堆栈内存溢出
  简体   繁体   English

Jenkins 权限被拒绝从 Jenkins CLI 访问 pem 密钥 - 尝试从 jenkins 实例登录另一个实例

[英]Jenkins Permission denied accessing pem key from Jenkins CLI - Try to make the loging another instance from jenkins instance

 原文  2020-01-09 04:10:02       jenkins/ jenkins-plugins

问题描述

I have 2 instance in AWS EC2.我在 AWS EC2 中有 2 个实例。 1 is for Jenkins 1 is for Angular 6. I am trying to build the pipe line from Jenkins instance to Another EC2 instance where my Angular 6 application is hosting. 1 适用于 Jenkins 1 适用于 Angular 6。我正在尝试构建从 Jenkins 实例到我的 Angular 6 应用程序托管的另一个 EC2 实例的管道。

What Exactly I am trying to do here, if any push got happened in my Bitbucket repo, Jenkins will identify that login to another EC2 instance via ssh -i user@ip and pull the code from master branch and deploy it via pm2.我到底想在这里做什么,如果在我的 Bitbucket 存储库中发生任何推送,Jenkins 将通过 ssh -i user@ip 识别该登录到另一个 EC2 实例,并从 master 分支中提取代码并通过 pm2 部署它。

Currently I'm facing the problem -目前我面临的问题 -

Jenkins logs -詹金斯日志 -

Started by user Atique Ahmed Running as SYSTEM Building in workspace /var/lib/jenkins/workspace/meanstack No credentials specified由用户 Atique Ahmed 启动 在工作区 /var/lib/jenkins/workspace/meanstack 中以系统身份运行 未指定凭据

git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository git config remote.origin.url https://bitbucket.org/atique12/mongocrud_application_frnt_end.git # timeout=10 Fetching upstream changes from https://bitbucket.org/atique12/mongocrud_application_frnt_end.git git --version # timeout=10 git fetch --tags --progress -- https://bitbucket.org/atique12/mongocrud_application_frnt_end.git +refs/heads/:refs/remotes/origin/ # timeout=10 git rev-parse refs/remotes/origin/master^{commit} # timeout=10 git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10 Checking out Revision a7df8023cebbbac998274628bc761ea68da62da0 (refs/remotes/origin/master) git config core.sparsecheckout # timeout=10 git checkout -f a7df8023cebbbac998274628bc761ea68da62da0 # timeout=10 Commit message: "form.component.html edited online with Bitbucket" git rev-list --no-walk a7df8023cebbbac998274628bc761ea68da62da0 # timeout=10 [meanstack] $ /bin/bash /tmp/jenkins69726072 git rev-parse --is-inside-work-tree # timeout=10 从远程 Git 存储库获取更改 git config remote.origin.url https://bitbucket.org/atique12/mongocrud_application_frnt_end.git # timeout=10 从上游获取更改自https://bitbucket.org/atique12/mongocrud_application_frnt_end.git git --version # timeout=10 git fetch --tags --progress -- https://bitbucket.org/atique12/mongocrud_application_frnt_end.git +refs/heads /:refs/remotes/origin/ # timeout=10 git rev-parse refs/remotes/origin/master^{commit} # timeout=10 git rev-parse refs/remotes/origin/origin/master^{commit} # timeout =10 检出修订版 a7df8023cebbbac998274628bc761ea68da62da0 (refs/remotes/origin/master) git config core.sparsecheckout # timeout=10 git checkout -f a7df8023cebbbac998274628bc761ea68da62da0 list --no-walk a7df8023cebbbac998274628bc761ea68da62da0 # timeout=10 [meanstack] $ /bin/bash /tmp/jenkins69726072 04969540608.sh jenkins is not in the sudoers file. 04969540608.sh jenkins 不在 sudoers 文件中。 This incident will be reported.此事件将被报告。 total 12 -r-------- 1 ubuntu ubuntu 1696 Jan 8 05:59 allinstancepair.pem -rwxrwxrwx 1 ubuntu ubuntu 184 Jan 8 17:21 deploy.sh drw------- 2 ubuntu ubuntu 4096 Jan 8 16:00 mykey /home/ubuntu ./deploy.sh: line 4: cd: mykey: Permission denied Warning: Identity file /allinstancepair.pem not accessible: No such file or directory.总计 12 -r-------- 1 ubuntu ubuntu 1696 Jan 8 05:59 allinstancepair.pem -rwxrwxrwx 1 ubuntu ubuntu 184 Jan 8 17:21 deploy.sh drw------- 2 ubuntu ubuntu 4096 Jan 8 16:00 mykey /home/ubuntu ./deploy.sh: line 4: cd: mykey: Permission denied 警告:身份文件 /allinstancepair.pem 不可访问:没有这样的文件或目录。 OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * Pseudo-terminal will not be allocated because stdin is not a terminal. OpenSSH_7.6p1 Ubuntu-4ubuntu0.3,OpenSSL 1.0.2n 2017 年 12 月 7 日 debug1:读取配置数据 /etc/ssh/ssh_config debug1:/etc/ssh/ssh_config 第 19 行:将不会分配用于 * 伪终端的选项,因为stdin 不是终端。 debug1: Connecting to 13.233.183.227 [13.233.183.227] port 22. debug1: Connection established. debug1:连接到 13.233.183.227 [13.233.183.227] 端口 22。 debug1:连接已建立。 debug1: identity file /var/lib/jenkins/.ssh/id_rsa type 0 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: Remote protocol version 2.0, remote software version OpenSSH_7. debug1: 身份文件 /var/lib/jenkins/.ssh/id_rsa type 0 debug1: key_load_public: 没有那个文件或目录 debug1: 身份文件 /var/lib/jenkins/.ssh/id_rsa-cert type -1 debug1: key_load_public:没有那个文件或目录 debug1: 身份文件 /var/lib/jenkins/.ssh/id_dsa type -1 debug1: key_load_public: 没有那个文件或目录 debug1: 身份文件 /var/lib/jenkins/.ssh/id_dsa-cert 类型-1 debug1: key_load_public: 没有那个文件或目录 debug1: 身份文件 /var/lib/jenkins/.ssh/id_ecdsa type -1 debug1: key_load_public: 没有那个文件或目录 debug1: 身份文件 /var/lib/jenkins/。 ssh/id_ecdsa-cert type -1 debug1: key_load_public: 没有那个文件或目录 debug1: 身份文件 /var/lib/jenkins/.ssh/id_ed25519 type -1 debug1: key_load_public: 没有这样的文件或目录 debug1: 身份文件 /var /lib/jenkins/.ssh/id_ed25519-cert type -1 debug1:本地版本字符串 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1:远程协议版本 2.0,远程软件版本 OpenSSH_7。 6p1 Ubuntu-4ubuntu0.3 debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 13.233.183.227:22 as 'root' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:2t3A4VkLU7+iLWc7e/HKast+vY6I3dXnOxY9pVzL6+g debug1: Host '13.233.183.227' is known and matches the ECDSA host key. 6p1 Ubuntu-4ubuntu0.3 debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 13.233.183.227:22 as 'root' debug1: SSHITING1GMS senting: deKbugIN_G1GMS curve25519-sha256 debug1:kex:主机密钥算法:ecdsa-sha2-nistp256 debug1:kex:服务器->客户端密码:chacha20-poly1305@openssh.com MAC:压缩:无 debug1:kex:客户端->服务器密码:chacha20- poly1305@openssh.com MAC:压缩:无 debug1:期待 SSH2_MSG_KEX_ECDH_REPLY debug1:服务器主机密钥:ecdsa-sha2-nistp256 SHA256:2t3A4VkLU7+iLWc7e/HKast+vY6I3dXnOx137e/HKast+vY6I3dXnOx13C3V 和已知的 ECD2VY6I3dXnOx13C3V1V1V1'2V1V1V1V1V1V1V1V1V1V1V 匹配。主机密钥。 debug1: Found key in /var/lib/jenkins/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:ZKnUTgYBL/OMjNHzEf3ATonaIBa5OfQs8htabRUA/Vo /var/lib/jenkins/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /var/lib/jenkins/.ssh/id_dsa debug1: Trying private key: /var/lib/jenkins/.ssh/id_ecdsa debug1: Trying private key: /var/lib/jenkins/.ssh/id_ed25519 debug1: No more authentication methods to try. debug1:在 /var/lib/jenkins/.ssh/known_hosts:1 中找到密钥 debug1:在 134217728 块之后重新加密 debug1:SSH2_MSG_NEWKEYS 发送 debug1:期待 SSH2_MSG_NEWKEYS debug1:SSH2_MSG_NEWKEYS 收到 debug1: SSH2_MSG_NEWKEYS 接收 debug1: SSH2_MSG_NEWKEYS 后收到 debug1_134217728 块 debug1: SSH2_MSG_NEWKEYS 接收 debug1: SSH2_MSG_NEWKEYS_134217728 server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: 下一个身份验证方法: publickey debug1: 提供公钥: RSA SHA256:ZKnUTgYBL/OMjNHzEf3ATonaIBa5OfQs8htabRUA/librsa/vo/ debug1:可以继续的身份验证:publickey debug1:尝试私钥:/var/lib/jenkins/.ssh/id_dsa debug1:尝试私钥:/var/lib/jenkins/.ssh/id_ecdsa debug1:尝试私钥:/var /lib/jenkins/.ssh/id_ed25519 debug1:没有更多的身份验证方法可以尝试。 root@13.233.183.227: Permission denied (publickey). root@13.233.183.227:权限被拒绝(公钥)。 allinstancepair.pem deploy.sh mykey ./deploy.sh: line 7: cd: mongocrud_application_frnt_end: No such file or directory fatal: not a git repository (or any of the parent directories): .git /home/ubuntu ./deploy.sh: line 10: npm: command not found ./deploy.sh: line 11: pm2: command not found /home/ubuntu Finished: SUCCESS allinstancepair.pem deploy.sh mykey ./deploy.sh: line 7: cd: mongocrud_application_frnt_end: 没有这样的文件或目录 致命的:不是 git 存储库(或任何父目录):.git /home/ubuntu ./deploy。 sh: line 10: npm: command not found ./deploy.sh: line 11: pm2: command not found /home/ubuntu Finished: SUCCESS

My Jenkins is not able to read the pem key file我的 Jenkins 无法读取 pem 密钥文件

while I am trying to make the login using SSH and pem key to another instance.当我尝试使用 SSH 和 pem 密钥登录另一个实例时。

I have tried -我试过了 -

chmod 400 - mypem.key chmod 600 - mypem.key chmod 777 - mypem.key

No help.没有帮助。 Every time I am getting permission denied issue.每次我得到许可被拒绝的问题。 Any help ?有什么帮助吗?

1 个解决方案

解决方案1
 1  2021-02-25 06:37:37

Jenkins run the jobs under jenkins user. Jenkins 在 jenkins 用户下运行作业。 Jenkins user does not have the permission to read the files from other directories. Jenkins 用户无权从其他目录读取文件。 Also you need to run chmod command with sudo.您还需要使用 sudo 运行 chmod 命令。 If you are trying to run commands from Jenkinsfile with sudo, then it won't work.如果您尝试使用 sudo 从 Jenkinsfile 运行命令,那么它将不起作用。 For that you need to edit the sudoers file.为此,您需要编辑 sudoers 文件。 It will give access to jenkins user to run sudo commands without password.它将允许 jenkins 用户在没有密码的情况下运行 sudo 命令。 How to change and what to change can be found here .可以在此处找到如何更改以及更改内容。

One more thing, if you are trying to run shh command from jenkinsfile to connect to other ec2 instance, then simple sh "ssh -i pem.key user@ip" won't work.还有一件事,如果您尝试从 jenkinsfile 运行 shh 命令以连接到其他 ec2 实例,那么简单的sh "ssh -i pem.key user@ip"将不起作用。 You need to disable the verification by assigning StrictHostKeyChecking to no ie ssh -o "StrictHostKeyChecking no" -i pem.key user@ip您需要通过将StrictHostKeyChecking分配给no ie ssh -o "StrictHostKeyChecking no" -i pem.key user@ip来禁用验证

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从Jenkins工作中的另一个Jenkins实例上运行Jenkins作业 - run a Jenkins job on another Jenkins instance from the Jenkins job jenkins - 无法通过 ssh 连接到远程服务器(密钥 - 权限被拒绝)但可以从 cli 工作 - jenkins - can't ssh to remote server (key - permission denied) but works from cli 从Jenkins启动Tomcat实例 - Starting of Tomcat Instance from Jenkins 加载密钥:权限被拒绝詹金斯 - load key : permission denied jenkins 从詹金斯运行时权限被拒绝错误 - Permission denied error while running from jenkins 如何将凭证从一个 jenkins 实例导出到另一个实例? - How to export credentials from one jenkins instance to another? Jenkins 配置即代码 - 从另一个实例迁移配置 - Jenkins Configuration as Code - migrate configuration from another instance 使Jenkins实例可通过Internet使用:远离本地主机 - Make Jenkins instance available over internet: away from localhost Jenkins的一个实例可以呼叫另一个 - One instance of Jenkins to call another 来自Jenkins的Rsync到Google Compute引擎实例 - Rsync to Google Compute engine Instance from Jenkins
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM