Deploying via Capistrano through Jenkins - SSH authentication failed

Asked 30/10, 2012 at 18:18 Answered 2/4, 2013 at 21:57

Solved ssh jenkins capistrano ssh-keys capifony

I've got a Jenkins build that runs a Capistrano deploy as a post-build action.

Running the Capistrano task as the Jenkins user from the console works absolutely fine and without a password prompt (I've previously set up SSH keys on both build and staging server). However, when running the same script through Jenkins, I suddenly get a password prompt and the build subsequently fails (no TTY present).

[workspace] $ /bin/sh -xe /tmp/hudson7321493219694918714.sh
Performing Post build task...
Match found for : : True
Logical operation result is TRUE
Running script  : cap _2.13.4_ deploy
[workspace] $ /bin/sh -xe /tmp/hudson1545664641721322948.sh
+ cap _2.13.4_ deploy
  * executing `deploy'
  * executing `deploy:update'
 ** transaction: start
  * executing `deploy:update_code'
    triggering before callbacks for `deploy:update_code'
[32m--> Updating code base with checkout strategy[0m
    executing locally: "git ls-remote [email protected]:my_project.git master"
    command finished in 1200ms
  * executing "git clone -q [email protected]:my_project.git /var/www/staging/my_project/releases/20121029223619 && cd /var/www/staging/my_project/releases/20121029223619 && git checkout -q -b deploy 1fb11d669a6cb5a714d077162305dfcfaba82f01 && (echo 1fb11d669a6cb5a714d077162305dfcfaba82f01 > /var/www/staging/my_project/releases/20121029223619/REVISION)"
servers: ["my.staging-server.com"]
Password: stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device

*** [deploy:update_code] rolling back
  * executing "rm -rf /var/www/staging/my_project/releases/20121029223619; true"
    servers: ["my.staging-server.com"]
 ** [deploy:update_code] exception while rolling back: Capistrano::ConnectionError, connection failed for: my.staging-server.com (Net::SSH::AuthenticationFailed: not-specified)
connection failed for: my.staging-server.com (Net::SSH::AuthenticationFailed: not-specified)
POST BUILD TASK : FAILURE

It looks like Ruby doesn't pick my SSH key up when running through Jenkins perhaps (Net::SSH::AuthenticationFailed: not-specified)?

Does anyone have an idea what might be going wrong here?

Blunt answered 30/10, 2012 at 18:18 Comment(5)

Running that exact same shell script that Jenkins generates in /tmp/hudson*.sh in the project's workspace as user jenkins works perfectly fine. What's also odd is that SSH'ing to the server works fine, but then cloning from git (git server on same remote machine as build target) fails (only when run in Jenkins build though). I'm confused. – Blunt 30/10, 2012 at 23:32

I think Jenkins runs as "root", so put an "env | sort" into your script before the "cap" command to have it print out the environment info, so you can see who the user is. I'm working on the same issue now. I'll let you know if I come up with something. – Stearne 9/11, 2012 at 21:9

Which user is your Capistrano script connecting as? It might be running the "git clone" as a different user if you don't specify who you connect as. It will default to the user that runs the Cap script from the deployment host. For example, this is our setup: server "#{deploy_user}@#{hostname}", :app, :db, :primary => true and set :deploy_user, ENV['USER']. – Stearne 10/11, 2012 at 0:13

Jenkins is probably using a jenkins or hudson user in your system. Home might be something like /val/lib/jenkins with a .ssh folder in it. You can allow login to this user modifying /etc/passwd, then sudo into it to experiment connection to your server, then to github.. – Baccarat 20/11, 2012 at 23:1

It's using the user jenkins, and as I've mentioned I've already successfully deployed as that user. Thanks anyway :) – Blunt 21/11, 2012 at 7:36

We ran into something similar to this. It's possible that the login shell for jenkins already has an ssh agent running automatically, but the context that jenkins spawns for your deployment does not.

Try starting one manually within your jenkins script:

# Start the ssh agent. Evaling the output will set the relevant environment 
# variables
eval `ssh-agent` 

# Add the default keys like id_rsa and id_dsa (or explicitly specify your key,
# if it's not a default)
ssh-add

# Your normal deploy script here

# Save the return value of your script
RETVAL=$?

# Clean up
kill $SSH_AGENT_PID

# Exit the script with the true return value instead of the return value of kill
# which could be successful even when the capistrano portion of the build has
# crashed
exit $RETVAL

Hope this works for you! Shells are annoying.

Ecbolic answered 2/4, 2013 at 21:57 Comment(0)

Unfortunately I resolved it only by replacing original deploy.rb before executing cap deploy with another one saved locally where I added set :password, "sshpassword"

Ferdinana answered 2/4, 2013 at 17:58 Comment(0)

Recommended topics

Hot tags