碼頭工人的詹金斯奴隸拒絕SSH密鑰
[英]Jenkins slave in docker is denying SSH keys
問題描述
我在Docker容器中正在運行的Jenkins。 當拆分另一個Docker容器中的節點時,我收到消息:
[11/18/16 20:46:21] [SSH] Opening SSH connection to 192.168.99.100:32826.
ERROR: Server rejected the 1 private key(s) for Jenkins (credentialId:528bbe19-eb26-4c9f-bae3-82cd1247d50a/method:publickey)
[11/18/16 20:46:22] [SSH] Authentication failed.
hudson.AbortException: Authentication failed.
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1217)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[11/18/16 20:46:22] Launch failed - cleaning up connection
[11/18/16 20:46:22] [SSH] Connection closed.
使用docker exec -i -t slave_name /bin/bash命令,我可以進入home / jenkins / .ssh目錄,以確認ssh密鑰在預期位置。
在我的配置頁面的CLOUD標題下,測試連接返回
版本= 1.12.3,API版本= 1.24
。
我正在運行OSX Sierra,並嘗試遵循RIOT Games Jenkins-Docker教程http://engineering.riotgames.com/news/building-jenkins-inside-ephemeral-docker-container 。
Jenkins主Docker文件:
FROM debian:jessie
# Create the jenkins user
RUN useradd -d "/var/jenkins_home" -u 1000 -m -s /bin/bash jenkins
# Create the folders and volume mount points
RUN mkdir -p /var/log/jenkins
RUN chown -R jenkins:jenkins /var/log/jenkins
VOLUME ["/var/log/jenkins", "/var/jenkins_home"]
USER jenkins
CMD ["echo", "Data container for Jenkins"]
詹金斯奴隸Dockerfile
FROM centos:7
# Install Essentials
RUN yum update -y && yum clean all
# Install Packages
RUN yum install -y git \
&& yum install -y wget \
&& yum install -y openssh-server \
&& yum install -y java-1.8.0-openjdk \
&& yum install -y sudo \
&& yum clean all
# gen dummy keys, centos doesn't autogen them.
RUN /usr/bin/ssh-keygen -A
# Set SSH Configuration to allow remote logins without /proc write access
RUN sed -ri 's/^session\s+required\s+pam_loginuid.so$/session optional \
pam_loginuid.so/' /etc/pam.d/sshd
# Create Jenkins User
RUN useradd jenkins -m -s /bin/bash
# Add public key for Jenkins login
RUN mkdir /home/jenkins/.ssh
COPY /files/authorized_keys /home/jenkins/.ssh/authorized_keys
RUN chown -R jenkins /home/jenkins
RUN chgrp -R jenkins /home/jenkins
RUN chmod 600 /home/jenkins/.ssh/authorized_keys
RUN chmod 700 /home/jenkins/.ssh
# Add the jenkins user to sudoers
RUN echo "jenkins ALL=(ALL) ALL" >> etc/sudoers
# Set Name Servers to avoid Docker containers struggling to route or resolve DNS names.
COPY /files/resolv.conf /etc/resolv.conf
# Expose SSH port and run SSHD
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
我一直在和另一個人在一個被困在同一地方的Linux機器上做同樣的教程。 任何幫助,將不勝感激。
1 個解決方案
解決方案1
2 已采納 2016-12-27 10:41:26
您遇到的問題可能與主機的交互式授權有關。 嘗試將以下命令添加到從屬設備的Dockerfile
RUN ssh-keyscan -H 192.168.99.100 >> /home/jenkins/.ssh/known_hosts
確保在創建jenkins用戶之后添加它,最好在
USER jenkins
以避免錯誤的文件所有權。
另外,請確保在主主機在線時執行此操作,否則它將告訴您主機不可達。 如果不能,請手動執行從從屬服務器獲取known_hosts文件,然后將其復制到從屬服務器中。
您可以驗證這一點。 如果您將控制台連接到Docker從屬服務器並將ssh連接到主服務器,它將要求您信任服務器並將其添加到已知主機。
如何緩存Jenkins Docker SSH從站的已下載依賴項(Gradle)
[英]How to cache downloaded dependencies for a Jenkins Docker SSH Slave (Gradle)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.