Project

General

Profile

Bug #3725

Jenkins isn't using the credentials store for uploading to rita.osmocom.org

Added by osmith about 1 month ago. Updated about 1 month ago.

Status:
New
Priority:
High
Assignee:
Target version:
-
Start date:
12/12/2018
Due date:
% Done:

0%

Spec Reference:

Description

The jenkins jobs generated by osmo-ci.git/jobs/master-buils.yml need to be able to upload artifacts to rita.osmocom.org (generated PDF manuals, generated firmware files).
Right now, we have the SSH keys of each build slave configured in the authorized_keys of rita.osmocom.org, but that does obviously not scale.

laforge wrote in #3720:

The proper solution is to use the jenkins server credentials store, which will hold the private key and provision it to the client via ssh-agent. That way the client can upload to the server, and no per-slave configuration is required on the ftp server.

Some of the scripts that require the SSH keys are running in docker. Right now we are mounting ~/.ssh in the containers, using the ssh-agent should be possible when mounting the socket and passing the environment variable:

docker run --rm -it --name container_name \
-v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) \
-e SSH_AUTH_SOCK=$SSH_AUTH_SOCK my_image

(found here)


Related issues

Related to Cellular Network Infrastructure - Bug #3720: Jenkins can't upload to rita.osmocom.orgResolved2018-12-06

Related to Cellular Network Infrastructure - Feature #3385: Move project specific manuals from osmo-gsm-manuals to each respective git repositoryResolved2018-07-06

Related to Cellular Network Infrastructure - Bug #3726: Jenkins: build all Osmocom projects in docker, not only someNew2018-12-12

History

#1 Updated by osmith about 1 month ago

  • Subject changed from Jenkins isn't using SSH Agent for uploading to rita.osmocom.org to Jenkins isn't using the credentials store for uploading to rita.osmocom.org

#2 Updated by osmith about 1 month ago

  • Related to Bug #3720: Jenkins can't upload to rita.osmocom.org added

#3 Updated by osmith about 1 month ago

  • Related to Feature #3385: Move project specific manuals from osmo-gsm-manuals to each respective git repository added

#4 Updated by osmith about 1 month ago

laforge: reading the ML thread again, you proposed separating the "publish artifacts" code and running it outside of Docker after the build. That would be a lot more effort. What do you think about simply passing the socket as described above, if it works?

#5 Updated by osmith about 1 month ago

  • Related to Bug #3726: Jenkins: build all Osmocom projects in docker, not only some added

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)