SSH Smoke Test section - Jenkins, using master node as agent node

bauger

When launching the SSH Smoke Test the console output gives a Waiting for next available executor everlasting message.. Increasing the number of executor to 1 for the master node overcome this issue but triggers a warning message.. Following links, I am not reading the according documentation (see: https://jenkins.io/doc/book/security/controller-isolation/ and https://wiki.jenkins.io/display/JENKINS/Distributed+builds). Has anyone followed this implementation successfully and can share details?

bauger

Also, I have difficulties to understand where this SSH job should be run?
The pipeline script does not specify any specific node; when the number of executor is set to 0 for the master/built-in/controller node, a pod is created. But with the pipeline script does not point to a specific container to provision the pod.
Also, am I correct in my assumptions that we want to test the dev VM infrastructure? Hence, the idea is to get a transient pod on the Kubernetes cluster that would connect to the dev VM to launch the inspec command?

Thanks

bauger

~ attempt to amend post; issue with captcha test ~~

bauger

Also, looking at the /var/log/auth.log on the dev VM indicades that the triggered pod is unable to negociate (no matching key exchange method found). Do you think that using the jenkins/ssh-agent could help to get secure solution?

gouravshah

SSH smoke test would run on the jenkins server itself. Jenkins server is supposed to connect to the remote dev machine and launch a script/run scans.

Installing a ssh pipeline plugin should suffice imho.

You should check whether your remote server (to which jenkins is supposed to connect), allows access with SSH keys. This configuration typically resides inside /etc/ssh/sshd_config file. The configurations that you may need to have enabled are

ChallengeResponseAuthentication yes
PermitRootLogin yes

You could also debug this by getting inside jenkins server's console using kubectl exec command and trying to establish ssh connection manually. Try to use -vvvv to get verbose output.

These are just some possible cases and may help you to proceed further. If you are still stuck and not able to proceed further, best way to seek help is to join the office hours on Mon/Tue where I could help by looking at your setup live with screenshare, which is much faster a process.