I have a groovy file that runs at the time of deployment to create predefined admin users for jenkins. I would like to add a logic here that would enable the allowsignup option. By default the option is disabled.
First I tried making changes in the config.xml file hoping that when I'd restart jenkins it would enable the option but that didn't work.
Now I'm suspecting that maybe I need to make changes via a groovy file using the hudson.security.HudsonPrivateSecurityRealm module, but I'm not exactly sure how to go about doing this.
I am also not sure whether this is possible or the option can only be enabled via UI.
Related
I have a problem. I use Jenkins to deploy application on machines. Depending on which machine i want to deploy new version I need to use different database passwords to run db migrations. I want to store credentials in Jenkins and for each deploy job select credentials set from dropdown which will be passed (just password ) to powershell script. I have Credentials Binding Plugin and Extended Choice Parameter Plugin. I thought it might help me with my problem, but I cannot find solution for this. Do you have any ideas how to achieve this?
As I understand, you need only to do two things:
add Credential Parameter in This project is parameterized section for possibility to select credentials set from dropdown.
enable Use secret text(s) or file(s) option in Build Environment section. This will allow you to take credentials of various sorts and use them from shell build steps and the like. Each binding will define an environment variable.
If you have already created Jenkins credentials like these:
then you will be available to run your job using Build with Parameters button and select needed credentials:
So, after configuring, you don't need to dig in job configuration each time, all possible credentials will be automatically loaded, you need only select the needed one when run a job.
I have 5 Jenkins servers (for projects) + 1 (for administration) with common a config.xml.
But for each server I want to have specific Dashboard view. These views are defined in the config.xml (tag : hudson.plugins.view.dashboard.Dashboard)
is there a way to have a specific configuration files and import it in the common config.xml (like a import resource="./config-specific.xml) ? (I try it= > don't work))
I can't have a specific config.xml by server, it must be common for each server.
Thanks
XIncludes could be a solution to that.
The only point is that you must enable the XInclude feature for the XML parser that's used by Jenkins (by default, it's disabled). If you're willing to modify core/src/main/java/hudson/XmlFile.java, then adding a JAXP.setXIncludeAware(true) should do the trick.
I didn't figure out yet if it's possible to do the same dynamically by setting a static system property like -D...=true. Also, XIncludes may be lost when Jenkins updates the config files itself.
Currently in order to enable or disable a job, a user must have Job Configure permissions in the Matrix-based security configuration.We would like to be able to manage the enable / disable job permission independently from the job configure permission.
There are some nightly jobs that we want every user to be able to enable and disable the project without touching/breaking the configuration.
Thanks
Provide a script for the users that will do this using the credentials of 'root' user and set only the execute bit on the script so that no one can read/copy it.
At least 3 ways to make a script:
HTTP POST request:
1.
curl -X POST http(s)://<your_jenkins_url>/jenkins/job/<nightly-build_job_name>/disable
2.
Use python JenkinsAPI.
Documentation is very good, easy to understand much like the API.
3.
The third one can be a script which will use jenkins-cli: accepted answer describes this well .
The Job Configure permission is bounded to the disable/enable function in each job, that's true.
One alternative to disable/enable jobs without the corresponding permission is to create new jobs which do this internally. For example, a job that needs job names as parameters, and disables them.
You could use curl + credentials of a Jenkins user with the Job Configure permission.
You could use plugins. For example, this script using the Job DSL Plugin:
job("jobname"){
using("jobname")
disabled(true)
}
For other options, check out this question.
You may try to install this plugin to get the enable/disable button for the individual project-
I checked in my Jenkins and I could see this:
But when I checked under plugins section I don't see this extra column plugin installed. Probably this is the default behavior in latest versions of Jenkins.
I am currently doing an analysis whether jenkins could fit for our needs.
Therefore I need to know something about (NOT) reloading configurations:
I know that there is an explicit way to reload a configuration (via WebGUI and CLI).
BUT:
Is there also a way to PREVENT Jenkins from reloading configs?
One requirement is that the CI-System reads in all config-files (general and job-configs) ONCE at the start of the ci-system. And afterwards a modification of the config-files shall take NO effect!
Do you know whether this is already the case (except I press that button under "manage Jenkins" | "reload Configuration from hard disk" [exact options might sound a little different because I only have a German version here])
Would be very thankful for your help,
Lukas
I run a Git repo to control the config.xml files so have experience of the xml files changing while Jenkins is running.
I can confidently state that Jenkins will not reread the config.xml file unless you specifically ask it to via the UI or cli. In fact if the config is changed via the UI any changes that has been done to the config.xml file will be overwritten with the in-memory version.
Is there a way to restrict a build step for a user. I have added a build step using the templates plugin, this template is for the deployment.
I do not want any users who has access to create a job or modify a job to be able to use this build step. The new build step that has been added should only be used by the the administrator.
If people can modifying Job configuration, they can get around any limitation you would place.
If your step can be executed post-build, I suggest to take a look at Promoted Builds plugin. The promotions can be configured to be limited to certain users only. But again, if a user has ability to change job configuration, they can overcome that easily.
The only way I can think of, is to have an external script (or preferably a compiled program than cannot be simply "read" with text editor) that is expecting a password that only you now, before executing whatever secret stuff that you want.