【发布时间】:2019-12-21 05:40:50
【问题描述】:
我正在尝试在 Jenkins 中使用 sshagent 将我的私钥传递到 terraform 容器中,以允许 terraform 在私有仓库中获取模块。
stage('TF Plan') {
steps {
container('terraform') {
sshagent (credentials: ['6c92998a-bbc4-4f27-b925-b50c861ef113']){
sh 'ssh-add -L'
sh 'terraform init'
sh 'terraform plan -out myplan'
}
}
}
}
运行作业时失败并显示以下输出:
[ssh-agent] Using credentials (id_rsa_jenkins)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine)
Executing shell script inside container [terraform] of pod [gcp-tf-builder-h79rb-h5f3m]
Executing command: "ssh-agent"
exit
SSH_AUTH_SOCK=/tmp/ssh-2xAa2W04uQV6/agent.20; export SSH_AUTH_SOCK;
SSH_AGENT_PID=21; export SSH_AGENT_PID;
echo Agent pid 21;
SSH_AUTH_SOCK=/tmp/ssh-2xAa2W04uQV6/agent.20
SSH_AGENT_PID=21
Running ssh-add (command line suppressed)
Identity added: /home/jenkins/agent/workspace/demo@tmp/private_key_2729797926.key (user@workstation.local)
[ssh-agent] Started.
[Pipeline] {
[Pipeline] sh
+ ssh-add -L
ssh-rsa REDACTED user@workstation.local
[Pipeline] sh
+ terraform init
[0m[1mInitializing modules...[0m
- module.demo_proj
Getting source "git::ssh://git@bitbucket.org/company/terraform-module"
[31mError downloading modules: Error loading modules: error downloading 'ssh://git@bitbucket.org/company/deploy-kickstart-project': /usr/bin/git exited with 128: Cloning into '.terraform/modules/e11a22f40c64344133a98e564940d3e4'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
[0m[0m
[Pipeline] }
Executing shell script inside container [terraform] of pod [gcp-tf-builder-h79rb-h5f3m]
Executing command: "ssh-agent" "-k"
exit
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 21 killed;
[ssh-agent] Stopped.
我已经检查了三次,并且确定使用了正确的密钥对。我可以毫无问题地从我的 mac 本地克隆到 repo。
重要的一点是,这个 Jenkins 部署是在 Kubernetes 中运行的。 Master 保持运行并使用 Kubernetes 插件生成代理。
Host key verification failed. 错误是什么意思?根据我的研究,这可能是由于 known_hosts 设置不正确。 ssh-agent 对此负责吗?
【问题讨论】:
-
是的,可能是主机密钥验证失败。您可以运行以下命令将要添加到文件中的密钥添加到文件中吗?命令:ssh-keyscan -t rsa bitbucket.org >>
/.ssh/known_hosts -
我无法找到
/.ssh 文件夹的位置。据我了解, $WORKSPACE 返回主文件夹。查看我采取的一些故障排除步骤:pastecode.xyz/view/f20f387d
标签: jenkins kubernetes jenkins-plugins terraform ssh-agent