train
train copied to clipboard
inspec
unable execute inspec profile using ssh from jenkins node.
πunable execute inspec profile using ssh from jenkins node using withCredentials plugin using filebinding.
Choose one: is this a π bug report or π feature request? bug Briefly describe the issue and the expected behavior. Also, please be aware of our Code of Conduct.
withCredentials([[$class: 'FileBinding', credentialsId: 'username', variable: 'filekey_path']]) {
inspec exec test_profile -i ${env.filekey_path} --diagnose --log-level=debug --sudo -t ssh://testuesr@testserver
}
Client error, can't connect to 'ssh' backend: Your SSH Agent has no keys added, and you have not specified a password or a key file
Same env.key_file is working when i connect through ssh (ssh -i) from the jenkins node.
π InSpec and Platform Version
Tell us which version of InSpec (inspec version or SHA of a commit) and Operating System distribution you are using
inspec 2.1.72
OS: rhel7
π€ Replication Case
Tell us what steps to take to replicate your problem. See How to create a Minimal, Complete, and Verifiable example for information on how to create a good replication case.
try to execute inspec remote validation from jenkins node.
π Possible Solutions
If you have already ideas how to solve the issue, add them here.
π» Stacktrace
Please include the stacktrace output or link to a gist of it, if there is one.
@esaravanakumar89 you have to use ${filekey_path}. ${env.<key>} is for groovy interpolations mostly. I also don't see the command being executed inside a sh block. This would be the syntax I would use:
withCredentials([file(credentialsId: 'username', variable: 'filekey_path')]) {
sh 'inspec exec test_profile -i ${filekey_path} --diagnose --log-level=debug --sudo -t ssh://testuesr@testserver'
}
I might use bash rather than sh. Remember the Jenkins process has to have access to the gems in order to execute inspec. Last time I did this I had a fun time ensuring that the sub shell of the task actually had access to the inspec installation. Just something to keep in mind.
On Thu, Oct 31, 2019, 2:42 AM Noel Georgi [email protected] wrote:
@esaravanakumar89 https://github.com/esaravanakumar89 you have to use ${filekey_path}. ${env.
} is for groovy interpolations mostly. I also don't see the command being executed inside a sh block. This would be the syntax I would use: withCredentials([file(credentialsId: 'username, variable: 'filekey_path')]) { sh 'inspec exec test_profile -i ${filekey_path} --diagnose --log-level=debug --sudo -t ssh://testuesr@testserver'}
β You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/inspec/inspec/issues/4651?email_source=notifications&email_token=AALK42FQU6HJ6ZPARNYUMPLQRJ44NA5CNFSM4JHAJRS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECWW3LQ#issuecomment-548236718, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALK42GTYMQBBV4VQNW7PGTQRJ44NANCNFSM4JHAJRSQ .
@aaronlippold that sh is the jenkins dsl for executing shell commands, it's upto the user to select the interpreter.
Eg:
sh '''#!/bin/bash -l
<commands>
'''
Thank you for your help and suggestion. I tried it was not working, but I got a weird solution to make it work, I have downgraded train gem from v1.7.2 to v1.5.0.
I donβt know why It is working Is that a bug with train gem ?
Get Outlook for iOShttps://aka.ms/o0ukef
From: Noel Georgi [email protected] Sent: Thursday, October 31, 2019 8:39:11 AM To: inspec/inspec [email protected] Cc: esaravanakumar89 [email protected]; Mention [email protected] Subject: Re: [inspec/inspec] unable execute inspec profile using ssh from jenkins node. (#4651)
@aaronlippoldhttps://github.com/aaronlippold that sh is the jenkins dsl for executing shell commands, it's upto the user to select the interpreter.
Eg:
sh '''#!/bin/bash -l
β You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/inspec/inspec/issues/4651?email_source=notifications&email_token=ABOFJ477RPRWUJKAJHNNFY3QRLNX7A5CNFSM4JHAJRS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECXZWLI#issuecomment-548379437, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABOFJ43S5IFY6ZQWFFDZSGTQRLNX7ANCNFSM4JHAJRSQ.
Outside of a Jenkins setup, I am able to successfully use InSpec 4.18.100 and train 3.2.23 to run inspec detect on a Vagrant virtual machine:
inspec detect -t ssh://[email protected]:2222 -i ../vagrants/ubuntu-16/.vagrant/machines/default/virtualbox/private_key
detect simply connects and runs platform detection, which would be enough to trigger the issue you are reporting; but here it does not.
I feel inspec 1.7.0 to inspec 2.x having problem. I have seen the same issue in train-1.7.2 today.
Get Outlook for iOShttps://aka.ms/o0ukef
From: Clinton Wolfe [email protected] Sent: Tuesday, March 3, 2020 3:34:24 PM To: inspec/train [email protected] Cc: esaravanakumar89 [email protected]; Author [email protected] Subject: Re: [inspec/train] unable execute inspec profile using ssh from jenkins node. (#528)
Outside of a Jenkins setup, I am able to successfully use InSpec 4.18.100 and train 3.2.23 to run inspec detect on a Vagrant virtual machine:
inspec detect -t ssh://[email protected]:2222 -i ../vagrants/ubuntu-16/.vagrant/machines/default/virtualbox/private_key
detect simply connects and runs platform detection, which would be enough to trigger the issue you are reporting; but here it does not.
β You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/inspec/train/issues/528?email_source=notifications&email_token=ABOFJ4YGRBAF5S6ZNKWUQYDRFVZWBA5CNFSM4JHSEW52YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENVHXOI#issuecomment-594181049, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABOFJ4ZX6RBUO4BF44CV62DRFVZWBANCNFSM4JHSEW5Q.