15

I've got Hudson (continuous integration system) with the git plugin running on a Tomcat Windows Service. msysgit is installed and the msysgit bin dir is in the path. PuTTY/Pageant/plink are installed and msysgit is configured to use them.

When I run a job that attempts to clone the git repository I get the following error:

$ git clone -o origin git@hostname:project.git "e:\HUDSON_HOME\jobs\Project Trunk\workspace" 
ERROR: Error cloning remote repo 'origin' : Could not clone git@hostname:project.git 
ERROR: Cause: Error performing git clone -o origin git@hostname:project.git e:\HUDSON_HOME\jobs\Project Trunk\workspace 
Trying next repository 
ERROR: Could not clone from a repository 
FATAL: Could not clone 
hudson.plugins.git.GitException: Could not clone
  1. Running git clone -o origin git@hostname:project.git "e:\HUDSON_HOME\jobs\Project Trunk\workspace" from the command line works without error.
  2. I've confirmed that my issue is not the same as Hudson git clone error because git is in the path and I don't get any error about the git executable on Hudson's Configure System page.

This leads me to believe that the problem is that the user who owns the Tomcat/Hudson Windows service (Local System) has no SSH key set up to be able to clone the git repository.

My question is, how can I set things up so that the git plugin/msysgit know to use a particular SSH key when trying to clone? I don't think Pageant will work because the Tomcat service is running as the "Local System" user, but I may be wrong. I have tried setting Pageant up as a service (using runassvc.exe), passing the appropriate key, and having it run as "Local System". The Tomcat/Hudson service doesn't seem to be able to see the key from the pageant service. Are there any other techniques for setting up a key?

Thanks.

EDIT: The discussion on http://n4.nabble.com/Hudson-with-git-and-ssh-td375633.html shows that someone else had a similar question. ssh-agent was suggested and this tool does come with msysgit but I'm not sure how to use it in conjunction with the Hudson service. Still, good clue if anyone can fill in the gaps. Thanks to Peter for the comment with the link.

Also, the discussion on http://n4.nabble.com/questions-about-git-and-github-plug-ins-td383420.html starts off with the same question. I'm trying to resurrect that thread.

Community
  • 1
  • 1
jlpp
  • 1,564
  • 5
  • 23
  • 36
  • have a look here http://n4.nabble.com/Hudson-with-git-and-ssh-td375633.html – Peter Schuetze Mar 15 '10 at 15:41
  • Thanks Peter. I came across that thread as well. I wasn't sure how to use ssh-agent with Hudson running as a service. I was also hoping a more offical method had been developed since that discussion took place. I'll edit the post to mention ssh-agent. – jlpp Mar 15 '10 at 20:34

4 Answers4

7

Another important note for windows (which I want to attach to this answer because I found this question very quickly, but found this additional detail I needed only after hours of searching):

Git wants the %HOME% environment variable set to your user's directory (I.E. C:\Documents and Settings\hudsonuser)... that's how it knows to look in there for the .ssh dir with the key files!

I found this out here on server fault (but don't have enough reputation there to upvote it).

Community
  • 1
  • 1
Eggplant Jeff
  • 1,749
  • 2
  • 15
  • 20
6

We use Hudson, checking out the source code from git with an ssh key. We actually have Hudson on an ubuntu server, however. Hudson's ssh key pair lives in ~hudson/id_rsa and ~hudson/id_rsa.pub

So, adapting our advice for a Windows set-up:

The Windows-based developers on our team use MSysGit and regularly check out code via git over ssh -- but not using Putty/Pageant. We found Pageant to be painful due to some protocol errors with the login. Instead, they configured git to use openSSH (it's one of the options during the install). Their public/private key pair then lives in ~username/id_rsa and ~username/id_rsa.pub and it all works.

So, I'd recommend changing your git config to use OpenSSH rather than pageant. If nothing else, you won't need to worry about starting pageant.

You can use PuttyGen to generate the key. However, if you are using OpenSSH rather than pageant, you will need to export a suitable private key (from one of the menus at the top of PuttyGen) and save it as id_rsa, and copy-and-paste the public key from PuttyGen's GUI (it shows but won't save a suitable version for OpenSSH) and save that as id_rsa.pub. This is because Putty uses a slightly different format for the key than OpenSSH does.

Alternatively, of course, you can always host your hudson server on a ubuntu server (either a real one or through VirtualBox)

William Billingsley
  • 771
  • 3
  • 6
  • This is a good answer, William. I think if I were to change the user that runs the Tomcat/Hudson Windows service from "Local System" then I might be able to use this approach. Before I do though, I'm wondering if there's any way to do this without changing the service owner. I'll give others a chance to respond. Thanks again. – jlpp Mar 25 '10 at 13:01
  • 1
    This is the approach that we've used on our windows slave. A user named Hudson was setup, the private key was put in ~hudson/.ssh/id_rsa, the git server is registered in ~hudson/.ssh/known_hosts, and the hudson slave service was changed to log on as the hudson user. The only note I have is this: If cygwin is installed on the windows installation make sure that you have hudson set the CYGWIN variable to empty, otherwise mingw will throw private key permission errors. – Guildencrantz Mar 28 '10 at 16:03
  • 1
    @jlpp: We ran into the same problem when trying to checkout bzr branches in Hudson, we ended up running the Tomcat windows service under a local user account instead, and it's working fine. – Pete Mar 30 '10 at 15:00
  • Thanks for the advice Guildencrantz. – jlpp Apr 01 '10 at 18:43
  • Also remember that a private github repo will not allow access to the previous "readonly" public Uri (the one starting with git://) So, if you have just switched a public repo to private, follow all the above steps AND THEN CHECK YOU ARE CONNECTING TO A git@github.com... uri (/me slaps forehead) – David Laing Sep 29 '11 at 16:27
  • 3
    On Windows (x64), the Local System "user" "home" directory is `%WINDIR%\SysWOW64\config\systemprofile` - so you could put the `.ssh` folder in there instead of having to use a different user. – Adam Rofer Apr 04 '12 at 21:33
3

I found I had to use a different tack to get this working on Ubuntu (with Jenkins, not Hudson, though otherwise it looks like basically the same problem. I checked the %HOME% environment variable through the Jenkins GUI and that looked right.

The key I wanted to use to identify Jenkins to the Github private repository already existed. I copied those to /var/lib/jenkins/.ssh -- both the id_rsa and the id_rsa.pub file for that key and account.

Initially I copied these as "root" and they were inaccessible to Jenkins so I was still getting errors (confusingly, the errors asked me to enter a passphrase when there wasn't any). So I did chown, chmod and chgrp to set these to be available to Jenkins.

I tested this by doing a git clone while logged in as the Jenkins user.

I know this path is specific to Ubuntu, but a similar setup making sure the key files are available, in the right place, and testing on the command line just doing git clone git:myrepo, might at least identify where Windows is different.

JMax
  • 26,109
  • 12
  • 69
  • 88
Milele
  • 33
  • 4
0

put your .ssh folder under

C:\Windows\SysWOW64\config\systemprofile

or

C:\Windows\System32\config\systemprofile

depends on your system is 32 or 64.

This is the "USER" directory for "Local System".

Roland
  • 1,109
  • 13
  • 15