Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23401

docker plugin requires ssh key pair credentials

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I was trying to set up the docker plugin

      https://wiki.jenkins-ci.org/display/JENKINS/Docker+Plugin

      to use the ready-made slave everga

      https://registry.hub.docker.com/u/evarga/jenkins-slave

      According to the documentation it should work smoothly but for me it does not work how it is.

      In the docker file it defines the user jenkins:jenkins. However trying to connect from Jenkins to your everga container image using username
      and password won't work: I needed to create an ssh key pair and modify the /etc/ssh/ssh_config file to point to the private key and /etc/ssh/sshd_config to point to the authorized_key file.

        Attachments

          Activity

          Hide
          jglick Jesse Glick added a comment -

          I tried using evarga/jenkins-slave using a username/password credentials which works for a regular dumb slave. When I schedule a build tied to a Docker cloud label I just see

          Sep 16, 2014 4:04:29 PM hudson.slaves.NodeProvisioner update
          WARNING: Provisioned slave Image of evarga/jenkins-slave failed to launch
          java.lang.RuntimeException: No mapped port 22 in host for SSL. Config=ContainerInspectResponse{id=d4cc0250370d05860bdae540bf430203eab606d90aa24ceec3e774a484311b68, created=2014-09-16T20:04:19.609327986Z, path=/usr/sbin/sshd, args=[Ljava.lang.String;@35525190, config=ContainerConfig{hostName=d4cc0250370d, portSpecs=null, user=, tty=false, stdinOpen=false, stdInOnce=false, memoryLimit=0, memorySwap=0, cpuShares=0, attachStdin=false, attachStdout=false, attachStderr=false, env=[Ljava.lang.String;@2f68e049, cmd=[Ljava.lang.String;@e5cf0f0, dns=null, image=evarga/jenkins-slave, volumes=null, volumesFrom=, entrypoint=null, networkDisabled=false, privileged=false, workingDir=, domainName=, exposedPorts={22/tcp={}}, onBuild=null}, state=ContainerState{running=true, pid=32413, exitCode=0, startedAt=2014-09-16T20:04:19.868619026Z, ghost=false, finishedAt=0001-01-01T00:00:00Z}, image=f3ac335af281c1ece22f2b76f79b62c0eb9dc75e27fb4bc6fba063135b20fbfc, networkSettings=NetworkSettings{ipAddress=172.17.0.9, ipPrefixLen=16, gateway=172.17.42.1, bridge=docker0, portMapping=null, ports=Ports{ports={}, mapping=null}}, sysInitPath=null, resolvConfPath=/var/lib/docker/containers/d4cc0250370d05860bdae540bf430203eab606d90aa24ceec3e774a484311b68/resolv.conf, volumes={}, volumesRW={}, hostnamePath=/var/lib/docker/containers/d4cc0250370d05860bdae540bf430203eab606d90aa24ceec3e774a484311b68/hostname, hostsPath=/var/lib/docker/containers/d4cc0250370d05860bdae540bf430203eab606d90aa24ceec3e774a484311b68/hosts, name=/sick_bohr, driver=aufs}
          	at com.nirima.jenkins.plugins.docker.DockerComputerLauncher.getSSHLauncher(DockerComputerLauncher.java:62)
          	at com.nirima.jenkins.plugins.docker.DockerComputerLauncher.makeLauncher(DockerComputerLauncher.java:41)
          	at com.nirima.jenkins.plugins.docker.DockerComputerLauncher.<init>(DockerComputerLauncher.java:37)
          	at com.nirima.jenkins.plugins.docker.DockerTemplate.provision(DockerTemplate.java:206)
          	at com.nirima.jenkins.plugins.docker.DockerCloud$1.call(DockerCloud.java:164)
          	at com.nirima.jenkins.plugins.docker.DockerCloud$1.call(DockerCloud.java:159)
          	at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
          	at java.util.concurrent.FutureTask.run(FutureTask.java:262)
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
          	at java.lang.Thread.run(Thread.java:745)
          

          which is not very informative. What does it mean for exposedPorts={22/tcp={}} yet ports=Ports{ports={}, mapping=null}}?

          Show
          jglick Jesse Glick added a comment - I tried using evarga/jenkins-slave using a username/password credentials which works for a regular dumb slave. When I schedule a build tied to a Docker cloud label I just see Sep 16, 2014 4:04:29 PM hudson.slaves.NodeProvisioner update WARNING: Provisioned slave Image of evarga/jenkins-slave failed to launch java.lang.RuntimeException: No mapped port 22 in host for SSL. Config=ContainerInspectResponse{id=d4cc0250370d05860bdae540bf430203eab606d90aa24ceec3e774a484311b68, created=2014-09-16T20:04:19.609327986Z, path=/usr/sbin/sshd, args=[Ljava.lang.String;@35525190, config=ContainerConfig{hostName=d4cc0250370d, portSpecs=null, user=, tty=false, stdinOpen=false, stdInOnce=false, memoryLimit=0, memorySwap=0, cpuShares=0, attachStdin=false, attachStdout=false, attachStderr=false, env=[Ljava.lang.String;@2f68e049, cmd=[Ljava.lang.String;@e5cf0f0, dns=null, image=evarga/jenkins-slave, volumes=null, volumesFrom=, entrypoint=null, networkDisabled=false, privileged=false, workingDir=, domainName=, exposedPorts={22/tcp={}}, onBuild=null}, state=ContainerState{running=true, pid=32413, exitCode=0, startedAt=2014-09-16T20:04:19.868619026Z, ghost=false, finishedAt=0001-01-01T00:00:00Z}, image=f3ac335af281c1ece22f2b76f79b62c0eb9dc75e27fb4bc6fba063135b20fbfc, networkSettings=NetworkSettings{ipAddress=172.17.0.9, ipPrefixLen=16, gateway=172.17.42.1, bridge=docker0, portMapping=null, ports=Ports{ports={}, mapping=null}}, sysInitPath=null, resolvConfPath=/var/lib/docker/containers/d4cc0250370d05860bdae540bf430203eab606d90aa24ceec3e774a484311b68/resolv.conf, volumes={}, volumesRW={}, hostnamePath=/var/lib/docker/containers/d4cc0250370d05860bdae540bf430203eab606d90aa24ceec3e774a484311b68/hostname, hostsPath=/var/lib/docker/containers/d4cc0250370d05860bdae540bf430203eab606d90aa24ceec3e774a484311b68/hosts, name=/sick_bohr, driver=aufs} at com.nirima.jenkins.plugins.docker.DockerComputerLauncher.getSSHLauncher(DockerComputerLauncher.java:62) at com.nirima.jenkins.plugins.docker.DockerComputerLauncher.makeLauncher(DockerComputerLauncher.java:41) at com.nirima.jenkins.plugins.docker.DockerComputerLauncher.<init>(DockerComputerLauncher.java:37) at com.nirima.jenkins.plugins.docker.DockerTemplate.provision(DockerTemplate.java:206) at com.nirima.jenkins.plugins.docker.DockerCloud$1.call(DockerCloud.java:164) at com.nirima.jenkins.plugins.docker.DockerCloud$1.call(DockerCloud.java:159) at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) which is not very informative. What does it mean for exposedPorts={22/tcp={}} yet ports=Ports{ports={}, mapping=null}}?
          Hide
          jglick Jesse Glick added a comment -

          This with 0.7. Seems that DockerTemplate.provisionNew simply failed to bind port 22 to a host port, for no visible reason. Have not managed to get this plugin to work at all.

          Show
          jglick Jesse Glick added a comment - This with 0.7. Seems that DockerTemplate.provisionNew simply failed to bind port 22 to a host port, for no visible reason. Have not managed to get this plugin to work at all.
          Hide
          jglick Jesse Glick added a comment -

          Still true in dev sources from today (5b91c6b)—unless I check the newly available checkbox Bind all declared ports, in which case it suddenly works. (With username/password authentication, not SSH private key, contradicting the original claim in this issue.) Why would this not be the default? Or why would port 22 at least not be bound, since DockerComputerLauncher expects it to be? And how are you supposed to attach a slave using the latest released version, 0.7, which lacks this option?

          (The lack of any help-*.html files covering the meaning and syntax of various fields makes it hard to even tell what you are supposed to do in the normal case.)

          Also BTW every time it fails in this way, it leaves behind a container that it fails to clean up.

          Show
          jglick Jesse Glick added a comment - Still true in dev sources from today ( 5b91c6b )—unless I check the newly available checkbox Bind all declared ports , in which case it suddenly works. (With username/password authentication, not SSH private key, contradicting the original claim in this issue.) Why would this not be the default? Or why would port 22 at least not be bound, since DockerComputerLauncher expects it to be? And how are you supposed to attach a slave using the latest released version, 0.7, which lacks this option? (The lack of any help-*.html files covering the meaning and syntax of various fields makes it hard to even tell what you are supposed to do in the normal case.) Also BTW every time it fails in this way, it leaves behind a container that it fails to clean up.
          Hide
          integer Kanstantsin Shautsou added a comment -

          docker image contains EXPOSE 22 as expected port that will be forwarded from docker-proxy (in case of nat network) or directly with bridge.

          Page that lists docker images is broken at all. Also after failures docker node has not removed nodes and etc.

          +1 for @jglick comments. Fighting and patching 3 days and still don't understand what is happening and why it fails without obvious reasons.

          Show
          integer Kanstantsin Shautsou added a comment - docker image contains EXPOSE 22 as expected port that will be forwarded from docker-proxy (in case of nat network) or directly with bridge. Page that lists docker images is broken at all. Also after failures docker node has not removed nodes and etc. +1 for @jglick comments. Fighting and patching 3 days and still don't understand what is happening and why it fails without obvious reasons.
          Hide
          integer Kanstantsin Shautsou added a comment -
          Show
          integer Kanstantsin Shautsou added a comment - Help files in this PR https://github.com/jenkinsci/docker-plugin/pull/142
          Hide
          integer Kanstantsin Shautsou added a comment -

          evarga jenkins-slave requires plain login/password and works fine now. Also launchers will be reworked soon.

          Show
          integer Kanstantsin Shautsou added a comment - evarga jenkins-slave requires plain login/password and works fine now. Also launchers will be reworked soon.

            People

            • Assignee:
              Unassigned
              Reporter:
              varmenise valentina armenise
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: