Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18330

Support :ext: using external shell like Netbeans instead of only internal SSH

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • cvs-plugin
    • None
    • Windows 7 x64

      We have recently moved to using SSPI authentication on our CVS (CVSNT) system and now don't seem to be able to use the Jenkins CVS Plug-In to checkout our code. I've tried a rather large number of options to try to get this to work but nothing I do seems to change that fact that the plug-in appears to only attempt to use the internal ssh mechanism using public/private key authentication when a CVSROOT of the form :ext:<user>@<server>:/<repository>. The output is always something like I've added below.

      I'm aware that Jenkins uses the Netbeans JavaCVS client so I tried installing Netbeans to see how to get that to do the job. In the Netbeans CVS checkout there is an option to either use the Internal SSH, or use an External Shell. In the external shell box I was able to put:

      C:\Program Files (x86)\CVS Suite\CVSNT\extnt.exe <server>

      And it worked from that point. As you can see below I've tried adding CVS_RSH and CVS_SERVER environment variables to try to force this but it appears to have no effect. (Note that I've also tried CVS_EXE instead of CVS_SERVER, and the same without the underscore as the details on the internet are a bit inconsistent).

      I've set this to Major as it's quite important for us to be able to continue to use the CVS Plugin because of the integration to the change reporting on Jenkins. We can get round it using alternative methods, e.g. Ant task, Python script or whatever (hence the reason I haven't made this a Blocker) but that loses a lot of the benefit of Jenkins' built-in functionality.

      ========= Console Output ============
      11:13:44 Started by user McCabe, John
      11:13:44 [EnvInject] - Loading node environment variables.
      11:13:44 [EnvInject] - Preparing an environment for the build.
      11:13:44 [EnvInject] - Keeping Jenkins system variables.
      11:13:44 [EnvInject] - Keeping Jenkins build variables.
      11:13:44 [EnvInject] - Injecting as environment variables the properties content
      11:13:44 CVS_RSH=C:\Program Files (x86)\CVS Suite\CVSNT\extnt.exe
      11:13:44 CVS_SERVER=C:\Program Files (x86)\CVS Suite\CVSNT\cvs.exe
      11:13:44
      11:13:44 [EnvInject] - Variables injected successfully.
      11:13:44 [EnvInject] - Injecting contributions.
      11:13:44 Building in workspace E:\Work\Jenkins
      11:13:44 cvs checkout -P -N -r <mybranch> <mymodule>
      11:13:44 ERROR: CVS Authentication failed: null
      11:13:44 org.netbeans.lib.cvsclient.connection.AuthenticationException: SSH connection failed.
      11:13:44 at org.netbeans.lib.cvsclient.connection.SSHConnection.open(SSHConnection.java:141)
      11:13:44 at org.netbeans.lib.cvsclient.Client$1.run(Client.java:374)
      11:13:44 at java.lang.Thread.run(Unknown Source)
      11:13:44 Caused by: com.jcraft.jsch.JSchException: java.io.FileNotFoundException: C:\Users\mccabe\.ssh\id_rsa (The system cannot find the path specified)
      11:13:44 at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:98)
      11:13:44 at com.jcraft.jsch.JSch.addIdentity(JSch.java:224)
      11:13:44 at com.jcraft.jsch.JSch.addIdentity(JSch.java:218)
      11:13:44 at org.netbeans.lib.cvsclient.connection.SSHConnection.open(SSHConnection.java:135)
      11:13:44 ... 2 more
      11:13:44 Caused by: java.io.FileNotFoundException: C:\Users\mccabe\.ssh\id_rsa (The system cannot find the path specified)
      11:13:44 at java.io.FileInputStream.open(Native Method)
      11:13:44 at java.io.FileInputStream.<init>(Unknown Source)
      11:13:44 at java.io.FileInputStream.<init>(Unknown Source)
      11:13:44 at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:83)
      11:13:44 ... 5 more
      11:13:44 ERROR: Cvs task failed
      11:13:44 Finished: FAILURE

          [JENKINS-18330] Support :ext: using external shell like Netbeans instead of only internal SSH

          Scott Telle added a comment -

          I have had the same issue that I started looking into this week. I saw that version 1.6 of the cvs plugin allows you to specify the cvs executable. The following release (2.0) is where they added the netbeans java.

          With version 1.6 I'm getting somewhere - at least I'm able to try to checkout with the cvsnt binaries...

          Scott Telle added a comment - I have had the same issue that I started looking into this week. I saw that version 1.6 of the cvs plugin allows you to specify the cvs executable. The following release (2.0) is where they added the netbeans java. With version 1.6 I'm getting somewhere - at least I'm able to try to checkout with the cvsnt binaries...

          John McCabe added a comment -

          That's interesting. I'm currently using 2.9. It seems a bit mad to have to go back to something as far back as 1.6 for this to be possible.

          John McCabe added a comment - That's interesting. I'm currently using 2.9. It seems a bit mad to have to go back to something as far back as 1.6 for this to be possible.

          Scott Telle added a comment -

          I agree - it's not really a downgrade, since it looks like the plugin was completely rewritten in 2.0. I almost wish they had separated these into 2 separate plugins. There seems to be little support for cvs sspi protocols.

          Scott Telle added a comment - I agree - it's not really a downgrade, since it looks like the plugin was completely rewritten in 2.0. I almost wish they had separated these into 2 separate plugins. There seems to be little support for cvs sspi protocols.

          John McCabe added a comment -

          Scott

          Got a few questions if you don't mind...

          Were you already using the CVS plugin with pserver and changed to sspi like we did?

          If so, have you seen any obvious missing features with the 1.6 version over the 'new' version?

          Are you using an sspi CVSROOT or an ext one?

          Having looked back now at the CVS Plug-In changelog I agree, it does look like a complete rewrite; it does seem odd to do it that way without maintaining any backward compatibility!

          John

          John McCabe added a comment - Scott Got a few questions if you don't mind... Were you already using the CVS plugin with pserver and changed to sspi like we did? If so, have you seen any obvious missing features with the 1.6 version over the 'new' version? Are you using an sspi CVSROOT or an ext one? Having looked back now at the CVS Plug-In changelog I agree, it does look like a complete rewrite; it does seem odd to do it that way without maintaining any backward compatibility! John

          John McCabe added a comment -

          I've just had a go with version 1.6. It seems, in general, to work. Problem is I've got loads of jobs with data referencing later versions of the plug-in. For the jobs that do, that I haven't modified, it can't load them at startup (seems reasonable). I manually modified the config.xml of one of them to set the CVS configuration for the 1.6 plug-in and it seems to work but Jenkins just kicks out an endless stream of exception stack traces. I presume these are related to it trying to read the build.xml from previous builds that reference the later plug-in as removing all the old build jobs seems to stop that happening.

          This is far from ideal though.

          John McCabe added a comment - I've just had a go with version 1.6. It seems, in general, to work. Problem is I've got loads of jobs with data referencing later versions of the plug-in. For the jobs that do, that I haven't modified, it can't load them at startup (seems reasonable). I manually modified the config.xml of one of them to set the CVS configuration for the 1.6 plug-in and it seems to work but Jenkins just kicks out an endless stream of exception stack traces. I presume these are related to it trying to read the build.xml from previous builds that reference the later plug-in as removing all the old build jobs seems to stop that happening. This is far from ideal though.

          Scott Telle added a comment -

          John,

          Sorry I didn't get back to you in time. We are currently using cruise control .net and looking a Jenkins as a replacement, so I've been playing around with it this week. We have never used pserver and I don't want to invest anything into our cvs repository (as we want to convert that to something else as well).

          I've set up our server with an sspi CVSROOT, which is working, but I'm getting errors when it's trying to do the diffs. I submit a separate bug and linked it to this one.

          Scott Telle added a comment - John, Sorry I didn't get back to you in time. We are currently using cruise control .net and looking a Jenkins as a replacement, so I've been playing around with it this week. We have never used pserver and I don't want to invest anything into our cvs repository (as we want to convert that to something else as well). I've set up our server with an sspi CVSROOT, which is working, but I'm getting errors when it's trying to do the diffs. I submit a separate bug and linked it to this one.

          John McCabe added a comment -

          Scott

          No need to apologise; I just had a bit of time to go ahead and try it!

          We're also in the process of moving from CruiseControl.NET to Jenkins but we've used pserver for years. We were taken over recently by a large orgamnisation whose policies apparently don't allow us to use pserver any more so we've had to change our authentication to SSPI.

          I've only tried a small project with version 1.6 and there haven't been any changes recently but I didn't get any problem with the diffs bit. I've got it set to run in a custom workspace and I'm using the :ext: protocol rather than directly using :sspi:.

          John

          John McCabe added a comment - Scott No need to apologise; I just had a bit of time to go ahead and try it! We're also in the process of moving from CruiseControl.NET to Jenkins but we've used pserver for years. We were taken over recently by a large orgamnisation whose policies apparently don't allow us to use pserver any more so we've had to change our authentication to SSPI. I've only tried a small project with version 1.6 and there haven't been any changes recently but I didn't get any problem with the diffs bit. I've got it set to run in a custom workspace and I'm using the :ext: protocol rather than directly using :sspi:. John

          Casey Caprice added a comment - - edited

          John

          If you are using sspi, where did you input the user password?

          Casey Caprice added a comment - - edited John If you are using sspi, where did you input the user password?

          Scott Telle added a comment - - edited

          Casey - I'm using sspi... I updated the jenkins service to runas a domain user that had access to the cvs repository. Using this method a password isn't required (which is better, since you don't want passwords laying around).

          Here's an example of the CSVROOT:

          :sspi:vsbuild:/test_sw
          

          Scott Telle added a comment - - edited Casey - I'm using sspi... I updated the jenkins service to runas a domain user that had access to the cvs repository. Using this method a password isn't required (which is better, since you don't want passwords laying around). Here's an example of the CSVROOT: :sspi:vsbuild:/test_sw

          John McCabe added a comment -

          Yes, the point of SSPI is that you don't have passwords insecurely inserted into your Jenkins configuration but it does mean that Jenkins needs to be running as a user registered in the domain.

          John McCabe added a comment - Yes, the point of SSPI is that you don't have passwords insecurely inserted into your Jenkins configuration but it does mean that Jenkins needs to be running as a user registered in the domain.

            Unassigned Unassigned
            jmccabe John McCabe
            Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: