Failure using Git and ssh on a Hudson slave

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Failure using Git and ssh on a Hudson slave

Hendryk Bockelmann
I installed a Hudson server (ver. 1.383) on CentOS using yum and set up some UNIX slaves (Ubuntu 10.04, SuseEnterprise, AIX). Connection to the slaves is done by ssh private/public key authentication which works fine - also some simple builds based on shell scripts performed well on the slaves.
Now I wanted to use Git on the slaves via Hudson but got the error:

Started by user hudson
Building remotely on slave.host.de
Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave - [hidden email]
Using strategy: Default
Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave - hudson.remoting.LocalChannel@2ccf0384
GitAPI created
Cloning the remote Git repository
Cloning repository origin
$ /usr/bin/git clone -o origin [hidden email] /tmp/hudson/workspace/testsuiteOnSlave
ERROR: Error cloning remote repo 'origin' : Could not clone [hidden email]
ERROR: Cause: Error performing /usr/bin/git clone -o origin [hidden email] /tmp/hudson/workspace/testsuiteOnSlave
Command returned status code 128: Initialized empty Git repository in /tmp/hudson/workspace/testsuiteOnSlave/.git/
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
fatal: The remote end hung up unexpectedly
As a check I ran the git clone directly on the slave and was able to get the Git repository without any problems ...

I suppose that this error is somehow related to the ssh-key authentication, since the following test also did not succeed - on the Hudson webinterface I used the "script console" for the node slave.host.de with the following script:

def proc = "ssh -l user -i /home/user/.ssh/id_rsa slave2.host.de 'uname -a' ".execute()
def b = new StringBuffer()
proc.consumeProcessErrorStream(b)
println proc.text
println b.toString()

and got the result:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive)
Somehow Hudson is not possible to use the desired ssh-key on the slave node ... but this is essential to clone the Git repository.

Maybe someone can help me?
-- 
Hendryk Bockelmann
DKRZ GmbH, Department: Application software

Deutsches Klimarechenzentrum
Bundesstraße 45a
D-20146 Hamburg

email [hidden email]
phone +49 (0)40 460094-144
fax   +49 (0)40 460094-270
web   http://www.dkrz.de
Reply | Threaded
Open this post in threaded view
|

Re: Failure using Git and ssh on a Hudson slave

scrandell
When the git clone worked properly for you on the hudson host, were you operating as the same user as hudson is running under?
This sounds like a fairly typical ssh-key configuration problem but if that's the case then your manual tests should have failed also.


On Fri, Nov 5, 2010 at 3:20 AM, Hendryk Bockelmann <[hidden email]> wrote:
I installed a Hudson server (ver. 1.383) on CentOS using yum and set up some UNIX slaves (Ubuntu 10.04, SuseEnterprise, AIX). Connection to the slaves is done by ssh private/public key authentication which works fine - also some simple builds based on shell scripts performed well on the slaves.
Now I wanted to use Git on the slaves via Hudson but got the error:

Started by user hudson
Building remotely on slave.host.de
Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave - [hidden email]
Using strategy: Default
Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave - hudson.remoting.LocalChannel@2ccf0384
GitAPI created
Cloning the remote Git repository
Cloning repository origin
$ /usr/bin/git clone -o origin [hidden email] /tmp/hudson/workspace/testsuiteOnSlave
ERROR: Error cloning remote repo 'origin' : Could not clone [hidden email]
ERROR: Cause: Error performing /usr/bin/git clone -o origin [hidden email] /tmp/hudson/workspace/testsuiteOnSlave
Command returned status code 128: Initialized empty Git repository in /tmp/hudson/workspace/testsuiteOnSlave/.git/
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
fatal: The remote end hung up unexpectedly
As a check I ran the git clone directly on the slave and was able to get the Git repository without any problems ...

I suppose that this error is somehow related to the ssh-key authentication, since the following test also did not succeed - on the Hudson webinterface I used the "script console" for the node slave.host.de with the following script:

def proc = "ssh -l user -i /home/user/.ssh/id_rsa slave2.host.de 'uname -a' ".execute()
def b = new StringBuffer()
proc.consumeProcessErrorStream(b)
println proc.text
println b.toString()

and got the result:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive)
Somehow Hudson is not possible to use the desired ssh-key on the slave node ... but this is essential to clone the Git repository.

Maybe someone can help me?
-- 
Hendryk Bockelmann
DKRZ GmbH, Department: Application software

Deutsches Klimarechenzentrum
Bundesstra├če 45a
D-20146 Hamburg

email [hidden email]
phone +49 (0)40 460094-144
fax   +49 (0)40 460094-270
web   http://www.dkrz.de

Reply | Threaded
Open this post in threaded view
|

Re: Failure using Git and ssh on a Hudson slave

Hendryk Bockelmann
The git clone works properly on both the hudson host and all my slaves when executed on the shell
- on the hudon master host the user "hudson" clones the git repo using private ssh-key and ssh-identity "gitosis"
- on the slave nodes hudson is configured to login as local user NOT as "hudson" ... these local users also can access git repo by private ssh-key and ssh-identity "gitosis"
As I said: the .ssh/config is setup for access to git repo and also for login on other nodes ... but this only works directly on a shell (so my manually started checkout-configure-make tests work very well). If hudson logs into a slave (as local user on this machine) and tries to execute a simple ssh command, it seems as if the local .ssh/config is ignored ...

On 05/11/10 17:23, Steven Crandell wrote:
When the git clone worked properly for you on the hudson host, were you operating as the same user as hudson is running under?
This sounds like a fairly typical ssh-key configuration problem but if that's the case then your manual tests should have failed also.


On Fri, Nov 5, 2010 at 3:20 AM, Hendryk Bockelmann <[hidden email]> wrote:
I installed a Hudson server (ver. 1.383) on CentOS using yum and set up some UNIX slaves (Ubuntu 10.04, SuseEnterprise, AIX). Connection to the slaves is done by ssh private/public key authentication which works fine - also some simple builds based on shell scripts performed well on the slaves.
Now I wanted to use Git on the slaves via Hudson but got the error:

Started by user hudson
Building remotely on slave.host.de
Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave - [hidden email]
Using strategy: Default
Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave - hudson.remoting.LocalChannel@2ccf0384
GitAPI created
Cloning the remote Git repository
Cloning repository origin
$ /usr/bin/git clone -o origin [hidden email] /tmp/hudson/workspace/testsuiteOnSlave
ERROR: Error cloning remote repo 'origin' : Could not clone [hidden email]
ERROR: Cause: Error performing /usr/bin/git clone -o origin [hidden email] /tmp/hudson/workspace/testsuiteOnSlave
Command returned status code 128: Initialized empty Git repository in /tmp/hudson/workspace/testsuiteOnSlave/.git/
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
fatal: The remote end hung up unexpectedly
    
As a check I ran the git clone directly on the slave and was able to get the Git repository without any problems ...

I suppose that this error is somehow related to the ssh-key authentication, since the following test also did not succeed - on the Hudson webinterface I used the "script console" for the node slave.host.de with the following script:

def proc = "ssh -l user -i /home/user/.ssh/id_rsa slave2.host.de 'uname -a' ".execute()
def b = new StringBuffer()
proc.consumeProcessErrorStream(b)
println proc.text
println b.toString()

and got the result:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive)
Somehow Hudson is not possible to use the desired ssh-key on the slave node ... but this is essential to clone the Git repository.

Maybe someone can help me?

Reply | Threaded
Open this post in threaded view
|

Re: Failure using Git and ssh on a Hudson slave

Hendryk Bockelmann
Problem is solved now ... it was a mistake related to the used private ssh-key which is encrypted !!!
hudson logs in on a slave and tries to fetch data from git repo using a private ssh-key (as depicted in ~/..sh/config). if this key is encrypted, the execution fails since no passphrase can be given to decrypt the key.
on the shell my local ubuntu machine was so intelligent to decrypt the key automatically ...

now my question is the following: does any slave really need to have a non-encrypted private ssh-key to clone/fetch the git repo before tests can start? of course this is the solution that actually works for my tests but i am not so happy to copy non-encrypted ssh-keys to all slaves.

This question is also related to the launch method of slaves: does hudson really need a non-encrypted ssh-key to login/launch its slaves? or is there a possibility that hudson can handle encrypted ssh-keys?


On 08/11/10 09:14, Hendryk Bockelmann wrote:
The git clone works properly on both the hudson host and all my slaves when executed on the shell
- on the hudon master host the user "hudson" clones the git repo using private ssh-key and ssh-identity "gitosis"
- on the slave nodes hudson is configured to login as local user NOT as "hudson" ... these local users also can access git repo by private ssh-key and ssh-identity "gitosis"
As I said: the .ssh/config is setup for access to git repo and also for login on other nodes ... but this only works directly on a shell (so my manually started checkout-configure-make tests work very well). If hudson logs into a slave (as local user on this machine) and tries to execute a simple ssh command, it seems as if the local .ssh/config is ignored ...

On 05/11/10 17:23, Steven Crandell wrote:
When the git clone worked properly for you on the hudson host, were you operating as the same user as hudson is running under?
This sounds like a fairly typical ssh-key configuration problem but if that's the case then your manual tests should have failed also.


On Fri, Nov 5, 2010 at 3:20 AM, Hendryk Bockelmann <[hidden email]> wrote:
I installed a Hudson server (ver. 1.383) on CentOS using yum and set up some UNIX slaves (Ubuntu 10.04, SuseEnterprise, AIX). Connection to the slaves is done by ssh private/public key authentication which works fine - also some simple builds based on shell scripts performed well on the slaves.
Now I wanted to use Git on the slaves via Hudson but got the error:

Started by user hudson
Building remotely on slave.host.de
Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave - [hidden email]
Using strategy: Default
Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave - hudson.remoting.LocalChannel@2ccf0384
GitAPI created
Cloning the remote Git repository
Cloning repository origin
$ /usr/bin/git clone -o origin [hidden email] /tmp/hudson/workspace/testsuiteOnSlave
ERROR: Error cloning remote repo 'origin' : Could not clone [hidden email]
ERROR: Cause: Error performing /usr/bin/git clone -o origin [hidden email] /tmp/hudson/workspace/testsuiteOnSlave
Command returned status code 128: Initialized empty Git repository in /tmp/hudson/workspace/testsuiteOnSlave/.git/
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
fatal: The remote end hung up unexpectedly
    
As a check I ran the git clone directly on the slave and was able to get the Git repository without any problems ...

I suppose that this error is somehow related to the ssh-key authentication, since the following test also did not succeed - on the Hudson webinterface I used the "script console" for the node slave.host.de with the following script:

def proc = "ssh -l user -i /home/user/.ssh/id_rsa slave2.host.de 'uname -a' ".execute()
def b = new StringBuffer()
proc.consumeProcessErrorStream(b)
println proc.text
println b.toString()

and got the result:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive)
Somehow Hudson is not possible to use the desired ssh-key on the slave node ... but this is essential to clone the Git repository.

Maybe someone can help me?

Reply | Threaded
Open this post in threaded view
|

Re: Failure using Git and ssh on a Hudson slave

Sami Tikka
I'm not sure how this relates to Hudson at all.

If you are not happy with giving Hudson access to unencrypted ssh
keys, you can do something else. But Hudson just runs git and git runs
ssh. Hudson does not control ssh.

You could maybe configure git to use a protocol other than ssh?

Or you could set up ssh to authenticate using ssh-agent and you
provide the passphrase to the agent?

Or you could use Clone workspace plugin to check out your test code in
the master only and slaves could download the workspace directly from
master.

Or maybe something else...

-- Sami

2010/11/8 Hendryk Bockelmann <[hidden email]>:

> Problem is solved now ... it was a mistake related to the used private
> ssh-key which is encrypted !!!
> hudson logs in on a slave and tries to fetch data from git repo using a
> private ssh-key (as depicted in ~/..sh/config). if this key is encrypted,
> the execution fails since no passphrase can be given to decrypt the key.
> on the shell my local ubuntu machine was so intelligent to decrypt the key
> automatically ...
>
> now my question is the following: does any slave really need to have a
> non-encrypted private ssh-key to clone/fetch the git repo before tests can
> start? of course this is the solution that actually works for my tests but i
> am not so happy to copy non-encrypted ssh-keys to all slaves.
>
> This question is also related to the launch method of slaves: does hudson
> really need a non-encrypted ssh-key to login/launch its slaves? or is there
> a possibility that hudson can handle encrypted ssh-keys?
>
>
> On 08/11/10 09:14, Hendryk Bockelmann wrote:
>
> The git clone works properly on both the hudson host and all my slaves when
> executed on the shell
> - on the hudon master host the user "hudson" clones the git repo using
> private ssh-key and ssh-identity "gitosis"
> - on the slave nodes hudson is configured to login as local user NOT as
> "hudson" ... these local users also can access git repo by private ssh-key
> and ssh-identity "gitosis"
> As I said: the .ssh/config is setup for access to git repo and also for
> login on other nodes ... but this only works directly on a shell (so my
> manually started checkout-configure-make tests work very well). If hudson
> logs into a slave (as local user on this machine) and tries to execute a
> simple ssh command, it seems as if the local .ssh/config is ignored ...
>
> On 05/11/10 17:23, Steven Crandell wrote:
>
> When the git clone worked properly for you on the hudson host, were you
> operating as the same user as hudson is running under?
> This sounds like a fairly typical ssh-key configuration problem but if
> that's the case then your manual tests should have failed also.
>
> On Fri, Nov 5, 2010 at 3:20 AM, Hendryk Bockelmann <[hidden email]>
> wrote:
>>
>> I installed a Hudson server (ver. 1.383) on CentOS using yum and set up
>> some UNIX slaves (Ubuntu 10.04, SuseEnterprise, AIX). Connection to the
>> slaves is done by ssh private/public key authentication which works fine -
>> also some simple builds based on shell scripts performed well on the slaves.
>> Now I wanted to use Git on the slaves via Hudson but got the error:
>>
>> Started by user hudson
>> Building remotely on slave.host.de
>> Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave -
>> hudson.remoting.Channel@c222b37:slave.host.de
>> Using strategy: Default
>> Checkout:testsuiteOnSlave / /tmp/hudson/workspace/testsuiteOnSlave -
>> hudson.remoting.LocalChannel@2ccf0384
>> GitAPI created
>> Cloning the remote Git repository
>> Cloning repository origin
>> $ /usr/bin/git clone -o origin
>> ssh://[hidden email]/testsuite.git
>> /tmp/hudson/workspace/testsuiteOnSlave
>> ERROR: Error cloning remote repo 'origin' : Could not clone
>> ssh://[hidden email]/testsuite.git
>> ERROR: Cause: Error performing /usr/bin/git clone -o origin
>> ssh://[hidden email]/testsuite.git
>> /tmp/hudson/workspace/testsuiteOnSlave
>> Command returned status code 128: Initialized empty Git repository in
>> /tmp/hudson/workspace/testsuiteOnSlave/.git/
>> Permission denied, please try again.
>> Permission denied, please try again.
>> Permission denied (publickey,password).
>> fatal: The remote end hung up unexpectedly
>>
>>
>> As a check I ran the git clone directly on the slave and was able to get
>> the Git repository without any problems ...
>>
>> I suppose that this error is somehow related to the ssh-key
>> authentication, since the following test also did not succeed - on the
>> Hudson webinterface I used the "script console" for the node slave.host.de
>> with the following script:
>>
>> def proc = "ssh -l user -i /home/user/.ssh/id_rsa slave2.host.de 'uname
>> -a' ".execute()
>>
>> def b = new StringBuffer()
>>
>> proc.consumeProcessErrorStream(b)
>>
>> println proc.text
>>
>> println b.toString()
>>
>> and got the result:
>>
>> Permission denied, please try again.
>> Permission denied, please try again.
>> Permission denied (publickey,password,keyboard-interactive)
>>
>> Somehow Hudson is not possible to use the desired ssh-key on the slave
>> node ... but this is essential to clone the Git repository.
>>
>> Maybe someone can help me?
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]