Home > OSS, Tek, Work > Gerrit + Jenkins in LDAP environment

Gerrit + Jenkins in LDAP environment

Today, I got Gerrit integrated with Jenkins. Even though there’s good info on the web on how to get this beautiful couple working together, I lack the explanation on how to configure Gerrit SSH for Jenkins usage when Gerrit authenticates its users on a LDAP service.

First of all, the Gerrit instance I’m working on is authenticating against the company LDAP directory. Nothing new here as LDAP users can log-in sucessfully. Now, the thing is Gerrit process is not running as an LDAP user, but rather an Unix one (local) and we need a Gerrit user (non-local) with a public SSH key for Jenkins to be able to acess the code review tool.

The confusion was set! How would I authenticate Jenkins without an LDAP user created for this sole purpose?! gerrit create-account is the way to go!

For this command to work, you must have an authenticated user in Gerrit with administrative privileges and public SSH key set.

First, let’s create a key for the user that Jenkins is going to use:

ssh-keygen -t rsa -b 2048

You should now have two new files, a private key and a public key. Never ever give the private key!! Imagining your recently created public key file is named id_rsa.pub and that you’ve got an xpto user configured in Gerrit as part of the group Administrators, let’s add thevirtual user:

cat id_rsa.pub | ssh -p 29418 xpto@gerrit.example.com gerrit create-account --ssh-key - jenkins

It should be OK now! Just install Gerrit Trigger Jenkins plug-in and configure it as described in the documentation. It won’t take more than two minutes before you’ve got Gerrit shaking hands with Jenkins :-)

About these ads
  1. Henry Chen
    February 6, 2013 at 02:11 | #1

    A silly question: on which side should the “ssh-keygen” be called, or the private key be kept in jenkins side or Gerrit side?

  2. February 6, 2013 at 23:17 | #2

    It’s on the Jenkins side. Only the public part of the key shall be known to Gerrit (when you create the virtual Gerrit user).

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: