我有一个简单的jenkins管道构建,这是我的jenkinsfile:
pipeline { agent any stages { stage('deploy-staging') { when { branch 'staging' } steps { sshagent(['my-credentials-id']) { sh('git push joe@repo:project') } } } } }
我正在使用sshagent推送到远程服务器上的git repo。我已经创建了指向Jenkins主〜/ .ssh中的私钥文件的凭据。
运行构建时,得到以下输出(我用*替换了一些敏感信息):
[ssh-agent] Using credentials *** (***@*** ssh key) [ssh-agent] Looking for ssh-agent implementation... [ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine) $ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-cjbm7oVQaJYk/agent.11558 SSH_AGENT_PID=11560 $ ssh-add *** Identity added: *** [ssh-agent] Started. [Pipeline] { [Pipeline] sh $ ssh-agent -k unset SSH_AUTH_SOCK; unset SSH_AGENT_PID; echo Agent pid 11560 killed; [ssh-agent] Stopped. [TDBNSSBFW6JYM3BW6AAVMUV4GVSRLNALY7TWHH6LCUAVI7J3NHJQ] Running shell script + git push joe@repo:project Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
如您所见,ssh-agent启动,之后立即停止,然后运行git push命令。奇怪的是,它曾经正确地工作过一次,但这似乎是完全随机的。
我对詹金斯还是很陌生-我缺少明显的东西吗?任何帮助表示赞赏,谢谢。
编辑:如果有帮助,我正在运行多分支管道。
我最近有一个类似的问题,尽管它在docker容器中。日志给人的印象是ssh-agent退出得太早,但是实际上问题是我忘记了将git服务器添加到已知主机。
我建议将ssh-ing到您的jenkins master上,并尝试执行与ssh-agent(cli)管道相同的步骤。然后,您将看到问题出在哪里。
例如:
eval $(ssh-agent -s) ssh-add ~/yourKey git clone
如在help.github.com上解释的
更新:这里是一个用于添加knownHosts(如果尚未添加)的实用程序:
/** * Add hostUrl to knownhosts on the system (or container) if necessary so that ssh commands will go through even if the certificate was not previously seen. * @param hostUrl */ void tryAddKnownHost(String hostUrl){ // ssh-keygen -F ${hostUrl} will fail (in bash that means status code != 0) if ${hostUrl} is not yet a known host def statusCode = sh script:"ssh-keygen -F ${hostUrl}", returnStatus:true if(statusCode != 0){ sh "mkdir -p ~/.ssh" sh "ssh-keyscan ${hostUrl} >> ~/.ssh/known_hosts" } }
