[JENKINS-37297] can't use github deploy keys in Multi-Branch Project Plugin

Type: Bug
Resolution: Fixed
Priority: Minor
Component/s: git-plugin, multi-branch-project-plugin (not Pipeline)
Labels:
None
Environment:
ubuntu 14.04 64 bit
java 1.7
Jenkins 2.7
multi-branch-project-plugin 0.4.2
git 2.4.4
git-changelog
git-client 1.19.6
git-parameter 0.5.1
git-server 1.6

Similar Issues:
Powered by SuggestiMate

Show

Hi,

I'm currently using the multi-branch project plugin with a specific user's github credentials.
in "configure" for my folder, under "Source Code Management" I choose "Git", and provide:
the project repository: https://github.com/org/project.git
credentials: I choose my user's github credentials.

I'm trying to use Github's deploy keys instead of my user's credentials.

I configured deploy keys for our freestyle projects, similar to what's defined here

When I change the "Source Code Management"
project repository to: git@github-project:org/project.git
credentials to: "private key" -> "From the Jenkins master ~/.ssh".

this configuration works for a freestyle project, but for multi-branch I get the following error when saving the configuration.

looking at the stack trace, "java.net.UnknownHostException: github-project: Name or service not known" it seems that there is some issue with the ssh connection.

github-project is not an host, but an alias configured in ssh config as following:

Host github-project
HostName github.com
User git
IdentityFile /var/lib/jenkins/.ssh/id_rsa_project

I also tried the following project repository configurations:

github-project:org/project.git (removed the git@ prefix)
github.com:org/project.git (using github.com instead of the ssh alias)

and both failed with differet errors.

Started by timer
Setting origin to github-project:org/project.git
Fetching origin...
FATAL: Failed to recompute children of test-project-feature-branches
hudson.plugins.git.GitException: org.eclipse.jgit.api.errors.TransportException: github-project:org/project.git: Failed to connect
at org.jenkinsci.plugins.gitclient.JGitAPIImpl.fetch(JGitAPIImpl.java:680)
at jenkins.plugins.git.AbstractGitSCMSource.retrieve(AbstractGitSCMSource.java:174)
at jenkins.scm.api.SCMSource.fetch(SCMSource.java:143)
at jenkins.scm.api.SCMSource.retrieve(SCMSource.java:219)
at jenkins.scm.api.SCMSource.fetch(SCMSource.java:169)
at com.github.mjdetullio.jenkins.plugins.multibranch.AbstractMultiBranchProject.computeChildren(AbstractMultiBranchProject.java:583)
at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:157)
at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:122)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:410)
Caused by: org.eclipse.jgit.api.errors.TransportException: github-project:org/project.git: Failed to connect
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:139)
at org.jenkinsci.plugins.gitclient.JGitAPIImpl.fetch(JGitAPIImpl.java:678)
... 9 more
Caused by: org.eclipse.jgit.errors.TransportException: github-project:org/project.git: Failed to connect
at org.jenkinsci.plugins.gitclient.trilead.TrileadSessionFactory.getSession(TrileadSessionFactory.java:54)
at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:136)
at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:262)
at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:161)
at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136)
at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122)
at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1138)
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:130)
... 10 more
Caused by: java.io.IOException: There was a problem while connecting to github-project:22
at com.trilead.ssh2.Connection.connect(Connection.java:818)
at com.trilead.ssh2.Connection.connect(Connection.java:687)
at com.trilead.ssh2.Connection.connect(Connection.java:587)
at org.jenkinsci.plugins.gitclient.trilead.TrileadSessionFactory.getSession(TrileadSessionFactory.java:29)
... 17 more
Caused by: java.net.UnknownHostException: github-project: Name or service not known
at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
at java.net.InetAddress$1.lookupAllHostAddr(InetAddress.java:922)
at java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1316)
at java.net.InetAddress.getAllByName0(InetAddress.java:1269)
at java.net.InetAddress.getAllByName(InetAddress.java:1185)
at java.net.InetAddress.getAllByName(InetAddress.java:1119)
at java.net.InetAddress.getByName(InetAddress.java:1069)
at com.trilead.ssh2.transport.TransportManager.createInetAddress(TransportManager.java:165)
at com.trilead.ssh2.transport.TransportManager.establishConnection(TransportManager.java:353)
at com.trilead.ssh2.transport.TransportManager.initialize(TransportManager.java:467)
at com.trilead.ssh2.Connection.connect(Connection.java:758)
... 20 more
Finished: FAILURE

duplicates

JENKINS-33983 Multibranch Pipeline with git uses jgit, but should use git installation that is configured

Closed

JENKINS-36958 Multi-branch maven project can't fetch Gitlab code, cmdline git can fetch same code

Closed

is duplicated by

JENKINS-35567 multibranch project and ssh+git broken

Closed

liron tal created issue - 2016-08-10 07:39

liron tal made changes - 2016-08-10 07:40

Priority

Original: Major [ 3 ]

New: Minor [ 4 ]

liron tal made changes - 2016-08-10 11:04

Environment

Original: multi-branch-project-plugin 0.4.2

New: ubuntu 14.04 64 bit
java 1.7

multi-branch-project-plugin 0.4.2

liron tal made changes - 2016-08-10 11:05

Environment

Original: ubuntu 14.04 64 bit
java 1.7

multi-branch-project-plugin 0.4.2

New: ubuntu 14.04 64 bit
java 1.7
Jenkins 2.7
multi-branch-project-plugin 0.4.2
git 2.4.4
git-changelog
git-client 1.19.6
git-parameter 0.5.1
git-server 1.6

Mark Waite made changes - 2016-08-10 13:11

Assignee

Original: Mark Waite [ markewaite ]

Mark Waite made changes - 2016-08-10 13:14

Link

New: This issue duplicates ~~JENKINS-33983~~ [ ~~JENKINS-33983~~ ]

Mark Waite made changes - 2016-08-10 13:14

Link

New: This issue duplicates ~~JENKINS-36958~~ [ ~~JENKINS-36958~~ ]

Mark Waite added a comment - 2016-08-10 13:21

The multi-branch pipeline git implementation (today) uses JGit inside the git plugin for all its git operations, no matter which git implementation is used in the job definition. The JGit implementation inside the git plugin relies on trilead as the ssh implementation. The trilead ssh implementation does not honor settings in the ~/.ssh/config file.

You can probably work around the problem by defining a credential which uses that ssh key and then use the hostname to the repository rather than the alias from the .ssh/config file.

Pull request 424 has been submitted by jcechace which should address the issue. If you're comfortable integrating a pull request into a custom build of a plugin, you could test drive that pull request. If you're interested in test driving it, but not comfortable building it yourself, I could build it for you and you could report your results.

Mark Waite added a comment - 2016-08-10 13:21 The multi-branch pipeline git implementation (today) uses JGit inside the git plugin for all its git operations, no matter which git implementation is used in the job definition. The JGit implementation inside the git plugin relies on trilead as the ssh implementation. The trilead ssh implementation does not honor settings in the ~/.ssh/config file. You can probably work around the problem by defining a credential which uses that ssh key and then use the hostname to the repository rather than the alias from the .ssh/config file. Pull request 424 has been submitted by jcechace which should address the issue. If you're comfortable integrating a pull request into a custom build of a plugin, you could test drive that pull request. If you're interested in test driving it, but not comfortable building it yourself, I could build it for you and you could report your results.

liron tal added a comment - 2016-08-10 13:30

Thanks for your fast and helpful reply.

I'd be happy to test driving that pull request and report my results.
Could you please build the plugin for me ?

Is the configuration I described expected to work or should I make any changes ? Is there anything else I need to know before installing this build ? any other configuration changes or anything else that I should be aware of ?

liron tal added a comment - 2016-08-10 13:30 Thanks for your fast and helpful reply. I'd be happy to test driving that pull request and report my results. Could you please build the plugin for me ? Is the configuration I described expected to work or should I make any changes ? Is there anything else I need to know before installing this build ? any other configuration changes or anything else that I should be aware of ?

Mark Waite added a comment - 2016-08-11 11:43 - edited

I built an evaluation of PR424. I've been running it through a series of compatibility tests with no detected compatibility failures. I haven't yet run functional tests to confirm the fix is working as expected.

Is the configuration I described expected to work or should I make any changes ? Is there anything else I need to know before installing this build ? any other configuration changes or anything else that I should be aware of ?

Depending on a .ssh/config setting on the jenkins master is uncommon. It means that your jobs will only run as expected on the master node or on agents which also have that same .ssh/config setting for the user that is running the agent process. Most users place the definition of the ssh key in a credential in Jenkins, then reference that credential. I suspect very few users are using the .ssh/config ability to alias a string to a hostname.

Mark Waite added a comment - 2016-08-11 11:43 - edited I built an evaluation of PR424 . I've been running it through a series of compatibility tests with no detected compatibility failures. I haven't yet run functional tests to confirm the fix is working as expected. Is the configuration I described expected to work or should I make any changes ? Is there anything else I need to know before installing this build ? any other configuration changes or anything else that I should be aware of ? Depending on a .ssh/config setting on the jenkins master is uncommon. It means that your jobs will only run as expected on the master node or on agents which also have that same .ssh/config setting for the user that is running the agent process. Most users place the definition of the ssh key in a credential in Jenkins, then reference that credential. I suspect very few users are using the .ssh/config ability to alias a string to a hostname.

Assignee:: Unassigned

Reporter:: liron tal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2016-08-10 07:39

Updated:: 2019-10-23 01:28

Resolved:: 2016-09-02 18:54

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Mark Waite added a comment - 2016-08-10 13:21

Expand comment: Mark Waite added a comment - 2016-08-10 13:21

Collapse comment: liron tal added a comment - 2016-08-10 13:30

Expand comment: liron tal added a comment - 2016-08-10 13:30

Collapse comment: Mark Waite added a comment - 2016-08-11 11:43, Edited by Mark Waite - 2016-08-11 11:59

Expand comment: Mark Waite added a comment - 2016-08-11 11:43, Edited by Mark Waite - 2016-08-11 11:59

People

Dates