mount-ssh-agent: true -> SSH_AUTH_SOCK: unbound variable

Question

mount-ssh-agent: true -> SSH_AUTH_SOCK: unbound variable

Globegitter opened this issue 6 years ago · 3 comments

I want to be able to clone private git repositories within my ci builds and tried to set mount-ssh-agent: true but all I am seeing is:
/buildkite/plugins/github-com-buildkite-plugins-docker-buildkite-plugin-v3-0-1/hooks/command: line 169: SSH_AUTH_SOCK: unbound variable, is there anything I need to set up in the agent for this to work?

Answer 1 · 2019-03-28T19:00:59.000Z

Yeah, you'll need to 1) launch an SSH agent that your buildkite-agent user has access to, and 2) set the SSH_AUTH_SOCK variable to point at the SSH agent's socket. Are you using systemd to run buildkite-agent? Here's the unit files I'm using:

# /etc/systemd/system/ssh-agent.conf
[Unit]
Description=SSH agent for Buildkite
Before=buildkite-agent.target

[Service]
Type=simple
User=buildkite-agent
Environment=SSH_AUTH_SOCK=/var/lib/buildkite-agent/.ssh-agent.sock
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
ExecStartPost=/usr/bin/ssh-add

[Install]
WantedBy=buildkite-agent.target

# /etc/systemd/system/buildkite-agent.service.d/override.conf 
[Service]
Environment=SSH_AUTH_SOCK=/var/lib/buildkite-agent/.ssh-agent.sock

Then just run systemctl enable ssh-agent && systemctl restart buildkite-agent and you should be off to the races.

Answer 2 · 2019-03-29T10:35:53.000Z

I am running this in a kubernetes cluster but this should give me some idea on how to get this running - thanks. Would be great to have something about this in the readme.

Answer 3 · 2022-09-19T23:20:57.000Z

I have added a clarification on the matter with a link to the Agent's documentation on SSH keys in PR #210