Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18330

Support :ext: using external shell like Netbeans instead of only internal SSH

    XMLWordPrintable

Details

    • Improvement
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • cvs-plugin
    • None
    • Windows 7 x64

    Description

      We have recently moved to using SSPI authentication on our CVS (CVSNT) system and now don't seem to be able to use the Jenkins CVS Plug-In to checkout our code. I've tried a rather large number of options to try to get this to work but nothing I do seems to change that fact that the plug-in appears to only attempt to use the internal ssh mechanism using public/private key authentication when a CVSROOT of the form :ext:<user>@<server>:/<repository>. The output is always something like I've added below.

      I'm aware that Jenkins uses the Netbeans JavaCVS client so I tried installing Netbeans to see how to get that to do the job. In the Netbeans CVS checkout there is an option to either use the Internal SSH, or use an External Shell. In the external shell box I was able to put:

      C:\Program Files (x86)\CVS Suite\CVSNT\extnt.exe <server>

      And it worked from that point. As you can see below I've tried adding CVS_RSH and CVS_SERVER environment variables to try to force this but it appears to have no effect. (Note that I've also tried CVS_EXE instead of CVS_SERVER, and the same without the underscore as the details on the internet are a bit inconsistent).

      I've set this to Major as it's quite important for us to be able to continue to use the CVS Plugin because of the integration to the change reporting on Jenkins. We can get round it using alternative methods, e.g. Ant task, Python script or whatever (hence the reason I haven't made this a Blocker) but that loses a lot of the benefit of Jenkins' built-in functionality.

      ========= Console Output ============
      11:13:44 Started by user McCabe, John
      11:13:44 [EnvInject] - Loading node environment variables.
      11:13:44 [EnvInject] - Preparing an environment for the build.
      11:13:44 [EnvInject] - Keeping Jenkins system variables.
      11:13:44 [EnvInject] - Keeping Jenkins build variables.
      11:13:44 [EnvInject] - Injecting as environment variables the properties content
      11:13:44 CVS_RSH=C:\Program Files (x86)\CVS Suite\CVSNT\extnt.exe
      11:13:44 CVS_SERVER=C:\Program Files (x86)\CVS Suite\CVSNT\cvs.exe
      11:13:44
      11:13:44 [EnvInject] - Variables injected successfully.
      11:13:44 [EnvInject] - Injecting contributions.
      11:13:44 Building in workspace E:\Work\Jenkins
      11:13:44 cvs checkout -P -N -r <mybranch> <mymodule>
      11:13:44 ERROR: CVS Authentication failed: null
      11:13:44 org.netbeans.lib.cvsclient.connection.AuthenticationException: SSH connection failed.
      11:13:44 at org.netbeans.lib.cvsclient.connection.SSHConnection.open(SSHConnection.java:141)
      11:13:44 at org.netbeans.lib.cvsclient.Client$1.run(Client.java:374)
      11:13:44 at java.lang.Thread.run(Unknown Source)
      11:13:44 Caused by: com.jcraft.jsch.JSchException: java.io.FileNotFoundException: C:\Users\mccabe\.ssh\id_rsa (The system cannot find the path specified)
      11:13:44 at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:98)
      11:13:44 at com.jcraft.jsch.JSch.addIdentity(JSch.java:224)
      11:13:44 at com.jcraft.jsch.JSch.addIdentity(JSch.java:218)
      11:13:44 at org.netbeans.lib.cvsclient.connection.SSHConnection.open(SSHConnection.java:135)
      11:13:44 ... 2 more
      11:13:44 Caused by: java.io.FileNotFoundException: C:\Users\mccabe\.ssh\id_rsa (The system cannot find the path specified)
      11:13:44 at java.io.FileInputStream.open(Native Method)
      11:13:44 at java.io.FileInputStream.<init>(Unknown Source)
      11:13:44 at java.io.FileInputStream.<init>(Unknown Source)
      11:13:44 at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:83)
      11:13:44 ... 5 more
      11:13:44 ERROR: Cvs task failed
      11:13:44 Finished: FAILURE

      Attachments

        Issue Links

          Activity

            srtelle Scott Telle added a comment -

            John,

            Sorry I didn't get back to you in time. We are currently using cruise control .net and looking a Jenkins as a replacement, so I've been playing around with it this week. We have never used pserver and I don't want to invest anything into our cvs repository (as we want to convert that to something else as well).

            I've set up our server with an sspi CVSROOT, which is working, but I'm getting errors when it's trying to do the diffs. I submit a separate bug and linked it to this one.

            srtelle Scott Telle added a comment - John, Sorry I didn't get back to you in time. We are currently using cruise control .net and looking a Jenkins as a replacement, so I've been playing around with it this week. We have never used pserver and I don't want to invest anything into our cvs repository (as we want to convert that to something else as well). I've set up our server with an sspi CVSROOT, which is working, but I'm getting errors when it's trying to do the diffs. I submit a separate bug and linked it to this one.
            jmccabe John McCabe added a comment -

            Scott

            No need to apologise; I just had a bit of time to go ahead and try it!

            We're also in the process of moving from CruiseControl.NET to Jenkins but we've used pserver for years. We were taken over recently by a large orgamnisation whose policies apparently don't allow us to use pserver any more so we've had to change our authentication to SSPI.

            I've only tried a small project with version 1.6 and there haven't been any changes recently but I didn't get any problem with the diffs bit. I've got it set to run in a custom workspace and I'm using the :ext: protocol rather than directly using :sspi:.

            John

            jmccabe John McCabe added a comment - Scott No need to apologise; I just had a bit of time to go ahead and try it! We're also in the process of moving from CruiseControl.NET to Jenkins but we've used pserver for years. We were taken over recently by a large orgamnisation whose policies apparently don't allow us to use pserver any more so we've had to change our authentication to SSPI. I've only tried a small project with version 1.6 and there haven't been any changes recently but I didn't get any problem with the diffs bit. I've got it set to run in a custom workspace and I'm using the :ext: protocol rather than directly using :sspi:. John
            ctc Casey Caprice added a comment - - edited

            John

            If you are using sspi, where did you input the user password?

            ctc Casey Caprice added a comment - - edited John If you are using sspi, where did you input the user password?
            srtelle Scott Telle added a comment - - edited

            Casey - I'm using sspi... I updated the jenkins service to runas a domain user that had access to the cvs repository. Using this method a password isn't required (which is better, since you don't want passwords laying around).

            Here's an example of the CSVROOT:

            :sspi:vsbuild:/test_sw
            
            srtelle Scott Telle added a comment - - edited Casey - I'm using sspi... I updated the jenkins service to runas a domain user that had access to the cvs repository. Using this method a password isn't required (which is better, since you don't want passwords laying around). Here's an example of the CSVROOT: :sspi:vsbuild:/test_sw
            jmccabe John McCabe added a comment -

            Yes, the point of SSPI is that you don't have passwords insecurely inserted into your Jenkins configuration but it does mean that Jenkins needs to be running as a user registered in the domain.

            jmccabe John McCabe added a comment - Yes, the point of SSPI is that you don't have passwords insecurely inserted into your Jenkins configuration but it does mean that Jenkins needs to be running as a user registered in the domain.

            People

              Unassigned Unassigned
              jmccabe John McCabe
              Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: