Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Chef Integration with Jenkins

Tags:

jenkins

chef-infra

I am trying to integrate chef with Jenkins.

My scenario is, I have created few recipes in Chef and want to execute the chef run list through Jenkins. I have installed chef plugin(https://github.com/melezhik/chef-plugin/) in Jenkins and provided the required parameters. But when I do I build now in Jenkins, it throws me "Host key verification failed error".

I also tried the other way round by just executing "sudo chef-client" as a shell command through Jenkins, even then I receive the same error.

Also I tried putting the Jenkins on the same server where chef node is available, even the issue remains the same.

Can anyone guide me on this.

like image 792
Kanchana Avatar asked Dec 01 '25 07:12

Kanchana

1 Answers

The chef integration plugin uses command line ssh to connect from Jenkins to the client machine to run sudo chef-client. You need to complete this ssh connection and a sudo command without any password prompts from the Jenkins host, as the user you run Jenkins with first to confirm the Jenkins web interface will be able to do it.

The following is basically the same as the knife ssh setup from a chef server to nodes, except you are replacing the chef server/user with the jenkins server/user.

Log into a terminal on your jenkinshost, as the Jenkins user.

  1. If you don't already have a private/public key setup, generate one. 

    ssh-keygen -t rsa -b 2048 -C "jenkinuser@jenkinshost" -N ''

    Then add the public key id_rsa.pub to chefuser@clienthost's ~/.ssh/authorized_keys file.

    ssh-copy-id chefuser@clienthost

    You may need to do this manually if you can't already login to clienthost with ssh.

  2. Clean up any traces of old clients (your error message indicates this might be an issue) 

    ssh-keygen -R clienthost

  3. Test the ssh connection, and accept the host key. 

    ssh chefuser@clienthost

  4. Now on clienthost, setup sudo so chefuser can run chef-client as root

    visudo

    Then add the line (Your chef-client path might be different)

    chefuser ALL=(ALL) NOPASSWD: /usr/local/bin/chef-client

  5. On jenkinshost, confirm ssh chefuser@clienthost sudo chef-client -v runs without password prompts.

    $ ssh chefuser@clienthost sudo /usr/local/bin/chef-client -v
Chef: 11.16.0

Once you can do that, the Jenkins plugin should be able to as well.

Every machine you want to run chef-client on from Jenkins will need that public key added and the manual ssh connection tested until it works without prompting you.

Unfortunately that Jenkins chef plugin doesn't allow you many config options for the ssh connection so you have to either rely on the one default key for the Jenkins user for everything (id_rsa) or say you wanted to use a different key on each host, configure host specific ssh connection details via ssh_config in ~/.ssh/config

like image 55
Matt Avatar answered Dec 05 '25 02:12

Matt
Sign in to Comment

Related questions

How to check the Console Output for a specific string and raise an error on the Build?
How to retrieve jenkins build pipeline number?
Set BUILD_USER in Jenkins when the build process is time triggered
How to wait for job to finish when using jenkins-cli.jar to run a slave job?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!