The ssh agents use secure shell to connect. The secure shell uses private
key / public key pairs to perform the connection. Your example is trying
to use a username / password credential when it needs to use a private key
credential.
We use a technique like below from a system groovy script to add a Jenkins
agent at startup:
import jenkins.model.*
import hudson.model.*
import hudson.slaves.*
import hudson.plugins.sshslaves.*
import hudson.slaves.EnvironmentVariablesNodeProperty.Entry
import hudson.plugins.sshslaves.verifiers.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
// SET THE INITIAL SSH CREDENTIALS
global_domain = Domain.global()
credentials_store = Jenkins.instance.getExtensionList(
'com.cloudbees.plugins.credentials.SystemCredentialsProvider'
)[0].getStore()
credentials = new BasicSSHUserPrivateKey(
CredentialsScope.SYSTEM,
"ssh-agent-key",
"jenkins",
new BasicSSHUserPrivateKey.FileOnMasterPrivateKeySource(
'/home/butler/.ssh/id_rsa'
),
'',
"SSH Key for the Agent"
)
credentials_store.addCredentials(global_domain, credentials)
SshHostKeyVerificationStrategy doNotVerifyHostKey = new
NonVerifyingKeyVerificationStrategy()
// CREATE THE JDK8 AGENT
SSHLauncher jdk8Launcher = new SSHLauncher("jdk8-ssh-agent", 22,
"ssh-agent-key", "", "", "", "", 33, 2, 5, doNotVerifyHostKey)
Slave jdk8SSHAgent = new DumbSlave("jdk8-node", "/home/jenkins",
jdk8Launcher)
jdk8SSHAgent.setLabelString("docker maven jdk8 jdk-8 java8 java-8
maven-jdk8 java")
jdk8SSHAgent.setNodeDescription("Agent node for JDK8")
jdk8SSHAgent.setNumExecutors(2)
List<Entry> jdk8SSHAgentEnv = new ArrayList<Entry>();
jdk8SSHAgentEnv.add(new Entry("JAVA_HOME","/usr/lib/jvm/java-1.8-openjdk"))
EnvironmentVariablesNodeProperty jdk8SSHAgentEnvPro = new
EnvironmentVariablesNodeProperty(jdk8SSHAgentEnv);
jdk8SSHAgent.getNodeProperties().add(jdk8SSHAgentEnvPro)
Jenkins.instance.addNode(jdk8SSHAgent)
You can find this script in the Jenkins server that is provided as part of
the lab environment for the free Jenkins Pipeline Fundamentals course from
https://standard.cbu.cloudbees.com/cloudbees-university-jenkins-pipeline-fundamentals
. Other free courses are available from https://standard.cbu.cloudbees.com/
. The script is not part of the course, but it is used in the lab
environment to configure the agents that are used in the labs.
The 'doNotVerifyHostKey' is a risky setting that works in the lab
environment because the lab environment is "disposable". In your
environment you will probably want to use a different setting that assures
the connecting agent has the correct host key. You don't want to risk
connecting to the wrong agent.
Mark Waite
On Fri, Mar 1, 2019 at 5:46 AM 田欧 <[email protected]> wrote:
> I'm using `ssh-slaves-plugin` and write some codes, like the below:
>
> @RequestMapping(value = "/test", method = RequestMethod.GET)
> public Map<String, Boolean> test() {
> Map<String, Boolean> result = new HashMap<>();
>
> // username is my jenkins user
>
> // password is my jenkins password
>
> UsernamePasswordCredentialsImpl credentials = new
> UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "dummyCredentialId",
> "perf", "myname", "mysceret");
>
> SystemCredentialsProvider.getInstance().getDomainCredentialsMap().put(Domain.global(),
> Collections.singletonList(
> credentials
> )
> );
>
> // ip is my slave ip
> SSHLauncher launcher = new SSHLauncher("10.10.10.10", 22,
> "dummyCredentialId", null, null, null,
> null, 3, 1, 1, new KnownHostsFileKeyVerificationStrategy());
>
> DumbSlave dumb = null;
> try {
> dumb = new DumbSlave("slave-test", "", launcher);
> dumb.setNodeDescription("dummy-description");
> dumb.setNumExecutors(1);
> dumb.setMode(Node.Mode.NORMAL);
> dumb.setRetentionStrategy(RetentionStrategy.NOOP);
> } catch (IOException e) {
> e.printStackTrace();
> } catch (Descriptor.FormException e) {
> e.printStackTrace();
> }
>
>
> // I see
> https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/src/test/java/hudson/plugins/sshslaves/SSHLauncherTest.java#L181
>
> // use JenkinsRule, so I use Jenkins.getInstanceOrNull
> try {
> Jenkins.getInstanceOrNull().addNode(dumb);
> } catch (IOException e) {
> e.printStackTrace();
> }
> result.put("success", true);
> return result;
> }
>
>
> when I run it, return error, stack:
>
> java.lang.NullPointerException: null
> at jenkins.security.ConfidentialStore.get(ConfidentialStore.java:68)
> ~[jenkins-core-2.166.jar!/:na]
> at jenkins.security.ConfidentialKey.load(ConfidentialKey.java:47)
> ~[jenkins-core-2.166.jar!/:na]
> at
> jenkins.security.CryptoConfidentialKey.getKey(CryptoConfidentialKey.java:41)
> ~[jenkins-core-2.166.jar!/:na]
> at
> jenkins.security.CryptoConfidentialKey.decrypt(CryptoConfidentialKey.java:134)
> ~[jenkins-core-2.166.jar!/:na]
> at hudson.util.HistoricalSecrets.decrypt(HistoricalSecrets.java:55)
> ~[jenkins-core-2.166.jar!/:na]
> at hudson.util.Secret.decrypt(Secret.java:212)
> ~[jenkins-core-2.166.jar!/:na]
> at hudson.util.Secret.fromString(Secret.java:254)
> ~[jenkins-core-2.166.jar!/:na]
> at
> com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl.<init>(UsernamePasswordCredentialsImpl.java:72)
> ~[credentials-2.1.18.jar!/:2.1.18]
> at com.kk.perf.controller.SlaveController.test(SlaveController.java:48)
> ~[classes!/:0.0.1-SNAPSHOT]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_102]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[na:1.8.0_102]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.8.0_102]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_102]
> at
> org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
> ~[spring-webmvc-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
> ~[spring-webmvc-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
> ~[spring-webmvc-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
> ~[spring-webmvc-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
> ~[spring-webmvc-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
> ~[spring-webmvc-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
> ~[spring-webmvc-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897)
> ~[spring-webmvc-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
> ~[spring-webmvc-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> ~[tomcat-embed-websocket-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> ~[spring-web-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
> ~[tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [na:1.8.0_102]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [na:1.8.0_102]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-embed-core-9.0.16.jar!/:9.0.16]
> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102]
>
> So, why?
>
> And I want to know, how start it? because I don't set any info about
> jenkins master.
>
> Thanks!
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/6cd46b89-519b-4557-8a41-67656b3fa2b2%40googlegroups.com
> <https://groups.google.com/d/msgid/jenkinsci-users/6cd46b89-519b-4557-8a41-67656b3fa2b2%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Thanks!
Mark Waite
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtEgjSecWnV%3Dhpn4SfD5%2B3grmBO84Vno%2BYHW%2BHX5uhQM5w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
