K
Q

Jenkins Kubernetes Plugin - sshagent to git clone terraform module

8/14/2019

I am attempting to use sshagent in Jenkins to pass my private key into the terraform container to allow terraform to source a module in a private repo.

stage('TF Plan') {
  steps {
    container('terraform') {
      sshagent (credentials: ['6c92998a-bbc4-4f27-b925-b50c861ef113']){
        sh 'ssh-add -L'
        sh 'terraform init'
        sh 'terraform plan -out myplan'
      }
    }
  }      
}

When running the job it fails with the following output:

[ssh-agent] Using credentials (id_rsa_jenkins)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Exec ssh-agent (binary ssh-agent on a remote machine)
Executing shell script inside container [terraform] of pod [gcp-tf-builder-h79rb-h5f3m]
Executing command: "ssh-agent" 
exit
SSH_AUTH_SOCK=/tmp/ssh-2xAa2W04uQV6/agent.20; export SSH_AUTH_SOCK;
SSH_AGENT_PID=21; export SSH_AGENT_PID;
echo Agent pid 21;
SSH_AUTH_SOCK=/tmp/ssh-2xAa2W04uQV6/agent.20
SSH_AGENT_PID=21
Running ssh-add (command line suppressed)
Identity added: /home/jenkins/agent/workspace/demo@tmp/private_key_2729797926.key (user@workstation.local)
[ssh-agent] Started.
[Pipeline] {
[Pipeline] sh
+ ssh-add -L
ssh-rsa REDACTED user@workstation.local
[Pipeline] sh
+ terraform init
[0m[1mInitializing modules...[0m
- module.demo_proj
  Getting source "git::ssh://git@bitbucket.org/company/terraform-module"
[31mError downloading modules: Error loading modules: error downloading 'ssh://git@bitbucket.org/company/deploy-kickstart-project': /usr/bin/git exited with 128: Cloning into '.terraform/modules/e11a22f40c64344133a98e564940d3e4'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
[0m[0m
[Pipeline] }
Executing shell script inside container [terraform] of pod [gcp-tf-builder-h79rb-h5f3m]
Executing command: "ssh-agent" "-k" 
exit
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 21 killed;
[ssh-agent] Stopped.

I've triple checked and I am for sure using the correct key pair. I am able to git clone locally from my mac to the repo with no issues.

An important note is that this Jenkins deployment is running within Kubernetes. The Master stays up and uses the Kubernetes plugin to spawn agents.

What does the Host key verification failed. error mean? From my research it can be due to known_hosts not properly being set. Is ssh-agent responsible for that?

-- glux
jenkins
jenkins-plugins
kubernetes
ssh-agent
terraform

Similar Questions

How to run async task in background?
How to secure Kibana dashboard using keycloak-gatekeeper?
K8S use volume to keep DB data
Running mongo with persistent volume throws error - Kubernetes
Unable to create a namespace for AKS cluster using Terraform reports no such host

1 Answer

8/15/2019

Turns out it was an issue with known_hosts not being set. As a workaround we added this to our jenkinsfile

  environment {
    GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
  }
-- glux
Source: StackOverflow