Bug 1399993 - [RFE] Support Jenkinsfile on ssh git repo in Jenkins Pipeline
Summary: [RFE] Support Jenkinsfile on ssh git repo in Jenkins Pipeline
Keywords:
Status: CLOSED DUPLICATE of bug 1390295
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 3.3.1
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: ---
Assignee: Jimmi Dyson
QA Contact: Wang Haoran
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-30 08:46 UTC by Takayoshi Kimura
Modified: 2020-02-14 18:13 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-05 13:29:38 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Takayoshi Kimura 2016-11-30 08:46:53 UTC 
Description of problem:

It seems Jenkins doesn't support ssh git at this moment.

Jenkinsfile is on a git server and that git server only support ssh key auth. BuildConfig looks like:

source:
  git:
    ref: jenkins
    uri: git:nekop/hello-sinatra.git
  type: Git
strategy:
  jenkinsPipelineStrategy:
    jenkinsfilePath: Jenkinsfile
  type: JenkinsPipeline

Adding ssh key secret under sourceSecret doesn't work and it seems Jenkins never use that secret.

https://docs.openshift.com/container-platform/3.3/dev_guide/builds.html#ssh-key-authentication

We can manually add an ssh credential on Jenkins, add the credential to the pipeline job. But that pipeline job configuration is always overwritten with no credential when a pipeline is triggered.

Also, jenkins ssh git clone always failed with "Host key verification failed" as there is no "~/.ssh/known_hosts" file. We need a way to skip the host key verification or accept it automatically. As a workaround for this particular "known_hosts" issue, we can rsh into the jenkins and the create the "~/.ssh/known_hosts" file manually.

Version-Release number of selected component (if applicable):

3.3.1.5

How reproducible:

Always

Steps to Reproduce:
1. Enable JenkinsPipeline tech preview feature
2. Create JenkinsPipeline build with Jenkinsfile on ssh git repo

Actual results:

No way to configure ssh key for Jenkinsfile on git

Expected results:

Can perform ssh git clone by adding ssh key sourceSecret to the BuildConfig of the pipeline.

Additional info:
Comment 1 Takayoshi Kimura 2016-11-30 08:55:58 UTC 
Is there any workaround for this issue?
Comment 4 Ben Parees 2016-12-05 03:52:12 UTC 
@Jimmi did the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1390295 also enable this scenario?
Comment 5 Dale Richardson 2016-12-05 06:25:50 UTC 
I just tested again using a recent snapshot (633ad218) build of the Jenkins Openshift Sync plugin and the problem with the SSH credentials does appear to have been fixed.

Regarding the known-hosts issue, I couldn't think of any way of solving that apart from dumping a pre-canned known-hosts file into the Jenkins image on build... perhaps mounting a secret at /home/jenkins/.ssh might be a nicer way of handling it.
Comment 6 Takayoshi Kimura 2016-12-05 07:07:52 UTC 
I tested this with our internal pre-release jenkins image on 3.3.1, it reads sourceSecret and generates the known_hosts automatically so it looks good to me.

Waiting final confirmation from Jimmi.
Comment 7 Jimmi Dyson 2016-12-05 08:33:50 UTC 
Yes both ssh key & username/password auth, credentials provided by source secret, are supported in recent releases of the sync plugin,
Comment 8 Ben Parees 2016-12-05 13:29:38 UTC 

*** This bug has been marked as a duplicate of bug 1390295 ***
Note You need to log in before you can comment on or make changes to this bug.