jenkins.io icon indicating copy to clipboard operation
jenkins.io copied to clipboard

Published 20 hours ago verified publisher icon jenkins-infra

Using Jenkins agents page - many steps that don't work, some that are obsolete, some that don't make sense.

Open solresol opened this issue 3 years ago • 1 comments

Problem with the Using Jenkins agents page, source file

A few obvious problems:

  • The suggested docker image doesn't include a JDK (at least on arm64), and neither do any of the other jenkins/ssh-agent docker images

  • The instructions to set up ssh keys don't work. As far as I can tell, it gets set in /etc/environment, but sshd isn't configured to use that in any way.

  • Step 2 on the docker image instructions are temporary, pending a fix for a ticket that is now closed. I didn't get it anyway, and I didn't understand why the image doesn't just have "UseEnvironment yes" in /etc/ssh/sshd_config

  • The port forwarding in the docker run command for the agent won't work on any Linux or OSX system (and probably not on some Windows systems either)

Possible Solution

The run command (1) should be

docker run -d --rm --name=agent1 -p 2022:22 jenkins/ssh-agent:alpine

It's painful, but this will work to set the ssh authorized keys up.

docker cp ~/.ssh/jenkins_key.pub agent1:/home/jenkins/.ssh/authorized_keys
docker exec agent1 chown -R jenkins /home/jenkins/.ssh/
docker exec agent1 chmod 0700 /home/jenkins/.ssh/
docker exec agent1 chmod 0600 /home/jenkins/.ssh/authorized_keys

and this gets a JRE in place

docker exec -it --user=root agent1 apt install -y default-jre

solresol avatar Nov 18 '21 08:11 solresol

The suggested docker image doesn't include a JDK

The image is built from a Dockerfile that clearly includes JDK (https://github.com/jenkinsci/docker-ssh-agent/blob/master/11/alpine/Dockerfile#L23 ) -- maybe there is some other problem preventing you from running Java in the container on your system? On Ubuntu I get

$ docker exec -it agent1 which java
/opt/java/openjdk/bin/java

The instructions to set up ssh keys don't work.

The contents of JENKINS_AGENT_SSH_PUBKEY get printed to /home/jenkins/.ssh/authorized_keys via https://github.com/jenkinsci/docker-ssh-agent/blob/0c1d128c33d2d7c0fabb34ebbccb29a6d9c4fcf6/setup-sshd#L32 which is equivalent to your proposed solution. Note that JENKINS_AGENT_SSH_PUBKEY should be set to the content of the public key file, not to path to the key file.

Step 2 on the docker image instructions are temporary

Good point, being addressed in https://github.com/jenkins-infra/jenkins.io/pull/5366

The port forwarding in the docker run command for the agent won't work on any Linux or OSX system

The article already covers the case "If your machine already has a ssh server running on the 22 port ". There may be also permission-related reasons for port 22 not working but it seems to work by default on Ubuntu.

zbynek avatar Oct 03 '22 20:10 zbynek