My jenkins slave node is offline. The log is as follows:
[06/11/15 09:02:52] [SSH] Opening SSH connection to <ip>.
ERROR: Server rejected the 1 private key(s) for jenkins (credentialId:d7a17c00-1300-4cf3-8cf5-810b3297ebc6/method:publickey)
[06/11/15 09:02:52] [SSH] Authentication failed.
hudson.AbortException: Authentication failed.
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1178)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[06/11/15 09:02:52] Launch failed - cleaning up connection
[06/11/15 09:02:52] [SSH] Connection closed.
I have verified below:
Authorized_keys file at /var/lib/jenkins-slave/.ssh has correct public key of master.
Authorized_keys file at /var/lib/jenkins/.ssh has correct public key of master.
Master has its private and public key files at /var/lib/jenkins/.ssh folder and also at ~/.ssh folder.
I also tried "ssh -i .ssh/id_rsa -l jenkins ” from master machine but it is asking for password. Looks like it is not identifying slave machine.
There is known_hosts file in .ssh folder of both master and slave machine.
What data goes in there?
How to resolve the issue?
I have just been gone through this pain recently.
What I found out is that you have to make sure the .ssh directory has 700 permissions, and that jenkins has read and the id_rsa.pub should have 644 (not 755 as previously recommended, that would make the file executable, which shouldn't be required).
Also I found that if you have a Windows based slave in there you have to make sure you create your keys without a passphrase.
SSH Build Agents Plugin Update
Plugin version 2.854.v7fd446b_337c9 requires PEM format
Generate keys on jenkins
ssh-keygen -t rsa -m PEM
Copy PUBLIC key to Agent authorized_keys (~/.ssh/authorized_keys)
Copy PUBLIC key to Jenkins credentials
Related
When I attempt a build on my Jenkins job that is configured to checkout from GitLab I am getting below error output (truncated) :
....................
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from git#10.777.77.777:root/xxx.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:1001)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1242)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1302)
....................................................
....................................................
at hudson.model.Executor.run(Executor.java:431)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --force --progress -- git#10.777.77.777:root/xxx.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: Load key "/var/lib/jenkins/workspace/gitlabjenkinsdemo#tmp/jenkins-gitclient-ssh1964800292912998995.key": invalid format
Permission denied, please try again.
Permission denied, please try again.
git#10.170.8.204: Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2681)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2102)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:86)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:624)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:999)
... 11 more
ERROR: Error fetching remote repo 'origin'
Finished: FAILURE
I am trying to setup a CI/CD pipeline as per this post Jenkins_Gitlab
I expected that the private key I added should enable checkout out of the box (Note : Both Jenkins server and Gitlab server are running on the same Debian instance).
In the ~/.ssh directory I have the following :
root#myservername:~/.ssh# ls -ld
drwx------ 2 root root 4096 Oct 18 15:30 .
In the source code management tab of my Jenkins job I have also added the SSH link that I extracted from my project in Gitlab. However what I am unsure of is the message below that the project is showing in Gitlab :
What am I missing ?
Both Jenkins server and Gitlab server are running on the same Debian instance
Ideally, they would run with their own associated service account, not "root".
But still, even as root, this should work.
Check which private SSH key you have added, and make sure, at least for testing, it wasn't one protected with a passphrase (meaning the private key file does not have a Proc-Type: 4,ENCRYPTED line in it)
That might be a cause for the jenkins-gitclient-ssh1964800292912998995.key": invalid format you have.
(That or you have copied the private key file content with CRLF instead of LF as end-of-line)
(or you have copied a public key, where a private one was expected, or vice-versa)
From the discussion:
the private key had to be registered again in Jenkins (making sure its eol -- end-of-line -- are LF, not CRLF)
the branch needs to be renamed:
My repo had master when I did git init, so had to rename branch to main when I set the GitLab remote
Background: My Jenkins is Deploy by docker at target server A.There is 4 intranet target servers(inner server) ABCD.Try to deploy code by plugin Public over SSH to target server C,When I try to establish a connection from jenkins to target server C,There is
jenkins.plugins.publish_over.BapPublisherException: Message [Auth fail]]
My Finnal solution: Put target server's id_rsa.pub to target server's authorized_keys.and i don't know why it works.
here is some of my trys:
put jenkins root's id_rsa.pub to target server root's authorized_keys
put jenkins jenkins's(user) id_rsa.pub to target server root's authorized_keys
create jenkins user at target server and repeat 1,2.this time put into target server's jenkins user.
when I try this,ssh and scp works correctly.but jenkins **Public over SSH ** can't.and now though I solved this but I want to know the reason. thanks for tolerate my gramma..
My CI project is dependent on another private repo. So I refer to the document to upload the private key using
➜ travis sshkey --upload ~/.ssh/id_travis_rsa --pro
Updating ssh key for Jeff-Tian/uni-sso with key from /Users/tianjef/.ssh/id_travis_rsa
Current SSH key: key for clone k8s-config
Finger print: 65:25:66:26:4d:5d:9f:ac:25:ba:ea:be:c4:d5:e3:5f
From the above I double checked the finger print, and compares to the github ssh keys:
They are matched.
However, the travis build still fails by:
(https://travis-ci.com/github/Jeff-Tian/uni-sso/builds/161350192)
$ git clone git#github.com:Jeff-Tian/k8s-config.git ${HOME}/k8s-config
Cloning into '/home/travis/k8s-config'...
Warning: Permanently added the RSA host key for IP address '140.82.114.4' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The command "git clone git#github.com:Jeff-Tian/k8s-config.git ${HOME}/k8s-config" failed and exited with 128 during .
And then I check the settings on travis settings, can't find the ssh keys settings pane:
Help:
Where goes wrong? Is it a Travis CI bug?
Seems the ssh keys config is only available for private repos.
The issue here is the main repo is public, but when deploy it, a private repo need to be downloaded. This scenario is not covered by the official document.
The workaround is to switch copying the private repo via https instead of ssh, so no need to upload the ssh keys.
By setting up the GH_TOKEN in the setting, and then write that token to .netrc file. Then copy the private repo using https is working:
.travis.yml:
- echo -e "machine github.com\n login $GH_TOKEN" > ~/.netrc
- git clone https://github.com/Jeff-Tian/k8s-config.git ${HOME}/k8s-config
I'm trying to use the Jenkins Ansible plugin to deploy a project. I figured this should be pretty easy as i'm pretty familiar with both Jenkins and Ansible. However, i'm having issues getting the Ansible command to successfully execute. I believe the problem lies in the use of the credentials. We have a jenkins user that owns the Jenkins execution process and we have a jenkins user setup on the machine being deployed to. We are using SSH keys and I have added the jenkins users private key to the Jenkins credential store and selected those in the Ansible configuration. However, when i run the job, this is the snippet of my output (replaced some information).
[my-job] $ ansible-playbook my-job.yml -i inventories/dev -l 1_2_3_4 -f 1 --private-key /tmp/ssh7229752594712048879.key -u jenkins --diff --vault-password-file ~/.vault-pass
PLAY [tag_ansible_groups_my_job] ***********************
TASK [setup] *******************************************************************
fatal: [1_2_3_4]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true}
to retry, use: --limit #/data/jenkinsdata/workspace/my-job/my-job.retry
PLAY RECAP *********************************************************************
1_2_3_4 : ok=0 changed=0 unreachable=1 failed=0
FATAL: command execution failed
hudson.AbortException: Ansible playbook execution failed
at org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder.perform(AnsiblePlaybookBuilder.java:227)
at org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder.perform(AnsiblePlaybookBuilder.java:200)
at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:78)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
at hudson.model.Build$BuildExecution.build(Build.java:205)
at hudson.model.Build$BuildExecution.doRun(Build.java:162)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
at hudson.model.Run.execute(Run.java:1729)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:404)
ERROR: Ansible playbook execution failed
Finished: FAILURE
I've run the same command successfully from the Jenkins machine and it works just fine. The only difference was that I referenced the original SSH private key instead of the copied temporary key. To see if this was the issue, I decided to check the contents of the copied temporary SSH private key and the file was empty. I checked the file before the job finished executing as I am assuming it stays there for the life of the job and removed only after the job has finished executing. To verify this, I removed the use of credentials from the configuration and added in the private-key and user parameters pointing directly to the appropriate key and the job runs successfully.
[my-job] $ ansible-playbook my-job.yml -i inventories/dev -l 1_2_3_4 -f 1 --private-key ~/.ssh/id_rsa -u jenkins --diff --vault-password-file ~/.vault-pass
PLAY [tag_ansible_groups_my_job] ***********************
TASK [setup] *******************************************************************
ok: [1_2_3_4]
So, to me, it seems that Jenkins is failing to copy the SSH private key to the temporary file(s). I've tried with other SSH keys but still the same problem each time. I've tried specifying the private key in Jenkins credential store itself rather than specifying the location and that also did not work. I've checked the Jenkins logs and there is nothing that would indicate why the private SSH key would fail to copy to the /tmp directory.
I'd prefer not to reference the key directly in the additional parameters as this limits me to only keys located on that server. Any suggestions?
I found this solution at Edureka. It worked for me.
set "host_key_checking = False" in /etc/ansible/ansible.cfg
https://www.edureka.co/community/42595/not-able-connect-remote-host-via-jenkins-run-ansible-playbook
I am trying to launch new slave agent but I am seeing the below error. Can you please help in resolving this.
- I have copied the keys in both the machines in .ssh/authorized_keys and able to connect manually but failing from jenkins.
- All permissions also looks gud.
[02/19/16 13:12:34] [SSH] Opening SSH connection to sdc-caoneops- app1.qa.xxxxx.com:22.
ERROR: Server rejected the 1 private key(s) for App (credentialId:6aced962- 26cd-4c8f-97d3-305c2e2a6540/method:publickey)
[02/19/16 13:12:34] [SSH] Authentication failed.
hudson.AbortException: Authentication failed.
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1178)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[02/19/16 13:12:34] Launch failed - cleaning up connection
[02/19/16 13:12:34] [SSH] Connection closed.
When you ssh manually from master to slave, you are doing so as the Jenkins master user, right? You only need to copy the public key from the master into ~/.ssh/authorized_keys of the slaves.
Add Jenkins Credentials for the jenkins private key and you use that pair in slave configuration "Credentials".
In slave configuration add in "Remote root directory" the home directory of jenkins user on the slave (which contains .ssh/authorized_keys)