1. 首頁
  2. 問答
  3. 在碼頭工人詹金斯奴隸拒絕SSH密鑰

在碼頭工人詹金斯奴隸拒絕SSH密鑰

2016-11-30 155 views
0

我在碼頭集裝箱運行詹金斯。當分拆在另一個泊塢窗容器中的節點我收到消息:在碼頭工人詹金斯奴隸拒絕SSH密鑰

[11/18/16 20:46:21] [SSH] Opening SSH connection to 192.168.99.100:32826. 
ERROR: Server rejected the 1 private key(s) for Jenkins (credentialId:528bbe19-eb26-4c9f-bae3-82cd1247d50a/method:publickey) 
[11/18/16 20:46:22] [SSH] Authentication failed. 
hudson.AbortException: Authentication failed. 
    at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1217) 
    at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) 
    at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) 
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
    at java.lang.Thread.run(Thread.java:745) 
[11/18/16 20:46:22] Launch failed - cleaning up connection 
[11/18/16 20:46:22] [SSH] Connection closed.

使用docker exec -i -t slave_name /bin/bash命令我能夠進入家庭/詹金斯/ .ssh目錄,確認SSH密鑰是它有望是。

在雲下headnig我的配置頁面上的測試連接返回

版本= 1.12.3,API版本= 1.24

我運行OSX塞拉利昂並試圖跟隨防暴遊戲詹金斯 - 泊塢教程http://engineering.riotgames.com/news/building-jenkins-inside-ephemeral-docker-container

詹金斯大師泊塢文件:

FROM debian:jessie 

# Create the jenkins user 
RUN useradd -d "/var/jenkins_home" -u 1000 -m -s /bin/bash jenkins 

# Create the folders and volume mount points 
RUN mkdir -p /var/log/jenkins 
RUN chown -R jenkins:jenkins /var/log/jenkins 
VOLUME ["/var/log/jenkins", "/var/jenkins_home"] 

USER jenkins 
CMD ["echo", "Data container for Jenkins"]

詹金斯從Dockerfile

FROM centos:7 

# Install Essentials 
RUN yum update -y && yum clean all 

# Install Packages 
RUN yum install -y git \ 
    && yum install -y wget \ 
    && yum install -y openssh-server \ 
    && yum install -y java-1.8.0-openjdk \ 
    && yum install -y sudo \ 
    && yum clean all 

# gen dummy keys, centos doesn't autogen them. 
RUN /usr/bin/ssh-keygen -A 

# Set SSH Configuration to allow remote logins without /proc write access 
RUN sed -ri 's/^session\s+required\s+pam_loginuid.so$/session optional \ 
    pam_loginuid.so/' /etc/pam.d/sshd 

# Create Jenkins User 
RUN useradd jenkins -m -s /bin/bash 

# Add public key for Jenkins login 
RUN mkdir /home/jenkins/.ssh 
COPY /files/authorized_keys /home/jenkins/.ssh/authorized_keys 
RUN chown -R jenkins /home/jenkins 
RUN chgrp -R jenkins /home/jenkins 
RUN chmod 600 /home/jenkins/.ssh/authorized_keys 
RUN chmod 700 /home/jenkins/.ssh 

# Add the jenkins user to sudoers 
RUN echo "jenkins ALL=(ALL) ALL" >> etc/sudoers 

# Set Name Servers to avoid Docker containers struggling to route or resolve DNS names. 
COPY /files/resolv.conf /etc/resolv.conf 

# Expose SSH port and run SSHD 
EXPOSE 22 
CMD ["/usr/sbin/sshd","-D"]

我一直與另一個人做在Linux中誰是停留在同一個地方同一個教程。任何幫助,將不勝感激。

來源

2016-11-30 CosetteN

回答

1

你正在運行到可能的問題與主機的交互授權做。嘗試添加下面的命令到你的奴隸的Dockerfile

RUN ssh-keyscan -H 192.168.99.100 >> /home/jenkins/.ssh/known_hosts

一定要添加它,你創建的詹金斯用戶後,最好在

USER jenkins

,以避免文件的錯誤的所有權。

同時一定要做到這一點,當主服務器主機聯機,否則它會告訴你的主機不可達。如果你不能,那麼手動完成後,從從站獲取known_hosts文件並將其複製到從站中。

您可以驗證這一點。如果將控制檯連接到docker slave和ssh到master,它會要求您信任服務器並將其添加到已知主機。

來源

2016-12-27 10:41:26 Rik

+0

我使用'執行useradd命令詹金斯-m -s /斌/ bash'創建詹金斯用戶。此命令後,我嘗試添加'SSH-鍵掃描-H 192.168.99.100 >> /家庭/詹金斯/的.ssh/known_hosts'然後'運行ssh-鍵掃描-H 192.168.99.100 >> /home/jenkins/.ssh/ known_hosts'。兩者都無法建立。帶有'The命令'的運行版本/ bin/sh -c ssh-keyscan -H 192.168.99.100 >> /home/jenkins/.ssh/known_hosts'返回了一個非零代碼:1',沒有運行版本爲'Unknown指令:SSH-KEYSCAN'。如果我遺漏了一些通常所知的事情,我很抱歉。 – CosetteN

+0

你會得到一個錯誤(最好是運行命令作爲jenkins或添加known_hosts)。你可以從奴隸ssh到主嗎?如果是的話,它不應該要求你將主機添加到known_hosts – Rik

+0

你確實應該使用'RUN ssh-keyscan ...',但它實際上會掃描url。所以,如果主人不在線,它不會工作。你可以做的是在master和slave運行之後,ssh從slave到master,然後複製known_hosts文件並將其放入dockerfile – Rik

 相關問題

  • 暫無相關問題^_^