I've been working on auto-building a maven project with Jenkins.
Manually, from "start build" in Jenkins, it's working correctly, but from a bitbucket webhook :
"jenkins_url/bitbucket-hook/", after committing and pushing in my bitbucket repo, I'm getting in Jenkins's Bitbucket Hook Log this error :
FATAL: hudson.plugins.git.GitException: Command "git ls-remote -h -- https://my_username#bitbucket.org/repo.git/" returned status code 128:
stdout:
stderr: remote: Invalid username or password
fatal: Authentication failed for 'https://bitbucket.org/repo.git/'
hudson.plugins.git.GitException: Command "git ls-remote -h -- https://my_username#bitbucket.org/repo.git/" returned status code 128:
stdout:
stderr: remote: Invalid username or password
fatal: Authentication failed for 'https://bitbucket.org/repo.git/'
I'm using username and password credentials.
Wish you could help me.
I just found a solution to my own question, if someone needs it.
Just use ssh access key to connect to your bitbucket repo (not username-password credentials) :
--> connect to jenkins user by su jenkins or su -s /bin/bash jenkins
--> generate your ssh key under /var/lib/jenkins/.ssh by ssh-keygen
--> copy your private key in a jenkins global identifier
--> copy your public key in a bitbucket access key
and the build will work in both cases : manually and after a push to your
repository
(You will also need ssh publisher plugin in jenkins to put the bitbucket host id).
Related
I'm currently using Jenkins on Windows 10, and using git as version control system.
Although I provided correct repository URL and credential, I cannot use jenkins with error below.
Failed to connect to repository : Command "git.exe ls-remote -h REPOSITORY_URL HEAD" returned status code 128:
stdout:
stderr: git#URL: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Credential and URL doesn't seems wrong, since this build success previously with same credential. The only change after successful build was one line in build script.
git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe
After I success with this script, git setting keeps failed. Is there any problem with that line? And how can I fix it?
EDIT
Problem solved! For anyone who has same problem, it was problem with the system user! Since ssh key stores in each user space, jenkins cannot detect where the ssh key located. Therefore, go to 'service' in windows, and change user of jenkins service to the user who has correct ssh key. It solved my problem!
Seems there is some problem in Jenkins.
It cannot locate OpenSSH folder in System32, and so that I cannot get log with it.
That would explain why the main Jenkins controller (aka "master" in old terminology) cannot contact the Git repository (assuming an SSH URL here, with technical remote user account "git")
Try and remove that git configuration to see if the error persists: Git should fall back to its own ssh.exe, packaged with Git For Windows.
As noted by the OP, this only works if said Jenkins is run as a user account, not as the system account.
Only then will it be able to access the %USERPROFILE%\.ssh folder.
I am using my PC as a server to build my Jenkins script with declarative pipeline.
when running a git clone on the git bash, it works well:
$ git clone ssh://guillaumed#myserver.com:29418/myProjects/thisProject.git ThisFirmware
Cloning into 'ThisFirmware'...
remote: Counting objects: 889, done
remote: Finding sources: 100% (203/203)
Receiving objects: 79% (121769/152721), 48.11 MiB | 10.35 MiB/s
but running it on the same machine through pipelining :
sh "git clone ssh://guillaumed#myserver.com:29418/myProjects/thisProject.git ThisFirmware"
gives me the following error
[Pipeline] sh
+ git clone ssh://guillaumed#myserver.com:29418/myProjects/thisProject.git ThisFirmware
Cloning into 'ThisFirmware'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
any hints?
To be sure I was using the same key, thanks to Jens, the pipeline script couldn't find the key.
Doing cat ~/.ssh/id_rsa.pub on the pipeline, resulted in + cat /c/windows/system32/config/systemprofile/.ssh/id_rsa.pub
cat: /c/windows/system32/config/systemprofile/.ssh/id_rsa.pub: No such file or directory
So I copied the ssh file from my guillaumed user ssh path to the SYSTEM ssh path but I can't use it if i'm logged in with SYSTEM user instead of guillaumed user.
what do I have to do?
this link didn't help.
Indeed, you can't checkout with ssh if you are logged as SYSTEM.
To checkout as "thisUser":
You'll need to configure your Jenkins.
1/ add a user "thisUser"
2/ add user's ssh credentials "thisUser-ssh-credentials"
3/ use ssh-agent plugin https://wiki.jenkins.io/display/JENKINS/SSH+Agent+Plugin
Then configure your pipeline
dir(server_workspace)
{
sshagent(credentials: ['thisUser-ssh-credentials'] )
{
sh "git clone ssh://thisUser#domain.com:port/yourProjects/thisProject.git"
}
}
I'm using gradle-release plugin in a CI/CD context with GitLab-CI.
I have set up a public private key in GitLab to allow my pipeline to push stuff in the repo but I have an issue, I guess, with how to pass SSH info to gradle process.
In my pipeline script, I have a before_script and I do
- eval $(ssh-agent -s)
- bash -c 'ssh-add <(echo "${MY_SSH_PRIVATE_KEY}")'
MY_SSH_PRIVATE_KEY is stored in the GitLab CI variables.
Then I set my remote url with the ssh style for git repo
git remote set-url origin git#${remoteUrl}
I checkout my branch
git checkout -B ${CI_COMMIT_REF_NAME} ${CI_COMMIT_SHA}
then I call for the plugin
./gradlew release --info -Prelease.useAutomaticVersion=true
I have a an issue during the plugin process
> Failed to run [git remote update] - [Fetching origin ][Host key
> verification failed. fatal: Could not read from remote repository.
>
> Please make sure you have the correct access rights and the repository
> exists. error: Could not fetch origin ]
Do you have an idea on how to fix it?
I run my Jenkins server on the local machine, and I met problem with fetching project from GitLab repository. I don't know exactly what I have to done.
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "C:\Program Files\Git\bin\git.exe fetch --tags --progress http://repository.vrpconsulting.com/roman.skaskevich/koshcheck-copy.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: Logon failed, use ctrl+c to cancel basic credential prompt.
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://repository.vrpconsulting.com/roman.skaskevich/koshcheck-copy.git/'
GITLAB SETTINGS: here
EDIT #1
When I run git fetch --tags --progress http://repository.vrpconsulting.com/roman.skaskevich/koshcheck-copy.git +refs/heads/*:refs/remotes/origin/* on local machine, it performs successfully and dialog for entering login/password is showed.
But what I have to do that jenkins job performed this command successfully?
EDIT #2
For now, Credentials Binding Plugin helps me implements to checking credentials in Jenkinsfile.
EDIT #3
I run Jenkins server on another machine and have the same problem. I don't want to use login/password, so adding SSH key solved this problem.
Thanks in advance!
Seems like your repo is private. Private git repos requires authentication. Reconfigure your git client plugin check if you are able to connect to remote repo via password based authentication , if not , try SSHing to the repo.
Looks like this ins private repo if you want to clone that repo to jenkins workspace you need to provide your gitlab credentials in jenins.
for that, you need to install jenkins plugin called "Gitlab Authentication plugin". once you completed the installation please do a restart.
Add Gitlab credentials in "Jenkins Credentials Provider: Jenkins".
later you can add your gitlab credentials in Source Code Management
Source Code Management
in credentials select the saved gitlab credentials.
Steps:
Install plugins:
Gitlab
Gitlab authentication
Configure global credentials in jenkins:
go to credentials >> system >> global creds >> username & password
ID: git
username: your gitlab username
password: your gitlab password
Pipeline:
stage('SCM') {
steps {
git credentialsId: 'git', url: 'your gitlab url'
}
}
I got this error too. In my case, the git repo is a private one.
I added the git link and then supplied the git credentials to the particular Jenkins job. The issue is gone and able to build project from Jenkins.
I installed Jenkins CI from homebrew (brew install jenkins). So, it runs under my own user. Everything works fine except for SSH access to my Git repository. I do not want to create a separate user (e.g. jenkins) to run Jenkins and create separate SSH keys for it. I just want to use my own SSH keys. Accessing my remote git repo on the command-line works fine with my ssh keys, but in Jenkins it does not work. It gives a 'Permission denied (publickey)' error (username and project are obfuscated (<user> and <project>)):
Started by user anonymous
Checkout:workspace / /Users/<user>/.jenkins/jobs/<project>_run_tests/workspace - hudson.remoting.LocalChannel#456d3d51
Using strategy: Default
Last Built Revision: Revision 093f1641f26632afd1a74c14276ec544356c1d08 (origin/dev)
Checkout:workspace / /Users/<user>/.jenkins/jobs/<project>_run_tests/workspace - hudson.remoting.LocalChannel#456d3d51
Fetching changes from 1 remote Git repository
Fetching upstream changes from ssh://git#bitbucket.org/<user>/<project>.git
ERROR: Problem fetching from origin / origin - could be unavailable. Continuing anyway
ERROR: (Underlying report) : Error performing command: /usr/local/bin/git fetch -t ssh://git#bitbucket.org/<user>/<project>.git +refs/heads/*:refs/remotes/origin/*
Command "/usr/local/bin/git fetch -t ssh://git#bitbucket.org/<user>/<project>.git +refs/heads/*:refs/remotes/origin/*" returned status code 128: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
ERROR: Could not fetch from any repository
FATAL: Could not fetch from any repository
hudson.plugins.git.GitException: Could not fetch from any repository
at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:1012)
at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:972)
at hudson.FilePath.act(FilePath.java:783)
at hudson.FilePath.act(FilePath.java:765)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:972)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1195)
at hudson.model.AbstractBuild$AbstractRunner.checkout(AbstractBuild.java:568)
at hudson.model.AbstractBuild$AbstractRunner.run(AbstractBuild.java:457)
at hudson.model.Run.run(Run.java:1404)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:230)
It seems it is not using my ssh keys to connect to the git server. I tried adding a UserName key to the jenkins launchagent plist, did a restart, but no effect.
How can I make jenkins use my SSH keys to connect to my remote git repo?
I do not know how homebrew sets up Jenkins, but apparently it is running in a context where it has no access to your ssh agent and your ssh key is passphrase-protected.
When you run it in a Terminal window, you have SSH_AUTH_SOCK variable in your environment which ssh client uses to authenticate. If you cannot use the ssh agent, you need to remove the passphrase from the ssh key.