We use Cloudbees for running builds, tests, etc... It's overall very good, but it can sometimes be difficult to debug. I just ran into such a problem, and I thought I'd put it out there in case anyone else encounters it.
My challenge seemed simple: I wanted to have an Ant target that would deploy a bunch of files to an EC2 instance. How hard can that be?
Not at all obvious, as it turns out. There are several things that need to go right to get this to work.
Obviously, we assume that you can ssh into your EC2 instance. If you can do that, then clearly you're using a public/private key pair, so you might be tempted to use that. It would generally be considered a bad idea because, if that key becomes compromised, it might be a hassle to revoke it and get a new key.
So, generally speaking, we prefer a key that's specifically for the purpose of the build, and can be revoked with minimal consequences.
Similarly, you should normally not use the
Now let's create a new key:
Obviously the location and name of the file is up to you, and your passphrase should be more secure than this!
This will create two files:
Take the contents of
The next step is to make the private key file available to the build script. The obvious way to do that would be to check it into source control, but that would be a bad idea. Files in source control get replicated all over the place, and we don't want our private key floating around.
A better way is to copy the private key file (
I created a directory called Keys and copied the private key file to that directory.
Having set this up, we can now define an Ant script to do the file copying:
We're not done though. This script won't work from CloudBees yet, because we need to do a couple more things.
If you were to run your Ant script on CloudBees right now, you'd most likely get an error like:
This is because we need to make the Jsch jar available to Ant. To do so, you need to copy the required jar to your private repository. I chose to copy the file to a directory structure that's compatible with Maven, but that's up to you. It just needs to be somewhere in the private repository.
Just like for the private key file, you can use the Finder on a Mac (or any WebDAV client) to copy the jar file over.
The last step is to make that jar file available to Ant. You can do that by adding a -lib option to your targets, pointing to the directory that contains the jar file for Jsch. Note that this is the directory that contains the jar, and not the jar itself.
Note that the Targets field contains the -lib option. The name of the target comes last.
That should be it. If your build runs successfully, you should see something like:
I hope this is useful -- it took me an embarrassingly long time to figure this out.