Chef Integration with Jenkins

问题

I am trying to integrate chef with Jenkins.

My scenario is, I have created few recipes in Chef and want to execute the chef run list through Jenkins. I have installed chef plugin(https://github.com/melezhik/chef-plugin/) in Jenkins and provided the required parameters. But when I do I build now in Jenkins, it throws me "Host key verification failed error".

I also tried the other way round by just executing "sudo chef-client" as a shell command through Jenkins, even then I receive the same error.

Also I tried putting the Jenkins on the same server where chef node is available, even the issue remains the same.

Can anyone guide me on this.

回答1:

The chef integration plugin uses command line ssh to connect from Jenkins to the client machine to run sudo chef-client. You need to complete this ssh connection and a sudo command without any password prompts from the Jenkins host, as the user you run Jenkins with first to confirm the Jenkins web interface will be able to do it.

The following is basically the same as the knife ssh setup from a chef server to nodes, except you are replacing the chef server/user with the jenkins server/user.

Log into a terminal on your jenkinshost, as the Jenkins user.

1. If you don't already have a private/public key setup, generate one.

   ssh-keygen -t rsa -b 2048 -C "jenkinuser@jenkinshost" -N ''
   

   Then add the public key id_rsa.pub to chefuser@clienthost's ~/.ssh/authorized_keys file.

   ssh-copy-id chefuser@clienthost
   

   You may need to do this manually if you can't already login to clienthost with ssh.

2. Clean up any traces of old clients (your error message indicates this might be an issue)

   ssh-keygen -R clienthost
   

3. Test the ssh connection, and accept the host key.

   ssh chefuser@clienthost
   

4. Now on clienthost, setup sudo so chefuser can run chef-client as root

   visudo
   

   Then add the line (Your chef-client path might be different)

   chefuser ALL=(ALL) NOPASSWD: /usr/local/bin/chef-client
   

5. On jenkinshost, confirm ssh chefuser@clienthost sudo chef-client -v runs without password prompts.

   $ ssh chefuser@clienthost sudo /usr/local/bin/chef-client -v
   Chef: 11.16.0
   

Once you can do that, the Jenkins plugin should be able to as well.

Every machine you want to run chef-client on from Jenkins will need that public key added and the manual ssh connection tested until it works without prompting you.

Unfortunately that Jenkins chef plugin doesn't allow you many config options for the ssh connection so you have to either rely on the one default key for the Jenkins user for everything (id_rsa) or say you wanted to use a different key on each host, configure host specific ssh connection details via ssh_config in ~/.ssh/config

回答2:

"Host key verification failed error" is quite clear, your jenkins host do not know the target server.

on your jenkins host (as jenkins user) run ssh-keyscan target_host > ~/.ssh/known_hosts and then retry and it should work as expected.

Edit: the keyscan could be a task in jenkins itself. For the path I assumed you were running jenkins on a linux box, adapt to jenkins user home path if needed or use %HOME% in place of ~

来源：https://stackoverflow.com/questions/25739873/chef-integration-with-jenkins