3

I have:

  • main github repo with Terraform12 code
  • module in secondary repo which is referred as source = "git@github.com:user/mod_repo?ref=v1.0.0"
  • Jenkins 2.249 (can't update now)
  • a private ssh key in Jenkins to access mod_repo

When I try to run terraform init in Jenkins pipeline I get

Could not download module "vpc" (main.tf:1) source code from
"git@github.com:user/mod_repo?ref=v1.0.0": error downloading
'ssh://git@github.com/user/mod_repo?ref=v1.0.0': /usr/bin/git exited
with 128: Cloning into '.terraform/modules/vpc'...
Permission denied (publickey).

Locally I can do it without issues. How should I configure the key in Jenkinsfile* (or where else?) to allow access to the secondary repo?

I've seen this, this, this and this but cannot figure out how to connect it together.

Putnik
  • 5,925
  • 7
  • 38
  • 58

1 Answers1

1

You need to use the sshagent and pass it your key, like this

sshagent (credentials: ['my-build-ssh-key']) {
    sh 'terraform init'
    withAWS(credentials: 'aws-build'){
        sh 'terraform apply -lock=false -auto-approve'
    }
}

The key should be added to the credentials section of Jenkins first, then the name would go in place of my-build-ssh-key.

This means when you run terraform init, it will have access to use that key when it pulls the modules in.

In that example it then also uses creds stored in Jenkins along with this plugin (https://www.jenkins.io/doc/pipeline/steps/pipeline-aws/) to talk to AWS and bring up your stack.

Michael Robinson
  • 846
  • 7
  • 22