I am currently working on dockerizing Jenkins FROM jenkins/jenkins:lts image. I am not so familiar with Groovy nor Jenkins, but I managed to run few scripts by adding this line to my Dockerfile
COPY /jenkins/script.groovy /usr/share/jenkins/ref/init.groovy.d/
The problem is that I couldn't find a way to automatically setup the email notification settings such as SMTP server, check the checkbox of Use SMTP Authentication. Is there a way to configure those using a Groovy script? If it's not possible then is there any other way to do so?
I'd recommend using Jenkins Configuration as Code -JCasC for as much of the Global Settings and plugin settings that are supported. A very %ge can be be done that way, including anyone. Easiest approach is manually configure an Instance (local is fine), export settings via JCasC, backup actual configure, wipe configure, load JCasC and compare to backup.
eg: mailer plugin
It does not handle the installation of the plugins,so you must do that first, maybe via plugin manager installation tool or Docker file
Update (Jenkins configuration as code)
I managed to set up the email config using JCasC plugin thanks to Ian W on the recent answer, it wasn't the answer for my question but helped me follow through.
So to set up a config in this example you will need to set up just mailing config or even more, so all you need to do is create a new file with a YAML configuration like this:
unclassified:
mailer:
authentication:
password: "AES-128-Encrypted password"
username: "example#gmail.com"
charset: "UTF-8"
smtpHost: "smtp.gmail.com"
smtpPort: "465"
useSsl: true
useTls: false
type the email and other configs like SMTP settings in plain text but for the password, you will need an encrypted password (AES-128), to do so you can simply go to:
http://<jenkins-ip>:<jenkins-port>/script
You will have a text box to type the following groovy script to encrypt that password (update your password to match your email's pass)
import hudson.util.Secret
def secret = Secret.fromString("Your Password")
println(secret.getEncryptedValue())
Once you run the script you will get a new encrypted password, simply copy then paste it in the Config file password field.
Now we are going to simply use that file to apply the new mail configuration by visiting (again make sure that you have configuration-as-code plugin installed):
http://<jenkins-ip>:<jenkins-port>/configuration-as-code/
Then copy the configuration file path inside the config path field (you can also use a URL of a config)
/path/to/conf.yaml
and finally, apply a new configuration!
You can use the JCasC for your desire find more here also see the GitHub repo
Related
I'm moving a Jenkins from 'traditional' to JCasC.
We have a quite complex setup already, and I am wondering if there is a way to migrate somehow the current configuration without a need of going through settings and code it in .yaml?
btw. I'm not sure about installing JCasC plugin on prod to see the configuration... Am I wrong?
Thanks!
Make sure to have read the Getting Started and other docs.
Create new instance (you can do this onto your desktop/laptop) and copy over all the configuration, config.xml,*.xml, secrets and keys, but NO jobs into the new instance. See what to backup.
Add an entry to start in quiet mode by adding Jenkins.instance.doQuietDown()
You might want/need to change the url and port config too.depending on host. Mind you, you can do this all onto your desktop/laptop
Copy the plugins as well. Add the config as code plugin.
Startup the new instance, export the CasC config and review. The export is a starting point so fill in any missing gaps, etc. For example, since you did not copy jobs over, folders and views will not be created. Some plugin configs are.also not yet implemented.
Stop Jenkins, delete all the config (except the secret key). Put the JCasC config in place and start up. Compare the new configs to what you backed up/copied over. Repeat until they match. Now you should have a config that matches Prod.
Now you can install JCasc in Prod. The plugin does nothing until configured. But do a similar backup/compare of Prod config, before and after the config, just in case something changed in the intervening period
Of course, now you need to mke sure any changes are now only done via JCasC and not the UI, or you are out of sync again. See blog and JEP.
My institution requires me to periodically change my LDAP password.
In the past, I was able to perform the following steps to change my password:-
Create a Base64 encoded password at http://www.base64encode.org/
Edit /var/lib/jenkins/config.xml and change <managerPassword/>.
However, the recent version of Jenkins no longer use <managerPassword/>. Instead, I'm seeing <managerPasswordSecret/>.
I'm not sure how to generate the new secret password, so I did the following:-
Backup /var/lib/jenkins/config.xml first.
Edit /var/lib/jenkins/config.xml and change <useSecurity/> to false.
Restart Jenkins service.
Go to Jenkins.
Enable LDAP Security.
Enter new LDAP password.
Save it.
Open up /var/lib/jenkins/config.xml and copy <managerPasswordSecret/>.
Restore backup config file.
Replace <managerPasswordSecret/> with the new value.
This is incredibly convoluted.
Is there a more straightforward way for me to maintain my LDAP password change in the future?
Thanks much!
None of the above solutions worked for me with a newer version of Jenkins (2.78). What did work was putting the managerPasswordSecret in without any encryption. Once I ran Jenkins, the password got encrypted for me.
You can still use <managerPassword>.
Generate the new encoded password with
perl -e 'use MIME::Base64; print encode_base64("yourNewPassword");'
In your config.xml, find <hudson>/<securityRealm>/<managerPasswordSecret>. Change <managerPasswordSecret> to <managerPassword> (both before and after) and put the encoding from #1 between them. Save the file.
Restart jenkins
Login and using the UI, reset the LDAP Manager password to the same yourNewPassword. config.xml should now be back to <managerPasswordSecret>.
If you are paranoid (like me), restart jenkins again to use the newly modified config.xml.
I was trying to do same thing and this is simple solution (use from Jenkins console):
import com.trilead.ssh2.crypto.Base64;
import javax.crypto.Cipher;
import jenkins.security.CryptoConfidentialKey;
import hudson.util.Secret;
CryptoConfidentialKey KEY = new CryptoConfidentialKey(Secret.class.getName());
Cipher cipher = KEY.encrypt();
String MAGIC = "::::MAGIC::::";
String VALUE_TO_ENCRYPT = "";
println(new String(Base64.encode(cipher.doFinal((VALUE_TO_ENCRYPT + MAGIC).getBytes("UTF-8")))));
Decoding is simpler:
println(hudson.util.Secret.decrypt(HashFromConfigXmlHere));
Edit your config.xml file by hand.
If your Jenkins uses a <managerPasswordSecret> set of tags, put the new plain text password in there and Jenkins will read it. Once Jenkins starts up, go to the Configure System > Configure Global Security page and click Save. That will update that field with the encrypted version.
The current easiest and fastest solution (just worked for me) is from Cloudbees: simply enter the new password into the password field in the config.xml as plain text (not encrypted) then Jenkins will read that correctly. Once you start Jenkins and just re-save the Manage Jenkins -> Configure Global Security page
https://support.cloudbees.com/hc/en-us/articles/221230028-Changing-LDAP-Password
I tried solution provided by #alkuzad and its working fine. Just to clarify that you can't use Jenkins web Console when LDAP user password is expired. So what I did is as follow (I have groovy script plugin in Jenkins. I also provided run script access to anonymous user - not a good idea but it's the way I initially found to resolve this recurring issue).
Downloaded jenkins-cli.jar
put above code in GroovyPasswordClass.txt (not to forget using new password in place of VALUE_TO_ENCRYPT in code)
start jenkins server (its requirement to have jenkins running)
run below command from command prompt
java -jar jenkins-cli.jar -s groovy GroovyPasswordClass.txt
This will print encrypted password.
Better Option
Well, later I found better way to do authentication if directory service provider is MS Active Directory. In that case instead of LDAP plugin, I used Active Directory plugin for authentication. This I found better because
1) Response is faster when use Active directory plugin instead of generic LDAP protocol based plugin
2) Active Directory plugin uses user data with which Jenkins service was started and no need to configure any user account in Jenkins. So you will never have situation that your Jenkins login not working because user configured for ldap has expired password.
Hope this will help others trying to resolve this issue.
I just need to copy a file from my local machine to Cloudbees (in /opt/ant/latest/lib or in /home/jenkins/.ant/lib). I Tried to connect via finder using thie method: https://developer.cloudbees.com/bin/view/DEV/Sharing+Files+with+Build+Executors, But Finder tells me to check the server or IP address. I really checked my username and password though.
Thank you in advance for any help.
You can use a WebDav client like Cyberduck. You can see how to do the configuration here -0. Pre-requisites.
I am having some confusion over configuring Sonar plugin on Jenkins. I went to Manage Jenkins -> Configure System and added Sonar.I am confused about what to put in the Database URL in the Sonar section.
I put
jdbc:mysql://10.4.1.206/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true
10.4.1.206 is the node I am connecting to.
However, the port is 3306.
Should I put
jdbc:mysql://10.4.1.206:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true or just leave it like before?
Also, since I am using MySQL, do I need to put com.mysql.jdbc.Driver in the Driver section? It says to leave it blank if I am using embedded default driver.
Please forgive me; this is my first time tampering with both Jenkins and Sonar.
In case you have configured your Sonar to use MySQL, you need to provide both the URL and the driver. The default, embedded database for Sonar is Derby - below you will find a sample of a default sonar configuration:
# Comment the 3 following lines to deactivate the default embedded database
sonar.jdbc.url: jdbc:derby://localhost:1527/sonar;create=true
sonar.jdbc.driverClassName: org.apache.derby.jdbc.ClientDriver
sonar.jdbc.validationQuery: values(1)
So, if you have configured your Sonar to use MySQL, and I can only assume that you had, let's analyze the configuration itself:
The driver that you need to explicitly declare is com.mysql.jdbc.Driver.
Yours URL string looks good to me. According to the MySQL Connect specification:
The JDBC URL format for MySQL Connector/J is as follows, with items in square brackets ([, ]) being optional:
jdbc:mysql://[host][,failoverhost...][:port]/[database] »
[?propertyName1][=propertyValue1][&propertyName2][=propertyValue2]...
If the host name is not specified, it defaults to 127.0.0.1. If the port is not specified, it defaults to 3306, the default port number for MySQL servers.
jdbc:mysql://[host:port],[host:port].../[database] »
[?propertyName1][=propertyValue1][&propertyName2][=propertyValue2]...
In my current setup the connection is as follows:
jdbc:mysql://localhost:3306/radical_sonar?useUnicode=true&characterEncoding=utf8
I tend to use the port number explicitly in order to avoid confusion rather than anything else - we do have a test MariaDB install running on a different port...
In Manage Jenkins > Configure System, your Sonar-Settings should be as follows:
Database URL should be:
jdbc:mysql://10.4.1.206:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true
Driver should be:
com.mysql.jdbc.Driver
If you need more information, you might also want to have a look at your "sonarqube/conf/sonar.properties" File and the following documentation link
http://docs.codehaus.org/display/SONAR/Configuring+SonarQube+Jenkins+Plugin
Good Luck with your configuration!
I tried to run grailsw, but the wrapper cannot connect to download grails-2.2.1-download.zip (creates a 0 byte file instead).
I need to use a proxy server to connect to the internet, where do I configure proxy settings for the Grails Wrapper?
After running grails wrapper, your project directory has a new subdirectory called wrapper, with a file grails-wrapper.properties. You can configure your proxy settings in there, with the following properties:
systemProp.http.proxyHost=
systemProp.http.proxyPort=
systemProp.http.proxyUser=
systemProp.http.proxyPassword=
systemProp.http.nonProxyHosts=
I solved this problem for myself.
It is a two step process
1.a) Back up your JRE_HOME\lib\security folder. This is essential because the below steps might corrupt cacerts file under jre.
1.b) You need to install the ssl public key of Github.com to your local file system. To do that you have to use the InstallCert.java program( Link to InstallCert.java )
It is supposed to be run as java InstallCert github.com
and when it asks to enter cert number you need to enter 1
It will create a file with name "jssecacerts" in the current directory
1.c) But this program will not work because it does not know about how to authenticate with proxy. For this you need the code from SSLSocketClientWithTunneling page
Use the above two and create a program that tunnels through the proxy retrieves the ssl key and writes a file called jssecerts
2) Update your grails.bat with addtional options. Add these options to the %JAVA_EXE% command line. Paste them after %DEFAULT_JVM_OPTS%
-Dhttp.proxyHost=YourproxyURL -Dhttp.proxyPort=YourproxyPort -Dhttps.proxyHost=YourproxyURL -Dhttps.proxyPort=YourproxyPort -Dhttp.proxyUser=YourProxyUserID -Dhttp.proxyPassword=YourProxyPassword -Dhttps.proxyUser=YourProxyUserID -Dhttps.proxyPassword=YourProxyPassword -Djavax.net.ssl.trustStore=path-to-your-jssecacerts-created-in-step-1