Lately, I’ve been experimenting with Apache Shiro for securing my Java EE applications. My focus so far has been to implement an authentication mechanism backed by a MySQL database and to be ran on top of a Glassfish container.
I’m sharing these experiments at my Github page. Feel free to take a look, copy and eventually create pull requests for your own additions/optimizations.
Today, I got Gerrit integrated with Jenkins. Even though there’s good info on the web on how to get this beautiful couple working together, I lack the explanation on how to configure Gerrit SSH for Jenkins usage when Gerrit authenticates its users on a LDAP service.
First of all, the Gerrit instance I’m working on is authenticating against the company LDAP directory. Nothing new here as LDAP users can log-in sucessfully. Now, the thing is Gerrit process is not running as an LDAP user, but rather an Unix one (local) and we need a Gerrit user (non-local) with a public SSH key for Jenkins to be able to acess the code review tool.
The confusion was set! How would I authenticate Jenkins without an LDAP user created for this sole purpose?! gerrit create-account is the way to go!
For this command to work, you must have an authenticated user in Gerrit with administrative privileges and public SSH key set.
First, let’s create a key for the user that Jenkins is going to use:
ssh-keygen -t rsa -b 2048
You should now have two new files, a private key and a public key. Never ever give the private key!! Imagining your recently created public key file is named id_rsa.pub and that you’ve got an xpto user configured in Gerrit as part of the group Administrators, let’s add thevirtual user:
cat id_rsa.pub | ssh -p 29418 firstname.lastname@example.org gerrit create-account --ssh-key - jenkins
It should be OK now! Just install Gerrit Trigger Jenkins plug-in and configure it as described in the documentation. It won’t take more than two minutes before you’ve got Gerrit shaking hands with Jenkins 🙂