Chef Integration with Jenkins

后端 未结 2 574
别跟我提以往
别跟我提以往 2021-02-11 01:48

I am trying to integrate chef with Jenkins.

My scenario is, I have created few recipes in Chef and want to execute the chef run list through Jenkins. I have installed ch

相关标签:
2条回答
  • 2021-02-11 02:25

    "Host key verification failed error" is quite clear, your jenkins host do not know the target server.

    on your jenkins host (as jenkins user) run ssh-keyscan target_host > ~/.ssh/known_hosts and then retry and it should work as expected.

    Edit: the keyscan could be a task in jenkins itself. For the path I assumed you were running jenkins on a linux box, adapt to jenkins user home path if needed or use %HOME% in place of ~

    0 讨论(0)
  • 2021-02-11 02:36

    The chef integration plugin uses command line ssh to connect from Jenkins to the client machine to run sudo chef-client. You need to complete this ssh connection and a sudo command without any password prompts from the Jenkins host, as the user you run Jenkins with first to confirm the Jenkins web interface will be able to do it.

    The following is basically the same as the knife ssh setup from a chef server to nodes, except you are replacing the chef server/user with the jenkins server/user.

    Log into a terminal on your jenkinshost, as the Jenkins user.

    1. If you don't already have a private/public key setup, generate one.

      ssh-keygen -t rsa -b 2048 -C "jenkinuser@jenkinshost" -N ''
      

      Then add the public key id_rsa.pub to chefuser@clienthost's ~/.ssh/authorized_keys file.

      ssh-copy-id chefuser@clienthost
      

      You may need to do this manually if you can't already login to clienthost with ssh.

    2. Clean up any traces of old clients (your error message indicates this might be an issue)

      ssh-keygen -R clienthost
      
    3. Test the ssh connection, and accept the host key.

      ssh chefuser@clienthost
      
    4. Now on clienthost, setup sudo so chefuser can run chef-client as root

      visudo
      

      Then add the line (Your chef-client path might be different)

      chefuser ALL=(ALL) NOPASSWD: /usr/local/bin/chef-client
      
    5. On jenkinshost, confirm ssh chefuser@clienthost sudo chef-client -v runs without password prompts.

      $ ssh chefuser@clienthost sudo /usr/local/bin/chef-client -v
      Chef: 11.16.0
      

    Once you can do that, the Jenkins plugin should be able to as well.

    Every machine you want to run chef-client on from Jenkins will need that public key added and the manual ssh connection tested until it works without prompting you.

    Unfortunately that Jenkins chef plugin doesn't allow you many config options for the ssh connection so you have to either rely on the one default key for the Jenkins user for everything (id_rsa) or say you wanted to use a different key on each host, configure host specific ssh connection details via ssh_config in ~/.ssh/config

    0 讨论(0)
提交回复
热议问题