Clever Geek Handbook

Chef integration with Jenkins

I am trying to integrate Chef with Jenkins.

My Scenario: I have created several recipes in Chef and want to execute the Chef's launch list via Jenkins. I installed the chef plugin ( https://github.com/melezhik/chef-plugin/ ) in Jenkins and provided the required parameters. But when I do this, I am building now in Jenkins, it throws me "Host Key Verification Error".

I also tried another way, just running "sudo chef-client" as a shell command through Jenkins, even then I get the same error.

Also I tried to put Jenkins on the same server where chef node is available, even the problem remains the same.

Can anyone help me with this.

+3


source to share


2 answers


The chef integration plugin uses the command line ssh

to connect from Jenkins to the client machine to run sudo chef-client

. You need to end this connection ssh

and command sudo

without any password prompts from the Jenkins host, as the user you are running Jenkins with will first confirm the Jenkins web interface will be able to do this.

This is basically the same as the knife ssh

server chef to nodes setup , except you replace the server / user chef with the server / user jenkins.

Login to terminal on your jenkinshost as Jenkins user.

  • If you don't have a private / public key setup yet , generate one.

    ssh-keygen -t rsa -b 2048 -C "jenkinuser@jenkinshost" -N ''

    Then add the public key id_rsa.pub

    to the chefuser @clienthost ~/.ssh/authorized_keys

    .

    ssh-copy-id chefuser@clienthost

    You may need to do this manually if you cannot log into clienthost with ssh

    .

  • Clean up all traces of old clients (your error message indicates this may be the problem)

    ssh-keygen -R clienthost

  • Check the connection ssh

    and accept the host key.

    ssh chefuser@clienthost

  • Now clienthost , setup sudo

    , so chefuser

    can run chef-client

    likeroot 

    visudo

    Then add the line (path chef-client

    may be different)

    chefuser ALL=(ALL) NOPASSWD: /usr/local/bin/chef-client

  • On jenkinshost , confirmation ssh chefuser@clienthost sudo chef-client -v

    is done without password prompts.

    $ ssh chefuser@clienthost sudo /usr/local/bin/chef-client -v
Chef: 11.16.0


Once you do that, the Jenkins plugin can also.

Every machine you want to run Jenkins chef-client on will require this public key to be added and the manual ssh

checked until it works without prompting.

Unfortunately the Jenkins chef plugin doesn't allow you a lot of configuration options for ssh connection, so you either have to rely on one Jenkins user default key for everything ( id_rsa

) or say you wanted to use a different key on each host, configure the information about a specific host ssh for host through ssh_config

in~/.ssh/config

+5


source


"Host key verification error" is quite clear, your jenkins host does not know the target server.

on jenkins host (as jenkins user) run ssh-keyscan target_host > ~/.ssh/known_hosts

and then try again and it will work as expected.



Edit: keyscan might be the job of Jenkins himself. For the path I assumed you were running jenkins in the linux box, adapt it to the jenkins user's home path if needed, or use% HOME% instead of ~

0


source






More articles:


All Articles