Jenkins isn't using the credentials store for uploading to rita.osmocom.org
The jenkins jobs generated by osmo-ci.git/jobs/master-buils.yml need to be able to upload artifacts to rita.osmocom.org (generated PDF manuals, generated firmware files).
Right now, we have the SSH keys of each build slave configured in the authorized_keys of rita.osmocom.org, but that does obviously not scale.
laforge wrote in #3720:
The proper solution is to use the jenkins server credentials store, which will hold the private key and provision it to the client via ssh-agent. That way the client can upload to the server, and no per-slave configuration is required on the ftp server.
Some of the scripts that require the SSH keys are running in docker. Right now we are mounting ~/.ssh in the containers, using the ssh-agent should be possible when mounting the socket and passing the environment variable:
docker run --rm -it --name container_name \ -v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) \ -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK my_image
#10 Updated by laforge over 1 year ago
- Priority changed from High to Normal
laforge: reading the ML thread again, you proposed separating the "publish artifacts" code and running it outside of Docker after the build. That would be a lot more effort. What do you think about simply passing the socket as described above, if it works?
I think if we touch it, we should do it properly (i.e. split it into separate steps).