Project

General

Profile

Actions

Bug #3725

closed

Jenkins isn't using the credentials store for uploading to rita.osmocom.org

Added by osmith over 5 years ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
-
Start date:
12/12/2018
Due date:
% Done:

100%

Spec Reference:

Description

The jenkins jobs generated by osmo-ci.git/jobs/master-buils.yml need to be able to upload artifacts to rita.osmocom.org (generated PDF manuals, generated firmware files).
Right now, we have the SSH keys of each build slave configured in the authorized_keys of rita.osmocom.org, but that does obviously not scale.

laforge wrote in #3720:

The proper solution is to use the jenkins server credentials store, which will hold the private key and provision it to the client via ssh-agent. That way the client can upload to the server, and no per-slave configuration is required on the ftp server.

Some of the scripts that require the SSH keys are running in docker. Right now we are mounting ~/.ssh in the containers, using the ssh-agent should be possible when mounting the socket and passing the environment variable:

docker run --rm -it --name container_name \
-v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) \
-e SSH_AUTH_SOCK=$SSH_AUTH_SOCK my_image

(found here)


Related issues

Related to Cellular Network Infrastructure - Bug #3720: Jenkins can't upload to rita.osmocom.orgResolvedosmith12/06/2018

Actions
Related to Cellular Network Infrastructure - Feature #3385: Move project specific manuals from osmo-gsm-manuals to each respective git repositoryResolvedosmith07/06/2018

Actions
Related to Cellular Network Infrastructure - Bug #3726: Jenkins: build all Osmocom projects in docker, not only someResolvedosmith12/12/2018

Actions
Related to Cellular Network Infrastructure - Bug #3772: new build host tcc-deb9build: failure to push manualsRejectedlaforge01/31/2019

Actions
Actions #1

Updated by osmith over 5 years ago

  • Subject changed from Jenkins isn't using SSH Agent for uploading to rita.osmocom.org to Jenkins isn't using the credentials store for uploading to rita.osmocom.org
Actions #2

Updated by osmith over 5 years ago

  • Related to Bug #3720: Jenkins can't upload to rita.osmocom.org added
Actions #3

Updated by osmith over 5 years ago

  • Related to Feature #3385: Move project specific manuals from osmo-gsm-manuals to each respective git repository added
Actions #4

Updated by osmith over 5 years ago

laforge: reading the ML thread again, you proposed separating the "publish artifacts" code and running it outside of Docker after the build. That would be a lot more effort. What do you think about simply passing the socket as described above, if it works?

Actions #5

Updated by osmith over 5 years ago

  • Related to Bug #3726: Jenkins: build all Osmocom projects in docker, not only some added
Actions #6

Updated by osmith about 5 years ago

  • Related to Bug #3722: osmo_clock_gettime broke build on MacOS added
Actions #7

Updated by osmith about 5 years ago

  • Related to deleted (Bug #3722: osmo_clock_gettime broke build on MacOS)
Actions #8

Updated by osmith about 5 years ago

  • Related to Bug #3772: new build host tcc-deb9build: failure to push manuals added
Actions #9

Updated by osmith about 5 years ago

  • Status changed from New to Stalled
Actions #10

Updated by laforge about 5 years ago

  • Priority changed from High to Normal

osmith wrote:

laforge: reading the ML thread again, you proposed separating the "publish artifacts" code and running it outside of Docker after the build. That would be a lot more effort. What do you think about simply passing the socket as described above, if it works?

I think if we touch it, we should do it properly (i.e. split it into separate steps).

Actions #11

Updated by laforge over 4 years ago

  • Priority changed from Normal to Low
Actions #12

Updated by laforge about 4 years ago

this has just come up again in a very bad way: After reinstalling build2, all upload jobs failed, until I (now) manually added the new SSH keys. This is a big stinking hack.

Actions #13

Updated by laforge about 3 years ago

  • Priority changed from Low to Normal
Actions #14

Updated by osmith 10 months ago

  • Status changed from Stalled to Resolved
  • % Done changed from 0 to 100

This was fixed in #5767 and #5798, we now use the jenkins credentials store.

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)