC2, after specifying my configuration I just
>> > get this:
>>
>> > java.io.IOException: problem creating RSA private key:
>> > java.io.IOException: No password finder specified, but a password is
>> > required
>> > at org.bouncycastle.openssl.PEMReader.readObject(Unknown Source)
>> > at hudson.plugins.ec2.EC2PrivateKey.getFingerprint(EC2PrivateKey.java:
>> > 47)
>> > at hudson.plugins.ec2.EC2PrivateKey.find(EC2PrivateKey.java:70)
>> > at hudson.plugins.ec2.SlaveTemplate.provision(SlaveTemplate.java:126)
>> > at hudson.plugins.ec2.EC2Cloud.doProvision(EC2Cloud.java:188)
>> > ....
>>
>> > What is there to do?
>>
>> > Cheers,
>> > Stephan
>

Kohsuke Kawaguchi

unread,
Apr 13, 2011, 2:12:44 AM4/13/11
to jenkins...@googlegroups.com, stephanos

You should check if you really do have access to that AMI.

I could be wrong, but I believe AMIs are also region specific.

stephanos

unread,
Apr 16, 2011, 5:33:13 AM4/16/11
to Jenkins Users
Thans a lot for considering my suggestions. Feels good to be heard :)

But I'm still having problems with the AMI issue. I just tried the IDs
that are presented to me for "Quick Start" in the AWS Management
Console. They all don't work.
So I don't know that the issue might be exactly - the connection test
works, but only no AMI can be used :(
[No such AMI, or not usable with this accessId: ami-8e1fece7]
I'm a little clueless now.

PS: cool new Jenkins Logo!

Cheers,
Stephanos

On Apr 13, 8:12 am, Kohsuke Kawaguchi <kkawagu...@cloudbees.com>
wrote:

Vojtech Juranek

unread,
Apr 16, 2011, 8:35:21 PM4/16/11
to jenkins...@googlegroups.com
> Thans a lot for considering my suggestions. Feels good to be heard :)
>
> But I'm still having problems with the AMI issue. I just tried the IDs
> that are presented to me for "Quick Start" in the AWS Management
> Console. They all don't work.
> So I don't know that the issue might be exactly - the connection test
> works, but only no AMI can be used :(
> [No such AMI, or not usable with this accessId: ami-8e1fece7]
> I'm a little clueless now.

did you try to schedule a build? This message is misleading (didn't check
why), EC2 machine is provisioned in spite of the fact that this message
appears in config page

Reply all
Reply to author
Forward
0 new messages