I am trying to deploy Jenkins with Helm chart in EKS with AD integration.
I deployed Jenkins and able to login with user name password, but not getting how to add the root Cert, which is required for ldaps integration.
How to add the root cert to Jenkins helm chart?
I followed the below link to configure Ldap in my Jenkins Helm chart https://thomascfoulds.com/2020/03/10/ldaps-in-jenkins-on-k8s.html
Our Organization ldap URL was having _ and the java version we used is 1.11. The java 1.11 won't accept the URLs with _ in ldap configuration.
We added below steps (last 2 steps) to make it work .
javaOpts: >
-Djavax.net.ssl.trustStore=/var/jenkins_keystore/keystore.jks
-Djavax.net.ssl.trustStorePassword=changeit
Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
-Dcom.sun.jndi.ldapURLParsing="legacy"
Ldap Settings in Helm chart are
securityRealm: |-
ldap:
configurations:
- server: "ldaps://url.topp_orgname.ad:portNumber"
rootDN: DC=TOPP_TELECOM,DC=WIRELESS,DC=AD
managerDN: "managerLdapUsername"
managerPasswordSecret: "managerLdapPassword"
userSearch: "sAMAccountName={0}"
groupSearchFilter: "(objectCategory=Group)"
Related
I have Jenkins file to deploy my application into EKS cluster. From jenkins side i installed AWS credential plugin and I added Jenkins credential my secret key and access key values into the box.
Next when I'm running Jenkins build deployment stage falling with below error .
Unable to connect to the server: getting credentials: exec: executable aws not found
It looks like you are trying to use a client-go credential plugin that is not installed.
I faced similar issue and found it was a PATH settings issue. Basically aws is not found in PATH . What you could do is add "env" to the code and see what PATH values are in console output. To set the PATH correctly
Manage Jenkins -> Configure System -> Global properties -> Environment variables: name=PATH, value= (Ex: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin/ )
I am working to automate the installation and use of the role-based strategy plugin in Jenkins using ansible. At the moment I can easily install the plugin using the API. However, in order to use the plugin, it is necessary to activate it through the Jenkins UI by clicking 'Manage Jenkins, then Configure System and selecting a role-based strategy.
I am having difficulty automating the activation process since it seems an API does not exist in Jenkins for that. This is my relevant ansible code
- name: Install a role based plugin if it does not exist
uri:
url: "http://localhost:8080/pluginManager/installNecessaryPlugins"
method: POST
user: admin
password: bd7afbedc842418fb7fc27fdf8b3d2e4
force_basic_auth: yes
body: '<jenkins><install plugin="role-strategy#2.9.0" /></jenkins>'
headers:
Content-Type: "text/xml"
follow_redirects: all
when: "'Role-based Authorization Strategy' not in plugins_output_list.content"
ignore_errors: yes
After installing the plugin, is there a way I can activate it without using the UI? I really can't see any API for that purpose.
Your answer is here.
Configure ALL Jenkins initial setup
Fully working Jenkins master with:
no hands on keyboard
no click on UI
Since BitBucket 5.4 it's not necessary anymore to install some plugin to enable webhooks to jenkins (push to bitbucket -> trigger jenkins build).
I'm now trying to configure this on our BitBucket 5.9.1.
I've clicked create webhook on my repo:
Name: test-webhook
URL: https://ourjenkins/
secret: MyToken
In my jenkins job I've configured: Trigger builds remotely (e.g., from scripts) and also added the same token: MyToken.
When I test the setup I got a 403:
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
What am I missing to authenticate? I hoped the token would be used to authenticate but it seems not to work.
Go to Jenkins --> Manage Jenkins --> Configure Global Security
Select Project-based Matrix Authorization Strategy under Authorization
Set permission for Anonymous User to Read / Write Jenkins Jobs. Check for overall Read should work in your case. You can also try other options.
I get the attribute of hudson.slaves.NodeProvisioner.initialDelay in Jenkins kubernetes plugin from Jenkins API,but I don't know How to set hudson.slaves.NodeProvisioner.initialDelay with user interface.
You can't set it from the UI, you have to start Jenkins with that Java
system property
-Dhudson.slaves.NodeProvisioner.initialDelay=0
If you have deployed Jenkins on Kubernetes itself,
You can set this under env var JAVA_OPTS in your Kubernetes YAML file like :
env:
- name: JAVA_OPTS
value: "-Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85"
You can find such YAML file at Jenkins Kubernete Plugin's Github repo itself.
I'm thinking of how to setup continuous integration and deployment using bitbucket, drone.io, hub.docker.com and swarm(aws ec2) cluster?
I submit code to bitbucket
bitbucket's web hook triggers drone.io and it builds and runs tests
On every "green" commit, docker image is pushed to the hub.docker.com and deployed to integration environment (swarm cluster) using "latest" label.
I can't figure it out how to setup step 3 ...
As an example, add to your .drone.yml:
publish:
docker:
username: octocat
password: password
email: octocat#github.com
repo: octocat/hello-world
tag: latest
when:
success: true
deploy:
webhook:
urls:
- https://your.webhook/...
header:
Authorization: pa55word
X-Docker-Image: name_of_your_image:latest
when:
success: true
This would perform the publish step using the docker plugin, followed by hitting a URL endpoint to deploy the published image to your integration environment using the webhook plugin.