docker工人jenkins奴隶拒绝SSH密钥
我在docker集装箱运行jenkins。 当在另一个docker集装箱中旋转节点时,我收到消息:
[11/18/16 20:46:21] [SSH] Opening SSH connection to 192.168.99.100:32826. ERROR: Server rejected the 1 private key(s) for Jenkins (credentialId:528bbe19-eb26-4c9f-bae3-82cd1247d50a/method:publickey) [11/18/16 20:46:22] [SSH] Authentication failed. hudson.AbortException: Authentication failed. at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1217) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) [11/18/16 20:46:22] Launch failed - cleaning up connection [11/18/16 20:46:22] [SSH] Connection closed. 使用docker exec -i -t slave_name /bin/bash命令我可以进入home / jenkins / .ssh目录来确认ssh密钥是在哪里。
在configuration页面上的CLOUD headnig下,testing连接返回
版本= 1.12.3,API版本= 1.24
。
我正在运行OSX Sierra并尝试遵循RIOT游戏Jenkins-Docker教程http://engineering.riotgames.com/news/building-jenkins-inside-ephemeral-docker-container 。
jenkins船长docker文件:
FROM debian:jessie # Create the jenkins user RUN useradd -d "/var/jenkins_home" -u 1000 -m -s /bin/bash jenkins # Create the folders and volume mount points RUN mkdir -p /var/log/jenkins RUN chown -R jenkins:jenkins /var/log/jenkins VOLUME ["/var/log/jenkins", "/var/jenkins_home"] USER jenkins CMD ["echo", "Data container for Jenkins"]
jenkins奴隶Dockerfile
FROM centos:7 # Install Essentials RUN yum update -y && yum clean all # Install Packages RUN yum install -y git \ && yum install -y wget \ && yum install -y openssh-server \ && yum install -y java-1.8.0-openjdk \ && yum install -y sudo \ && yum clean all # gen dummy keys, centos doesn't autogen them. RUN /usr/bin/ssh-keygen -A # Set SSH Configuration to allow remote logins without /proc write access RUN sed -ri 's/^session\s+required\s+pam_loginuid.so$/session optional \ pam_loginuid.so/' /etc/pam.d/sshd # Create Jenkins User RUN useradd jenkins -m -s /bin/bash # Add public key for Jenkins login RUN mkdir /home/jenkins/.ssh COPY /files/authorized_keys /home/jenkins/.ssh/authorized_keys RUN chown -R jenkins /home/jenkins RUN chgrp -R jenkins /home/jenkins RUN chmod 600 /home/jenkins/.ssh/authorized_keys RUN chmod 700 /home/jenkins/.ssh # Add the jenkins user to sudoers RUN echo "jenkins ALL=(ALL) ALL" >> etc/sudoers # Set Name Servers to avoid Docker containers struggling to route or resolve DNS names. COPY /files/resolv.conf /etc/resolv.conf # Expose SSH port and run SSHD EXPOSE 22 CMD ["/usr/sbin/sshd","-D"]
我一直在和另外一个人一起在一个在同一个地方的Linux机器上做相同的教程。 任何帮助,将不胜感激。
您遇到的问题可能与主机的交互式授权有关。 尝试添加以下命令到你的奴隶的Dockerfile
RUN ssh-keyscan -H 192.168.99.100 >> /home/jenkins/.ssh/known_hosts
一定要在创buildjenkins用户之后添加它,最好是在之后
USER jenkins
避免错误的文件所有权。
当主控主机在线时也要确保这样做,否则会告诉你主机不可达。 如果你不能,那么手动完成后,从slave获得known_hosts文件并将其复制到你的slave上。
你可以validation这一点。 如果将控制台连接到docker slave和ssh到master,它会要求您信任服务器并将其添加到已知的主机。