Where should keys be placed on a Jenkins server?

Question

I cant get Jenkins to connect to my git repository. I suspect my problem is in the location of my keys. Where should I place the keys ? What I have read is that it should be placed in Jenkins home directory. Is that the directory that Jenkins is running as? /home/tomcat or what jenkins say is its home directory from the configure system /opt/bitnami/apps/jenkins/jenkins_home? Is it nessary to also have a config file in the same directory as the keys?

Answer 1

Zach, You may have solved this long ago, but just in case anyone else is looking for the answer, here is what worked for me. There isn't anything fancy here--if you can use git as user tomcat and interact with your git repo that is all there is to it. Don't do anything more in jenkins build jobs other than supplying a project repo location (no key setup or credentials, etc.) We will let git and ssh outside of Jenkins do all the work.

I use the bitnami jenkins AMI as well and indeed it runs Jenkins as a war app in Tomcat--so it runs as Tomcat.

• sudo su - tomcat
• update your path in .profile to have the bin location of git

PATH="/opt/bitnami/git/bin:$PATH"

'git --version' should work now as tomcat user, so do the typical git first time setup

• git config --global user.name "App User Name"
• git config --global user.email "app@dom.com" replace values to suite (DONT add these in Jenkins)
  • git config -l (should show these newly added values)

now the ssh setup

• create a .ssh dir in /home/tomcat
• cd .ssh
• upload your rsa keys (pub/private) to this dir
  • (important, set mod 600 on these files)
  • (also important, make sure the key has no passphrase)
• create file 'config' and add the following (replace host and private key name to suit)

Host bitbucket.org IdentityFile ~/.ssh/id_rsa

Final Check

• 'ssh -T git@bitbucket.org' (or what ever your git provider is) should return you as logged in as (your name), or some success message

(Optional)

I did the following to help verify my key setup and fingerprint, but I don't think it was essential.

• add the following to the end of your .bashrc file, log out and back in and run 'ssh-add -l'. you should see the fingerprint and your key file path/name--all should be well.

SSH_ENV=$HOME/.ssh/environment

# start the ssh-agent
function start_agent {
    echo "Initializing new SSH agent..."
    # spawn ssh-agent
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    echo succeeded
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
    /usr/bin/ssh-add
}

if [ -f "${SSH_ENV}" ]; then
     . "${SSH_ENV}" > /dev/null
     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
    }
else
    start_agent;
fi