Jenkins As service not able to connect to Git Lab through SSH

[Ranjit kumar Kundu]

Building in workspace C:\Program Files (x86)\Jenkins\jobs\ApiV1\workspace
 > C:\Program Files\Automation\Git\bin\git.exe rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > C:\Program Files\Automation\Git\bin\git.exe config remote.origin.url http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git # timeout=10
Fetching upstream changes from http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git
 > C:\Program Files\Automation\Git\bin\git.exe --version # timeout=10
using GIT_SSH to set credentials PrivateKey
using .gitcredentials to set credentials
 > C:\Program Files\Automation\Git\bin\git.exe config --local credential.username sAdministrator # timeout=10
 > C:\Program Files\Automation\Git\bin\git.exe config --local credential.helper store --file=\"C:\Windows\TEMP\git1290652479642764419.credentials\" # timeout=10
 > C:\Program Files\Automation\Git\bin\git.exe -c core.askpass=true fetch --tags --progress http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git +refs/heads/*:refs/remotes/origin/*
ERROR: Timeout after 10 minutes
 > C:\Program Files\Automation\Git\bin\git.exe config --local --remove-section credential # timeout=10
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
	at hudson.scm.SCM.checkout(SCM.java:485)
	at hudson.model.AbstractProject.checkout(AbstractProject.java:1276)
	at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:607)
	at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:529)
	at hudson.model.Run.execute(Run.java:1738)
	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
	at hudson.model.ResourceController.execute(ResourceController.java:98)
	at hudson.model.Executor.run(Executor.java:410)
Caused by: hudson.plugins.git.GitException: Command "C:\Program Files\Automation\Git\bin\git.exe -c core.askpass=true fetch --tags --progress http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git +refs/heads/*:refs/remotes/origin/*" returned status code -1:
stdout: 
stderr: 
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1719)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1463)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
	... 11 more
ERROR: null
Finished: FAILURE

[Mark Waite]

It appears from the output that you've defined an RSA private key credential in Jenkins and that you selected that credential as part of the job definition.  That's good.  It also looks like you're using the command line git implementation (rather than JGit).  That's generally the preferred git implementation, so that's good also.

Is the RSA private key that you are using protected by a passphrase?  If so, then you are encountering a known bug that a Windows service cannot use a passphrase protected ssh key with the current git plugin.  A pull request is pending which may help with that problem, but it needs more evaluation before it can be included in the plugin.

If you require a passphrase protected RSA private key, then you might try enabling the JGit implementation on your Jenkins "Global Tools Configuration", then use JGit.  i believe the git plugin implementation that uses JGit may work with a passphrase protected RSA private key.

If those guesses inferred from your pasted output are not correct, you'll need to provide more details about your environment so that someone else can duplicate the problem.  I regularly test private key based access to the publicly hosted GitLab instance with the git plugin and can confirm that it works in my test cases.

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/40b8c78e-6607-456a-863a-4da9e98c89e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ranjit kumar Kundu]

No passphrase used for the private key.

I have added JGit . 

My git config file as below

[core]

repositoryformatversion = 0

bare = false

symlinks = false

ignorecase = true

    filemode = true

    logallrefupdates = true

    precomposeunicode = true

[remote "origin"]

url = http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git

    fetch = +refs/heads/*:refs/remotes/origin/*

User = sAdministrator 

[branch "master"]

    remote = origin

    merge = refs/heads/master

My config file in .ssh folder 

Host gitlab.com

Hostname git.covisintrnd.com

Port 22

PreferredAuthentications publickey 

IdentityFile ~/.ssh/id_rsa

User sAdministrator

Once i added JGit what to don next if you can post some walk through it will be very help full.

Let me know if you need more info 

[Mark Waite]

Once you added JGit to the system, then the job definition will have an additional choice added in the "Git" section.  Use that choice to switch from "Default" to "jgit".

You mentioned the .ssh directory on the computer.  That should be irrelevant for a service, particularly since a service typically runs as a service user, so does not have the .ssh directory you might usually expect.

If you are using the contents of the .ssh directory on your Jenkins server, then you'll need to assure that the Jenkins process is using the .ssh directory you think it is using.  To test that, you might read the "ssh" man page and use it to report information about the default private key that is being read from the .ssh directory.

I recommend you not rely on the contents of the .ssh directory.  You should create a Jenkins credential (from the Jenkins "Credentials") and use that in your job definition.  Relying on the .ssh directory then requires that you must copy that .ssh directory to every node.  The Jenkins Credentials are automatically used on each node, without requiring additional configuration from you.

Mark Waite

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/421ae39e-3c54-4c6c-9cdf-f3876cd78a8e%40googlegroups.com.

[Ranjit kumar Kundu]

I have used the private key of .ssh key pair from ma machine to connect the Git lab. Also added the public key in Git lab as well . 

As you told where to find this  then the job definition will have an additional choice added in the "Git" section.  Use that choice to switch from "Default" to "jgit".

Still getting the same issue . 

[Ranjit kumar Kundu]

Attached snapshot of how i added public key in git lab .

[Ranjit kumar Kundu]

Not getting enough option in Jgit section as I have attached the snapshot 

[Mark Waite]

Once you've enabled JGit at the system level ("Manage Jenkins" -> "Global Tool Configuration" -> "Git" -> "Add Git" -> "JGit"), then you open the specific job with "Configure" in the Git section of the job definition you'll find "Git executable" with a drop down list that includes "Default" and "JGit".  When you pick "JGit" and save the job, the next run will use the JGit implementation instead of the command line implementation.

Mark Waite

On Tue, Aug 2, 2016 at 3:10 AM Ranjit kumar Kundu <ranjit...@gmail.com> wrote:

Not getting enough option in Jgit section as I have attached the snapshot 

--

You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/bb5045e9-023c-44f2-b7fd-63204b36c8ec%40googlegroups.com.

[Ranjit kumar Kundu]

Now I am getting this error message 

Started by user anonymous
Building in workspace C:\Program Files (x86)\Jenkins\jobs\ApiV1\workspace
Fetching changes from the remote Git repository
ERROR: Error fetching remote repo 'origin'

hudson.plugins.git.GitException: Failed to fetch from http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
	at hudson.scm.SCM.checkout(SCM.java:485)
	at hudson.model.AbstractProject.checkout(AbstractProject.java:1276)
	at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:607)
	at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:529)
	at hudson.model.Run.execute(Run.java:1738)
	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
	at hudson.model.ResourceController.execute(ResourceController.java:98)
	at hudson.model.Executor.run(Executor.java:410)

Caused by: hudson.plugins.git.GitException: org.eclipse.jgit.api.errors.TransportException: http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git: not authorized
	at org.jenkinsci.plugins.gitclient.JGitAPIImpl$2.execute(JGitAPIImpl.java:639)
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
	... 11 more
Caused by: org.eclipse.jgit.api.errors.TransportException: http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git: not authorized
	at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:139)
	at org.jenkinsci.plugins.gitclient.JGitAPIImpl$2.execute(JGitAPIImpl.java:637)
	... 12 more
Caused by: org.eclipse.jgit.errors.TransportException: http://git.covisintrnd.com/CovisintAutomationFramework/PRD-IDM-API.git: not authorized
	at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:504)
	at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:309)
	at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136)
	at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122)
	at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1138)
	at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:130)
	... 13 more
ERROR: null
Finished: FAILURE

[Mark Waite]

I see that you're using http as the transport protocol.  That means you need to use a username and password, rather than an ssh private key.  The http protocol (and https) implementation in the git plugin does not allow you to use an ssh private key for authentication.

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/72ea4978-2983-4c49-b95b-a8c23e17ee8b%40googlegroups.com.

[Ranjit kumar Kundu]

It worked Mark.

Thank You so very much . Its really appreciated