Im trying to setup Jenkins for one of my project but get this host key verification failed error.
Now, Im trying to setup a ssh key for my jenkins user but have issues logging as jenkins user.
sudo su -s /bin/bash jenkins
When I try this above command it takes me to
bash-4.1$
instead of bash user.
Related
I am using terraform to provision a server on Digitalocean while also using the "provisioner remote-exec block" feature to run some linux commands into the server. But the issue now is I need to run some docker commands with a new user so I must have a new user and all permissions assigned including ssh but I don't seem to find my way around it.
I added the block below to the configuration file and got errors as the user seem not to be able to perform ssh activities and my guess is permissions.
provisioner "remote-exec" {
inline = [
"apt-get update",
"sudo apt install docker.io -y",
"sudo snap install docker",
"useradd -m chainsafe",
"sudo usermod -aG ssh chainsafe",
"apt-get update",
"systemctl enable forest.service",
"docker run -p 1234:1234 --rm --detach ghcr.io/chainsafe/forest:latest --encrypt-keystore false --auto-download-snapshot --chain calibnet",
"systemctl start forest.service",
]
connection {
type = var.type
user = var.user
private_key = file("~/sammy")
host = self.ipv4_address
agent = var.agent
}
}
I was expecting that the user is created and the connection block can use the new user to run the docker command. Terraform gets stuck trying to perform the process but the ssh handshake is flawed hence errors
I am trying to push images I have built locally to the GitHub Container Registry aka Packages.
I have authenticated GitHub using PAT and authorized access to the organization. Let's name this organization EXAMPLEORG.
used the following command:
export CR_PAT=ghp_example_pat ; echo $CR_PAT | sudo docker login ghcr.io -u exampleuser --password-stdin
After that, I used the following command to push the image to ghcr.io:
docker push ghcr.io/exampleorg/exampleapp:v0.5
Unfortunately, I am getting this message after trying to upload image layers:
unauthorized: unauthenticated: User cannot be authenticated with the token provided.
Does somebody knows what I am missing here?
Followed this guide:
https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry
Is there something more I need to do in order to manually push image to Org packages (not interested to do it from the workflow at the moment).
Apparently, it was due to the wrong content of the ~/.docker/config.json file. During the first command, it happens to fail while writing. So I used sudo to circumvent this, and indeed it was circumvented, but the new file is now written in /root/.docker/config.json which is not desired outcome. Using docker login afterward will not read the config file from the root's home.
The solution to this is not to use sudo instead delete ~/.docker/config.json and then execute:
export CR_PAT=ghp_example_pat ; echo $CR_PAT | docker login ghcr.io -u exampleuser --password-stdin
We use Mattermost using the 'Production Docker' setup as described in Mattermost documentation. For authentication, we federate using GitHub:Enterprise.
To setup our Mattermost team, I imported the whole Slack history. This lead to the problem that everyone who did not yet log into Mattermost via GitHub:Enterprise was not able to login. Mattermost helpfully returned the error message
"An existing user is already attached to your gitlab account"
How can I fix this issue without having to setup a new Mattermost instance and force everyone to login once before importing the Slack data?
Prerequisites
In order for this to work, you need
GitHub:Enterprise Administrator permissions
On the Mattermost machine, either root permissions or an account that is allowed to control docker, and, if psql is not installed, a way to install the psql command-line tool.
Steps
ssh into the Mattermost vm/machine (where the mattermost docker containers are running).
Change to an account with docker permissions (root; or the account you setup during Mattermost installation; or ... )
Use docker ps and note the hash of the container mattermostdocker_db. We will assume it starts with 5c23.
Run docker inspect 5c23 | grep IPAddress. Note the IP address of the container. We will assume it is 172.17.0.2.
Ensure that the psql commandline tool is installed on the machine where mattermost/docker is running.
On debian: apt-get install postgresql-client
Connect to the mattermost db of postgresql running inside the docker container:
psql -h 172.17.0.2 -p 5432 -d mattermost -U postgres -W
The (default?) password seems to be postgres.
Verify that a user account with the correct email exists. Assume the email of the account that has the problem is 'john#example.com`
mattermost-# select email, authdata from users where email = 'john#example.com';
Connect to GitHub:Enterprise and open the admin console. We will assume the local github enterprise instance is at https://github.example.com.
Click on the rocket symbol, or
https://github.example.com/stafftools
Click on all users and find the user that cannot login. We assume the github username is john, which would correspond to https://github.example.com/john
Visit the stafftools user security page for that user.
https://github.example.com/stafftools/users/john/security
Click on the 'Search logs' link under the 'Audit logs' header. This will open a page with a query field. On this page, you will find the internal github user number for that user. Note this number. We will assume the number is 37.
Back in the psql console, update the user entry with the correct number:
update users set authservice = 'gitlab', authdata = '37' where email = 'john#example.com' ;
Exit the psql console with \q:
mattermost-# \q
Done. The user can now log into Mattermost with GitHub:Enterprise user authentication.
Notes
Don't forget to complete each statement in psql with a ;
It's gitlab, not github, even if you use GitHub:Enterprise
Tested with Mattermost 3.0, GitHub:Enterprise 2.6.2
I've got a project that I wan to build with Jenkins.
The project is hosted in a private GitHub repo and I've put the SSH public key in GitHub of my user "deploy".
The project gets checked out fine thanks to the deploy credential in Jenkins git plugin section in the build config.
But a vendor lib which is hosted as private in same GitHub organisation is loaded via a build step command :
php composer.phar install -o --prefer-dist --no-dev
I've installed Jenkins git plugin in order to checkout the main repo from GitHub via private SSH key.
But when the composer tries to checkout the sub project I get
Failed to clone the git#github.com:Organisation/Repo.git repository, try running in interactive mode so that you can enter your GitHub credentials
I've tried to get the composer command ran as a different user without success with stuff like :
su - deploy -c 'php composer.phar install -o --prefer-dist --no-dev'
looks weird anyway. I'd like to figure out the proper way of having the composer doing his job. Thought ?
Jenkins is actually running the shell commands as "jenkins" user.
It means that "jenkins" needs access to GitHub.
Then all the git#github.com:Organisation/Repo.git will work without additional credentials.
Here is explained how to grant Jenkins access to GitHub over SSH
# Login as the jenkins user and specify shell explicity,
# since the default shell is /bin/false for most
# jenkins installations.
sudo su jenkins -s /bin/bash
ssh-keygen -t rsa -C "your_email#example.com"
# Copy ~/.ssh/id_rsa.pub into your Github
# Allow adding the SSH host key to your known_hosts
ssh -T git#github.com
# Exit from su
exit
Inspired from: Managing SSH keys within Jenkins for Git
I'm running into a bit of issues with nginx and SSH keys.
I need to add a ssh key for the nginx user to access private github repositories and then run the "git ..." commands to pull or clone the repo onto my Ubuntu box.
With the nginx user just being a worker task is it possible to generate a key for this user?
Thanks for any help!
You can run commands as another user without having to provide their password using sudo:
$ sudo -u nginx ssh-keygen -t rsa -C "email#address.com"