Requirement: Remote trigger Jenkins pipeline with and without parameters from my desktop using curl.
Jenkins Authentication: The Jenkins authentication is of a Single sign-on and can login successfully with my AD user name and I'm part of appropriate AD group that let me login which has admin level privilege. This user also has an API token generated to use with the command line to trigger the Jenkins pipeline remotely.
Test Pipeline configuration: Under Build Triggers, enabled "Trigger builds remotely" and an authentication token being used.
Commands: Executed the following commands from my desktop
curl -vk --user <AD user name>:<password> http://jenkinsurl/job/job-name/build?token=TOKEN
curl -vk --user <AD user name>:<password> http://jenkinsurl/job/job-name/buildWithParameters?token=TOKEN
curl -vk --user <AD user name>:<User API token generated on Jenkins> http://jenkinsurl/job/job-name/build?token=TOKEN
curl -vk --user <AD user name>:<User API token generated on Jenkins> http://jenkinsurl/job/job-name/buildWithParameters?token=TOKEN
Issue: HTTP Error 401 Unauthorized (Same error output for all the above commands)
Note: I can successfully run the above commands on a local Jenkins that I am running with Docker for windows on my desktop and trigger the pipeline remotely but there is no SSO authentication on this Jenkins and using the Jenkins default admin user for testing.
Can someone suggest me the steps or configurations required to trigger a remote pipeline(from command line) which has single sign-on enabled? Not sure what is missing in my setup.
Related
I am trying to program a pipeline that requests a username and password as parameter to connect via ssh to a linux server.
I have searched the internet for solutions but the SSH Agent plugin only works with credentials stored in Jenkins.
Is it possible to create a credential with the parameters sent by the user that executes the pipeline or use them as credentials?
Thanks!
I want to remotely trigger jenkins jobs so i am using below command
curl -X POST https://svc-pro-jenkins:PASSWORD#jenkins.xxx.org.xx/job/folder_1/create_s3/builrWithParameters?env=prod
Now this works fine when i try this in dev jenkins as there i am passing API token not password.
But in production Jenkins security team is not allowing to create API token and when i use password i get below error.
HTTP 403 No valid crumb was included in request
Is there any way i can trigger job without creating API token?
I have 2 questions that Im trying to figure out.
QUESTION 1
I have setup a Jenkins Master and am trying to create a Agent using the UI. Here is the UI snippet.
Now when I click Save and open the Agent, it tells me to use this command to conenct.
java -jar agent.jar -jnlpUrl https://<MASTER_NODE>/computer/Test_node/slave-agent.jnlp
It is not giving me the option to use -secret. How can I enable that feature so that I also need to provide the secret to connect to my master.
QUESTION 2
I am in the process of automating the creation of multiple Jenkins Agents. Im going to do that using REST API calls. The command is
curl -s -k -w %{http_code} -X POST "https://<MASTER_NODE>/computer/doCreateItem?name=jenkins-slave-1&type=hudson.slaves.DumbSlave" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Jenkins-Crumb: ${JENKINS_CRUMB}" \
-d "json=${JNLP_JSON}" )
Now the thing is for every agent, the secret value inside the jnlp file is different. Is there a way to specify that value in the Jenkins Master so that every Jenkins Agent has the same password ?
If you are the jenkins admin, check
1) Manage Jenkins -->Configure Global Security-->Access Control-->Authorization
under Project-based Matrix Authorization Strategy, make sure you have not ticked the Connect options under Agent for Anonymous role.
(or)
2) Make sure Manage Jenkins--> Configure Global Security-->Agents-->Agent protocols has only V4 enabled
JNLP V4 TLS based encryption
As for your second question I do not know. am facing the same issue of how to connect the slaves automatically to the Jenkins Master with different Secrets
JNLP Secrets are derived from the Agent's name. You could get the JnlpMac or secret for a specific agent from the jnlp file or via groovy executed on the master. See for example How to find JNLP Node's secret key remotely?
You can add jenkins-slave.exe and jenkins-slave.xml in Remote root directory which contains jre argument this need a secret key. Secret key only needed when you are setting agent as windows service.
I have followed instruction in LINK
I want to automate the Artifactory release and staging in jenkins job.
I got this curl command,
curl -X GET "http://localhost:9090/job/artifactory-8.0-release/artifactory/staging?
it is working fine, but it is asking for authentication. When i do automate, i need to call this only using token not with user credentials.
please help.
There are several ways to use tokens for authentication.
Basic Authentication
curl -u<USERNAME>:<TOKEN> http://ARTIFACTORY_URL/api/system/ping
Authorization Headers
curl -H"Authorization: Bearer <TOKEN>" http://ARTIFACTORY_URL/api/system/ping
Source: JFrog Artifactory documenation page 'Access Tokens'
I want to run build after push to repository.
I configured jenkins to use Matrix-based security, to protect my jenkins server. But when I do this I can't trigger build.
In build I checked Trigger builds remotely (e.g., from scripts) and I added Authentication Token XXXXXXXXXXX, but when I run:
curl -XPOST http://my-jenkins/job/test/build?token=XXXXXXXXXXX
I receive error and message Authentication required.
Is it possible configure Jenkins to run remote builds and configure Matrix-based security to don't allow anonymous users to do any action?