Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37297

can't use github deploy keys in Multi-Branch Project Plugin

    XMLWordPrintable

Details

    Description

      Hi,

      I'm currently using the multi-branch project plugin with a specific user's github credentials.
      in "configure" for my folder, under "Source Code Management" I choose "Git", and provide:
      the project repository: https://github.com/org/project.git
      credentials: I choose my user's github credentials.

      I'm trying to use Github's deploy keys instead of my user's credentials.

      I configured deploy keys for our freestyle projects, similar to what's defined here

      When I change the "Source Code Management"
      project repository to: git@github-project:org/project.git
      credentials to: "private key" -> "From the Jenkins master ~/.ssh".

      this configuration works for a freestyle project, but for multi-branch I get the following error when saving the configuration.

      looking at the stack trace, "java.net.UnknownHostException: github-project: Name or service not known" it seems that there is some issue with the ssh connection.

      github-project is not an host, but an alias configured in ssh config as following:

      Host github-project
      HostName github.com
      User git
      IdentityFile /var/lib/jenkins/.ssh/id_rsa_project

      I also tried the following project repository configurations:

      • github-project:org/project.git (removed the git@ prefix)
      • github.com:org/project.git (using github.com instead of the ssh alias)

      and both failed with differet errors.

      Started by timer
      Setting origin to github-project:org/project.git
      Fetching origin...
      FATAL: Failed to recompute children of test-project-feature-branches
      hudson.plugins.git.GitException: org.eclipse.jgit.api.errors.TransportException: github-project:org/project.git: Failed to connect
      at org.jenkinsci.plugins.gitclient.JGitAPIImpl.fetch(JGitAPIImpl.java:680)
      at jenkins.plugins.git.AbstractGitSCMSource.retrieve(AbstractGitSCMSource.java:174)
      at jenkins.scm.api.SCMSource.fetch(SCMSource.java:143)
      at jenkins.scm.api.SCMSource.retrieve(SCMSource.java:219)
      at jenkins.scm.api.SCMSource.fetch(SCMSource.java:169)
      at com.github.mjdetullio.jenkins.plugins.multibranch.AbstractMultiBranchProject.computeChildren(AbstractMultiBranchProject.java:583)
      at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:157)
      at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:122)
      at hudson.model.ResourceController.execute(ResourceController.java:98)
      at hudson.model.Executor.run(Executor.java:410)
      Caused by: org.eclipse.jgit.api.errors.TransportException: github-project:org/project.git: Failed to connect
      at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:139)
      at org.jenkinsci.plugins.gitclient.JGitAPIImpl.fetch(JGitAPIImpl.java:678)
      ... 9 more
      Caused by: org.eclipse.jgit.errors.TransportException: github-project:org/project.git: Failed to connect
      at org.jenkinsci.plugins.gitclient.trilead.TrileadSessionFactory.getSession(TrileadSessionFactory.java:54)
      at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:136)
      at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:262)
      at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:161)
      at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136)
      at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122)
      at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1138)
      at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:130)
      ... 10 more
      Caused by: java.io.IOException: There was a problem while connecting to github-project:22
      at com.trilead.ssh2.Connection.connect(Connection.java:818)
      at com.trilead.ssh2.Connection.connect(Connection.java:687)
      at com.trilead.ssh2.Connection.connect(Connection.java:587)
      at org.jenkinsci.plugins.gitclient.trilead.TrileadSessionFactory.getSession(TrileadSessionFactory.java:29)
      ... 17 more
      Caused by: java.net.UnknownHostException: github-project: Name or service not known
      at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
      at java.net.InetAddress$1.lookupAllHostAddr(InetAddress.java:922)
      at java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1316)
      at java.net.InetAddress.getAllByName0(InetAddress.java:1269)
      at java.net.InetAddress.getAllByName(InetAddress.java:1185)
      at java.net.InetAddress.getAllByName(InetAddress.java:1119)
      at java.net.InetAddress.getByName(InetAddress.java:1069)
      at com.trilead.ssh2.transport.TransportManager.createInetAddress(TransportManager.java:165)
      at com.trilead.ssh2.transport.TransportManager.establishConnection(TransportManager.java:353)
      at com.trilead.ssh2.transport.TransportManager.initialize(TransportManager.java:467)
      at com.trilead.ssh2.Connection.connect(Connection.java:758)
      ... 20 more
      Finished: FAILURE

      Attachments

        Issue Links

          Activity

            markewaite Mark Waite added a comment -

            The multi-branch pipeline git implementation (today) uses JGit inside the git plugin for all its git operations, no matter which git implementation is used in the job definition. The JGit implementation inside the git plugin relies on trilead as the ssh implementation. The trilead ssh implementation does not honor settings in the ~/.ssh/config file.

            You can probably work around the problem by defining a credential which uses that ssh key and then use the hostname to the repository rather than the alias from the .ssh/config file.

            Pull request 424 has been submitted by jcechace which should address the issue. If you're comfortable integrating a pull request into a custom build of a plugin, you could test drive that pull request. If you're interested in test driving it, but not comfortable building it yourself, I could build it for you and you could report your results.

            markewaite Mark Waite added a comment - The multi-branch pipeline git implementation (today) uses JGit inside the git plugin for all its git operations, no matter which git implementation is used in the job definition. The JGit implementation inside the git plugin relies on trilead as the ssh implementation. The trilead ssh implementation does not honor settings in the ~/.ssh/config file. You can probably work around the problem by defining a credential which uses that ssh key and then use the hostname to the repository rather than the alias from the .ssh/config file. Pull request 424 has been submitted by jcechace which should address the issue. If you're comfortable integrating a pull request into a custom build of a plugin, you could test drive that pull request. If you're interested in test driving it, but not comfortable building it yourself, I could build it for you and you could report your results.
            liricooli liron tal added a comment -

            Thanks for your fast and helpful reply.

            I'd be happy to test driving that pull request and report my results.
            Could you please build the plugin for me ?

            Is the configuration I described expected to work or should I make any changes ? Is there anything else I need to know before installing this build ? any other configuration changes or anything else that I should be aware of ?

            liricooli liron tal added a comment - Thanks for your fast and helpful reply. I'd be happy to test driving that pull request and report my results. Could you please build the plugin for me ? Is the configuration I described expected to work or should I make any changes ? Is there anything else I need to know before installing this build ? any other configuration changes or anything else that I should be aware of ?
            markewaite Mark Waite added a comment - - edited

            I built an evaluation of PR424. I've been running it through a series of compatibility tests with no detected compatibility failures. I haven't yet run functional tests to confirm the fix is working as expected.

            Is the configuration I described expected to work or should I make any changes ? Is there anything else I need to know before installing this build ? any other configuration changes or anything else that I should be aware of ?

            Depending on a .ssh/config setting on the jenkins master is uncommon. It means that your jobs will only run as expected on the master node or on agents which also have that same .ssh/config setting for the user that is running the agent process. Most users place the definition of the ssh key in a credential in Jenkins, then reference that credential. I suspect very few users are using the .ssh/config ability to alias a string to a hostname.

            markewaite Mark Waite added a comment - - edited I built an evaluation of PR424 . I've been running it through a series of compatibility tests with no detected compatibility failures. I haven't yet run functional tests to confirm the fix is working as expected. Is the configuration I described expected to work or should I make any changes ? Is there anything else I need to know before installing this build ? any other configuration changes or anything else that I should be aware of ? Depending on a .ssh/config setting on the jenkins master is uncommon. It means that your jobs will only run as expected on the master node or on agents which also have that same .ssh/config setting for the user that is running the agent process. Most users place the definition of the ssh key in a credential in Jenkins, then reference that credential. I suspect very few users are using the .ssh/config ability to alias a string to a hostname.
            liricooli liron tal added a comment -

            will install the plugin and report back.

            regarding your comment - I understand. will try to to add a key for each repository instead. thanks!

            liricooli liron tal added a comment - will install the plugin and report back. regarding your comment - I understand. will try to to add a key for each repository instead. thanks!
            liricooli liron tal added a comment -

            I won't be able to test run this PR soon, sorry.

            liricooli liron tal added a comment - I won't be able to test run this PR soon, sorry.
            markewaite Mark Waite added a comment -

            That's unfortunate, since I have been unable to duplicate the problem. A prototype build is available if others wish to try it.

            markewaite Mark Waite added a comment - That's unfortunate, since I have been unable to duplicate the problem. A prototype build is available if others wish to try it.
            markewaite Mark Waite added a comment -

            Included in git plugin 2.6.0, released 2 Sep 2016.

            markewaite Mark Waite added a comment - Included in git plugin 2.6.0 , released 2 Sep 2016.

            People

              Unassigned Unassigned
              liricooli liron tal
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: