From a8f90e343fdee6ca9927096c5af68af33c75c89b Mon Sep 17 00:00:00 2001 From: Trevor Bramwell Date: Thu, 5 Dec 2019 06:47:07 -0800 Subject: [PATCH] Modify Jenkins OpenSSH Key Format for Gerrit Newer versions of openssh generate private keys in an 'openssh' format (see man 1 ssh-keygen: -o option), and not the classic PEM format. The PEM format is needed by the SSH library Jenkins uses (JSch) in order to read the private key from disk for the Gerrit plugin. This fixes the error seen from the logs: IOException: com.jcraft.jsch.JSchException: invalid privatekey Note: This was not changed in the Ansible task for generating user SSH keys, as there does not appear to be a way to specify the key format. Change-Id: I978f59b25f0ae17f56e03e898f896971c4c4b424 Signed-off-by: Trevor Bramwell --- init/playbooks/tasks/jenkins.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/init/playbooks/tasks/jenkins.yaml b/init/playbooks/tasks/jenkins.yaml index 7302089..6aafb27 100644 --- a/init/playbooks/tasks/jenkins.yaml +++ b/init/playbooks/tasks/jenkins.yaml @@ -9,6 +9,14 @@ uid: 1000 ssh_key_bits: 2048 ssh_key_file: '{{ jenkins_ssh_keyfile }}' +- name: Check private key format + shell: | + head -1 '{{ jenkins_ssh_keyfile }}' + register: jenkins_ssh_key_header +- name: Ensure keys is in PEM format (not new OpenSSH format) + shell: | + ssh-keygen -f '{{ jenkins_ssh_keyfile }}' -m PEM -p -P "" -N "" + when: (jenkins_ssh_key_header.stdout | regex_search("OPENSSH")) - name: Set Jenkins Workshop SSH Key fact set_fact: credentials_sshkey: "{{ lookup('file', jenkins_ssh_keyfile) }}" -- 2.16.6