Jenkins: Failed to connect to repository

2018-07-03 02:19:01

I'm trying to connect jenkins on a github repo.

When I specify the Repo URL jenkins return the following error message:

Failed to connect to repository : Command "git ls-remote -h git@github.com:adolfosrs/jenkins-test.git HEAD" returned status code 128: stdout: stderr: Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

When using the HTTPS:// Url jenkins returns:

Failed to connect to repository : Failed to connect to https://github.com/adolfosrs/jenkins-test.git (status = 407)

I could successfully clone the repo at the same machine where jenkins is running and I also run the git ls-remote -h git@github.com:adolfosrs/jenkins-test.git HEAD command. So I have the right SSH at github.

The problem was that somehow I created the ssh files with the root user. So the files owner was root.

The solution was just change the ownership to the jenkins user.

chown jenkins id_rsa.pub 
chown jenkins id_rsa

This is a very tricky issue - even if you're familiar with how things are working in https with certificates (OTOH if you see my workaround, it seems very logical :)

If you want to connect to a GIT repository via http(s) from shell, you would make sure to have the public certificate stored (as file) on your machine. Then you would add that certificate to your GIT configuration

git config [--global] http.sslCAInfo "certificate"

(replace "certificate" with the complete path/name of the PEM file :)

For shell usage you would as well eg supply a '.netrc' provding your credentials for the http-server login. Having done that, you shall be able to do a 'git clone https://...' without any interactive provisioning of credentials.

However, for the Jenkins-service it's a bit different ... Here, the jenkins process needs to be aware of the server certificate - and it doesn't use the shell settings (in the meaning of the global git configuration file '.gitconfig') :P

What I needed to do is to add another parameter to the startup options of Jenkins.

... -Djavax.net.ssl.trustStore="keystore" ...

(replace "keystore" with the complete path/name like explained below :)

Now copy the keystore file of your webserver holding the certificate to some path (I know this is a dirty hack and not exactly secure :) and refer to it with the '-Djavax.net.ssl.trustStore=' parameter.

Now the Jenkins service will accept the certificate from the webserver providing the repository via https. Configure the GIT repository URL like

https://yourserver.com/your-repositorypath

Note that you still require the '.netrc' under the jenkins-user home folder for the logon !!! Thus what I describe is to be seen as a workaround ... until a properly working credentials helper plugin is provided. IMHO this plugin (in its current version 1.9.4) is buggy.

I could never get the credentials-helper to work from Jenkins no matter what I tried :( At best I got to see some errors about the not accessible temporary credential helper file, etc. You can see lots of bugs reported about it in the Jenkins JIRA, but no fix.

So if somebody got it to work okay, please share the knowledge ...

PS: Using the Jenkins plugins in the following versions:

Credentials plugin 1.9.4, GIT client plugin 1.6.1, Jenkins GIT plugin 2.0.1

Check with below settings. That always work for me.

Jenkins Configuration :

1) Check whether git executable is appropriately specified

2) Provide SSH repository link git@blahblah

3) Under credentials >> Select Username and Authentication key (go to your server, Generate SSH keys ssh-keygen... Copy keys to JENKINS_HOME/,ssh) You should be able to connect to your GIT repository from Jenkins

链接地址: http://www.djcxy.com/p/92230.html

上一篇: SSH关键问题

下一篇: Jenkins：无法连接到存储库