EC2/AWS, Jenkins, Git, SSH

Question

[Update2] So is it OK that when I run git from the CLI it prompts me for the password? I am able to access the github servers with the passphrase for the ssh private key, but I am never prompted for this in Jenkins or asked to provide it. [/Update2]

[Update] Yes. I am running this on a ubuntu instance on EC2. I've generated the ssh keys in /var/lib/jenkins/.ssh which is the user that Jenkins creates. I've set the security option in Jenkins to use Unix user/groups. [/Update]

I am trying to have Jenkins pull from git (github). I get the following error:

hudson.plugins.git.GitException: Could not clone [my personal repo]
    at hudson.plugins.git.GitAPI.clone(GitAPI.java:245)
    at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:1121)
    at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:1063)
    at hudson.FilePath.act(FilePath.java:832)
    at hudson.FilePath.act(FilePath.java:814)
    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1063)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1218)
    at hudson.model.AbstractBuild$AbstractRunner.checkout(AbstractBuild.java:581)
    at hudson.model.AbstractBuild$AbstractRunner.run(AbstractBuild.java:470)
    at hudson.model.Run.run(Run.java:1434)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
    at hudson.model.ResourceController.execute(ResourceController.java:88)
    at hudson.model.Executor.run(Executor.java:239)
Caused by: hudson.plugins.git.GitException: Command "git clone --progress -o origin git@github.com:bobbylo/Verbify.git /var/lib/jenkins/.jenkins/jobs/build_dev/workspace" returned status code 128:
stdout: Initialized empty Git repository in /var/lib/jenkins/.jenkins/jobs/build_dev/workspace/.git/

stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly

I've already gone through the Github ssh tutorial. I've generated a private key on an EC2 instance. Placed it into the .ssh directory of the user, jenkins. Placed the public key on Github (tried both Deploy Key + normal SSH Key). I've verified that I can do git over-the-wire operations (pull, clone, etc.) and that it works from the CLI with the user. I've set the unix user/group permissions correctly for the user (in fact when I change it, I see the error log change in Jenkin's console log). When I try to use the Jenkin git plugin or do a Jenkins shell command, I get the error above.

I've read about ssh-agent and ssh-add and how you can tie it to your shell startup script so you don't need to enter a password for every command -- I am not sure if that's relevant here.

Otherwise I am not sure what else I can try. Any tips would be helpful!

Answer 1

Figured it out:

-It turns out if you're running it not as a daemon it uses the shell environment in which you ran it. -It also turns out any cmd that requires user prompt (like ssh paraphrase) Jenkins treats as an error.

The solution for now is to:

-Run Jenkins after I have added the github pub key to ssh-agent via ssh-add so that it doesn't prompt for the paraphrase.

If I wanted to run Jenkins as a daemon process I'd imagine having to set up ssh-agent correctly before running it (I don't think it uses the current shell environment?).

Answer 2

Are you sure that Jenkins runs as the user you expected? If you run Jenkins as a service, it normally starts as user "Local system account".

This may help: https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin . See section "Configuring Jenkins to use OpenSSH bundled with msysgit Windows installer".

Also, this one helped me:

http://computercamp.cdwilson.us/jenkins-git-clone-via-ssh-on-windows-7-x64

Answer 3

Was facing similar problem all I had to do was ensure that the deploy keys are generated after you have loged in as user "jenkins" that was created as a part of the jenkins installation and then restart the jenkins server after you have copied the public key in deploy keys in github.