Geek Answers Handbook

Git clone on master jenkins, copy to subordinate

I installed a CI server with jenkins and a slave with a replica of our production environment. I am facing an unpleasant problem: Jenkins seems to be running git clone on a slave, which means that every slave needs to add it to GitHub.

It sounds like a rather strange architecture to me. I would prefer the main server (which has all my credentials) to clone / checkout and copy the workspace to the slave. But after quite a lot of Google, I have not found a way to do this yet. I found Copy to slave plugin , but this does not prevent the slave from crashing on git clone .

Hopefully someone knows a way to achieve this, because setting up GitHub publickeys for each slave sounds funny.

+7
git github jenkins
source share
2 answers

Jenkins apparently runs a git clone on a slave, which means that every slave needs to add it to GitHub.

Why not use a single deployment key (for all Jenkins agents) to access your repo?

A deployment key is an SSH key that is stored on the server and provides access to a single repository on GitHub.
This key is attached directly to the repository, and not to the user account.

Pros

  • Anyone with access to the server has access to repository deployment
  • Users do not need to change their local SSH settings.

Against

  • Key deployment provides only access to one repository; more complex projects can have many repositories to bring them to the same server.
  • The key has full read / write access to the repository
  • Key deployment is usually not protected by a passphrase, which makes the key available if the server is compromised.

Another approach is to use the Credentials Jenkins plugin (initialized in February 2012 ), which allows you to store credentials in the Jenkins master class .

A single point to manage all credentials. Change it in one place and you're done.

Starting with version 1.5, the plugin now supports categorization of credentials into different "domains", to allow plugins to limit the choice of credentials to only those that are suitable.

When a plugin requests a list of credentials, it can add some specifications about where and how credentials will be used.

Credential configuration example:

https://wiki.jenkins-ci.org/download/attachments/59511751/Screen+Shot+2013-08-07+at+13.50.42.png?version=1&modificationDate=1375880556000

+4
source share

This has been fixed in recent releases of Jenkins by centralizing credentials on the core server.

+4
source share

More articles:


All Articles