I am using Vagrant to provision our development environments.
Vagrant does something similar to the following:
- Installs Jenkins(and Java because its a dependency)
- ...Other dependency installs....
Copies private
id_rsaSSH key to the/.sshin the$JENKINS_HOMEwhich is/var/lib/jenkins/Run through script that clones all GitHub repos and builds and deploys projects.
The issue we are having is with #3 in the list above.
Since we need this to run in a script, we can't manually run the command against GitHub to add the entry to known_hosts. So I have tried using the following:
sudo -u jenkins ssh-keyscan github.com > /var/lib/jenkins/.ssh/known_hosts
I have also tried to run this without using the jenkins user but was unsuccessful.
Here is the script that the Vagrantfile is referencing after Jenkins is installed.
#Setup SSH for GitHub
echo "Configuring GitHub SSH Keys..."
if [ ! -d /var/lib/jenkins/.ssh ];
then
#copy private key to $JENKINS_HOME/.ssh
sudo mkdir -p /var/lib/jenkins/.ssh
sudo cp /vagrant/ssh/id_rsa /var/lib/jenkins/.ssh/
#Modify permissions so jenkins user can access
sudo chown -R jenkins:jenkins /var/lib/jenkins/.ssh/
sudo chmod 0600 /var/lib/jenkins/.ssh
sudo chmod 0600 /var/lib/jenkins/.ssh/id_rsa
#Add GitHub to known_hosts so it doesn't prompt us
sudo -u jenkins ssh-keyscan github.com > /var/lib/jenkins/.ssh/known_hosts
else
echo "GitHub SSH Keys already configured..."
fi
Am I doing this completely wrong?
My GOAL is to be able to copy my private key wherever it needs to go so that I can make a request to GitHub (from Jenkins) without any manual interaction.
My PROBLEM is that I can't seem to do this without scripting or CHMODing myself into a permission restricted corner.
I have referenced and seen similar issues such as the post referenced blow
