Mercurial > hg > Blog

annotate content/Jenkins/git-vs-self-signed-cert.md @ 111:bb513b8b0caf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Blog Post about Jenkins and self signed certificates
author Dirk Olmes <dirk.olmes@codedo.de>
date Mon, 04 Apr 2022 15:36:16 +0200
parents
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
111
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
1 Title: Configuring Jenkins to accept a self signed https certificate for git
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
2 Date: 2022-03-31
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
3 Lang: en
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
4
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
5 I recently did a setup of [Jenkins](https://www.jenkins.io) that had to access git repositories via https on a server that only had a self signed certificate. Here are the bits and pieces that I had to configure.
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
6
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
7 ## Ignoring SSL warnings in git
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
8
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
9 Since all git traffic was internal I chose not to bother too much about this isssue and just disable http certificate checks in git. If you run the command
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
10
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
11 ::shell
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
12 git config --global http.sslVerify true
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
13
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
14 an entry like this will be added to your `.gitconfig`:
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
15
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
16 :::shell
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
17 [http]
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
18 sslVerify = false
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
19
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
20 We'll have to put this `.gitconfig` in a couple of places to enable Jenkins accessing the git server.
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
21
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
22 ## Jenkins master
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
23 Certain operations are performed on the master itself, e.g. scanning the repo for branches in multibranch pipelines. The `.gitconfig` mentioned above must be placed into `/var/jenkins_home/.gitconfig` on the master. In my case this was a Docker setup so I mounted the file into the container.
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
24
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
25 ## Jenkins worker
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
26 Before the first build step of a pipeline actually runs Jenkins does a git checkout on the worker node. Even if you choose to run your build inside a Docker container the checkout happens before the container is actually started. So the user running the Jenkins agent must be configured with the `.gitconfig` mentioned above, too.
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
27
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
28 ## Not covered here
bb513b8b0caf Blog Post about Jenkins and self signed certificates
Dirk Olmes <dirk.olmes@codedo.de>
parents:
diff changeset
29 I'm sure there are other places where a git checkout happens in Jenkins, e.g. if you do a checkout as part of a pipeline using the `checkout()` function in a Jenkinsfile. Since I don't use that functionality right now I did not bother to go into details here.