Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43050

SSH Agent plugin doesn't work well with docker pipelines

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • ssh-agent-plugin
    • None

      I've tried

      dockerImage.inside {
  sshagent([...]) {
    sh '...'
  }
}

      and this appears to fail because the ssh-agent gets launched but then the next command
      appears to be ssh-agent -k which kills the process before the sh step has a chance to run despite the sh command being inside the sshagent block.

      And also

      sshagent([...]){
  dockerImage.inside {
    sh '...'
  }
}

      fails (I think) for a more predictable reason: the ssh-agent stays running and the env variables get
      set correctly inside the container, however the socket is in /tmp on the container server which is not visible to the container (by default).

          [JENKINS-43050] SSH Agent plugin doesn't work well with docker pipelines

          Jesse Glick added a comment -

          sshagent must indeed be inside inside.

          Not sure how to reproduce. It works for me.

          Jesse Glick added a comment - sshagent must indeed be inside inside . Not sure how to reproduce. It works for me.

          Erik Lattimore added a comment -

          Hmm, you're right. I am now unable to reproduce the issue I was having.

          Erik Lattimore added a comment - Hmm, you're right. I am now unable to reproduce the issue I was having.

          Jesse Glick added a comment -

          If you have complete, minimal, self-contained steps to reproduce the issue from scratch, please add them here and reopen.

          Jesse Glick added a comment - If you have complete, minimal, self-contained steps to reproduce the issue from scratch, please add them here and reopen.

          Jesse Glick added a comment -

          Not sure offhand, would have to spend time digging into it. The obvious workaround is to just not use the SSH Agent plugin, and run ssh-agent yourself. You are probably better off not using Docker Pipeline either; just write a Dockerfile that sets things up the way you need it.

          Jesse Glick added a comment - Not sure offhand, would have to spend time digging into it. The obvious workaround is to just not use the SSH Agent plugin, and run ssh-agent yourself. You are probably better off not using Docker Pipeline either; just write a Dockerfile that sets things up the way you need it.

          Michal Matyjek added a comment - - edited

          Seeing same, when using:

          agent {
  docker {
    image 'myimage'
  }
}

          I would see same as ihor_sviziev. Not for all commands though:

          I think plain commands work:

          sh "ssh user@remote.host.com rm -rf /"

          but not when I am opening ssh tunnel and executing commands in the tunnel itself.

           

          Also no issues with any commands (including more complex ones) when using agent { any } and executing directly on the Jenkins slave. So seems to be Docker-specific as well for me.

          Michal Matyjek added a comment - - edited Seeing same, when using: agent { docker { image 'myimage' } } I would see same as ihor_sviziev . Not for all commands though: I think plain commands work: sh "ssh user@remote.host.com rm -rf /" but not when I am opening ssh tunnel and executing commands in the tunnel itself.   Also no issues with any commands (including more complex ones) when using agent { any } and executing directly on the Jenkins slave. So seems to be Docker-specific as well for me.

          Michal Matyjek added a comment -

          Any logging we can enable for the sshagent to see more details on where the issue is?

          Michal Matyjek added a comment - Any logging we can enable for the sshagent to see more details on where the issue is?

          Konstantin Ripak added a comment -

          Well, I think I found how to reproduce the issue.

          The following code works as expected if running on non-docker agent and does not work inside docker:

           

          agent {
    docker {
        label 'bsp'
        image 'my-registry/my-image'
        reuseNode true
    }
}
stage("Some stage") {
    steps {
        sshagent(['some-id']) {
            script {
               sh "# some code that uses ssh"
            }
        }
    }
}

           

          However, if I put sshagent() inside script {...} block it works:

          agent {
    docker {
        label 'bsp'
        image 'my-registry/my-image'
        reuseNode true
    }
}
stage("Some stage") {
    steps {
        script {
            sshagent(['some-id']) {
               sh "# some code that uses ssh"
            }
        }
    }
}

           

          Konstantin Ripak added a comment - Well, I think I found how to reproduce the issue. The following code works as expected if running on non-docker agent and does not work inside docker:   agent {     docker {         label 'bsp'         image 'my-registry/my-image'         reuseNode true } } stage( "Some stage" ) { steps {    sshagent([ 'some-id' ]) { script { sh "# some code that uses ssh"             }        }    } }   However, if I put sshagent() inside script {...} block it works: agent {     docker {         label 'bsp'         image 'my-registry/my-image'         reuseNode true } } stage( "Some stage" ) { steps { script { sshagent([ 'some-id' ]) { sh "# some code that uses ssh"             }        }    } }  

            Unassigned Unassigned
            elatt Erik Lattimore
            Votes:
            3 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: