Closed StanislavBabkin closed 3 years ago
Is this happening on the first run or every run? i.e. did the ssh-credential plugin get installed, jenkins restarted and then this resource is run?
This error occurs every time the chef client run
Everything is correct, at first the plugins are successfully installed, then the jenkins service is restarted
I also tried to put in this resource the private part of ssh-key(hardcoded -- as in the documentation) but the error was reproducible
@StanislavBabkin can you please provide an example recipe which replicates this issue so I can try it on my end?
yes, of course, but I'm afraid one recipe will not demonstrate all of the cookbook logic
`#
# Cookbook Name:: jenkins_epc
# Recipe:: default
#
# Copyright 2020, EPAM
#
# All rights reserved - Do Not Redistribute
#
chef_gem 'sshkey' do
compile_time true
end
require 'sshkey'
include_recipe 'jenkins_epc::ssl'
metadata 'jenkins' do
action :nothing
end.run_action(:update)
id_key_path = '/root/.ssh/id_rsa'
flags_path = "#{Chef::Config[:file_cache_path]}/jenkins_flags"
ruby_block 'use ssh for jenkins executor' do
block do
node.override['jenkins']['executor']['protocol'] = 'ssh'
end
action :run
only_if { ::File.exist?("#{flags_path}/jenkins-installed") }
end
directory 'Service directory for some flags' do
path flags_path
owner 'root'
group 'root'
mode '0700'
action :create
end
if !File.exist?(id_key_path)
sshkey = SSHKey.generate(
type: 'RSA',
bits: 4096
)
directory ::File.dirname(id_key_path) do
owner 'root'
group 'root'
mode '0700'
action :create
end
# Store public key on disk
file "#{id_key_path}.pub" do
content sshkey.ssh_public_key
owner 'root'
group 'root'
mode '0644'
action :create_if_missing
end
file 'Private key backup' do
path "#{flags_path}/eo-key"
content sshkey.private_key
owner 'root'
group 'root'
mode '0600'
action :create_if_missing
end
node.run_state[:jenkins_public_key] = sshkey.ssh_public_key
node.run_state[:jenkins_private_key] = sshkey.private_key
else
node.run_state[:jenkins_public_key] = File.open(id_key_path + '.pub', 'r').read
node.run_state[:jenkins_private_key] = File.open(id_key_path, 'r').read
end
file id_key_path do
content node.run_state[:jenkins_private_key]
owner 'root'
group 'root'
mode '0600'
sensitive true
action :create_if_missing
end
jenkins_users = []
jenkins_users.push('name' => 'admin', 'privileges' => 'ADMINISTER', 'password' => node['metadata']['jenkins']['admin_password'], 'sshkey' => '')
jenkins_users.push('name' => 'eo', 'privileges' => 'ADMINISTER', 'password' => node['metadata']['jenkins']['eo_password'], 'sshkey' => node.run_state[:jenkins_public_key])
include_recipe 'jenkins_epc::install_jenkins'
# install plugins
jenkins_epc_install_plugins 'Install plugins' do
plugins node['jenkins_epc']['default_plugins']
flags_path flags_path
action :install
not_if { ::File.exist?("#{Chef::Config[:file_cache_path]}/jenkins-plugins.json") }
end
template 'JenkinsLocationConfiguration' do
owner 'jenkins'
group 'jenkins'
path "#{node['jenkins']['master']['home']}/jenkins.model.JenkinsLocationConfiguration.xml"
source 'jenkins.model.JenkinsLocationConfiguration.xml.erb'
variables(
jenkins_url: node['fqdn']
)
end
unless node['metadata']['jenkins']['mq_server'].empty? && node['metadata']['jenkins']['mq_login'].empty? && node['metadata']['jenkins']['mq_password'].empty? && node['metadata']['jenkins']['mq_prefix'].empty?
template 'logstash configuring' do
owner 'jenkins'
group 'jenkins'
path "#{node['jenkins']['master']['home']}/jenkins.plugins.logstash.LogstashInstallation.xml"
source 'jenkins.plugins.logstash.LogstashInstallation.xml.erb'
variables(
rabbit_host: node['metadata']['jenkins']['mq_server'],
env_login: node['metadata']['jenkins']['mq_login'],
env_pass: node['metadata']['jenkins']['mq_password'],
env_name: node['metadata']['jenkins']['mq_prefix']
)
notifies :restart, 'service[jenkins]', :delayed
end
end
# configure users
jenkins_epc_configure_users 'Configure basic users' do
users jenkins_users
flags_path flags_path
action :configure
notifies :create, 'file[Jenkins installed]', :immediately
not_if { ::File.exist?("#{flags_path}/jenkins-installed") }
end
file 'Jenkins installed' do
path "#{flags_path}/jenkins-installed"
action :nothing
end
# allow ssh connect in order to use jenkins cli from under admin users
template 'update_org.jenkinsci.main.modules.sshd.SSHD.xml.erb' do
source 'org.jenkinsci.main.modules.sshd.SSHD.xml.erb'
path "#{node['jenkins']['master']['home']}/org.jenkinsci.main.modules.sshd.SSHD.xml"
owner 'jenkins'
group 'jenkins'
mode '0755'
variables(
port: node['jenkins_epc']['cli']['sshd']['port']
)
action :create
notifies :restart, 'service[jenkins]', :immediately
notifies :run, 'ruby_block[use ssh for jenkins executor]', :immediately
end
# https://gist.github.com/fishi0x01/7c2d29afbaa0f16126eb4d4b35942f76
jenkins_private_key_credentials 'jenkins' do
id 'jenkins-ssh-key'
description 'Jenkins master ssh key'
private_key node.run_state[:jenkins_private_key]
end
datics 'jenkins_master' do
data 'ssh_key' => node.run_state[:jenkins_public_key].split(' ')[1]
end
include_recipe 'jenkins_epc::slave_lookup'`
@ramereth, are there any updates regarding this error?
@StanislavBabkin unfortunately I haven't had a chance to take a look at this. I'll try and find some time this week
updating the chef client to version 17 solved the problem!
help to understand why the resource jenkins_private_key_credentials does not work
list of plugin that installed before:
resource:
body of node.run_state[:jenkins_private_key]:
error:
version: jenkins (8.2.2), chef-server: 13.2.0, chef-client: 15.11.3