Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-36997

sshAgent {} inside docker.image().inside {} does not work with long project name

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: ssh-agent-plugin
    • Labels:
      None
    • Environment:
      Jenkins: 2.7.1 LTS
      docker-workflow-plugin: 1.7
      ssh-agent-plugin: 1.13
    • Similar Issues:

      Description

      If the socket can not be created in the tmp directory of the job, which happens if the socket path would get longer than 108, it will create the socket directly under /tmp. If I am using docker.image().inside this does not work. If I am using node {} it does work as expected.

      When using the GitHub Organisation Plugin I can not avoid long job names.

        Attachments

          Issue Links

            Activity

            Hide
            mkobit Mike Kobit added a comment -

            We tried this out with:

            sshagent(['CredId']) {
              docker.inside('image') {
                // git operations
              }
            }

            and it did not work.

             

            Using the following did work:

            docker.inside('image') {
              sshagent(['CredId']) {
                // git operations
              }
            }

            That makes sense to me based on how the execution works now with using a CLI implementation.

            Thanks for fixing this!

            Show
            mkobit Mike Kobit added a comment - We tried this out with: sshagent([ 'CredId' ]) { docker.inside( 'image' ) { // git operations } } and it did not work.   Using the following did work: docker.inside( 'image' ) { sshagent([ 'CredId' ]) { // git operations } } That makes sense to me based on how the execution works now with using a CLI implementation. Thanks for fixing this!
            Hide
            jglick Jesse Glick added a comment -

            Right, the ssh-agent needs to be run inside the container so its socket is in the same kernel namespace as the commands which try to access it.

            Show
            jglick Jesse Glick added a comment - Right, the ssh-agent needs to be run inside the container so its socket is in the same kernel namespace as the commands which try to access it.
            Hide
            hermain Hermann Schweizer added a comment - - edited

            Why is this marked as resolved? I use a multibranch pipeline and still suffer from this issue.
            I have a master slave setup. Which workspaces now need to be shorter than 108? master or slave or both?
            Simply doing ws("test") before the image.inside didn't help although the resulting ws path is really short.

            Outside of the container git cloning with inside sshagent(..){ works. Inside container it doesn't and the log says:
            docker exec 9859e94c20b84efd81e1752417c1f5144fa198ba76b14e1670f8993512af7d60 ssh-agent
            SSH_AUTH_SOCK=/tmp/ssh-GoP5qbl4iakN/agent.13
            SSH_AGENT_PID=20

            ```
            $ docker exec --env SSH_AGENT_PID=20 --env SSH_AUTH_SOCK=/tmp/ssh-GoP5qbl4iakN/agent.13 9859e94c20b84efd81e1752417c1f5144fa198ba76b14e1670f8993512af7d60 ssh-add /home/INT/jenkins/short@tmp/private_key_3688909095782238252.key
            Identity added: /home/INT/jenkins/short@tmp/private_key_3688909095782238252.key (/home/INT/jenkins/short@tmp/private_key_3688909095782238252.key)

            ```

            Show
            hermain Hermann Schweizer added a comment - - edited Why is this marked as resolved? I use a multibranch pipeline and still suffer from this issue. I have a master slave setup. Which workspaces now need to be shorter than 108? master or slave or both? Simply doing ws("test") before the image.inside didn't help although the resulting ws path is really short. Outside of the container git cloning with inside sshagent(..){ works. Inside container it doesn't and the log says: docker exec 9859e94c20b84efd81e1752417c1f5144fa198ba76b14e1670f8993512af7d60 ssh-agent SSH_AUTH_SOCK=/tmp/ssh-GoP5qbl4iakN/agent.13 SSH_AGENT_PID=20 ``` $ docker exec --env SSH_AGENT_PID=20 --env SSH_AUTH_SOCK=/tmp/ssh-GoP5qbl4iakN/agent.13 9859e94c20b84efd81e1752417c1f5144fa198ba76b14e1670f8993512af7d60 ssh-add /home/INT/jenkins/short@tmp/private_key_3688909095782238252.key Identity added: /home/INT/jenkins/short@tmp/private_key_3688909095782238252.key (/home/INT/jenkins/short@tmp/private_key_3688909095782238252.key) ```
            Hide
            duemir Denys Digtiar added a comment - - edited

            Hermann Schweizer As Mike and Jesse alluded to, the new Agent implementation was added which is based on the CLI ssh-agent. If you have a CLI available inside the docker container and use the `sshagent` inside the docker.inside() closure, your git clone should work.

            Look for the message like "Exec ssh-agent (binary ssh-agent on a remote machine)" or any errors that mention ssh-agent

            Show
            duemir Denys Digtiar added a comment - - edited Hermann Schweizer As Mike and Jesse alluded to, the new Agent implementation was added which is based on the CLI ssh-agent . If you have a CLI available inside the docker container and use the `sshagent` inside the docker.inside() closure, your git clone should work. Look for the message like "Exec ssh-agent (binary ssh-agent on a remote machine)" or any errors that mention ssh-agent
            Hide
            hermain Hermann Schweizer added a comment -

            Bob O I managed to resolve the issue but this page was offline at the time so I forgot to mention it here:

            The problem in my case was that my git was not a known host inside the container:

            image.inside("-u root:root --network=host") {
                        sshagent(credentials: [config.gitKeyCredentialsId] ) {
                            sh "mkdir ~/.ssh"
                            sh "ssh-keyscan git.myCompany.com >> ~/.ssh/known_hosts"
                           // call scripts that do git clone...
                        }
                    }

             

            I hope that helps you and anyone else with a similar problem.

            Show
            hermain Hermann Schweizer added a comment - Bob O I managed to resolve the issue but this page was offline at the time so I forgot to mention it here: The problem in my case was that my git was not a known host inside the container: image.inside("-u root:root --network=host") {             sshagent(credentials: [config.gitKeyCredentialsId] ) {                 sh "mkdir ~/.ssh"                 sh "ssh-keyscan git.myCompany.com >> ~/.ssh/known_hosts"                // call scripts that do git clone...             }         }   I hope that helps you and anyone else with a similar problem.

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                sdomula Stan Domula
              • Votes:
                1 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: