Modify Jenkins OpenSSH Key Format for Gerrit

Newer versions of openssh generate private keys in an 'openssh' format
(see man 1 ssh-keygen: -o option), and not the classic PEM format.

The PEM format is needed by the SSH library Jenkins uses (JSch) in order
to read the private key from disk for the Gerrit plugin.

This fixes the error seen from the logs:

  IOException:
      com.jcraft.jsch.JSchException: invalid privatekey

Note: This was not changed in the Ansible task for generating user SSH
keys, as there does not appear to be a way to specify the key format.

Change-Id: I978f59b25f0ae17f56e03e898f896971c4c4b424
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>

diff --git a/init/playbooks/tasks/jenkins.yaml b/init/playbooks/tasks/jenkins.yaml
index 7302089..6aafb27 100644 (file)
--- a/init/playbooks/tasks/jenkins.yaml
+++ b/init/playbooks/tasks/jenkins.yaml
@@ -9,6 +9,14 @@
       uid: 1000
       ssh_key_bits: 2048
       ssh_key_file: '{{ jenkins_ssh_keyfile }}'
+- name: Check private key format
+  shell: |
+      head -1 '{{ jenkins_ssh_keyfile }}'
+  register: jenkins_ssh_key_header
+- name: Ensure keys is in PEM format (not new OpenSSH format)
+  shell: |
+      ssh-keygen -f '{{ jenkins_ssh_keyfile }}' -m PEM -p -P "" -N ""
+  when: (jenkins_ssh_key_header.stdout | regex_search("OPENSSH"))
 - name: Set Jenkins Workshop SSH Key fact
   set_fact:
       credentials_sshkey: "{{ lookup('file', jenkins_ssh_keyfile) }}"