| Summary: | [RFE] Support Jenkinsfile on ssh git repo in Jenkins Pipeline | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Takayoshi Kimura <tkimura> |
| Component: | Build | Assignee: | Jimmi Dyson <jdyson> |
| Status: | CLOSED DUPLICATE | QA Contact: | Wang Haoran <haowang> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.3.1 | CC: | aos-bugs, bparees, cpatters, Dale.Richardson4, dyan, jdyson |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-05 13:29:38 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Is there any workaround for this issue? @Jimmi did the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1390295 also enable this scenario? I just tested again using a recent snapshot (633ad218) build of the Jenkins Openshift Sync plugin and the problem with the SSH credentials does appear to have been fixed. Regarding the known-hosts issue, I couldn't think of any way of solving that apart from dumping a pre-canned known-hosts file into the Jenkins image on build... perhaps mounting a secret at /home/jenkins/.ssh might be a nicer way of handling it. I tested this with our internal pre-release jenkins image on 3.3.1, it reads sourceSecret and generates the known_hosts automatically so it looks good to me. Waiting final confirmation from Jimmi. Yes both ssh key & username/password auth, credentials provided by source secret, are supported in recent releases of the sync plugin, *** This bug has been marked as a duplicate of bug 1390295 *** |
Description of problem: It seems Jenkins doesn't support ssh git at this moment. Jenkinsfile is on a git server and that git server only support ssh key auth. BuildConfig looks like: source: git: ref: jenkins uri: git:nekop/hello-sinatra.git type: Git strategy: jenkinsPipelineStrategy: jenkinsfilePath: Jenkinsfile type: JenkinsPipeline Adding ssh key secret under sourceSecret doesn't work and it seems Jenkins never use that secret. https://docs.openshift.com/container-platform/3.3/dev_guide/builds.html#ssh-key-authentication We can manually add an ssh credential on Jenkins, add the credential to the pipeline job. But that pipeline job configuration is always overwritten with no credential when a pipeline is triggered. Also, jenkins ssh git clone always failed with "Host key verification failed" as there is no "~/.ssh/known_hosts" file. We need a way to skip the host key verification or accept it automatically. As a workaround for this particular "known_hosts" issue, we can rsh into the jenkins and the create the "~/.ssh/known_hosts" file manually. Version-Release number of selected component (if applicable): 3.3.1.5 How reproducible: Always Steps to Reproduce: 1. Enable JenkinsPipeline tech preview feature 2. Create JenkinsPipeline build with Jenkinsfile on ssh git repo Actual results: No way to configure ssh key for Jenkinsfile on git Expected results: Can perform ssh git clone by adding ssh key sourceSecret to the BuildConfig of the pipeline. Additional info: