git clone 在 jenkins 中返回权限问题

Question

I have a jenkins and I clone a repo using jenkins configuration. Then in that repo I have an ansible task which clones another repo:

- name: Mock Server
  vars:
    mock_server: "{{ base_build_path }}/uds-mock-server"
  git:
    repo: 'git@github.ibm.com:xxxxx/mock-server.git'
    dest: "{{ mock_server }}"
    clone: yes
    recursive: yes
    version: master
    track_submodules: yes

Now the problem is since the code running inside the jenkins does not have access to the repo I get:

"Permission denied (publickey).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}

So is there anyway I can add private key in jenkins in configuration then it will use that key when it clones the repo?

Answer 1

The key needs to be available for the remote_user on the target server running the task. By default it will read the default ssh keys available in ~/.ssh (eg id_rsa if you created an rsa one).

If the key is not in the default location/name, thegit module has a key_file parameter you can use to point to the correct location.

You can either copy that key prior to running your playbook or in a task just before running git.

If you want to control everything from Jenkins, you could add the key content as a "secret file" credential in Jenkins, bind that credential to a var (which will contain the path to the secret temporary file), copy that file to the target server and use that uploaded file as the key (default or custom) in your ansible git task.

Answer 2

确保 (Settings > Repository > Deploy Keys) 下的 Repo's Deployed Key 已启用