Issue with Jenkins and GitLab Integration

[Erick Mormin]

 

Dear Jenkins Support, 

 

I am reaching out to you regarding difficulties I am encountering with 
integrating Jenkins and GitLab for my project. Below are the details of the 
problem I am facing: 

 

1. Problem Description: 

   While configuring the integration between Jenkins and GitLab, I followed 
the recommended steps to generate an SSH key in Jenkins, add it to my 
GitLab account, configure webhooks, and create credentials in Jenkins. 
However, despite these actions, I am facing errors when attempting to 
trigger builds from GitLab webhooks. 

 

2. Errors Encountered: 

   - When I try to trigger a build from a push on GitLab, I receive an HTTP 
403 error with the message "No valid crumb was included in the request". 

   - Additionally, when Jenkins attempts to fetch changes from the GitLab 
repository, I receive a permission denied error with the message 
"Permission denied (publickey,password)". 

 

3. Actions Taken: 

   - I have verified that the SSH keys generated in Jenkins have been 
correctly added to my GitLab account. 

   - I have also verified that the credentials and webhook configurations 
in Jenkins are correct. 

 

4. Recommended Actions: 

   I am seeking your assistance in resolving this issue. Could you please: 

   - Verify if the configuration I have described is correct and if I have 
missed anything important? 

   - Provide guidance or recommendations for diagnosing and resolving the 
errors I am encountering? 

   - Suggest additional steps I could take to resolve this issue? 

 

5. Additional Information: 

   - Here are the details of my Jenkins and GitLab configuration: 

     - Jenkins Version: 2.440.3

     - GitLab Version: 16.10

     - Jenkins Configuration: please see the document in attachment

     - GitLab Configuration: please see the document in attachment

 

Thank you in advance for your help and assistance in resolving this 
problem. Please feel free to contact me if you need further information. 

 

Best regards, 

Erick MORMIN

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/a9b8bc67-ae1e-4e6c-a374-529f668b6b5cn%40googlegroups.com.

Issue with Jenkins and GitLab Integration

I have performed the following configuration:

root@easyformer:~# docker exec -it jenkins bash
jenkins@192:/$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:sj/ft651tSyUKHnOZ2X8hVuInHBKSpcBjQdQ9A6Mzpo jenkins@192.168.0.24
The key's randomart image is:
+---[RSA 3072]----+
|      .+==.      |
|       o..oo     |
|      . +.* .    |
|     o . *.=.ooo |
|      + Sooo+oo++|
|     o o  = . +o=|
|    E .    o +ooo|
|       ..  .o.o. |
|        .o. o+o. |
+----[SHA256]-----+
jenkins@192:/$ ls ~/.ssh
id_rsa  id_rsa.pub
jenkins@192:/$ cat ~/.ssh/id_rsa.pub
ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAABgQC/eX95bkbtGwbm00kdDbYfK++iQRG+8Q1G1niJSOIv323vbl3vnbILPNvFqIC8tGzzT/JwfkQHwAm6cxNRlMDW6OOZauVgdarY5K5BTM51CvwYN9NiSYCEIVGIYgbRTayn6LFyv8cUIAmd26eUoCF32zjp/daQK+QhDlVAfu0d2BPU+CFpi9XHp679k/8RR3cunWHHTSbN8Xn9D8VxpWcdXpMnFTDCJkLqlGHWHP1Zlk1w2P50ejTCE1OsHkdUlEy3qBBbiojtTAkaIpAXOnIcUt4foTN5Gv51RJIIggN7g0DV/zjR2gXYeUu9ehJGFus6GqDMnNm/PoAlwBOlznzBreSWUMlm3L9dyDg+Ak9zv/6H+pJBYE037CIX42Iyf/Umn6RL3ozdcvWwdS8ReaU2+Y6npy9/LuEe2Zltska+pIJCye+rNiT6/aim6hq+SBwKULLclnlk5Xa79YTx4oOgOs/SOJgcx2Y265kNEfgUub4S0JgwpPgZSUoDaGPF7Dk=
 jenkins@192.168.0.24
```

**Add the key to GitLab**
http://192.168.0.24:40080/-/profile/keys

**New credential**
http://192.168.0.24:8080/manage/credentials/store/system/domain/_/newCredentials

**Retrieve the key in Jenkins**
jenkins@192:/$ cat ~/.ssh/id_rsa

**New credentials**
- Type: SSH Username with private key
- Scope: Global (Jenkins, agents, items, etc...)
- ID: jenkinsgitlabssh
- Enter directly: Key

**Administer Jenkins -> Security**
http://192.168.0.24:8080/manage/configureSecurity/

Git Host Key Verification Configuration
- Host Key Verification Strategy: Accept first connection

**Create a token in GitLab**
http://192.168.0.24:40080/-/user_settings/personal_access_tokens

Token: glft-8SyUGZa2ujzTDi5eZU8a

**In Jenkins New credentials**
http://192.168.0.24:8080/manage/credentials/store/system/domain/_/newCredentials

- Type: Secret text
- ID: Jenkinsgitlabaccesstoken

**Install the GitLab plugin**
http://192.168.0.24:8080/manage/pluginManager/available

**Administer Jenkins -> System**
http://192.168.0.24:8080/manage/configure

**Test connection**
- Client error: HTTP 401 Unauthorized

Connection name: gitlabjenkins
GitLab host URL: The complete URL to the GitLab server (e.g. 
http://gitlab.mydomain.com)

**Test with curl**
```bash
root@easyformer:~# docker exec -it -uroot jenkins bash
root@192:/# curl http://192.168.0.24:40080/
<html><body>You are being <a 
href="http://192.168.0.24:40080/users/sign_in";>redirected</a>.</body></html>root@192:/#
```

**EasyFormerPipeline -> Configuration**
http://192.168.0.24:8080/job/EasyFormerPipeline/configure

- Build when a change is pushed to GitLab.
- GitLab webhook URL: http://192.168.0.24:8080/project/EasyFormerPipeline
- Secret token: 43272f4e87b1eff15b230e6b8f8395d5

**GitLab**
- Log in as admin
http://192.168.0.24:40080/admin/application_settings/network

Outbound requests:
- Allow requests to the local network from hooks and integrations.
- Check the following options:
  - Allow requests to the local network from webhooks and integrations
  - Allow requests to the local network from system hooks

**Webhooks**
http://192.168.0.24:40080/Berechit/easyformer/-/hooks

- URL: http://192.168.0.24:8080/job/EasyFormerPipeline/
- Secret token: 43272f4e87b1eff15b230e6b8f8395d5

- SSL verification:
  - Enable SSL verification

- Trigger:
  - Check Push events

**Test Push events**
- Hook executed successfully but returned HTTP 403
<html> <head> <meta http-equiv="Content-Type" 
content="text/html;charset=ISO-8859-1"/> <title>Error 403 No valid crumb was 
included in the request</title> </head> <body><h2>HTTP ERROR 403 No valid crumb 
was included in the request</h2> <table> 
<tr><th>URI:</th><td>/job/EasyFormerPipeline/</td></tr> 
<tr><th>STATUS:</th><td>403</td></tr> <tr><th>MESSAGE:</th><td>No valid

 crumb was included in the request</td></tr> 
<tr><th>SERVLET:</th><td>Stapler</td></tr> </table> <hr/><a 
href="https://eclipse.org/jetty";>Powered by Jetty:// 10.0.20</a><hr/> </body> 
</html>

I have two error messages:

**Administer Jenkins -> System**
- Test connection
- Client error: HTTP 401 Unauthorized

**Webhooks**
- Hook executed successfully but returned HTTP 403
<html> <head> <meta http-equiv="Content-Type" 
content="text/html;charset=ISO-8859-1"/> <title>Error 403 No valid crumb was 
included in the request</title> </head> <body><h2>HTTP ERROR 403 No valid crumb 
was included in the request</h2> <table> 
<tr><th>URI:</th><td>/job/EasyFormerPipeline/</td></tr> 
<tr><th>STATUS:</th><td>403</td></tr> <tr><th>MESSAGE:</th><td>No valid crumb 
was included in the request</td></tr> 
<tr><th>SERVLET:</th><td>Stapler</td></tr> </table> <hr/><a 
href="https://eclipse.org/jetty";>Powered by Jetty:// 10.0.20</a><hr/> </body> 
</html>

When I launch a build in Jenkins, I get the following logs:

The recommended git tool is: NONE
using credential jenkinsgitlabssh
 > git rev-parse --resolve-git-dir 
 > /var/jenkins_home/workspace/EasyFormerPipeline/.git # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url git@192.168.0.24:Berechit/easyformer.git # 
 > timeout=10
Fetching upstream changes from git@192.168.0.24:Berechit/easyformer.git
 > git --version # timeout=10
 > git --version # 'git version 2.39.2'
using GIT_SSH to set credentials Test EasyFormer23042024
Verifying host key using known hosts file, will automatically accept unseen keys
 > git fetch --tags --force --progress -- 
 > git@192.168.0.24:Berechit/easyformer.git +refs/heads/*:refs/remotes/origin/* 
 > # timeout=10
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from 
git@192.168.0.24:Berechit/easyformer.git

**Groovy script of the pipeline:**

pipeline {
    agent any
    
    stages {
        stage('Checkout') {
            steps {
                // Specify GitLab repository URL and path to the Word document
                git branch: 'main', credentialsId: 'jenkinsgitlabssh', url: 
'git@192.168.0.24:Berechit/easyformer.git'
            }
        }
        stage('Test Pipeline') {
            steps {
                // Copy Word document from local location to Jenkins workspace
                sh 'cp C:\\Users\\PC\\Documents\\EasyFormer\\Docker Workflow - 
Procédure DSI DevOps.docx .'
                
                // Add other test steps here
                
                // Example: Check Jenkins logs
                // Wait for the build process to complete
                timeout(time: 10, unit: 'MINUTES') {
                    // Wait for the build to finish
                    script {
                        def build = currentBuild
                        def job = 
Jenkins.instance.getItemByFullName("EasyFormerPipeline")
                        def log = 
job.getBuildByNumber(build.number).logFile.text

                        if (log =~ /Document Word récupéré avec succès/) {
                            echo 'Document Word récupéré avec succès.'
                        } else {
                            error 'Échec de récupération du document Word.'
                        }
                    }
                }
            }
        }
    }
}