Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43050

SSH Agent plugin doesn't work well with docker pipelines

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I've tried

      dockerImage.inside {
        sshagent([...]) {
          sh '...'
        }
      }
      

      and this appears to fail because the ssh-agent gets launched but then the next command
      appears to be ssh-agent -k which kills the process before the sh step has a chance to run despite the sh command being inside the sshagent block.

      And also

      sshagent([...]){
        dockerImage.inside {
          sh '...'
        }
      }
      

      fails (I think) for a more predictable reason: the ssh-agent stays running and the env variables get
      set correctly inside the container, however the socket is in /tmp on the container server which is not visible to the container (by default).

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            sshagent must indeed be inside inside.

            Not sure how to reproduce. It works for me.

            Show
            jglick Jesse Glick added a comment - sshagent must indeed be inside inside . Not sure how to reproduce. It works for me.
            Hide
            elatt Erik Lattimore added a comment -

            Hmm, you're right. I am now unable to reproduce the issue I was having.

            Show
            elatt Erik Lattimore added a comment - Hmm, you're right. I am now unable to reproduce the issue I was having.
            Hide
            jglick Jesse Glick added a comment -

            If you have complete, minimal, self-contained steps to reproduce the issue from scratch, please add them here and reopen.

            Show
            jglick Jesse Glick added a comment - If you have complete, minimal, self-contained steps to reproduce the issue from scratch, please add them here and reopen.
            Hide
            jglick Jesse Glick added a comment -

            Not sure offhand, would have to spend time digging into it. The obvious workaround is to just not use the SSH Agent plugin, and run ssh-agent yourself. You are probably better off not using Docker Pipeline either; just write a Dockerfile that sets things up the way you need it.

            Show
            jglick Jesse Glick added a comment - Not sure offhand, would have to spend time digging into it. The obvious workaround is to just not use the SSH Agent plugin, and run ssh-agent yourself. You are probably better off not using Docker Pipeline either; just write a Dockerfile that sets things up the way you need it.
            Hide
            mkj Michal Matyjek added a comment - - edited

            Seeing same, when using:

            agent {
              docker {
                image 'myimage'
              }
            }
            

            I would see same as Ihor Sviziev. Not for all commands though:

            I think plain commands work:

            sh "ssh user@remote.host.com rm -rf /"

            but not when I am opening ssh tunnel and executing commands in the tunnel itself.

             

            Also no issues with any commands (including more complex ones) when using agent { any } and executing directly on the Jenkins slave. So seems to be Docker-specific as well for me.

            Show
            mkj Michal Matyjek added a comment - - edited Seeing same, when using: agent { docker { image 'myimage' } } I would see same as Ihor Sviziev . Not for all commands though: I think plain commands work: sh "ssh user@remote.host.com rm -rf /" but not when I am opening ssh tunnel and executing commands in the tunnel itself.   Also no issues with any commands (including more complex ones) when using agent { any } and executing directly on the Jenkins slave. So seems to be Docker-specific as well for me.
            Hide
            mkj Michal Matyjek added a comment -

            Any logging we can enable for the sshagent to see more details on where the issue is?

            Show
            mkj Michal Matyjek added a comment - Any logging we can enable for the sshagent to see more details on where the issue is?
            Hide
            kostyaripak Konstantin Ripak added a comment -

            Well, I think I found how to reproduce the issue.

            The following code works as expected if running on non-docker agent and does not work inside docker:

             

            agent {
                docker {
                    label 'bsp'
                    image 'my-registry/my-image'
                    reuseNode true
                }
            }
            stage("Some stage") {
                steps {
                    sshagent(['some-id']) {
                        script {
                           sh "# some code that uses ssh"
                        }
                    }
                }
            }

             

            However, if I put sshagent() inside script {...} block it works:

            agent {
                docker {
                    label 'bsp'
                    image 'my-registry/my-image'
                    reuseNode true
                }
            }
            stage("Some stage") {
                steps {
                    script {
                        sshagent(['some-id']) {
                           sh "# some code that uses ssh"
                        }
                    }
                }
            }

             

            Show
            kostyaripak Konstantin Ripak added a comment - Well, I think I found how to reproduce the issue. The following code works as expected if running on non-docker agent and does not work inside docker:   agent {     docker {         label 'bsp'         image 'my-registry/my-image'         reuseNode true } } stage( "Some stage" ) { steps {    sshagent([ 'some-id' ]) { script { sh "# some code that uses ssh"             }        }    } }   However, if I put sshagent() inside script {...} block it works: agent {     docker {         label 'bsp'         image 'my-registry/my-image'         reuseNode true } } stage( "Some stage" ) { steps { script { sshagent([ 'some-id' ]) { sh "# some code that uses ssh"             }        }    } }  

              People

              • Assignee:
                Unassigned
                Reporter:
                elatt Erik Lattimore
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated: