I have setup a new Jenkins instance in docker.
Now am trying to create a new job. But the problem that am facing is my Source Code is in ADE.
But under "Source Code Management" i see only 2 options: 1) None 2) Git.
I dont see "ADE" option.
Is there any Plugin for ADE in jenkins?
Please do help
I worked at Oracle for some months and I used ade. Since ADE is a propietary SCM from Oracle, it is fully integrated in Oracle products. As far as I know, ADE can´t be integrated with jenkins natively but I think you could create a transaction in your jenkins server. When you need to build in jenkins, you would need to pull the transaction on your machine to the jenkins server. If you can set an observer or listener in jenkins when something changes in your transaction then trigger the build.
I am not sure if this can help you.
I have installed Jenkins in a docker container hosted on my Linux machine. Now the problem am facing is that I am unable to login to my Jenkins instance(UI) as my Unix\Linux user.
When i navigate to "Manage Jenkins >> Security >> Configure Global Security", under "Security Realm", I see an option called "Unix user/group database". If i select that option its asks(prompts) for "Service Name". I enter "sshd" and then click on "Test" button. On doing so it gives the below error: "User ‘jenkins’ needs to belong to group shadow to read /etc/shadow".
I am not sure how to fix it as am very new to docker as well as jenkins. Finally what i want to achieve is "i want to be able to login using my Unix\Linux credentials".
Related
My company is using Jenkins for their CI and so far we've only been using it for our web apps, but now we're getting to the windows service apps we use and I'm looking for some guidance on this.
Currently we have a batch script that shuts down the service then do an Hg update and then turns the service back on.
I need Jenkins to run it as admin so that windows will allow the script to toggle the services.
My question is, how hard is it for Jenkins to run something with elevated privileges?
With PsService you can execute a remote command (start/stop/restart) and provide a username and a password for elevated access.
Once you manage to do this all you need to do is to "write that line" in jenkins. Meaning that if you use pipeline you'll do it with credentials binding. Of course you need to create jenkins credentials with the aforementioned username and password.
I have a jenkins setup with multiple users which are logging in with Active Directory plugin. This is useful so that each user can access his own tasks.
However each user also has different permissions on the local network, such as access to different folders etc. I have noticed that the permissions given to each task is not linked to the user but to the account under which the slave is running as service. Is there a way to change that so that the task is executed on the slave under the credential (and hence permissions) of the user?
Thank you
The problem is: there is only one slave process running the different job assigned to that server by the Jenkins master.
So the slave itself runs as one user (generally, a dedicated account or a system account).
Since you can get the user id as environment variable (with a plugin like JENKINS Build User Vars Plugin), you might consider configuring the job in order for it build step to "run as" the user who triggered the build.
See for instance the JENKINS Authorize Project plugin.
However, as mentioned this answer:
The "Authorize Project" plugin does not change the OS level user that is running commands.
It only sets the Jenkins user that is running the job and any downstream jobs, using Jenkins authentication (whatever it might be).
So you are left with build step with runas or su -c commands in order to be sure that your task does run with the right user.
I had the similar issue and I can recall for managing more control on projects I used role strategy plugin and setup global security using LDAP servers (Active directory should also be ok).
And I used authorized project plugin.
Have a look and I hope it should solve your purpose. Let me know on comment section for any clarification.
you can partially fix your problem this way:
install the slave as a service using the Java Web Start method and JLNP
go to Services control panel in windows
under Properties -> Connection replace the local system connection with a specific user
rebooted the service
This at least gives you the ability to use one account instead of system.
I'm trying to configure a local installation of Jenkins to review uploaded changes on Gerrit. So far, I've gotten Jenkins to detect uploaded changes and build them (using Gerrit Trigger). However, while the build concludes successfully on Jenkins, it doesn't post any reviews on Gerrit, even though it is configured to do so. Interestingly, in Gerrit change history, I can see Jenkins having started a build:
Jenkins Patch Set 1: Build Started http://localhost:8080/job/TestProject/70/
but that's it. No results are shown after this, like successful conclusion of the build etc. Since I can see the build started result, I'm assuming I've configured the review settings correctly, but something else is causing a hold up. I've checked in the Gerrit error_log file and it doesn't show any errors. What maybe the issue?
By the way I've been able to verify/review the code as jenkins using the command line.
To make code verification possible, you have to go through the following steps:
Allow label “Verified” on Gerrit server (also see here or here);
Read this and make sure your job configured properly, because you will not build latest changesets instead;
Give access to labels Code-Review and Verified in your Gerrit project for user Jenkins;
I was able to resolve this by adding the 'Verified Label' to the Gerrit Server. The version of Gerrit I used (2.11.3) explicitly asks you to install the Verified Label, and the default option is set at No and as a result I didn't install it. I simply reinstalled my Gerrit, this time choosing Yes on Install Verified Label. If you're facing this issue, simply reinstall your Gerrit. If re-installation is not an option, read this:
http://blog.bruin.sg/2013/04/how-to-edit-the-project-config-for-all-projects-in-gerrit/
Some basic information can be found also in Jenkins plugin
Create the profile through in Gerrit web interface for your Jenkins user, and set up a SSH key for that user.
Gerrit web interface > Admin > Groups > Non-Interactive Users > Add your jenkins user.
Admin > Projects > ... > Access > Edit
Reference: refs/*
Read: ALLOW for Non-Interactive Users
Reference: refs/heads/*
Label Code-Review: -1, +1 for Non-Interactive Users
Label Verified: -1, +1 for Non-Interactive Users
I need to execute few of the Jenkins jobs such as "Release to Production" through Jenkins UI using logged on user credential. The reason is, we have separate Support Team Members, who have access to the production boxes and not the Dev team members. So, in order to deploy any code base to production, all the Windows Deploy Commands (ex, create, update files, folder etc.) needs to be run with specific user credential who has access to the Production Box. So that even the Dev team members who don't have access to the Production box but are Jenkins Admin, execute the same job should result in failure due to "Access Denied". The job should succeed only if its been run by Support Team members with their credential.
I tried using parameterized plugin but couldn't able to pass the Password successfully to the batch file which contains MSDeploy instructions. Even the Jenkins console log displays the parameter passed in its console output, which is a security issue.
I checked Role based security plugin, but that doesn't help me much. I just need a plugin which should ask for user to provide their credential before start building the Job and should use the user credential to get the job executed, so that my MSDeploy command will be able to deploy the code on Production boxes, when the Support team member build that Job using their credential. I wish there was support for impersonation.
Right now all the Jenkins Jobs are getting executed using the service account which the Tomcat service is configured to run with on which Jenkins is hosted.
Any help would be appreciated.
Just in case there is any confusion a Jenkins job will always run as the same OS user. The Matrix based security applies to users who log into the Jenkins server and controls features like creating or launching jobs.
You could configure the job to use a set of generic production credentials and then prevent your developers from invoking the job.
Perhaps a better approach would be to separate the process that builds the code from the one that deploys the code. The following diagram (Taken from the xebia-france project) demonstrates how some of my favourite tools Rundeck and Nexus can be integrated with Jenkins.
Finally, I highly recommend reading the following link:
Using Rundeck and Chef to build devops tool chains
Hi I know I'm coming late on this thread, but I just fell on this issue and had a hard time solving it, so I thought I might just share what I managed to set-up.
First things first: if you want to run a Jenkins job "as a specific user" (with all the correct habilitations) the easiest way is to run a Jenkins SLAVE as this user.
Then you might very well stumble into the following: you probably want to run serveral slaves on the same windows machine as windows services. This is very fine, as long as each slave has his own Remote root directory and probably have a specific "label" too.
Once you managed to run your slave as a windows service, launch the service console (run services.msc). Edit the newly created service properties, go to Log On tab. Select "Log on as: This account" and enter your account credentials.
Cheers :)
You can utilize the built in windows runas or Powershell InvokeCommand cmdlet and -Credential to run - Both these would store the username/password in plain text - So do think about the risks, but this gives you flexibility.
I'm surprised this doesn't have a better answer of set an agent on another machine to run as another service and define agent as a special "type" which picks up the jobs - Something along those lines is what I would expect but I haven't seen an implementation like that in Jenkins (I'm new to Jenkins so was looking for an answer and found this thread).
Something else that could be considered for someone more familiar with Jenkins is when you set the custom path to MSBuild could you set that to runas /user:... msbuild.exe perhaps? I don't have an extra Jenkins server currently to try that on.
We are using Hudson as a CI tool. At present we are needed to use Jenkins, to deploy the build to Stage, Prod environment. What is the best aproach we should follow.
I know about promote buld plugin, but the issue is authentication. I want whevener we need to promote a build to deploy to Stage or Prod, it should ask for netqwork credential first. And then the promote job should execute the Batch command using the creadential supplied. At present, the promote plugin, runs using the credentials which the Tomcat server is configured to run.
Same issue with Build Pipeline plugin.
I want only dev or even hudson admin also should not be able to execute the promote build unless credential supplied. (We have windows 2008 r2 OS)
Can you please help me in resolving the issue. so that basically whenever a user click on Promote build to QA\Stage\Prod the plugin should ask for credential or should use the logged on users credential and execute the batch script using the logged users credential only and not by using the credentials of the account with which the tomcat server is configured.
Can you please help me?
Please suggests us the best aproach for making automated build on prod\stage.
For deployment I normally use SSH, Private/Public keys takes care of the authentication problems normally associated with running commands on other servers.
SSH is normally associated with unix based systems, but it does support windows.
Finally, I would recommend considering decoupling your build system (jenkins) from the system performing the deployment by using an intermediate repository. See the following answer for more details:
Jenkins : how to check out artifact from Nexus and Deploy on Tomcat-