Unable to access git repo setup in Stash from Jenkins

I have generated an ssh key from my jenkins server and added it to my profile in Stash.(version 2.3)

I have also created a .netrc file in my user.home for permanent auth.

I am using http to pull code in my jenkins job configuration and I am facing this error.

Cloning repository http://user1@10.1.x.x:7990/scm/sw/myrepo.git

git --version

git version 1.8.2.1

ERROR: Error cloning remote repo 'myrepo' : Could not clone http://user1@10.1.x.x:7990/scm/sw/myrepo.git

hudson.plugins.git.GitException: Could not clone http://user1@10.1.x.x:7990/scm/sw/myrepo.git

at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.clone(CliGitAPIImpl.java:219)

at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:1001)

at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:942)

at hudson.FilePath.act(FilePath.java:842)

at hudson.FilePath.act(FilePath.java:824)

at hudson.plugins.git.GitSCM.determineRevisionToBuild(GitSCM.java:942)

at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1101)

at hudson.model.AbstractProject.checkout(AbstractProject.java:1256)

at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:589)

at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:88)

at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:494)

at hudson.model.Run.execute(Run.java:1502)

at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:477)

at hudson.model.ResourceController.execute(ResourceController.java:88)

at hudson.model.Executor.run(Executor.java:236)

Caused by: hudson.plugins.git.GitException: Command "/usr/local/bin/git clone --progress -o myrepo http://user1@10.1.x.x:7990/scm/sw/myrepo.git /jenkins/jobs/myrepo_GIT_CI/workspace" returned status code 128:

stdout: Cloning into '/jenkins/jobs/myrepo_GIT_CI/workspace'...

stderr: fatal: Authentication failed

4 answers

1 accepted

This widget could not be displayed.

Actually, Jenkins supports http authentication just fine. Something like this should be your git url:

http://stashaccount:stashpassword@stash.yourcompany.com/scm/project/repo.git

I created an observer account for Jenkins in Stash, using the internal directory called "jenkins.builder" for the sole purpose of embedding in Jenkins builds.

I have setup the observer account now. This actually limits the risk with password being in plain text. Thanks Kelly !

This widget could not be displayed.

Hi Suresh,

Firtly, given that you're cloning over http your ssh profile key isn't going to help unfortunately. How have you configured the Jenkins job? Have you added the correct username/password to the configuration screen; using .netrc isn't the normal procedure and will probably be ignored.

Cheers,

Charles

Cloning over http is some thing I have decided to stick to and make it work before I think of ssh. The password option is not present in the jenkins git plugin.

I have done one thing which has unblocked me now which is

http://username:password@10.1.x.x:7990/scm/sw/myrepo.git

By passing the password as plain text as a part of the url itself , it works.

I am afraid this cannot be our permanent solution.

Hi Suresh,

My apologies. After doing some more reading it appears Jenkins (still?!?) doesn't allow credentials for http, and that updating the .netrc file is the suggested work around (unless you're using JGit). In that case I'm afraid I don't quite know why it isn't working for you. I guess I might try running git operations on the box directly and see if the git operations work as expected.

Otherwise I'm afraid you might have to consider switching to SSH.

Cheers,

Charles

This widget could not be displayed.

You will need to set the HOME environment variable to point to the direcotry containing your .netrc file. Note however that you are running as someone who is not recognized by Stash, so if you commit during your Jenkins job, your identity will be incorrect. If you are just reading the git repos, you might be OK however you may run into other identity related problems in your build process. I ended up installing Tomcat and then installing Jenkins in a Tomcat container. You just go to your tomcat instance once tomcat is running and go to the management console and point it to the jenkins.war file. Lastly, I changed the tomcat service (on windows) to run as me. I had to have the service restart after a 2 minute delay because when I reboot it does not restart with the default settings. The benefits of this approach (at least on Windows) is that your jobs in Jenkins now run as you and you won't need hacks to try to have your jobs change identies. The downside is that Jenkins really needs credentials management so this solution does not really work for a centralized build CI building jobs for multiple people under their identities.

Notes:

Create a simple job and check what identity the job runs as. E.g., execute whoami. Create a local account on the system that does not have Stash credentails and login as that user. Then, try to get git to work connecting to stash as that user. Once you get that to work, you can replicate the setup in Jenkins.

This widget could not be displayed.

If you are doing an ssh key inside Stash, why not use ssh for the jenkins link. Ssh should give better performance compared to http and it would avoid any kind of password storage.

the jenkins user credentials , the unix server login credentials on which jenkins is hosted and stash login credentials are all different. For Stash, I have plugged in the crowd.

So the key I have generated in the jenkins server (id_rsa.pub) , was not sure where to add in stash. So I created new users matching my jenkins user name and unix user name in stash and tried adding the key individually each time, but the logon to stash did not happen when a new jenkins job was fired. (return code 128)

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Monday in Teamwork

The tools we make for teams? We use them every day at Atlassian to get shit done (and it works).

I’m Jess, a Product Marketer for Jira Software Server and Data Center, and now a huge fan of our products. Read on for a 90 day, new-hire perspective on what it’s like to standardize on the Atlassian...

38 views 0 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you