Jenkins asking to enter initialadminstration password when upgrading version - jenkins

I am trying to upgrade Jenkins version and deployed jenkins.war to webapps folder.After restarting the tomcat server jenkins taking to initial set up to register admin user.But i have already users created and assigned with roles.How to skip the initial set up and to to login page instead.

Looks like loading variables from JNDI was removed in 2.332.
https://community.jenkins.io/t/jenkins-home-variable-not-read-in-2-332-1-running-in-apache-tomcat-9/1826/4
To get it working, add the below in tomcat/bin/setenv.sh. Replace the path according to your directory structure
export JENKINS_HOME=/apps/jenkins

Related

Rundeck update to 3.2

I have updated Rundeck on my centos server from 3.1 to 3.2.6 using yum update rundeckd. After the update, the existing projects are not showing up unless i create a new test project. The value in framework.properties is set to /var/lib/rundeck/projects as per the documentation. What am i doing wrong here ?
That's because Rundeck now stores the projects in the default H2 database by default instead of filesystem, you can check the configuration in the rundeck-config.properties file:
# Encryption for project config storage
rundeck.projectsStorageType=db
rundeck.config.storage.converter.1.type=jasypt-encryption
rundeck.config.storage.converter.1.path=projects
rundeck.config.storage.converter.1.config.password=02f0dc8d21f4e26e
rundeck.config.storage.converter.1.config.encryptorType=custom
rundeck.config.storage.converter.1.config.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC
rundeck.config.storage.converter.1.config.provider=BC
More info here.
Good advice is to move your configuration to "real" RDBS as backend, take a look at this.
EDIT: You can store (and see your previous projects) on the filesystem changing rundeck.projectsStorageType=db by rundeck.projectsStorageType=filesystem .

How to install WebLogic AdminServer and NodeManager as windows service?

I am trying to install Weblogic adminserver as windows service but getting "Input too long" error while executing the install script.
I have struggled a lot in this issue and finally got the way to register AdminServer and Nodemanager as windows service for Weblogic. Below are the steps and issues faced with the progress:
To register weblogic AdminServer as windows server first need to create a script which will contain values like oracle home, java home etc. Below is the script I have used to install the service:
`
echo off
SETLOCAL
set MW_HOME=C:\Oracle\Middleware\Oracle_Home
set DOMAIN_NAME=osb_domain
set USERDOMAIN_HOME=C:\Oracle\Middleware\Oracle_Home\user_projects\domains\osb_domain
set SERVER_NAME=AdminServer
set WL_HOME=C:\Oracle\Middleware\Oracle_Home\wlserver
set PRODUCTION_MODE=true
set JAVA_OPTIONS=-Dweblogic.Stdout="%USERDOMAIN_HOME%\stdout.txt" -Dweblogic.Stderr="%USERDOMAIN_HOME%\stderr.txt"
set WLS_USER=weblogic
set WLS_PW=Password123
set MEM_ARGS=-Xms1024m -Xmx1024m
call "C:\Oracle\Middleware\Oracle_Home\user_projects\domains\osb_domain\bin\setDomainEnv.cmd"
call "C:\Oracle\Middleware\Oracle_Home\wlserver\server\bin\installSvc.cmd"
ENDLOCAL
`
By running this script I was not even able to install the windows service as it was throwing " Input is too long" error and the reason is windows char limitations. You might get confused by classpath and will try to resolve classpath but
the issue is with JAVA_OPTIONS values which is set by SetDomainEnv.txt is creating this issue.
I have modified the script like below and shorten the JAVA_OPTIONS values by calling SetDomainEnv.txt command just before setting JAVA_OPTIONS in the script.
This has overridden the lengthy value of JAVA_OPTIONS. Now I have succesfully installed the AdminServer as windows service.
`
echo off
SETLOCAL
set MW_HOME=C:\Oracle\Middleware\Oracle_Home
set DOMAIN_NAME=osb_domain
set USERDOMAIN_HOME=C:\Oracle\Middleware\Oracle_Home\user_projects\domains\osb_domain
set SERVER_NAME=AdminServer
set WL_HOME=C:\Oracle\Middleware\Oracle_Home\wlserver
set PRODUCTION_MODE=true
call "C:\Oracle\Middleware\Oracle_Home\user_projects\domains\osb_domain\bin\setDomainEnv.cmd"
set JAVA_OPTIONS=-Dweblogic.Stdout="%USERDOMAIN_HOME%\stdout.txt" -Dweblogic.Stderr="%USERDOMAIN_HOME%\stderr.txt"
set WLS_USER=weblogic
set WLS_PW=Password123
set MEM_ARGS=-Xms1024m -Xmx1024m
call "C:\Oracle\Middleware\Oracle_Home\wlserver\server\bin\installSvc.cmd"
ENDLOCAL `
Even the service is successfully installed, when I was starting it the service is stopped immediately and wasn't printing any logs as it was not connecting to AdminServer.
After a bit analysis I found that JAVA_OPTIONS values which I have overridden in my script is very much needed to invoke AdminServer.
I have run SetDomainEnv.txt in cmd prompt and copied thre JAVA_OPTIONS values.
As the service is already installed, I just copied the correct JAVA_OPTIONS values CMDLINE param in the windows service registry manually.
Server subsystem failed. Reason: A MultiException has 6 exceptions.
Server installed as Windows NT service with incorrect password for user weblogic. The password may have been changed since the server was installed as a Windows NT Service. Contact the Windows NT system administrator.
Note: No extra spaces or character is inserted in CMDLINE param.
Now everything is in place which is actually required to start the admin server. But when I start the service it is throwing some authentication error along with others in the adminserver.log file.
after a lot of analysis I found that is is not authentoication issue, the problem was with boot.properties file. boot. properties file was not read properly.
This answer is continuation of below one:
after a lot of analysis I found that is is not authentoication issue, the problem was with boot.properties file. boot. properties file was not read properly.
Now I would give some background- If the fusion middleware is installed as development mode the boot.properties files is created automatically inside Oracle_HOME\user_projects\domains\domainname\servers\AdminServer\security and if you look at this prop file you will find the password and username in encrypted mode.
If the fusion Middleware is installed as production Mode then everytime it will ask for password and username. to avoid this perform below steps:
manually create file under Oracle_HOME\user_projects\domains\domainname\servers\AdminServer\security\boot.properties like mention below:
username=weblogic
password=Password
Note: No spaces should be added and take care of file extension.
Now start weblogic from domain\bin\startWeblogic.cmd. This will encrypt you boot.properties file. check boot.proprties file if encrypted you are good to go.
Finally start the windows service whic is installed following above process. It should work fine.
=======================
About Node manager use installNodeMgrSvc from domain\bin. Again if you get input is too long error, you must shorten JAVA_OPTIONS and then carefully edit CMDLINE param in the windows registry.

Cannot login using LDAP in Jenkins

To tighten up security on our Jenkins CI server (running 1.614 on Ubuntu 14.04), I configured the LDAP plugin yesterday. Everything seemed fine yesterday, and I was able to log in and manually configure and run some builds.
This morning, however, no one - including myself - is able to log in.
We are told to look into the server console output - however, there is nothing recorded in /var/log/jenkins/jenkins.log. I found How do I view the Jenkins server console output on the local filesystem? - but there are no such log files in /usr/lib/jenkins/ (which my jenkins home directory).
I've tried the simple troubleshooting groovy script at https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin, but each query returns:
Checking the name 'wibble'...
It is NOT a group, reason: No such property: Jenkins for class: RemoteClass
It is NOT a user, reason: No such property: Jenkins for class: RemoteClass
My security config:
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
<securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap#1.11">
<server>server.ip.address</server>
<rootDN>dc=domain,dc=location,dc=au</rootDN>
<inhibitInferRootDN>false</inhibitInferRootDN>
<userSearchBase>dc=domain,dc=location,dc=au</userSearchBase>
<userSearch>sAMAccountName={0}</userSearch>
<groupSearchBase>ou=groups</groupSearchBase>
<groupSearchFilter>(& (cn={0}) (objectclass=group) )</groupSearchFilter>
<groupMembershipStrategy class="jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy">
<filter>(&(objectCategory=group)(member={0}))</filter>
</groupMembershipStrategy>
<managerDN>cn=administrator,cn=users,dc=domain,dc=location,dc=au</managerDN>
<managerPasswordSecret>wurble-bop-de-boo</managerPasswordSecret>
<disableMailAddressResolver>false</disableMailAddressResolver>
<displayNameAttributeName>displayname</displayNameAttributeName>
<mailAddressAttributeName>mail</mailAddressAttributeName>
<userIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
<groupIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
</securityRealm>
There were no configuration changes made overnight, and we use these same credential/settings for other LDAP integration from about 3 or 4 different applications, and they're all working fine.
I've had a similar issue after simply adding or modifying a user on the Configure Global Security page. I think it's just as #davidrv87 said: Chrome auto-fills some hidden "username" and "password" fields and breaks your LDAP settings.
Result
In the main Jenkins config.xml file, the bad settings appear as new child nodes under <securityRealm>:
<securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap#1.11">
+ <managerDN>myusername</managerDN>
+ <managerPasswordSecret>uT5S1rfROmNBuEsw8z=</managerPasswordSecret>
How to fix
Edit ~jenkins/config.xml
Remove the managerDN and managerPasswordSecret nodes (lines).
Restart the Jenkins service.
Now LDAP logins should work again!

Jenkins: How to Change LDAP Password

My institution requires me to periodically change my LDAP password.
In the past, I was able to perform the following steps to change my password:-
Create a Base64 encoded password at http://www.base64encode.org/
Edit /var/lib/jenkins/config.xml and change <managerPassword/>.
However, the recent version of Jenkins no longer use <managerPassword/>. Instead, I'm seeing <managerPasswordSecret/>.
I'm not sure how to generate the new secret password, so I did the following:-
Backup /var/lib/jenkins/config.xml first.
Edit /var/lib/jenkins/config.xml and change <useSecurity/> to false.
Restart Jenkins service.
Go to Jenkins.
Enable LDAP Security.
Enter new LDAP password.
Save it.
Open up /var/lib/jenkins/config.xml and copy <managerPasswordSecret/>.
Restore backup config file.
Replace <managerPasswordSecret/> with the new value.
This is incredibly convoluted.
Is there a more straightforward way for me to maintain my LDAP password change in the future?
Thanks much!
None of the above solutions worked for me with a newer version of Jenkins (2.78). What did work was putting the managerPasswordSecret in without any encryption. Once I ran Jenkins, the password got encrypted for me.
You can still use <managerPassword>.
Generate the new encoded password with
perl -e 'use MIME::Base64; print encode_base64("yourNewPassword");'
In your config.xml, find <hudson>/<securityRealm>/<managerPasswordSecret>. Change <managerPasswordSecret> to <managerPassword> (both before and after) and put the encoding from #1 between them. Save the file.
Restart jenkins
Login and using the UI, reset the LDAP Manager password to the same yourNewPassword. config.xml should now be back to <managerPasswordSecret>.
If you are paranoid (like me), restart jenkins again to use the newly modified config.xml.
I was trying to do same thing and this is simple solution (use from Jenkins console):
import com.trilead.ssh2.crypto.Base64;
import javax.crypto.Cipher;
import jenkins.security.CryptoConfidentialKey;
import hudson.util.Secret;
CryptoConfidentialKey KEY = new CryptoConfidentialKey(Secret.class.getName());
Cipher cipher = KEY.encrypt();
String MAGIC = "::::MAGIC::::";
String VALUE_TO_ENCRYPT = "";
println(new String(Base64.encode(cipher.doFinal((VALUE_TO_ENCRYPT + MAGIC).getBytes("UTF-8")))));
Decoding is simpler:
println(hudson.util.Secret.decrypt(HashFromConfigXmlHere));
Edit your config.xml file by hand.
If your Jenkins uses a <managerPasswordSecret> set of tags, put the new plain text password in there and Jenkins will read it. Once Jenkins starts up, go to the Configure System > Configure Global Security page and click Save. That will update that field with the encrypted version.
The current easiest and fastest solution (just worked for me) is from Cloudbees: simply enter the new password into the password field in the config.xml as plain text (not encrypted) then Jenkins will read that correctly. Once you start Jenkins and just re-save the Manage Jenkins -> Configure Global Security page
https://support.cloudbees.com/hc/en-us/articles/221230028-Changing-LDAP-Password
I tried solution provided by #alkuzad and its working fine. Just to clarify that you can't use Jenkins web Console when LDAP user password is expired. So what I did is as follow (I have groovy script plugin in Jenkins. I also provided run script access to anonymous user - not a good idea but it's the way I initially found to resolve this recurring issue).
Downloaded jenkins-cli.jar
put above code in GroovyPasswordClass.txt (not to forget using new password in place of VALUE_TO_ENCRYPT in code)
start jenkins server (its requirement to have jenkins running)
run below command from command prompt
java -jar jenkins-cli.jar -s groovy GroovyPasswordClass.txt
This will print encrypted password.
Better Option
Well, later I found better way to do authentication if directory service provider is MS Active Directory. In that case instead of LDAP plugin, I used Active Directory plugin for authentication. This I found better because
1) Response is faster when use Active directory plugin instead of generic LDAP protocol based plugin
2) Active Directory plugin uses user data with which Jenkins service was started and no need to configure any user account in Jenkins. So you will never have situation that your Jenkins login not working because user configured for ldap has expired password.
Hope this will help others trying to resolve this issue.

Can we run sample-app that comes with BB Push SDK without app.id?

I am trying to deploy the sample-app war file that comes with PushSDK.But was not able to deploy the application successfully.Steps followed till now
1) I was able to configure PushSDK.properties log4j.xmlbut didn't change value of ${sampleapp.appid} in sample-app-context.xml.
2)then made the war file using cmd
3) Deployed on the server.
during deployment an error was coming.
Invalid bean definition with name 'registerListeners' defined in class path resource [sample-app-context.xml]: Could not resolve placeholder 'sampleapp.appid'
Tried to register on link but was unsuccessful
I have just started down the path of using the Push SDK, but from what I've read I conclude that you need to get your development registration completed at least before you can run the sample code; unles you're using your own BES.

Resources