Jenkins is failing with an SSH issue when it tries to scan the multibranch pipeline and ssh is giving "Host key verification failed":
[Wed Sep 21 01:10:09 PDT 2022] Starting branch indexing...
> git --version # timeout=10
> git --version # 'git version 2.31.1'
using GIT_SSH to set credentials jenkins#jenkinsserver SSH private key
[INFO] Currently running in a labeled security context
[INFO] Currently SELinux is 'enforcing' on the host
> /usr/bin/chcon --type=ssh_home_t /tmp/jenkins-gitclient-ssh7000755047282481393.key
Verifying host key using manually-configured host key entries
> git ls-remote --symref -- ssh://jenkins#jenkinsserver.corp.contoso.com/vol/git/cmb.git # timeout=10
ERROR: [Wed Sep 21 01:10:09 PDT 2022] Could not update folder level actions from source blueocean
[Wed Sep 21 01:10:09 PDT 2022] Finished branch indexing. Indexing took 0.13 sec
FATAL: Failed to recompute children of CertAccord
hudson.plugins.git.GitException: Command "git ls-remote --symref -- ssh://jenkins#jenkinsserver.corp.contoso.com/\
vol/git/cmb.git" returned status code 128:
stdout:
stderr: No ECDSA host key is known for jenkinsserver.corp.contoso.com and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2697)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2111)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2009)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2000)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.getRemoteSymbolicReferences(CliGitAPIImpl.java:3675)
at jenkins.plugins.git.AbstractGitSCMSource.retrieveActions(AbstractGitSCMSource.java:1152)
at jenkins.scm.api.SCMSource.fetchActions(SCMSource.java:848)
at jenkins.branch.MultiBranchProject.computeChildren(MultiBranchProject.java:598)
at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:278)
at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:166)
at jenkins.branch.MultiBranchProject$BranchIndexing.run(MultiBranchProject.java:1032)
at hudson.model.ResourceController.execute(ResourceController.java:107)
at hudson.model.Executor.run(Executor.java:449)
Finished: FAILURE
I'm aware that this problem indicates the ssh client is receiving an ssh server signature that it doesn't recognize (e.g. it's not in known_hosts).
If I "su - jenkins" on the jenkinsserver I can manually run git and ssh without a problem:
$ git ls-remote --symref -- ssh://jenkins#jenkinsserver.corp.contoso.com/vol/git/cmb.git
ref: refs/heads/master HEAD
f79a54e2233749e0f0a9cf01 HEAD
... snip ...
$ ssh jenkinsserver.corp.contoso.com date
Wed Sep 21 01:45:20 PDT 2022
$ grep jenkinsserver ~/.ssh/known_hosts
jenkinsserver.corp.contoso.com ecdsa-sha2-nistp256 AAAAE2VjZHN....
This means that there is some other known_hosts file that Jenkins is somehow telling ssh to use. I just can't figure out where that file is!
Since this is a branch scan it's running on the jenkin's server, right?
The jenkinsserver is a RHEL 8.6 system. Jenkins version 2.361.1-1.1
Found a solution for this. In Manage Jenkins > Configure Global Security > Git Host Key Verification Configuration I changed it to "Accept first connection". It was set to "Manually provide keys".
Related
I wanted to configure Multibranch Pipeline Job at Jenkins using jenkins.yml file.
Here is fragment of my configuration:
multibranchPipelineJob('<jenkins-job-name>') {
branchSources {
github {
(...)
repository('<user-group/repository>')
}
}
(...)
}
When I deploy jenkins with configurated job like that, I have github repository URL address filled like that:
https://github.com//user-group/repository
After github.com I have double slash and because of that automatic repository scanning is not working, I have something like that in logs:
[Fri May 22 13:39:00 UTC 2020] Starting branch indexing...
13:39:00 Connecting to https://api.github.com using <github-username>/******
ERROR: [Fri May 22 13:39:00 UTC 2020] Could not update folder level actions from source <id>
hudson.AbortException: Invalid scan credentials when using <github-username>/****** to connect to /<user-group/repository> on https://api.github.com
at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource.retrieveActions(GitHubSCMSource.java:1884)
at jenkins.scm.api.SCMSource.fetchActions(SCMSource.java:848)
at jenkins.branch.MultiBranchProject.computeChildren(MultiBranchProject.java:600)
at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:277)
at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:164)
at jenkins.branch.MultiBranchProject$BranchIndexing.run(MultiBranchProject.java:1034)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:428)
[Fri May 22 13:39:00 UTC 2020] Finished branch indexing. Indexing took 0.14 sec
FATAL: Invalid scan credentials when using <github-username>/****** to connect to /<user-group/repository> on https://api.github.com
Finished: FAILURE
Is this bug on Multibrach Pipeline Jobs handling?
Is there any way to workaround it?
I've found my answer. I've used other variables and wrote my repository as:
repoOwner('<user-group>')
repository('<repository>')
And now it works as expected
I have Box Master and Box Slave in AWS EC2 instances. I created jenkins user in Box Slave and I copied the master's public keys to slave. Now I created a new node in Jenkins Master. However, when I connect to slave using Launch agent via execution of command on master using command ssh -tt jenkins#10.15.0.10, it gives me the following error:
just before slave Services-Slave gets launched ...
executing pre-launch scripts ...
[06/26/17 16:25:28] Launching agent
$ ssh -tt jenkins#10.15.0.10
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-1020-aws x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
5 packages can be updated.
0 updates are security updates.
Last login: Mon Jun 26 20:19:51 2017 from 10.15.0.5
<===[JENKINS REMOTING CAPACITY]===>To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
jenkins#ip-10-94-0-63:~$ <===[JENKINS REMOTING CAPACITY]===ERROR: Unable to launch the agent for Services-Slave
java.io.IOException: Invalid encoded sequence encountered: 08 08 08 08
at hudson.remoting.BinarySafeStream$1._read(BinarySafeStream.java:194)
at hudson.remoting.BinarySafeStream$1.read(BinarySafeStream.java:80)
at hudson.remoting.BinarySafeStream$1.read(BinarySafeStream.java:97)
at java.io.FilterInputStream.read(FilterInputStream.java:107)
at hudson.remoting.BinarySafeStream$1._read(BinarySafeStream.java:189)
at hudson.remoting.BinarySafeStream$1.read(BinarySafeStream.java:125)
at java.io.FilterInputStream.read(FilterInputStream.java:107)
at hudson.remoting.BinarySafeStream$1._read(BinarySafeStream.java:189)
at hudson.remoting.BinarySafeStream$1.read(BinarySafeStream.java:125)
at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2338)
at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2351)
at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:3092)
at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2892)
at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1075)
at java.io.ObjectStreamClass.readNonProxy(ObjectStreamClass.java:684)
at java.io.ObjectInputStream.readClassDescriptor(ObjectInputStream.java:833)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1609)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1521)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1781)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1353)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:373)
at hudson.remoting.Capability.read(Capability.java:140)
at hudson.remoting.ChannelBuilder.negotiate(ChannelBuilder.java:391)
at hudson.remoting.ChannelBuilder.build(ChannelBuilder.java:310)
at hudson.slaves.SlaveComputer.setChannel(SlaveComputer.java:389)
at hudson.slaves.CommandLauncher.launch(CommandLauncher.java:132)
at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:262)
at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
If I run the same command from my username from master it is able to ssh successfully. Any idea why this is happening?
I tried giving the .pem file
I also did sudo -u jenkins. Nothing works.
Several things were going wrong here too, while configuring master-node communication. Somewhere it seemed like, master is caching the configurations for nodes. Sometimes removing and adding the node did work!
But in the end, this helped every-time.
https://docs.google.com/document/d/1Qq-EkiUnC5x8BuM4AZWo-yRUQTrkberzz8JfdCM6yuc/edit?pli=1
I am trying to figure out why Gerrit Trigger in Jenkins does not report back to Gerrit output from job (leave comment).
Job is triggered by gerrit,proper git change is used in build,job completes,no error in build console.
Using ssh -p $GERRIT_PORT <gerrit_user>#$GERRIT_HOST gerrit review -m '"Comment"' --verified +1 $GERRIT_PATCHSET_REVISION makes a comment though.
This is the only log from var/log/jenkins:
Jun 09, 2017 11:27:05 AM com.sonymobile.tools.gerrit.gerritevents.workers.rest.AbstractRestCommandJob run
SEVERE: Gerrit response: Found
Jun 09, 2017 11:27:08 AM hudson.model.Run execute
INFO: RED_Gerrit_Main #80 main build action completed: SUCCESS
Jun 09, 2017 11:27:08 AM com.sonyericsson.hudson.plugins.gerrit.trigger.gerritnotifier.ToGerritRunListener allBuildsCompleted
INFO: All Builds are completed for cause: GerritCause: PatchsetCreated: Change-Id for #146581: Ie3f68ce8a2c07190b22b982c66d0a65f67d2887d PatchSet: 1 silent: false
Jun 09, 2017 11:27:08 AM org.terracotta.jenkins.plugins.postcompleted.PostCompletedRunListener onCompleted
INFO: The url to submit to is not valid, please check your global configuration
Jun 09, 2017 11:27:08 AM com.sonymobile.tools.gerrit.gerritevents.workers.rest.AbstractRestCommandJob run
SEVERE: Gerrit response: Found
From user accounts POV, Jenkins account and node accounts are not valid gerrit ones,there is a predefined gerrit account with key pairs used in Gerrit Trigger configuration and Job configuration.
What can be an issue that Gerrit Trigger does not comment back?
So we're using Gerrit Trigger (2.23.0) on our Jenkins CI build manager & using docker containers for the actual builds.
The issue that has recently popped up in some of our branches the Gerrit Repo polling is failing and causing it to "detect changes" every time, so it's constantly rebuilding despite no changes.
Checking the Gerrit Repo Polling Log for any of the affected jobs gives one of the following outputs:
Started on Feb 1, 2017 3:12:25 PM
Polling SCM changes on aosp-host
[workspace] $ repo init -u http://xxx.xxx.xxx.xxx/git/project/platform/manifest.git -b branch -m branch.xml
Get https://gerrit.googlesource.com/git-repo/clone.bundle
Get https://gerrit.googlesource.com/git-repo
fatal: Not a git repository: '/home/jenkins/workspace/.repo/manifests.git'
fatal: Not a git repository: '/home/jenkins/workspace/.repo/manifests.git'
fatal: cannot obtain manifest http://xxx.xxx.xxx.xxx/git/project/platform/manifest.git
Done. Took 1 min 19 sec
Changes found
or, if the build was already building (gerrit waits for the build to finish before doing the scm poll)
Started on Feb 2, 2017 3:24:15 AM
Polling SCM changes on aosp-host
[workspace] $ repo init -u http://xxx.xxx.xxx.xxx/git/project/platform/manifest.git -b branch -m branch.xml
fatal: cannot make /home/jenkins/workspace/.repo/repo directory: File exists
Done. Took 2 hr 4 min
Changes found
The builds, which are triggered by this failure, use the same commands and work fine:
[workspace] $ repo init -u http://xxx.xxx.xxx.xxx/git/project/platform/manifest.git -b branch -m branch.xml
Navigating to the manifest directory, we see the symptom:
jenkins#f052b3453d95:~/workspace/.repo$ ll
total 32
drwxr-xr-x 1 jenkins jenkins 180 Dec 20 11:08 ./
drwxrwxr-x 1 jenkins jenkins 778 Dec 20 11:07 ../
-rw-r--r-- 1 jenkins jenkins 20087 Dec 20 10:14 .repo_fetchtimes.json
lrwxrwxrwx 1 jenkins jenkins 20 Dec 20 10:13 manifest.xml -> manifests/branch.xml
drwxr-xr-x 1 jenkins jenkins 8 Dec 16 17:33 manifests/
drwxr-xr-x 1 jenkins jenkins 50 Dec 16 17:33 manifests.git/
drwxr-xr-x 1 jenkins jenkins 28 Dec 16 17:43 project-objects/
-rw-r--r-- 1 jenkins jenkins 7756 Dec 20 10:14 project.list
drwxr-xr-x 1 jenkins jenkins 410 Dec 16 17:46 projects/
with
lrwxrwxrwx 1 jenkins jenkins 20 Dec 20 10:13 manifest.xml -> manifests/branch.xml
highlighted in red, because the associated branch.xml is not found... so the Gerrit Log from above is accurate, it's failing to init properly. This is confirmed via a repo status in the main directory:
jenkins#f052b3453d95:~/workspace$ repo status
Traceback (most recent call last):
File "/home/jenkins/workspace/.repo/repo/main.py", line 531, in <module>
_Main(sys.argv[1:])
File "/home/jenkins/workspace/.repo/repo/main.py", line 507, in _Main
result = repo._Run(argv) or 0
File "/home/jenkins/workspace/.repo/repo/main.py", line 180, in _Run
result = cmd.Execute(copts, cargs)
File "/home/jenkins/workspace/.repo/repo/subcmds/status.py", line 130, in Execute
all_projects = self.GetProjects(args)
File "/home/jenkins/workspace/.repo/repo/command.py", line 140, in GetProjects
all_projects_list = manifest.projects
File "/home/jenkins/workspace/.repo/repo/manifest_xml.py", line 350, in projects
self._Load()
File "/home/jenkins/workspace/.repo/repo/manifest_xml.py", line 407, in _Load
self.manifestProject.worktree))
File "/home/jenkins/workspace/.repo/repo/manifest_xml.py", line 443, in _ParseManifestXml
root = xml.dom.minidom.parse(path)
File "/usr/lib/python2.7/xml/dom/minidom.py", line 1918, in parse
return expatbuilder.parse(file)
File "/usr/lib/python2.7/xml/dom/expatbuilder.py", line 922, in parse
fp = open(file, 'rb')
IOError: [Errno 2] No such file or directory: '/home/jenkins/workspace/.repo/manifest.xml'
The issue is, running repo init -u <url> -m branch.xml via the command line works fine, and produces a valid repo.
Any insight one can offer for this issue?
All my CVS build fail on jenkins with the following message.
I check on the command line that my credentials were correct. Command line version of cvs is 1.11.22
This has been working for more than a year
I tried to downgrade the cvs plugin, just in case there was a problem with the new version.
We are using cvs with the pserver protocol.
Jenkins version : 1.590
CVS plugin version : 2.12
Building on master in workspace /storage/jenkins/jobs/VIF_TRANSLATION_TOOLS/workspace
Using locally configured password for connection to :pserver:mvn#cvs-java.vif.tm.fr:2401/u/cvs
cvs checkout -P -D 17 Nov 2014 17:45:24 +0100 -d workspace VIF_ENVDEV/VIF_TRANSLATION_TOOLS
ERROR: CVS Authentication failed: AuthenticationFailed
org.netbeans.lib.cvsclient.connection.AuthenticationException: Wrong Password.
at org.netbeans.lib.cvsclient.connection.PServerConnection.openConnection(PServerConnection.java:267)
at org.netbeans.lib.cvsclient.connection.PServerConnection.open(PServerConnection.java:352)
at org.netbeans.lib.cvsclient.Client$1.run(Client.java:374)
at java.lang.Thread.run(Thread.java:724)
ERROR: Cvs task failed
Retrying after 10 seconds
Using locally configured password for connection to :pserver:mvn#cvs-java.vif.tm.fr:2401/u/cvs
cvs checkout -P -D 17 Nov 2014 17:45:35 +0100 -d workspace VIF_ENVDEV/VIF_TRANSLATION_TOOLS
ERROR: CVS Authentication failed: AuthenticationFailed
org.netbeans.lib.cvsclient.connection.AuthenticationException: Wrong Password.
at org.netbeans.lib.cvsclient.connection.PServerConnection.openConnection(PServerConnection.java:267)
at org.netbeans.lib.cvsclient.connection.PServerConnection.open(PServerConnection.java:352)
at org.netbeans.lib.cvsclient.Client$1.run(Client.java:374)
at java.lang.Thread.run(Thread.java:724)
ERROR: Cvs task failed
Retrying after 10 seconds
I finally solve my problem. It seems that all my builds using CVS had a configuration that overrides the global one.
I uncheck the this connection needs a password on all my cvs jobs.