I am trying to integrate chef with Jenkins.
My scenario is, I have created few recipes in Chef and want to execute the chef run list through Jenkins. I have installed ch
"Host key verification failed error" is quite clear, your jenkins host do not know the target server.
on your jenkins host (as jenkins user) run ssh-keyscan target_host > ~/.ssh/known_hosts
and then retry and it should work as expected.
Edit: the keyscan could be a task in jenkins itself. For the path I assumed you were running jenkins on a linux box, adapt to jenkins user home path if needed or use %HOME% in place of ~
The chef integration plugin uses command line ssh
to connect from Jenkins to the client machine to run sudo chef-client
. You need to complete this ssh
connection and a sudo
command without any password prompts from the Jenkins host, as the user you run Jenkins with first to confirm the Jenkins web interface will be able to do it.
The following is basically the same as the knife ssh
setup from a chef server to nodes, except you are replacing the chef server/user with the jenkins server/user.
Log into a terminal on your jenkinshost, as the Jenkins user.
If you don't already have a private/public key setup, generate one.
ssh-keygen -t rsa -b 2048 -C "jenkinuser@jenkinshost" -N ''
Then add the public key id_rsa.pub
to chefuser@clienthost's ~/.ssh/authorized_keys
file.
ssh-copy-id chefuser@clienthost
You may need to do this manually if you can't already login to clienthost with ssh
.
Clean up any traces of old clients (your error message indicates this might be an issue)
ssh-keygen -R clienthost
Test the ssh
connection, and accept the host key.
ssh chefuser@clienthost
Now on clienthost, setup sudo
so chefuser
can run chef-client
as root
visudo
Then add the line (Your chef-client
path might be different)
chefuser ALL=(ALL) NOPASSWD: /usr/local/bin/chef-client
On jenkinshost, confirm ssh chefuser@clienthost sudo chef-client -v
runs without password prompts.
$ ssh chefuser@clienthost sudo /usr/local/bin/chef-client -v
Chef: 11.16.0
Once you can do that, the Jenkins plugin should be able to as well.
Every machine you want to run chef-client on from Jenkins will need that public key added and the manual ssh
connection tested until it works without prompting you.
Unfortunately that Jenkins chef plugin doesn't allow you many config options for the ssh connection so you have to either rely on the one default key for the Jenkins user for everything (id_rsa
) or say you wanted to use a different key on each host, configure host specific ssh connection details via ssh_config in ~/.ssh/config