-
Bug
-
Resolution: Fixed
-
Major
-
None
the ssh-agent configuration isn't applied when pipeline is run on a docker container using the kubernetes plugin
as an example, this pipeline works fine:
node {
stage('Pre-Build') {
sshagent (credentials: ['jenkins-master-ssh']) {
sh 'ssh -vT -o "StrictHostKeyChecking=no" git@github.com'
}
}
}
the job will fail, but the console output will clearly show the error from github
You've successfully authenticated, but GitHub does not provide shell access.
whereas
podTemplate(label: 'jenkpod', containers: [containerTemplate(name: 'golang', image: 'golang:1.8', ttyEnabled: true, command: 'cat')]) { node ('jenkpod') { container('golang') { stage('Pre-Build') { sshagent (credentials: ['jenkins-master-ssh']) { sh 'ssh -vT -o "StrictHostKeyChecking=no" git@github.com' } } } } }
fails with public key error:
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
this seems closely related to -JENKINS-32624sshagent{} ignored when executed in docker.image().inside
- duplicates
-
-
- Resolved
-
- is blocked by
-
-
- Resolved
-
- is related to
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- links to
[JENKINS-42582] ssh-agent not applied in kubernetes container
J Knurek
created issue -
J Knurek
made changes -
| Link |
New:
This issue is related to |
J Knurek
made changes -
| Link |
New:
This issue is related to |
J Knurek
added a comment - if env vars are not getting saved, it's possibly the same reason that the ssh-agent doesn't persist
J Knurek
added a comment - if env vars are not getting saved, it's possibly the same reason that the ssh-agent doesn't persist J Knurek
made changes -
| Link |
New:
This issue is related to |
David Schile
added a comment - csanchez, Any progress or info on this? Perhaps I can help with this one. git ssh also seems to fail the same way.
David Schile
added a comment - csanchez , Any progress or info on this? Perhaps I can help with this one. git ssh also seems to fail the same way. We hit this last week. When we do "sh 'sudo ps aux'" in the container, we notice that there is an ssh-agent process running. Our theory, which we have not verified, is that if we set the environment variable SSH_AUTH_SOCK to the agent's socket file, it will work.
If you will check available env variables with "printenv" - you will see that SSH_AUTH_SOCK variable is not set as well as other Jenkins env variables, and I believe this is the issue, but I don't know if this is a bug or feature of PodTemplate design.
Our theory, which we have not verified, is that if we set the environment variable SSH_AUTH_SOCK to the agent's socket file, it will work.
I can confirm it works.
Alexander Tolstikov
added a comment - - edited If you will check available env variables with "printenv" - you will see that SSH_AUTH_SOCK variable is not set as well as other Jenkins env variables, and I believe this is the issue, but I don't know if this is a bug or feature of PodTemplate design.
Our theory, which we have not verified, is that if we set the environment variable SSH_AUTH_SOCK to the agent's socket file, it will work.
I can confirm it works. I guess the container step needs to access the enclosing node environment and populate from there
some possibly related comments
https://github.com/jenkinsci/kubernetes-plugin/pull/204#issuecomment-324023861
one thing I saw in the logs, is that if `sshagent () {}` is the first command in the container (like the example above), the workspace isn't created yet
fixing that , the ssh-agent plugin still doesn't provide the key as expected