Re: SSH Agent, z/OS USS, and git authentication problems

[Randall Becker]

That's what we were trying to do originally. There is a problem. When 
GitSCM creates the GIT_SSH content on z/OS agent the file name is encoded 
as an IBM1047 EBCDIC regardless of the -Dfile.encoding argument, even 
though the original private key and passphrase are coming from a 
UTF8/US-ASCII controller. When this goes to git and then SSH, the file is 
still encoded as IBM1047 and is when it hits the KEX code, fails. When we 
use the SSH Agent, this problem does not occur. I want to use the correct 
using GitSCM credential ID, but it does not work. I do not have a decent 
debug environment that would clearly demonstrate this, isolate the section 
of code where this is (not) happening, or allow me to easily fix this. The 
most important bit is that the private key should be encoded in UTF8 or 
US-ASCII when supplied to GIT_SSH, not the default encoding. Somehow, the 
SSH Agent Plugin does this correctly.

On Monday, 13 July 2020 17:41:07 UTC-4, Mark Waite wrote:
>
> If the operation you're performing is a checkout, why use the ssh-agent 
> wrapper?  Why not use the same credentials ID as an argument to checkout 
> rather than wrapping checkout in ssh-agent?
>
> On Mon, Jul 13, 2020 at 8:45 AM Randall Becker  > wrote:
>
>> I wish it was that simple. The issue definitely appears to be the 
>> encoding of the private key during a key exchange. When using SSH-Agent and 
>> git commands from within a shell in the pipeline, the authentication works 
>> fine. So this is likely an interaction with the GitSCM plugin not being 
>> aware of IBM-1047 encodings.
>>
>> On Sunday, 12 July 2020 16:08:31 UTC-4, Ivan Fernandez Calvo wrote:
>>>
>>> I think that this is the reason why it does not work 
>>> https://support.cloudbees.com/hc/en-us/articles/224910467-Why-am-I-unable-to-authenticate-via-sshagent-inside-docker-
>>>
>>> El sábado, 11 de julio de 2020, 22:25:08 (UTC+2), Randall Becker 
>>> escribió:

 I'm having issues trying to get an agent to authenticate using the SSH 
 Agent plugin on a R2.4 z/OS USS agent with a Docker Jenkins controller. 
 The 
 goal is to convince GitSCM to actually fetch properly. We get SSH 
 authentication errors no matter what happens. This is using Pipelines.

 I've tried 
 sshagent (credentials: ['mvs-randall']) {
 checkout([$class: 'GitSCM',
 branches: [[name: '*/development']],
 extensions: [
 [$class: 'CleanBeforeCheckout'],
 [$class: 'SubmoduleOption', 
 disableSubmodules: false, parentCredentials: true,
 recursiveSubmodules: true, 
 reference: '', trackingSubmodules: false]],
 doGenerateSubmoduleConfigurations: 
 false, submoduleCfg: [],
 userRemoteConfigs: [[url: 
 'g...@xx.xxx.xxx.xxx:proj/repo.git'']]])
 }
 and
 checkout([$class: 'GitSCM',
 branches: [[name: '*/development']],
 extensions: [
 [$class: 'CleanBeforeCheckout'],
 [$class: 'SubmoduleOption', 
 disableSubmodules: false, parentCredentials: true,
 recursiveSubmodules: true, 
 reference: '', trackingSubmodules: false]],
 doGenerateSubmoduleConfigurations: 
 false, submoduleCfg: [],
 userRemoteConfigs: [[credentialsId: 
 'mvs-randall',url: 'g...@xx.xxx.xxx.xxx:proj/repo.git']]])

 Both result in Permission denied (publickey).

 I've done the same thing on many other platforms with no problem. This 
 seems very R2.4 specific. There was a change in the supported file 
 encodings as well - we used to use -Dfile.encoding=utf8 in the agent 
 config 
 (because this is an IBM that likes EBCDIC), but had to move to 
 -Dfile.encoding=ISO8859-1 and everything seems messed up now. IBM had this 
 funky script they recommend that massages the key into an IBM-1047 
 encoding 
 but that does not help at all - in fact the GitSCM agent cannot process 
 any 
 results if that script is used.

 Help! 

 TIA,
 Randall

>>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkins...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-users/1ece555d-921d-4a66-ba9d-2afe1cf212fao%40googlegroups.com
>>  
>> 

Error running docker workflow plugin demo

[Robert Hafner]

I'm seeing the following error when attempting to run the docker workflow
plugin demo. Can you tell me how to resolve the dependency  issue?

make -C demo run

…



[INFO]


[INFO] BUILD FAILURE

[INFO]


[INFO] Total time:  10.456 s

[INFO] Finished at: 2020-07-16T08:29:22-04:00

[INFO]


[WARNING] The requested profile "consume-incrementals" could not be
activated because it does not exist.

[WARNING] The requested profile "might-produce-incrementals" could not be
activated because it does not exist.

[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-dependency-plugin:2.5.1:get (default-cli) on
project standalone-pom: Couldn't download artifact: Could not find artifact
org.jenkins-ci.plugins:docker-commons:hpi:1.7 in central (
https://repo.maven.apache.org/maven2)

[ERROR]

[ERROR] Try downloading the file manually from the project website.

[ERROR]

[ERROR] Then, install it using the command:

[ERROR] mvn install:install-file -DgroupId=org.jenkins-ci.plugins
-DartifactId=docker-commons -Dversion=1.7 -Dpackaging=hpi
-Dfile=/path/to/file

[ERROR]

[ERROR] Alternatively, if you host your own repository you can deploy the
file there:

[ERROR] mvn deploy:deploy-file -DgroupId=org.jenkins-ci.plugins
-DartifactId=docker-commons -Dversion=1.7 -Dpackaging=hpi
-Dfile=/path/to/file -Durl=[url] -DrepositoryId=[id]

[ERROR]

[ERROR]

[ERROR]   org.jenkins-ci.plugins:docker-commons:hpi:1.7

[ERROR]

[ERROR] from the specified remote repositories:

[ERROR]   central (https://repo.maven.apache.org/maven2, releases=true,
snapshots=false)

[ERROR]

[ERROR] -> [Help 1]

[ERROR]

[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.

[ERROR] Re-run Maven using the -X switch to enable full debug logging.

[ERROR]

[ERROR] For more information about the errors and possible solutions,
please read the following articles:

[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CAO73kxCj1qg%3Dayv-_3m%2By7X1_8ha_sBnCvLoMT4bB3JLZfzJBg%40mail.gmail.com.

Docker workflow plugin - volume leak

[Robert Hafner]

In our use of the docker workflow plugin we are seeing that volumes are being 
leaked when the container is removed. Is there an option that can be specified 
in a pipeline script that will result in the docker workflow plugin running the 
docker rm command with the -v option?
 
The problem that we are experiencing seems similar in nature to the following 
JIRA issues that have been open for some time.
https://issues.jenkins-ci.org/browse/JENKINS-46006
https://issues.jenkins-ci.org/browse/JENKINS-28646
 
We may be willing to contribute an enhancement to the plugin to support the -v 
option on the docker rm command if there isn’t a way to do that already.  We 
are considering something along the lines of the following. Would this change 
be acceptable?
 
stage("Integration Tests") { 
  agent { 
docker { 
  image("${params.KIND_DOCKER_CONTAINER}") 
  alwaysPull true 
  reuseNode true 
  removeVolume true // New parameter? 
  args "-u root --privileged -v ${env.WORKSPACE}:/workspace" 
} 
  } 
  steps
  {
...
  }
} 
 
Thanks,
Rob

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/72e69bd7-f4f6-4d0d-b013-b8e2eaf6412eo%40googlegroups.com.

Re: How to pull parameters from excel sheet and pass it to job

[Braj Mohan]

Hi All, You can pull the parameter from excel using shell script below is
the code please check here i am using a google spreadsheet and fetch the
particular field, you can fetch multiple fields also

#URL=
https://docs.google.com/spreadsheets/d/e/2PACX-1vTSkSdNFjtRjZGzsf5NO3TJdaMeBNTYplU8EdN0iXUQXFMVIsdmf9N0g6X1eUYFpchxhE4/pub?output=txt

#URL=
https://docs.google.com/spreadsheets/d/e/2PACX-1vTSkSdNFjtRjwYt7wpjZGzsf5NO3TJYplU8EdN0iXUQXFMVIsdmf9N0g6X1eUYFpchxhE4/pub?output=txt

RESULT=$(wget --no-check-certificate -q -O - $URL | sed '1 d' | cut -f7 )
echo ${RESULT} >/var/lib/jenkins/workspace/output/FrameWork.txt


RESULT1=$(wget --no-check-certificate -q -O - '
https://docs.google.com/spreadsheets/d/e/2PACX-1vTn0s1SuFDDo6M2C1Ey_hrP9rxlb-Uap2ciD77GZdvjZeWzf_mk0fPrHgVa0W5EYM/pub?gid=1140914179=txt'
| sed '1 d' | cut -f7 )
echo ${RESULT1} >/var/lib/jenkins/workspace/output/output.txt

hope this will work for you

Thanks

B.M. Wadia


On Thu, Jul 16, 2020 at 1:30 AM Slide  wrote:

> Also, can you show how you would want something like this to work?
>
> On Wed, Jul 15, 2020 at 12:16 PM 'David Riemens' via Jenkins Users <
> jenkinsci-users@googlegroups.com> wrote:
>
>> Is XLS a requirement?
>>
>> If not too difficult you could go for a simpler format (INI ?) that you
>> could parse using some relatively simple Groovy code ?
>>
>>
>>
>>
>>
>>
>>
>> *From: *Slide 
>> *Sent: *Wednesday, July 1, 2020 21:56
>> *To: *Jenkins User Mailing List 
>> *Subject: *Re: How to pull parameters from excel sheet and pass it to job
>>
>>
>>
>> I don't think there is a way to do this right now.
>> https://plugins.jenkins.io/ui/search?query=excel
>>
>>
>>
>> You may need to do something in a shared library or something similar.
>>
>>
>>
>> On Wed, Jul 1, 2020 at 12:45 PM Devops-warrior 
>> wrote:
>>
>> I have a job which will deploy web, app and DB servers into AWS cloud. As
>> of now we are taking Ip's for each server from Network team and passing
>> manually in build paremeters. Can someone help me? how to pull parameters
>> from excel sheet and pass it on to jenkins job.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-users/73b11319-7504-4539-9758-4f1100e79236o%40googlegroups.com
>> 
>> .
>>
>>
>>
>>
>> --
>>
>> Website: http://earl-of-code.com
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVeE48U53fp7k-%3D72GwjF6%3DTAHuijShuVaOdSirsiEEGMw%40mail.gmail.com
>> 
>> .
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-users/5f0f5621.1c69fb81.ee4cb.492fSMTPIN_ADDED_MISSING%40gmr-mx.google.com
>> 
>> .
>>
>
>
> --
> Website: http://earl-of-code.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVcafOG%2BdjeRf0b5b%2BPzPRVrZH_%2B2oA0niTmhbQE%2BYpiEg%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CAPEKM0puP6c7UdaXGbnYv7t0GSDtqXX%3D11kMWAiibHmiq8LfOg%40mail.gmail.com.

Need help - build "Execute Shell"

[Shrikant Nayak]

Jenkins ver. 2.190.3  on RHEL-7.7

Hello Jenkins Gurus / Users,
Has anyone come across similar issues as me & resolved? 
ssh password less connection works fine (using rsa public key).
my shell script works fine if I run from command prompt in Jenkins system; 
However the same script fails through Jenkins job. Please see part of the 
console output for the error; the job is successful, but it does not copy 
intended file to the remote host. 


debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c00
debug1: Authenticating to Host1:22 as 'xyz'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac...@openssh.com 
compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac...@openssh.com 
compression: none
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa 
SHA256:DZ+zWvrtcOKUjQqdV68PgiRjDI1F3mJtBhVoXq5uGhk
debug1: Host 'Host1' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:10
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
Finished: SUCCESS


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/9849c714-ef74-4a3e-9cc3-0c7f15d508b7o%40googlegroups.com.

Need Help - Build "Execution Shell - scp failing"

[shrik...@gmail.com]

Environment: Jenkins ver. 2.190.3 on RHEL7.7

SSH password less connection works fine using rsa public key and the shell 
script works fine as expected from command prompt from Jenkins system. 
However the script fails through Jenkins job. Please see part of the 
console output (for the error) as below.
Copying "file-1" to Remote-Host1
Executing: program /usr/bin/ssh host Remote-Host1, user user1, command scp 
-v -t /tmp
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to Remote-Host1 [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c00
debug1: Authenticating to Remote-Host1:22 as 'user1'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac...@openssh.com 
compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac...@openssh.com 
compression: none
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa x
debug1: Host 'Remote-Host1' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:10
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
file-1.txt Copied to Remote-Host1
FILE MOVED TO /tmp
Finished: SUCCESS

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/bc9240fd-e93d-489e-85d7-26530e116e27n%40googlegroups.com.