On Sunday, October 8, 2017 at 12:38:32 PM UTC-6, Thor Waway wrote:
>
> I would like clarification on:
>
> - how jenkins master nodes and worker nodes communicate with git
> - how both use credentials and ssh plugins to authenticate with git
> - when to use Credentials plugin vs SSHAgent plugin
>
> Right now, I believe that the Master Node stores all credentials and then
> passes these credentials to the worker agents. This makes me believe that
> only one node - the master node - should have ssh keys for git.
>
>
I might clarify the phrasing slightly. The master should have the needed
credentials. Those credentials may include usernames and passwords (for
https and http based access to git repositories), private keys (for ssh
based access to git repositories), and other credentials as needed.
The master should generally not run jobs, since it is best used as a
coordinator of the work of agents, rather than as a worker.
If the master must run a job, it should obtain its ssh keys through
credentials, just as other agents obtain credentials. I think it is
generally unwise to rely that the account which is executing the Jenkins
master has default ssh access to things.
> Thus far this seems to be true because, when a build is trigged on master,
> the worker node is able to run git clone and git init even though no ssh
> keys are configured on worker agent.
>
> So why then does this step:
> steps{
> sh('git remote -v')
> sh('git show-ref')
> sh('git tag -a $BRANCH_NAME.$BUILD_NUMBER -m "git sha is
> $GIT_COMMIT"')
> sh('git push origin HEAD:development --tags')
> }
>
> result in this error:
> [Pipeline] }
> [Pipeline] // withEnv
> [Pipeline] }
> [Pipeline] // stage
> [Pipeline] stage
> [Pipeline] { (Deploy-Staging)
> [Pipeline] tool
> [Pipeline] envVarsForTool
> [Pipeline] withEnv
> [Pipeline] {
> [Pipeline] sh
> [K-Front_feature-jenkinsfile-KHCSHNIRHLZUOTSCIQPWI7] Running shell script
> + git remote -v
> origin https://github.com/WaterBottleInc/Reactjs-Front.git
> <https://github.com/GashiandKinks/GK-Front.git> (fetch)
> origin https://github.com/ <https://github.com/GashiandKinks/GK-Front.git>
> WaterBottleInc <https://github.com/GashiandKinks/GK-Front.git>/Reactjs.git
> (push)
> [Pipeline] sh
> [K-Front_feature-jenkinsfile-KHCSHNIRHLZUOTSCIQPWI7] Running shell script
> + git show-ref
> a12ea59545db96fc8681dbdd5d44923108c01b40 refs/remotes/origin/feature-
> jenkinsfile
> [Pipeline] sh
> [K-Front_feature-jenkinsfile-KHCSHNIRHLZUOTSCIQPWI7] Running shell script
> + git tag -a feature-jenkinsfile.24 -m git sha is
> a12ea59545db96fc8681dbdd5d44923108c01b40
> [Pipeline] sh
> [K-Front_feature-jenkinsfile-KHCSHNIRHLZUOTSCIQPWI7] Running shell script
> + git push origin HEAD:development --tags
> fatal: could not read Username for 'https://github.com': No such device or
> address
> [Pipeline] }
> [Pipeline] // withEnv
> [Pipeline] }
> [Pipeline] // stage
> [Pipeline] stage
> [Pipeline] { (Declarative: Post Actions)
> [Pipeline] deleteDir
> [Pipeline] }
> [Pipeline] // stage
> [Pipeline] }
> [Pipeline] // withEnv
> [Pipeline] }
> [Pipeline] // withEnv
> [Pipeline] }
> [Pipeline] // withEnv
> [Pipeline] }
> [Pipeline] // node
> [Pipeline] End of Pipeline
>
>
>
>
The shell based "git push" command is not executed by the git plugin, but
by an "sh" step. The credentials from the git plugin are not shared with
other steps.
The message that's being displayed by "git push" is telling you that it
can't find a source for a username and password to use in the push.
You could use the withCredentials wrapper to gather the user name and
password, then could pass those into the sh step for use by command line
git. For instance, you could push to a specific URL and embed the username
and password in the URL to which you are pushing. Something like
https://username:[email protected]/organization/repository/.
You could provide username and password to command line git with a separate
file (https://git-scm.com/docs/gitcredentials)
Mark Waite
> this line from the error print out above:
>
> fatal: could not read Username for 'https://github.com': No such device or
> address
> completely throws me off because I have no idea where it is looking for a
> username.
>
> Can someone please help me out? Thanks.
>
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/2af03442-37c8-4d41-9a73-856635116949%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
