What went wrong
I have a ubuntu 12.10 server.
I installed Jenkins and Nginx in the same server.
The /var/virtual where Nginx is supposed to server files from has a permission settings of www-data:www-data
The user jenkins is running Jenkins the software.
This is my target written in phing build.xml
<target name="gitclone">
<echo msg="gitclone ${environment.branch} branch code to ${environment} environment" />
<exec command="ssh -A ${host-used} 'git clone -b ${repository-uri} ${environment.branch} ${environment.sitedir}${build.time}'"
outputProperty="result" escape="false"/>
<echo msg="${result}" />
<echo msg="update all the submodules after gitclone" />
<exec dir="${environment.sitedir}${build.time}" command="ssh -A ${host-used} 'git submodule update --init --recursive'" outputProperty="result" escape="false" />
<echo msg="${result}" />
</target>
This is my console output from jenkins:
[echo] gitclone master branch code to production environment
[echo] Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
[echo] update all the submodules after gitclone
Execution of target "gitclone" failed for the following reason: /var/lib/jenkins/jobs/abc-master/workspace/build.xml:116:48: '/var/virtual/abc.com/2013_01_11_07_45_35' is not a valid directory
What I tried
I googled around and then I saw this github article on ssh agent forwarding.
This is what I tried.
I ssh into my server as jenkins.
Then I typed
ssh -T www-data@xxx.xx.xxx.xx
I was prompted for www-data@xxx.xx.xxx.xx password which I then gave. Note that xxx.xx.xxx.xx from now onwards refer to the ip address of the same server.
I successfully logged in as www-data, so I exited www-data@xxx.xx.xxx.xx. Now back in server as jenkins user.
Now I try
echo "$SSH_AUTH_SOCK"
I got nothing.
I went inside /var/lib/jenkins/.ssh/config and typed the following:
Host xxx.xx.xxx.xx
ForwardAgent yes
IdentityFile /var/lib/jenkins/.ssh/id_rsa
StrictHostkeyChecking no
Build Jenkins job again. Fail.
Then I thought maybe I need to set the authorized_keys inside www-data ~/.ssh/authorized_keys file so that whenever we go from jenkins@xxx.xx.xxx.xx to www-data@xxx.xx.xxx.xx, I won't get prompted for password.
So as jenkins, I typed
cat ~/.ssh/id_rsa.pub | ssh www-data@xxx.xx.xxx.xx 'cat >> .ssh/authorized_keys'
Then I typed
ssh -T www-data@xxx.xx.xxx.xx
I was prompted for www-data@xxx.xx.xxx.xx password which I then gave.
I successfully logged in as www-data without getting prompted for password this time, so I exited www-data@xxx.xx.xxx.xx. Now back in server as jenkins user.
Build Jenkins job again. Fail.
As jenkins, I typed
echo "$SSH_AUTH_SOCK"
Nothing was seen.
Tried
ssh-add -L
Got
Could not open a connection to your authentication agent.
Edited /etc/ssh/sshd_config and added
AllowAgentForwarding yes
Checked /etc/ssh/ssh_config. No ForwardAgent no setting.
Build Jenkins job again. Fail.