How do I automate the creation / assignment of SSH jenkins credentials to nodes?

I am writing an "auto create jenkins machine" script and I am facing an issue with SSH credentials, namely:

there is a file in jenkins called credentials.xml

(in /var/lib/jenkins

) that stores credentials for nodes and my looks like this:

<?xml version='1.0' encoding='UTF-8'?>
<com.cloudbees.plugins.credentials.SystemCredentialsProvider plugin="credentials@1.18">
  <domainCredentialsMap class="hudson.util.CopyOnWriteMap$Hash">


There is (is) also a configuration file (slaves) of nodes (stored in /var/lib/jenkins/nodes/HOSTNAME/config.xml

for each slave device), which looks like this:

<?xml version='1.0' encoding='UTF-8'?>
  <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
  <launcher class="hudson.plugins.sshslaves.SSHLauncher" plugin="ssh-slaves@1.9">


The problem is that after creating the jenkins machine, copy credentials.xml

and config.xml

for each slave, after which the credentials will not work. I get

[07/26/15 16:00:39] [SSH] Opening SSH connection to
ERROR: Failed to authenticate as root. Wrong password. (credentialId:8743cc14-bc2c-44a6-b6bb-c121bef4ae2d/method:password)
[07/26/15 16:00:41] [SSH] Authentication failed.
hudson.AbortException: Authentication failed.
    at hudson.plugins.sshslaves.SSHLauncher.openConnection(
    at hudson.plugins.sshslaves.SSHLauncher$
    at hudson.plugins.sshslaves.SSHLauncher$
    at java.util.concurrent.ThreadPoolExecutor.runWorker(
    at java.util.concurrent.ThreadPoolExecutor$
[07/26/15 16:00:41] Launch failed - cleaning up connection
[07/26/15 16:00:41] [SSH] Connection closed.


To solve this problem, I can go to Jenkins


→, and then update the credentials the same password, which I would use anyway, and it will work.

So the question is, does jenkins use the salting / hashing kind for every install, so that credentials.xml

won't work when copied to a new machine?


source to share

1 answer

Ok, so I was able to solve it with (I think) a solution with a workaround, namely:

To save the password in plain text credentials.xml

, copy it to the jenkins machine after installing and starting the service. Jenkins will then encrypt it with a new secret (or whatever he uses for that purpose) and it will work :)


The second option is to install jenkins, run it, and then copy credentials.xml

with encrypted passwords along with secrets

and secret.xml

from the previous installation. This will copy the master encryption key and encrypted credentials created with that master key.



All Articles