From: Trevor Bramwell Date: Thu, 5 Dec 2019 14:47:07 +0000 (-0800) Subject: Modify Jenkins OpenSSH Key Format for Gerrit X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=a8f90e343fdee6ca9927096c5af68af33c75c89b;p=releng%2Fci-workshop.git Modify Jenkins OpenSSH Key Format for Gerrit Newer versions of openssh generate private keys in an 'openssh' format (see man 1 ssh-keygen: -o option), and not the classic PEM format. The PEM format is needed by the SSH library Jenkins uses (JSch) in order to read the private key from disk for the Gerrit plugin. This fixes the error seen from the logs: IOException: com.jcraft.jsch.JSchException: invalid privatekey Note: This was not changed in the Ansible task for generating user SSH keys, as there does not appear to be a way to specify the key format. Change-Id: I978f59b25f0ae17f56e03e898f896971c4c4b424 Signed-off-by: Trevor Bramwell --- diff --git a/init/playbooks/tasks/jenkins.yaml b/init/playbooks/tasks/jenkins.yaml index 7302089..6aafb27 100644 --- a/init/playbooks/tasks/jenkins.yaml +++ b/init/playbooks/tasks/jenkins.yaml @@ -9,6 +9,14 @@ uid: 1000 ssh_key_bits: 2048 ssh_key_file: '{{ jenkins_ssh_keyfile }}' +- name: Check private key format + shell: | + head -1 '{{ jenkins_ssh_keyfile }}' + register: jenkins_ssh_key_header +- name: Ensure keys is in PEM format (not new OpenSSH format) + shell: | + ssh-keygen -f '{{ jenkins_ssh_keyfile }}' -m PEM -p -P "" -N "" + when: (jenkins_ssh_key_header.stdout | regex_search("OPENSSH")) - name: Set Jenkins Workshop SSH Key fact set_fact: credentials_sshkey: "{{ lookup('file', jenkins_ssh_keyfile) }}"