Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56600

Jenkins Shared Library checkout behind proxy for ssh

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Won't Do
    • Icon: Minor Minor
    • git-client-plugin, pipeline
    • None
    • Jenkins 2.167
      git version 1.8.3.1

      Jenkins Shared Library (JSL Plugin) checkout behind proxy for ssh use case.

      Our environment currently enforces all traffic to the web to be proxied, including ssh traffic. As such in this environment normally I need to use netcat to forward the ssh traffic to the proxy host. Below is typically what the ssh_config file would look like: 

       

       Host some.public.git.remotehost.com
 Port 7999
 ProxyCommand nc --proxy some.internal.network.proxy.host:8080 %h %p
 

       

      In our pipelines to use git, we pass in the above config as a managed file assigned as $SSH_CONFIG, along with some git credentials assigned to $IDENTITY_FILE and then setup the GIT_SSH var so the git binary will know how to use the ssh proxy when encountering the ssh://git url. seebelow:

      echo 'ssh $SSH_DEBUG -F $SSH_CONFIG -i $IDENTITY_FILE $@' > /ssh
chmod +x /ssh
export GIT_SSH=/./ssh

       

      Then I'm allowed to checkout a repo like normal 

      exec git clone --depth=1 $GIT_SSH_REPO_URL --branch $GIT_BRANCH_NAME ${GIT_CHECKOUT_DIRECTORY:-.}

       

      Additional note about about our use case. 

      HTTPS_PROXY is allowed here, however our repos are behind an okta mfa verify wall. And each git transaction is forced to be attached to a mobile device somewhere thus using this method in any git workflow is terrible and cumbersome especially in CI... We bypass this with ssh and ssh keys.

       

      When I try to put the config file in the master, at a known location (because currently I can not find a way to pass in a managed file or config file into the JSL Plugin), and set the global var for GIT_SSH to the executable, and set the global tool for git, to the git binary. When using the global shared library in Jenkins ->  Manage -> Configure. In the build when calling the library key, my GIT_SSH var is overridden by the plugin for the global library when calling the ssh keys needed for the git transaction. see below: 

      Started by user unknown or anonymous
Running in Durability level: MAX_SURVIVABILITY
Loading library jenkins-common-awesomerepo@feature/BRANCH-244
Attempting to resolve feature/BRANCH-244 from remote references...
 > git --version # timeout=10
using GIT_SSH to set credentials jenkins-repo-creds do note delete
 > git ls-remote -h ssh://git@some.public.git.remotehost.com:7999/org/awesomerepo.git # timeout=10
java.lang.InterruptedException

      I would very much like to use the Global Shared Library plugin instead of checking out the library in each build manually and instantiating the library context inside each builds node context causing me to repeat code vs just a call to the library key.

      Thanks for any input that can be made.

       

            Unassigned Unassigned
            caley Caley Goff
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: