I am trying to set up Jenkins to make a production deployment. The aim is to allow Jenkins execute git clone, build and deployment etc. on production server.
Jenkins is running on Configuration Management Server (CentOs 7) and Production Server is another Server (Centos 7).
I started by creating a new node in Jenkins with configuration below:
Then I added Production Server IP address to Jenkins known host like below
-bash-4.2$ cat /var/lib/jenkins/.ssh/known_hosts
192.168.1.xx ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYblabla=
And I confirmed that on Configuration Management server under Jenkins account I could ssh to Production Server.
But on Jenkins the node status is always like this:
This agent is offline because Jenkins failed to launch the agent process on it.
Node log was like this:
SSHLauncher{host='192.168.1.xx', port=22, credentialsId='service account at w', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.NonVerifyingKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}
[02/12/20 20:57:51] [SSH] Opening SSH connection to 192.168.1.xx:22.
[02/12/20 20:57:51] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
ERROR: Server rejected the 1 private key(s) for service_account (credentialId:service_account at webi/method:publickey)
[02/12/20 20:57:51] [SSH] Authentication failed.
Authentication failed.
[02/12/20 20:57:51] Launch failed - cleaning up connection
[02/12/20 20:57:51] [SSH] Connection closed.
Could anybody help with following questions:
Do I need to install Jenkins on Production Server as well?
How to configure Jenkins to run pipeline on
new node?
Okay I finally figured out:
There is no need to install Jenkins on Production Server;
The reason for SSH connection failure was wrong credentials for Jenkins set up. Essentially Jenkins will execute an SSH connection thus username/password should be used for this. so what I did was to create a new Credential and Jenkins will copy over a JAR file to /var/jenkins directory.
You would also need to change ownership of /var/jenkins directory!
Related
i have project jenkins to deploy to my remote server, my local machine and my remote server was connected with ssh but when i try to build job on jenkins, i am getting error like this
image
Login on your jenkins and then try to connect manually on the command line with ssh from jenkins to the remote server. Then approve the host key of the remote system. Run again your job. Then I think everything should be fine.
I just upgraded Jenkins from 2.249.2 to 2.263.2. When I tried to build in slave node, I could not SSH to server by SSH Publishers.
Running as SYSTEM
[Office365connector] No webhooks to notify
[EnvInject] - Loading node environment variables.
Building remotely on native-slave in workspace /home/jenkins/jenkins_workspace/workspace/test1
SSH: Connecting from host [native-slave]
SSH: Connecting with configuration [dev] ...
SSH: Disconnecting configuration [dev] ...
ERROR: Exception when publishing, exception message [Exec timed out or was interrupted after 120,000 ms]
Another issue is that I could not download artifact from Jenkins slave workspace, the Jenkins webpage just loading
It just happen after I upgraded to new version.
Is there something wrong or what might causing the issue?
I have set up a new Jenkins Server and copied the Jobs and plugins from the old Jenkins Server, but stragely there are 2 Options missing while entering a private key for the global User/Account. The Options are "from a file on jenkins master" and "From the Jenkins master ~/.ssh".
I doubt that there is some plugin missing, as I have copied all the plugins from old Server. Any clue will be helpful.
These options was removed due to security reasons since version 1.14 of SSH Credentials Plugin:
SSH Credentials Plugin no longer supports SSH credentials from files on the Jenkins master file system, neither user-specified file paths nor ~/.ssh. Existing SSH credentials of these kinds are migrated to "directly entered" SSH credentials.
I'm deploying an app from git to a target server with Jenkins. I've set in my project a new Jenkinsfile which its stage('deploy') is pointing at the right machine. The conection would happen through SSH.
I've been reading for the deployment to succesfully run, both machines (git & target server) must know each others Host keys, which are stored in known_hosts at ~/.ssh/ . Therefore I connected through ssh from the git machine to the server (prompted if I wanted to continue establishing the connection, 'yes'):
checked the known_hosts file in git server to find the target server entry.
checked the known_hosts file at target server to find an entry, which looks like |1|KCIHm6...lo= ecdsa-sha2-nistp256 AAAA...(bla bla).
I think it's all set for Jenkins to be able to deploy on server, but everytime I build the project from Jenkins, the moment the first ssh deploy command is ran, the deployment fails with a 'Host key Verification failed' message. I can navigate through the target server no matter if I connect through my local machine or the git server, I've tried redoing the process but I can't really replicate the first connection.
Any suggestion is appreciated. Thanks in advance.
Create the ssh keys with jenkins user and restart jenkins.
su jenkins
ssh-keygen
ssh-copy-id destUser#destServer #Type the destUSer password
More info here
Jenkins master is running on Amazon instance and slave machine set up on dedicated Soyoustart machine. Worked fine until it was needed to redo the slave setup: reinstalled the OS, installed Java, added masters key to slave authorized_keys and removed/added again the slave in masters known_hosts. Set up new credentials for the slave and configured the node in Jenkins master but it is unable to connect to the slave.
The setup is the the same that is and has been working with other slaves without hiccups. The only thing different is that this time the new slave is the same machine with the IP as the old one was.
It is possible to ssh into the slave from master from CLI(replaced filename and slave IP with placeholder for this post):
$ ssh -i <key-file> jenkins#<slave-ip>
Credentials have been set up :
Node is configured:
Output when connecting to the slave:
[05/17/15 07:30:31] [SSH] Opening SSH connection to <slave-ip>.
Key exchange was not finished, connection is closed.
ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
java.lang.IllegalStateException: Connection is not established!
at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1173)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[05/17/15 07:30:31] Launch failed - cleaning up connection
[05/17/15 07:30:31] [SSH] Connection closed.
Version numbers:
Jenkins 1.613
SSH Credentials Plugin 1.11
SSH Slaves plugin 1.9
For those who prefer to dig into code:
SSH Credentials Plugin
SSH Slave Plugin
Trilead SSH
Am I missing something obvious here? What could be causing this? Any known workaround? Or does it look like a bug that needs to be reported?
Please let me know if more information is needed.
I'm running Jenkins master using official Docker image which uses OpenJDK8 and should not need to install JCE.
Apparently this is an unresolved issue in Jenkins/SSH security.
My current workaround is by commenting out MACs and KexAlgorithm line in /etc/ssh/sshd_config of Jenkins Slave and restarting the sshd (service ssh restart on Ubuntu)
UPDATE: the issue has been resolved as of 2017-04-29
I suspect that you need to install the Java Cryptography Extension for your JVM.
Without that the RSA key size is limited and authentication is not being established.
See https://issues.jenkins-ci.org/browse/JENKINS-26495 for more details.