We configure SSH keys on Jenkins Node-ah without ssh access to them

Hello! I think everyone who has ever configured Jenkins to work with Git had the problem of generating keys on Nodes.



Once again, when I had to do this, I found myself in a difficult situation - I did not have ssh access to the server with Jenkins and its slaves, and, accordingly, I could not generate the keys. But it was not so bad.

')

Getting to the shell

Rummaging in the depths of Jenkins-a was found Script Console , which allows you to run Groovy-code on the nodes. What does this give us? Ability to execute shell commands with .execute () on strings. Only there is one “but” - it is impossible to use the redirection of threads and other delights of bash, so first you need to figure out how to execute the code in the bash interpreter. To do this, these straightforward lines were invented (I will be grateful for tips on improving the code, because for the first time I write to Groovy):

def file = new File(System.getenv("HOME") + "/testGroovyShell.sh") file << "#!/bin/bash\n\ echo hello, world!" def builder = new AntBuilder() builder.chmod(file:file.getAbsolutePath(), perm:'+x') println file.getAbsolutePath().execute().text file.delete() 

Now we can execute any bash-code on behalf of the user, under which Jenkins is launched!

SSH key generation

But here I was waiting for a bummer - to generate ssh-keys you need to press Enter every time he asks about something. This, to put it mildly, does not suit us, so a stupid, but working solution was found googling:

 #!/bin/bash echo -e "\n\n\n" | ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub 

Thus, we say that it is necessary to send a line break 3 times to the input stream ssh-keygen. After executing these commands, the script will display the public key of the server. It remains only to add it to your account (for example, on GitHub), run Job and ... break again.

Add our server to known_hosts using GitHub as an example.

It would seem that we have the key, what else is necessary for happiness? It was not there! SSH is designed so that when you first access an unknown host, it will ask for confirmation, they say, to remember whether it? This time we will do without hacks, simply by running the command:

 ssh-keyscan -H github.com >> ~/.ssh/known_hosts 

where github.com is the host you want to add.



After adding the host, you can try to start your task and enjoy working Git.

Conclusion

I ask those for whom the usefulness of the article tends to zero, do not kick hard, because I did not find a documented process on how to do this on the Internet, but the question is extremely relevant.



I prefer to read about errors and shortcomings in the LAN, and not among the comments written;)



May the spirit of Continuous Integration arrive with you!