Gerrit + Jenkins in LDAP environment
Today, I got Gerrit integrated with Jenkins. Even though there’s good info on the web on how to get this beautiful couple working together, I lack the explanation on how to configure Gerrit SSH for Jenkins usage when Gerrit authenticates its users on a LDAP service.
First of all, the Gerrit instance I’m working on is authenticating against the company LDAP directory. Nothing new here as LDAP users can log-in sucessfully. Now, the thing is Gerrit process is not running as an LDAP user, but rather an Unix one (local) and we need a Gerrit user (non-local) with a public SSH key for Jenkins to be able to acess the code review tool.
The confusion was set! How would I authenticate Jenkins without an LDAP user created for this sole purpose?! gerrit create-account is the way to go!
For this command to work, you must have an authenticated user in Gerrit with administrative privileges and public SSH key set.
First, let’s create a key for the user that Jenkins is going to use:
ssh-keygen -t rsa -b 2048
You should now have two new files, a private key and a public key. Never ever give the private key!! Imagining your recently created public key file is named id_rsa.pub and that you’ve got an xpto user configured in Gerrit as part of the group Administrators, let’s add thevirtual user:
cat id_rsa.pub | ssh -p 29418 xpto@gerrit.example.com gerrit create-account --ssh-key - jenkins
It should be OK now! Just install Gerrit Trigger Jenkins plug-in and configure it as described in the documentation. It won’t take more than two minutes before you’ve got Gerrit shaking hands with Jenkins 
A silly question: on which side should the “ssh-keygen” be called, or the private key be kept in jenkins side or Gerrit side?
It’s on the Jenkins side. Only the public part of the key shall be known to Gerrit (when you create the virtual Gerrit user).