OCI terraform provider error when running on Jenkins Pipeline

Hello. I’m using Jenkins to deploy terraform using Pipelines to OCI. The code runs when executed on the Linux Machine that has Jenkins installed, but when I try to execute the same code using Jenkins Pipelines, I get the error message:

e[31m│e[0m e[0me[1me[31mError: e[0me[0me[1mcan not create client, bad configuration: did not find a proper configuration for private keye[0m
e[31m│e[0m e[0m
e[31m│e[0m e[0me[0m with provider[“registry.terraform.io/hashicorp/oci”],
e[31m│e[0m e[0m on main.tf line 15, in provider “oci”:
e[31m│e[0m e[0m 15: provider “oci” e[4m{e[0me[0m
e[31m│e[0m e[0m

I’m fairly new to Jenkins, what could I be missing in the configurations? A few extra things I have done:

  • I have copied the RSA key to the Jenkins workspace and the private_key_path points there
  • Configurations are exactly the same as the code running on the VM (Does Jenkins need an extra atribute?)

Here is the current provider code:

provider “oci” {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.private_key_path
region = var.region

Please help.

Hello and welcome :wave:

  • First important check: Jenkins (controller) and the agent nodes are not sharing their workspace. It means that you pipeline might not see the key as part of the build. To help you on this area, you need to share with us the Jenkinsfile and eventually informations about the agent node setup
  • When using Terraform private module, it’s important to ensure that the node agent has not only Terraform, but also openssh-client and a recent git version. I got bitten a lot of time when running Terraform inside the default container that was missing these dependencies. (that is why we maintain our own image on the Jenkins Infrastructure: GitHub - jenkins-infra/docker-terraform: A Docker Image to provide a working environment around terraform).
  • You might want to store the private SSH key as a Jenkins credential (scoped to your job for additional security) and to use an SSH-agent (with the plugin https://plugins.jenkins.io/ssh-agent/ that has a pipelien instruction) so that Jenkins takes care of loading/unloading the key from memory and filesystem (and cleanup) so that this private key is never written
  • You might want to also check the following Terraform features: