Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

use gcloud with Jenkins

Tags:

jenkins

gcloud

I've been trying to write a script that polls Google Cloud Storage periodically. This works fine when I run it normally, but if I include it as a build step in Jenkins, it gives a 403 Forbidden error. This is because there's no gcloud auth login process completed for the Jenkins user, which requires a verification code to be copied..how do I do that using Jenkins ?

EDIT:

I tried the steps at: https://cloud.google.com/storage/docs/authentication#service_accounts and downloaded a JSON key that looks like: 

{"web":{"auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","client_email":"[email protected]","client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/[email protected]","client_id":"....project.googleusercontent.com","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs"}}

which is darn strange because all of the links point to stuff like bad request, invalid request..I must be doing something wrong. The command I ran was:

gcloud auth activate-service-account [email protected] --key-file /var/lib/jenkins/....project.googleusercontent.com.json
like image 341
previouslyactualname Avatar asked Feb 06 '15 00:02

previouslyactualname

People also ask

Can Jenkins run on cloud?

The Cloud Native group of contributors and collaborators focuses on improving Jenkins to run on Cloud environments as a "Cloud Native" application.

1 Answers

Your best bet is probably to use a "service account" to authenticate gcloud/gsutil with the GCS service. The major steps are to use generate a JSON-formated private key following the instructions here:

https://cloud.google.com/storage/docs/authentication#service_accounts

Copy that key to a place where the Jenkins user can read it, and as the Jenkins user run

gcloud auth activate-service-account ...

(See https://cloud.google.com/storage/docs/authentication#service_accounts). Note that support for JSON key files is pretty new and you'll need an up-to-date gcloud release.

From there your Jenkins process should be able to access GCS as usual.

The key file should have the following format:

{
  "private_key_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "private_key": "-----BEGIN PRIVATE KEY-----\n ...  \n-----END PRIVATE KEY-----\n",
  "client_email": "[email protected]",
  "client_id": "..."
  "type": "service_account"
}
like image 186
Jeffrey Vaughan Avatar answered Nov 15 '22 16:11

Jeffrey Vaughan
Sign in to Comment

Related questions

Calling SSH command from Jenkins
Accessing Jenkins API from AngularJS
How do you manage multiple releases in multiple environments in continuous integration/delivery?
Monitor a repository in Jenkins, but don't pull
Run tests inside Docker container with Jenkins
How to resolve stderr: fatal: Not a valid object name HEAD in jenkins?
How to display multi Jenkins jobs execution status in all node?
Is there a way to add pre-build step for Jenkins pipeline?
How to use unit test cases (added to a development pod as test_spec) in the main app target?
Vivado Synthesis hangs in Docker container spawned by Jenkins
Integrating an eclipse/cdt-based build into continuous integration
How can I get jenkins build number, svn revision number... and display it on my JSF page?
How Can I have job scope Credentials in Jenkins?
How to repeat a stage in Jenkins Workflow
In Jenkins, does a multibranch pipeline support Git tags?
Feedback Loop implementation in CI/CD pipeline using Jenkins and kubernetes
passing variables beetwen groovy files
Replacement for chmod --reference on OS X?
Jenkins Issue: hudson.remoting.ChannelClosedException: channel is already closed
Accessibility settings for non-GUI apps using AppleScript in OSX Mavericks?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!