Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to access git repo setup in Stash from Jenkins

Suresh Nelamang
Suresh Nelamangala April 17, 2013

I have generated an ssh key from my jenkins server and added it to my profile in Stash.(version 2.3)

I have also created a .netrc file in my user.home for permanent auth.

I am using http to pull code in my jenkins job configuration and I am facing this error.

Cloning repository http://user1@10.1.x.x:7990/scm/sw/myrepo.git

git --version

git version 1.8.2.1

ERROR: Error cloning remote repo 'myrepo' : Could not clone http://user1@10.1.x.x:7990/scm/sw/myrepo.git

hudson.plugins.git.GitException: Could not clone http://user1@10.1.x.x:7990/scm/sw/myrepo.git

at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.clone(CliGitAPIImpl.java:219)

at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:1001)

at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:942)

at hudson.FilePath.act(FilePath.java:842)

at hudson.FilePath.act(FilePath.java:824)

at hudson.plugins.git.GitSCM.determineRevisionToBuild(GitSCM.java:942)

at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1101)

at hudson.model.AbstractProject.checkout(AbstractProject.java:1256)

at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:589)

at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:88)

at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:494)

at hudson.model.Run.execute(Run.java:1502)

at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:477)

at hudson.model.ResourceController.execute(ResourceController.java:88)

at hudson.model.Executor.run(Executor.java:236)

Caused by: hudson.plugins.git.GitException: Command "/usr/local/bin/git clone --progress -o myrepo http://user1@10.1.x.x:7990/scm/sw/myrepo.git /jenkins/jobs/myrepo_GIT_CI/workspace" returned status code 128:

stdout: Cloning into '/jenkins/jobs/myrepo_GIT_CI/workspace'...

stderr: fatal: Authentication failed

Answer
Watch
Like Be the first to like this
33511 views

4 answers

1 accepted

2 votes
Answer accepted
Kelly Schoenhofen
Kelly Schoenhofen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 18, 2013

Actually, Jenkins supports http authentication just fine. Something like this should be your git url:

http://stashaccount:stashpassword@stash.yourcompany.com/scm/project/repo.git

I created an observer account for Jenkins in Stash, using the internal directory called "jenkins.builder" for the sole purpose of embedding in Jenkins builds.

View More Comments
Suresh Nelamang
Suresh Nelamangala April 22, 2013

I have setup the observer account now. This actually limits the risk with password being in plain text. Thanks Kelly !

Like jorgehessmo likes this
Reply
0 votes
Martin Bayreuther
Martin Bayreuther April 22, 2013

If you are doing an ssh key inside Stash, why not use ssh for the jenkins link. Ssh should give better performance compared to http and it would avoid any kind of password storage.

View More Comments
Suresh Nelamang
Suresh Nelamangala April 22, 2013

the jenkins user credentials , the unix server login credentials on which jenkins is hosted and stash login credentials are all different. For Stash, I have plugged in the crowd.

So the key I have generated in the jenkins server (id_rsa.pub) , was not sure where to add in stash. So I created new users matching my jenkins user name and unix user name in stash and tried adding the key individually each time, but the logon to stash did not happen when a new jenkins job was fired. (return code 128)

Like
Reply
0 votes
Brian Jones
Brian Jones April 18, 2013

You will need to set the HOME environment variable to point to the direcotry containing your .netrc file. Note however that you are running as someone who is not recognized by Stash, so if you commit during your Jenkins job, your identity will be incorrect. If you are just reading the git repos, you might be OK however you may run into other identity related problems in your build process. I ended up installing Tomcat and then installing Jenkins in a Tomcat container. You just go to your tomcat instance once tomcat is running and go to the management console and point it to the jenkins.war file. Lastly, I changed the tomcat service (on windows) to run as me. I had to have the service restart after a 2 minute delay because when I reboot it does not restart with the default settings. The benefits of this approach (at least on Windows) is that your jobs in Jenkins now run as you and you won't need hacks to try to have your jobs change identies. The downside is that Jenkins really needs credentials management so this solution does not really work for a centralized build CI building jobs for multiple people under their identities.

Notes:

Create a simple job and check what identity the job runs as. E.g., execute whoami. Create a local account on the system that does not have Stash credentails and login as that user. Then, try to get git to work connecting to stash as that user. Once you get that to work, you can replicate the setup in Jenkins.

Reply
0 votes
cofarrell
cofarrell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 17, 2013

Hi Suresh,

Firtly, given that you're cloning over http your ssh profile key isn't going to help unfortunately. How have you configured the Jenkins job? Have you added the correct username/password to the configuration screen; using .netrc isn't the normal procedure and will probably be ignored.

Cheers,

Charles

View More Comments
Suresh Nelamang
Suresh Nelamangala April 17, 2013

Cloning over http is some thing I have decided to stick to and make it work before I think of ssh. The password option is not present in the jenkins git plugin.

I have done one thing which has unblocked me now which is

http://username:password@10.1.x.x:7990/scm/sw/myrepo.git

By passing the password as plain text as a part of the url itself , it works.

I am afraid this cannot be our permanent solution.

Like
cofarrell
cofarrell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 18, 2013

Hi Suresh,

My apologies. After doing some more reading it appears Jenkins (still?!?) doesn't allow credentials for http, and that updating the .netrc file is the suggested work around (unless you're using JGit). In that case I'm afraid I don't quite know why it isn't working for you. I guess I might try running git operations on the box directly and see if the git operations work as expected.

Otherwise I'm afraid you might have to consider switching to SSH.

Cheers,

Charles

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events