OpenShift Jenkins git clone 失败:主机密钥验证失败
[英]OpenShift Jenkins git clone fails: Host key verification failed
问题描述
I try to build my Node JS (latest version) application in Jenkins in the Red Hat OpenShift environment but it continues to fail with this message in the Jenkins log:
我尝试在 Red Hat OpenShift 环境中的 Jenkins 中构建我的 Node JS(最新版本)应用程序,但它继续失败并在 Jenkins 日志中显示以下消息:
Host key verification failed.
fatal: Could not read from remote repository.
Upon further investigation it turns out the Jenkins server cannot clone the repo from the application server:经过进一步调查,发现 Jenkins 服务器无法从应用程序服务器克隆 repo:
[JENKINS_HOST test]\> git clone ssh://GUID@APP_HOST/~/git/sof.git
Cloning into 'sof'...
The authenticity of host 'APP_HOST (172.16.6.220)' can't be established.
RSA key fingerprint is cf:ee:77:cb:0e:fc:02:d7:72:7e:ae:80:c0:90:88:a7.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/var/lib/openshift/GUID/.ssh/known_hosts).
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
I cannot even enter the .ssh directory on the Jenkins host.我什至无法进入 Jenkins 主机上的.ssh目录。
Take it the OpenShift app management should handle all the private keys between the app and the CI host but doesn't seem to be working.拿它来说,OpenShift 应用程序管理应该处理应用程序和 CI 主机之间的所有私钥,但似乎不起作用。
Any ideas?有什么想法吗?
I've searched all over the web but OpenShift-specific scenarios are not common.我在整个网络上进行了搜索,但特定于 OpenShift 的场景并不常见。
3 个解决方案
解决方案1
1 2016-06-10 23:24:16
This can be done with custom cartridge https://cartreflect-claytondev.rhcloud.com/reflect?github=smerrill/openshift-community-git-ssh The cartridge creates script and sets the GIT_SSH environment variable to run git-ssh without strict host key checking.这可以使用自定义墨盒https://cartreflect-claytondev.rhcloud.com/reflect?github=smerrill/openshift-community-git-ssh墨盒创建脚本并设置 GIT_SSH 环境变量以在没有严格主机的情况下运行 git-ssh关键检查。
So,所以,
- Install the cartridge with your Openshift web-console to your jenkins application (Applications / jenkins / "Or, see the entire list of cartridges you can add", put the link into "Install your own cartridge" field)使用您的 Openshift 网络控制台将墨盒安装到您的 jenkins 应用程序(应用程序 / jenkins /“或者,查看您可以添加的墨盒的完整列表”,将链接放入“安装您自己的墨盒”字段中)
- Connect to jenkins application via ssh: ssh @jenkins-.rhcloud.com通过 ssh 连接到 jenkins 应用程序:ssh @jenkins-.rhcloud.com
- cd ${OPENSHIFT_DATA_DIR}/git-ssh/ cd ${OPENSHIFT_DATA_DIR}/git-ssh/
- ssh-keygen ssh-keygen
4.1.4.1. Set key file ./id_rsa设置密钥文件 ./id_rsa
4.2.4.2. Leave password empty将密码留空
This creates files id_rsa and id_rsa.pub in ${OPENSHIFT_DATA_DIR}/git-ssh/ directory这将在 ${OPENSHIFT_DATA_DIR}/git-ssh/ 目录中创建文件 id_rsa 和 id_rsa.pub - Print your id_rsa.pub: cat id_rsa.pub打印你的 id_rsa.pub: cat id_rsa.pub
- Copy the contents of id_rsa.pub复制 id_rsa.pub 的内容
- In Openshift web console go to Settings, add new public key在 Openshift Web 控制台中,转到设置,添加新的公钥
- Fill key name and paste the contents of id_rsa.pub into second field, press "Create"填写密钥名称并将 id_rsa.pub 的内容粘贴到第二个字段中,按“创建”
- Restart jenkins application重启詹金斯应用
Now git clone must be ok现在 git clone 肯定没问题
解决方案2
0 2016-04-16 20:33:09
If you don't need to commit change the protocol to http and you will not need to use ssh keys since it should be read-only if your server allow you and support this protocol.如果您不需要提交将 协议更改为http并且您将不需要使用 ssh 密钥,因为如果您的服务器允许并支持此协议,它应该是只读的。
If you must use ssh they you must set-up the ssh keys.如果必须使用 ssh,则必须设置 ssh 密钥。 No way to "skip" it.没有办法“跳过”它。
解决方案3
0 2019-12-21 20:13:12
if anyone gets here and he just can't get his private repo to be cloned on openshift.如果有人来到这里并且他无法在 openshift 上克隆他的私人存储库。 Not with SSH and not with HTTP.不支持 SSH,也不支持 HTTP。 Iv'e got a simple solution that works great.我有一个简单的解决方案,效果很好。 Clone with http and add your token to the repo link eg使用 http 克隆并将您的令牌添加到 repo 链接,例如
git clone https://<token>@github.com/owner/repo.git
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.