Re: Unable to connect EC2 slaves to remote Git repository

[Kevin Fleming (BLOOMBERG/ 731 LEXIN)]

The Amazon EC2 plugin is not 'credentials aware' at this point, so it's not going to push credentials down to the slave. This is something I plan to work on in the near future, but I've been waiting for the Credentials plugin and its data structures to settle down.

As it stands today, the EC2 slaves don't get *any* information from the master except the URL of the Git repository and the SHA-1 of the commit they should check out. If they need keys to access the repository, those keys will need to be pre-installed on the slave (by creating a custom AMI or some other mechanism).

----- Original Message -----
From: jenkins...@googlegroups.com
To: jenkins...@googlegroups.com
At: Nov 2 2013 15:44:36

I see that GIT_SSH is an environment variable which changes the command which Git uses to connect to the remote host. Maybe this is the wrong path to search down, but is how can I find out what this value is? Or perhaps what dependencies it might have. Maybe the AMI is missing something that I have to install.

The init script for the instance runs yum -y install git. Maybe it should install something else.

On Saturday, November 2, 2013 2:22:19 PM UTC-5, David V wrote:

I'm trying to use the Jenkins Amazon EC2 plugin to start and use AWS EC2 instances for slaves. Jenkins will start the slave, and the slave connects to the master, but my builds are not able to connect to our Git repositories over SSH. The slave is running on the Amazon Linux AMI.

I created a Global credential in a domain bound to the ssh URI scheme and entered the key directly. The name of the credential is "Git SSH". I see GIT_SSH in the logs, which I take to be a translation of the name I specified.

So far, I have verified that if I log into the machine directly and add the credentials manually it will clone the repository. Also, I modified a different job which runs on a non-EC2 slave to use the same credential and it clones the repository using those credentials.

Does anybody have any suggestions on how I might get my slave to connect to my Git repository?

Cloning the remote Git repository

Cloning repository ssh://host/repo.git
git --version
git version 1.8.3.1
using GIT_SSH to set credentials Builder
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Could not clone ssh://host/repo.git
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:310)
        at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:151)
        at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:144)
        at hudson.remoting.UserRequest.perform(UserRequest.java:118)
        at hudson.remoting.UserRequest.perform(UserRequest.java:48)
        at hudson.remoting.Request$2.run(Request.java:326)
        at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
        at java.util.concurrent.FutureTask.run(FutureTask.java:166)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:679)
Caused by: hudson.plugins.git.GitException: Command "clone --progress -o origin ssh://host/repo.git

/var/jenkins/workspace/TestProjectForEC2Slave" returned status code 128:
stdout: Cloning into '/var/jenkins/workspace/TestProjectForEC2Slave'...

Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:981)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:920)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$400(CliGitAPIImpl.java:64)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:308)
        ... 11 more
ERROR: null
Finished: FAILURE

Here is some version information:

Jenkins 1.537

Amazon EC2 Plugin 1.19

Jenkins GIT plugin 2.0

Jenkins GIT client plugin 1.4.6

Open JDK Runtime on master 1.6.0_24-b24

Open JDK Runtime on slave 1.6.0_24-b24

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[David V]

Thanks for the explanation. I had assumed that the EC2 plugin connected the EC2 instance to the master Jenkins as a normal slave, so that from that point on the standard Jenkins slave communication would remain the same.

Does all the normal information from a build go back to the master with the EC2 plugin? That is, are logs, build information, etc. sent back to the master?

David

[Kevin Fleming (BLOOMBERG/ 731 LEXIN)]

It is a normal master-slave connection, just like any other slave. As far as I know, until very recently, there was *no* mechanism to transfer credentials from the master to a slave as-needed. Slaves have always needed to have any necessary credentials setup before the master sent them work to do which required the credentials.

With the recent enhancements to the Credentials plugin, and the SSH-Agent plugin, it appears that it will be possible to send SSH credentials to a slave (in an indirect way), and this could be leveraged to accomplish what you want to do... if the EC2 plugin was made aware of Credential and SSH-Agent support (since it creates the nodes/slaves on the fly).