configpolicy

dustin

History

Dustin bc7e7c2475 applyConfigPolicy: Configure SSH user certificate In order to manage servers that are not members of the _pyrocufflink.blue_ AD domain, Jenkins needs a user certificate signed by the SSH CA. Unfortunately, there is not really a good way to get a certificate issued on demand in a non-interactive way, as SSHCA relies on OIDC ID tokens which are issued by Authelia, and Authelica requires browser-based interactive login and consent. Until I can come up with a better option, I've manually signed a certificate for Jenkins to use. The Jenkins SSH Credentials plugin does not support certificates directly, so in order to use one, we have to explicitly configure `ssh` to load it via the `CertificateFile` option.	2024-11-25 21:17:44 -06:00
..
applyConfigPolicy.groovy	applyConfigPolicy: Configure SSH user certificate	2024-11-25 21:17:44 -06:00

Dustin bc7e7c2475 applyConfigPolicy: Configure SSH user certificate

In order to manage servers that are not members of the
_pyrocufflink.blue_ AD domain, Jenkins needs a user certificate signed
by the SSH CA.  Unfortunately, there is not really a good way to get a
certificate issued on demand in a non-interactive way, as SSHCA relies
on OIDC ID tokens which are issued by Authelia, and Authelica requires
browser-based interactive login and consent.  Until I can come up with a
better option, I've manually signed a certificate for Jenkins to use.

The Jenkins SSH Credentials plugin does not support certificates
directly, so in order to use one, we have to explicitly configure `ssh`
to load it via the `CertificateFile` option.

2024-11-25 21:17:44 -06:00

applyConfigPolicy.groovy

applyConfigPolicy: Configure SSH user certificate

2024-11-25 21:17:44 -06:00