views:

1772

answers:

1

I've got Hudson (continuous integration system) with the git plugin running on a Tomcat Windows Service. msysgit is installed and the msysgit bin dir is in the path. PuTTY/Pageant/plink are installed and msysgit is configured to use them.

When I run a job that attempts to clone the git repository I get the following error:

$ git clone -o origin git@hostname:project.git "e:\HUDSON_HOME\jobs\Project Trunk\workspace" 
ERROR: Error cloning remote repo 'origin' : Could not clone git@hostname:project.git 
ERROR: Cause: Error performing git clone -o origin git@hostname:project.git e:\HUDSON_HOME\jobs\Project Trunk\workspace 
Trying next repository 
ERROR: Could not clone from a repository 
FATAL: Could not clone 
hudson.plugins.git.GitException: Could not clone 
  1. Running git clone -o origin git@hostname:project.git "e:\HUDSON_HOME\jobs\Project Trunk\workspace" from the command line works without error.
  2. I've confirmed that my issue is not the same as http://stackoverflow.com/questions/1177292/hudson-git-clone-error because git is in the path and I don't get any error about the git executable on Hudson's Configure System page.

This leads me to believe that the problem is that the user who owns the Tomcat/Hudson Windows service (Local System) has no SSH key set up to be able to clone the git repository.

My question is, how can I set things up so that the git plugin/msysgit know to use a particular SSH key when trying to clone? I don't think Pageant will work because the Tomcat service is running as the "Local System" user, but I may be wrong. I have tried setting Pageant up as a service (using runassvc.exe), passing the appropriate key, and having it run as "Local System". The Tomcat/Hudson service doesn't seem to be able to see the key from the pageant service. Are there any other techniques for setting up a key?

Thanks.

EDIT: The discussion on http://n4.nabble.com/Hudson-with-git-and-ssh-td375633.html shows that someone else had a similar question. ssh-agent was suggested and this tool does come with msysgit but I'm not sure how to use it in conjunction with the Hudson service. Still, good clue if anyone can fill in the gaps. Thanks to Peter for the comment with the link.

Also, the discussion on http://n4.nabble.com/questions-about-git-and-github-plug-ins-td383420.html starts off with the same question. I'm trying to resurrect that thread.

+2  A: 

We use Hudson, checking out the source code from git with an ssh key. We actually have Hudson on an ubuntu server, however. Hudson's ssh key pair lives in ~hudson/id_rsa and ~hudson/id_rsa.pub

So, adapting our advice for a Windows set-up:

The Windows-based developers on our team use MSysGit and regularly check out code via git over ssh -- but not using Putty/Pageant. We found Pageant to be painful due to some protocol errors with the login. Instead, they configured git to use openSSH (it's one of the options during the install). Their public/private key pair then lives in ~username/id_rsa and ~username/id_rsa.pub and it all works.

So, I'd recommend changing your git config to use OpenSSH rather than pageant. If nothing else, you won't need to worry about starting pageant.

You can use PuttyGen to generate the key. However, if you are using OpenSSH rather than pageant, you will need to export a suitable private key (from one of the menus at the top of PuttyGen) and save it as id_rsa, and copy-and-paste the public key from PuttyGen's GUI (it shows but won't save a suitable version for OpenSSH) and save that as id_rsa.pub. This is because Putty uses a slightly different format for the key than OpenSSH does.

Alternatively, of course, you can always host your hudson server on a ubuntu server (either a real one or through VirtualBox)

William Billingsley
This is a good answer, William. I think if I were to change the user that runs the Tomcat/Hudson Windows service from "Local System" then I might be able to use this approach. Before I do though, I'm wondering if there's any way to do this without changing the service owner. I'll give others a chance to respond. Thanks again.
jlpp
This is the approach that we've used on our windows slave. A user named Hudson was setup, the private key was put in ~hudson/.ssh/id_rsa, the git server is registered in ~hudson/.ssh/known_hosts, and the hudson slave service was changed to log on as the hudson user. The only note I have is this: If cygwin is installed on the windows installation make sure that you have hudson set the CYGWIN variable to empty, otherwise mingw will throw private key permission errors.
Guildencrantz
@jlpp: We ran into the same problem when trying to checkout bzr branches in Hudson, we ended up running the Tomcat windows service under a local user account instead, and it's working fine.
Pete
Thanks Pete. That's a good suggestion.
jlpp
Thanks for the advice Guildencrantz.
jlpp