docker - 在 jenkins 上的 docker 中运行 ssh-agent 不起作用

问题描述

我正在尝试在我的 jenkins 管道中使用一个容器，但是我无法让 ssh-agent 在其中工作。我在插件的 v1.19 上，当我运行下面的代码时，我得到

主机密钥验证失败。致命：无法从远程存储库中读取。

请确保您具有正确的访问权限并且存储库存在。

但是，如果我从图像外部运行代码，它可以完美运行，证明用户具有正确的权限。

node('nodeName'){
    cleanWs()    
    ws("short"){
        withDockerRegistry([credentialsId: 'token', url: "https://private.repo.com"]) {
            docker.image("img:1.0.0").inside("-u root:root --network=host") {
                sshagent(credentials: ["bitbucket_token"]) {
                    sh "mkdir ~/.ssh"
                    sh 'ssh-keyscan bitbucket.company.com >> ~/.ssh/known_hosts'
                    sh 'git clone ssh://git@bitbucket.company.com:PORT/repo.git'
                }
            }
        }
    }
}

这是输出：

[Pipeline] sshagent
[ssh-agent] Using credentials jenkins (bitbucket_token)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Exec ssh-agent (binary ssh-agent on a remote machine)
$ docker exec abcdef123456 ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-qwertyu/agent.15
SSH_AGENT_PID=22
Running ssh-add (command line suppressed)
Identity added: /home/jenkins/short@tmp/private_key_8675309.key (/home/jenkins/short@tmp/private_key_8675309.key)
[ssh-agent] Started.
[Pipeline] {
[Pipeline] sh
+ mkdir /root/.ssh
[Pipeline] sh
+ ssh-keyscan bitbucket.company.com
# bitbucket.company.com:22 SSH-2.0-OpenSSH_6.6.1
# bitbucket.company.com:22 SSH-2.0-OpenSSH_6.6.1
# bitbucket.company.com:22 SSH-2.0-OpenSSH_6.6.1
[Pipeline] sh
+ git clone ssh://git@bitbucket.company.com:PORT/repo.git
Cloning into 'repo'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
[Pipeline] }
$ docker exec --env ******** --env ******** abcdef123456 ssh-agent -k
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 22 killed;
[ssh-agent] Stopped.
[Pipeline] // sshagent

我完全被这个难住了

标签： dockerjenkinssshjenkins-pipelinessh-agent