javajenkinssshjenkins-pluginsjenkins-job-builder

jenkins-job-builder generates wrong xml when using credentials plugin


We are using jenkins-job-builder in order to generate jenkins jobs, and we have an ongoing issue when we try to user ssh-credentials plug-in. When we create a new job which tries to use an ssh key the job fails with java.io.IOException: [ssh-agent] Could not find specified credentials but if we hit Configure and Save it starts working.

In the credentials.xml the key definition looks like this:


 <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.15">
          <scope>GLOBAL</scope>
          <id>jenkins-key</id>
          <description>Jenkins user private key</description>
          <username>root</username>
          <privateKeySource class="com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource">
            <privateKey>{A_WORKING_PRIVATE_KEY}</privateKey>
          </privateKeySource>
   </com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey>

Regarding the documentation (https://docs.openstack.org/infra/jenkins-job-builder/wrappers.html?highlight=credentials#wrappers.ssh-agent-credentials) a job definition which uses the defined credential should look like this:

- wrapper:
    name: jenkins-key
    wrappers:
      - ssh-agent-credentials:
          user: 'root'

[...]

- job:
    name: jobxyz
    disabled: false
    project-type: freestyle
    node: jenkins-slave
    wrappers:
        - jenkins-key
    builders:
      - shell: |
          [...]

The corresponding part from the generated jobs xml looks like this:

   <buildWrappers>
      <com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper>
        <user>root</user>
        <ignoreMissing>false</ignoreMissing>
      </com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper>
    </buildWrappers> 

But when we try to run the job we get the above mentioned error :

FATAL: 
java.io.IOException: [ssh-agent] Could not find specified credentials
    at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:209)
    at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:498)
    at hudson.model.Run.execute(Run.java:1818)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:97)
    at hudson.model.Executor.run(Executor.java:429)
FATAL: [ssh-agent] Could not find specified credentials
java.io.IOException: [ssh-agent] Could not find specified credentials
    at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:209)
    at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:498)
    at hudson.model.Run.execute(Run.java:1818)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:97)
    at hudson.model.Executor.run(Executor.java:429)
Finished: FAILURE

If we go to the jenkins webpage, and hit configure & save without changing anything in the configuration, the new xml for the job changes to:

  <buildWrappers>
      <com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper plugin="ssh-agent@1.17">
        <credentialIds>
          <string>jenkins-key</string>
        </credentialIds>
        <ignoreMissing>false</ignoreMissing>
      </com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper>
    </buildWrappers>

I am pretty sure that this shouldn't work like this, but I am a bit uncertain about what to do next. Here are some versions:

Jenkins Job Builder version: 2.10.1

Jenkins ver. 2.172

SSH Credentials version: 1.15


Solution

  • It seems at the end of the day the solution is to forget using the credentials wrapper, and instert the raw xml instead:

    wrappers:
            - raw:
                xml: |
                  <com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper plugin="ssh-agent@1.17">
                      <credentialIds>
                          <string>jenkins-key</string>
                      </credentialIds>
                      <ignoreMissing>false</ignoreMissing>
                  </com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper>
    

    This generates correct xml.