Menu
I've set up a CI server running jenkins and a slave with a replica of our production environment. I'm running into a pesky little problem though: Jenkins apparently runs git clone on the slave which would mean that every slave should have it's publickey added to GitHub.
To me this sounds like a pretty weird architecture design. I would prefer the master server (which has all my credentials) to clone/checkout and copy the workspace to the slave. But after quite some Googling I haven't found a way to do this yet. I have found the Copy to slave plugin but that doesn't prevent the slave from failing on a git clone.
I hope someone know a way to achieve this because setting up GitHub publickeys for every slave sounds ridiculous.
675
Configuring Git with Jenkins Now open your project and go to configure. Step 2: Give the repository Url in Source Code Management, repository Url can be fetched by clicking on clone and download option of Github and you have to select the SSH Url. Also, add credentials there of Jenkins.
The Jenkins master acts to schedule the jobs, assign slaves, and send builds to slaves to execute the jobs. It will also monitor the slave state (offline or online) and get back the build result responses from slaves and the display build results on the console output.
Jenkins can handle 100+ machines and distributes the workload to them automatically. This can create various build sections that supports all the environments that you need to run build/test within. It has the capability to configure slaves on cloud platform (like Amazon EC2/SaaS) and build the test.
Jenkins apparently runs git clone on the slave which would mean that every slave should have it's publickey added to GitHub.
Why not use one deployment key (for all Jenkins agent to use) for accessing your repo?
A deploy key is an SSH key that is stored on the server and grants access to a single repository on GitHub.
This key is attached directly to the repository instead of to a user account.Pros
- Anyone with access to the server has access to deploy the repository
- Users don't have to change their local SSH settings
Cons
- Deploy keys only grant access to a single repository, more complex projects may have many repositories to pull to the same server
- The key has full read/write access to the repository
- Deploy keys are usually not protected by a passphrase, making the key easily accessible if the server is compromised
The other approach is to use the Credentials Jenkins plugin (initialized in February 2012), which allows to store credentials in Jenkins master.
A single point for managing each credential. Change it in one place and you are done.
As of version 1.5, the plugin now supports categorizing credentials into different "domains" in order to allow plugins to restrict the choice of credentials to only those that are appropriate.
When a plugin is asking for a list of credentials, it can add some specifications about where and how the credential will be used.
Example of Credential Domain configuration:
61
This is fixed in recent Jenkins releases by centralizing credentials on master.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
