Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64060

Can't clone private git repo with username and password at a slave servers

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Major Major
    • git-client-plugin
    • None
    • CentOS 7.8.2003
      Jenkins 2.262

      We use lot's of pipelines jobs which are relies on our github credentials.

      Our private repos use 2fa, so we use our github username and a token as a password.

      But somehow we can't use that credentials for `checkout` step at slaves server, though it work fine at master.

      Steps to reproduce:

      • create repo with 2fa at github
      • get user's token
      • create "Username wit password"credential with global scope in Jenkins
      • add jenkins slave
      • create the following job

       

      pipeline {
  agent { label 'jenkins-slave'}
  stages {
    stage('checkout'){
        steps {
            checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'f7e97206-bd72-4f1c-88dd-9d3d1709eea2', url: 'git@github.com:some/private-repo.git']]])
        }
    }
  }
}

      On a master it works fine, but on a slave I get this error:

       

       

       

      Started by user test
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline
[Pipeline] node
Running on srv in /vol2/jenkins_agent/workspace/debug-ci
[Pipeline] {
[Pipeline] stage
[Pipeline] { (checkout)
[Pipeline] checkout
Selected Git installation does not exist. Using Default
The recommended git tool is: NONE
using credential f7e97206-bd72-4f1c-88dd-9d3d1709eea2
Fetching changes from the remote Git repository
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from git@github.com:some/private-repo.git
        at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:996)
        at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1237)
        at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1297)
        at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:125)
        at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:93)
        at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:80)
        at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress -- git@github.com:some/private-repo.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.Please make sure you have the correct access rights
and the repository exists.        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2450)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2051)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:84)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:573)
        at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:161)
        at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:154)
        at hudson.remoting.UserRequest.perform(UserRequest.java:211)
        at hudson.remoting.UserRequest.perform(UserRequest.java:54)
        at hudson.remoting.Request$2.run(Request.java:375)
        at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:73)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:118)
        ... 1 more
        Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from <ip-addr-here>
                at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1800)
                at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357)
                at hudson.remoting.Channel.call(Channel.java:1001)
                at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146)
                at sun.reflect.GeneratedMethodAccessor811.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132)
                at com.sun.proxy.$Proxy108.execute(Unknown Source)
                at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:994)
                at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1237)
                at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1297)
                at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:125)
                at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:93)
                at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:80)
                at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
                at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
                at java.util.concurrent.FutureTask.run(FutureTask.java:266)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
                ... 1 more
[Pipeline] }
[Pipeline] // stage
 > git rev-parse --is-inside-work-tree # timeout=10
 > git config remote.origin.url git@github.com:some/private-repo.git # timeout=10
Fetching upstream changes from git@github.com:some/private-repo.git
 > git --version # timeout=10
 > git --version # 'git version 2.14.0'
using GIT_ASKPASS to set credentials jenkins user at github
 > git fetch --tags --progress -- git@github.com:some/private-repo.git +refs/heads/*:refs/remotes/origin/* # timeout=10
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
[Checks API] No suitable checks publisher found.
ERROR: Error fetching remote repo 'origin'
Finished: FAILURE

      Interesting, that multibranch pipelines which are use the same credentials seems to work fine on slaves.

       

            markewaite Mark Waite
            kompastver Pavel Znamensky
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: