sous-chefs / jenkins

Development repository for the jenkins cookbook
https://supermarket.chef.io/cookbooks/jenkins
Apache License 2.0
424 stars 635 forks source link

ERROR when try use jenkins_private_key_credentials resource; worked without errors a month ago #765

Closed StanislavBabkin closed 3 years ago

StanislavBabkin commented 3 years ago

help to understand why the resource jenkins_private_key_credentials does not work

list of plugin that installed before: image

resource: image

body of node.run_state[:jenkins_private_key]: image

error: image

version: jenkins (8.2.2), chef-server: 13.2.0, chef-client: 15.11.3

ramereth commented 3 years ago

Is this happening on the first run or every run? i.e. did the ssh-credential plugin get installed, jenkins restarted and then this resource is run?

StanislavBabkin commented 3 years ago

This error occurs every time the chef client run

Everything is correct, at first the plugins are successfully installed, then the jenkins service is restarted

I also tried to put in this resource the private part of ssh-key(hardcoded -- as in the documentation) but the error was reproducible

ramereth commented 3 years ago

@StanislavBabkin can you please provide an example recipe which replicates this issue so I can try it on my end?

StanislavBabkin commented 3 years ago

yes, of course, but I'm afraid one recipe will not demonstrate all of the cookbook logic

`#
# Cookbook Name:: jenkins_epc
# Recipe:: default
#
# Copyright 2020, EPAM
#
# All rights reserved - Do Not Redistribute
#

chef_gem 'sshkey' do
  compile_time true
end

require 'sshkey'

include_recipe 'jenkins_epc::ssl'

metadata 'jenkins' do
  action :nothing
end.run_action(:update)

id_key_path = '/root/.ssh/id_rsa'
flags_path = "#{Chef::Config[:file_cache_path]}/jenkins_flags"

ruby_block 'use ssh for jenkins executor' do
  block do
    node.override['jenkins']['executor']['protocol'] = 'ssh'
  end
  action :run
  only_if { ::File.exist?("#{flags_path}/jenkins-installed") }
end

directory 'Service directory for some flags' do
  path    flags_path
  owner   'root'
  group   'root'
  mode    '0700'
  action  :create
end

if !File.exist?(id_key_path)
  sshkey = SSHKey.generate(
    type: 'RSA',
    bits: 4096
  )

  directory ::File.dirname(id_key_path) do
    owner   'root'
    group   'root'
    mode    '0700'
    action  :create
  end

  # Store public key on disk
  file "#{id_key_path}.pub" do
    content sshkey.ssh_public_key
    owner   'root'
    group   'root'
    mode    '0644'
    action  :create_if_missing
  end

  file 'Private key backup' do
    path    "#{flags_path}/eo-key"
    content sshkey.private_key
    owner   'root'
    group   'root'
    mode    '0600'
    action  :create_if_missing
  end

  node.run_state[:jenkins_public_key] = sshkey.ssh_public_key
  node.run_state[:jenkins_private_key] = sshkey.private_key

else
  node.run_state[:jenkins_public_key] = File.open(id_key_path + '.pub', 'r').read
  node.run_state[:jenkins_private_key] = File.open(id_key_path, 'r').read
end

file id_key_path do
  content node.run_state[:jenkins_private_key]
  owner   'root'
  group   'root'
  mode    '0600'
  sensitive true
  action  :create_if_missing
end

jenkins_users = []
jenkins_users.push('name' => 'admin', 'privileges' => 'ADMINISTER', 'password' => node['metadata']['jenkins']['admin_password'], 'sshkey' => '')
jenkins_users.push('name' => 'eo', 'privileges' => 'ADMINISTER', 'password' => node['metadata']['jenkins']['eo_password'], 'sshkey' => node.run_state[:jenkins_public_key])

include_recipe 'jenkins_epc::install_jenkins'

# install plugins
jenkins_epc_install_plugins 'Install plugins' do
  plugins node['jenkins_epc']['default_plugins']
  flags_path flags_path
  action :install
  not_if { ::File.exist?("#{Chef::Config[:file_cache_path]}/jenkins-plugins.json") }
end

template 'JenkinsLocationConfiguration' do
  owner   'jenkins'
  group   'jenkins'
  path    "#{node['jenkins']['master']['home']}/jenkins.model.JenkinsLocationConfiguration.xml"
  source  'jenkins.model.JenkinsLocationConfiguration.xml.erb'
  variables(
    jenkins_url: node['fqdn']
  )
end

unless node['metadata']['jenkins']['mq_server'].empty? && node['metadata']['jenkins']['mq_login'].empty? && node['metadata']['jenkins']['mq_password'].empty? && node['metadata']['jenkins']['mq_prefix'].empty?
  template 'logstash configuring' do
    owner  'jenkins'
    group  'jenkins'
    path   "#{node['jenkins']['master']['home']}/jenkins.plugins.logstash.LogstashInstallation.xml"
    source 'jenkins.plugins.logstash.LogstashInstallation.xml.erb'
    variables(
      rabbit_host: node['metadata']['jenkins']['mq_server'],
      env_login: node['metadata']['jenkins']['mq_login'],
      env_pass: node['metadata']['jenkins']['mq_password'],
      env_name: node['metadata']['jenkins']['mq_prefix']
    )
    notifies :restart, 'service[jenkins]', :delayed
  end
end

# configure users
jenkins_epc_configure_users 'Configure basic users' do
  users       jenkins_users
  flags_path  flags_path
  action      :configure
  notifies    :create, 'file[Jenkins installed]', :immediately
  not_if      { ::File.exist?("#{flags_path}/jenkins-installed") }
end

file 'Jenkins installed' do
  path    "#{flags_path}/jenkins-installed"
  action  :nothing
end

# allow ssh connect in order to use jenkins cli from under admin users
template 'update_org.jenkinsci.main.modules.sshd.SSHD.xml.erb' do
  source 'org.jenkinsci.main.modules.sshd.SSHD.xml.erb'
  path   "#{node['jenkins']['master']['home']}/org.jenkinsci.main.modules.sshd.SSHD.xml"
  owner  'jenkins'
  group  'jenkins'
  mode   '0755'
  variables(
    port: node['jenkins_epc']['cli']['sshd']['port']
  )
  action :create
  notifies :restart, 'service[jenkins]', :immediately
  notifies :run, 'ruby_block[use ssh for jenkins executor]', :immediately
end

# https://gist.github.com/fishi0x01/7c2d29afbaa0f16126eb4d4b35942f76
jenkins_private_key_credentials 'jenkins' do
  id          'jenkins-ssh-key'
  description 'Jenkins master ssh key'
  private_key node.run_state[:jenkins_private_key]
end

datics 'jenkins_master' do
  data 'ssh_key' => node.run_state[:jenkins_public_key].split(' ')[1]
end

include_recipe 'jenkins_epc::slave_lookup'`
StanislavBabkin commented 3 years ago

@ramereth, are there any updates regarding this error?

ramereth commented 3 years ago

@StanislavBabkin unfortunately I haven't had a chance to take a look at this. I'll try and find some time this week

StanislavBabkin commented 3 years ago

updating the chef client to version 17 solved the problem!