The Prepare stage copied the ansible-ssh-key credential into the
workspace but never exported GIT_SSH_COMMAND, and prepare_env.sh only
looked for a key at /tmp/jenkins_git_key, which nothing creates. The
ceph-cm-ansible clone therefore ran without a key and failed with
'Permission denied (publickey)'.
Export GIT_SSH_COMMAND in the Prepare stage (as the Ansible stage
already does) and drop the dead /tmp key path from prepare_env.sh so
clones and fetches both inherit the caller's GIT_SSH_COMMAND. Also pass
$SSH_KEY to the shell instead of interpolating it in Groovy, clearing
the insecure-interpolation warning.
Signed-off-by: David Galloway <david.galloway@ibm.com>
mkdir -p "${WORK_DIR}"
- cp "${SSH_KEY}" "${JENKINS_GIT_KEY_FILE}"
+ cp "\$SSH_KEY" "${JENKINS_GIT_KEY_FILE}"
chmod 600 "${JENKINS_GIT_KEY_FILE}"
+ export GIT_SSH_COMMAND="ssh -i ${JENKINS_GIT_KEY_FILE} -o StrictHostKeyChecking=no"
+
bash builder-reimage/build/prepare_env.sh \
"${TARGET_FQDN}" \
"${WORK_DIR}" \
mkdir -p "\$WORK_DIR"
- cp "${SSH_KEY}" "${JENKINS_GIT_KEY_FILE}"
+ cp "\$SSH_KEY" "${JENKINS_GIT_KEY_FILE}"
chmod 600 "${JENKINS_GIT_KEY_FILE}"
export GIT_SSH_COMMAND="ssh -i ${JENKINS_GIT_KEY_FILE} -o StrictHostKeyChecking=no"
fi
}
+# SSH access relies on the caller exporting GIT_SSH_COMMAND pointing at the
+# deploy key (the Jenkinsfile does this before invoking us).
clone_repo() {
local url="$1"
local dir="$2"
(cd "${dir}" && git fetch --all --prune)
else
log "Cloning ${url} -> ${dir}"
- if [ "${SSH_AVAILABLE}" = "true" ] && [ -f /tmp/jenkins_git_key ]; then
- GIT_SSH_COMMAND='ssh -i /tmp/jenkins_git_key -o StrictHostKeyChecking=no' git clone --depth 1 "${url}" "${dir}"
- else
- git clone --depth 1 "${url}" "${dir}"
- fi
+ git clone --depth 1 "${url}" "${dir}"
fi
}