I'm new to Jenkins and I am trying to play around with it.
I'm trying to run a pipeline with a command that will run a simple dir on a remote windows fileserver (with a UNC path provided).
pipeline {
agent any
stages {
stage('Read File') {
steps {
bat 'whoami'
bat label: 'check directory', script: 'dir \\\\filesrv\\C$\\NewUser'
}
}
}
}
The whoami command returns the Jenkins AD user i configured to run the service on the slave
but after that I get an error Access is denied.
I tried giving the Jenkins AD service user local admin permission on the Jenkins master and slave servers and also on the file server. didn't help.
I also tried to explicitly giving that user full control permission on the folder I'm trying to access (located on the file server). didn't help.
I also tried giving permission to the computer accounts like many thread suggenst and point to this link https://serverfault.com/questions/135867/how-to-grant-network-access-to-localsystem-account also didn't help.
Will appreciate some assistance in understanding what permission is it missing?
Thanks in advance
i'll post the solution for any feature reference for those who are using windows environment...
the thing i was missing was making the target folder a shared folder.
so instead of \\\\filesrv\\C$\\NewUser' the path that worked is \\\\filesrv\\NewUser'
where NewUser is the name of the share
Related
I'm a little bit of a newb, with this CI/CD container stuff so please correct me anywhere I'm wrong.
I can't seem to find out how to send by npm build files created on my jenkins instance (workspace) to a remote server. I have a pipeline that successfully pulls in my github repo, does all my fun npm stuff (npm install, test, build). I see my build dir in my jenkins instance /workspace.
My environment is as follows. We have a server where docker (with Portainer) is installed. Jenkins is running in a container with a volume mounted (my react build dir goes here). No issues with the pipeline or building etc. I just can't figure out how to push my artifacts from my jenkins workspace directory to my 'remote' dev server.
I can successfully open a console in my jenkins container (portainer as the jenkins user) and scp files from the workspace directory using my remote server creds(but password is necessary).
I installed and used "Publish Over SSH" Jenkins plugin and get a successful "Test Configuration" from my setup.
I created my RSA keys on the REMOTE machine (that I'm trying to push my build files to).
I then pasted the private key (created without a password) into the plugin at the 'Use password authentication, or use a different key' section. Again, I get a successful test connection.
In my pipeline the last step is deploying and I use this command
sh 'scp -r build myusername#xx.xx.xx.xx:/var/files/react-tester'
I get a 'Permission denied (publickey,password).' error. I have no password associated with the rsa key. I tried both ways, creating the rsa key on the remote machine as my remote user, and the jenkins machine as the jenkins user. I've read examples of people creating the keys both ways, but not sure which user/machine combo to create the keys and paste to which section of the 'Publish Over SSH' plugin.
I'm out of ideas.
First, go to "Manage Jenkins" > "Credentials", add a new SSH credential of type "SSH Username with private key" and fill the "Username" and your private key (generate one if you haven't done it yet) fields (you can also upload one). Don't forget that you have to copy the generated public key to the ${SSH_USERNAME}/.ssh/authorized_keys file on the remote server.
I'm assuming you're using a scripted or DSL pipeline here. In your code, after you've builded your application, you can push it to your server adding this step to your pipeline:
pipeline {
stages {
stage("Pushing changes to remote server") {
steps {
script {
def remote_server = "1.2.3.4"
withCredentials([sshUserPrivateKey(credentialsId: 'my-key', keyFileVariable: 'SSH_KEY', passphraseVariable: '', usernameVariable: 'SSH_USERNAME')]) {
sh "scp -i \${SSH_KEY} build/ ${SSH_USERNAME}#${remote_server}:/var/files/react-tester/"
}
}
}
}
}
}
Best regards.
Deploying a PDF documentation Jenkins executes a simple batch file:
#echo off
REM
REM Adapt the filepath as needed
REM
set PDF_OUTPUT_DIR="F:\svnWorkingCopy\kostra\trunk\DITA\__out_pdf"
set PDF_DEPLOY_DIR="\\FILE-SRV01\Austausch\Setup_Masterbuild\KOSTRA_AKVS\Deutsch\KostraAKVS"
del %PDF_DEPLOY_DIR%\KostraUserManual.pdf /F /Q
copy %PDF_OUTPUT_DIR%\kostra.pdf %PDF_DEPLOY_DIR%\KostraUserManual.pdf /Y
It quits with permission denied. End of console output (in German) is:
[kostra] $ cmd /c call C:\Windows\TEMP\jenkins1093559218605334188.bat
F:\svnWorkingCopy\kostra>F:\svnWorkingCopy\kostra\trunk\DITA\kostra-pdf-deploy.bat
Zugriff verweigert
0 Datei(en) kopiert.
Build step 'Windows Batch-Datei ausführen' marked build as failure
Archiviere Artefakte
Discard old builds...
#111 is removed because old than numToKeep
Sending e-mails to: fjk#akgsoftware.de
Finished: FAILURE
The Jenkins user is the user logged on that machine (Win Server 2012 r2) and has all Jenkins rights.
If I open CMD and execute the batch file manually, everything goes OK. Any idea why Jenkins refuses to copy the file? Is there a way to get a more detailed error msg. from Jenkins?
I see you are running Jenkins on windows. First check that if the user that started Jenkins is allowed to write on your directory. If that is not the case restart Jenkins with a user allowed to write in that directory.
Found the solution for my environment (Jenkins as Windows Service):
The default system user assigned to the Jenkins service must be changed to the logged on windows user.
Even after doing so Jenkins as a service doesn't know about mapped network drives, so you must change these to UNC paths if you have to deploy to a local network share.
I have jenkins working in local server on my mac and for a job, I need to run a script shell witch it need to read a json file. I tryied to put it in workflow-lib file. But when I run the job for testing, the script return an error witch says :
/Users/****/.jenkins/workflow-libs/testCollections: Permission denied
Build step 'Run a shell script' marked build as failure
Finished: FAILURE
So I know that the script can read the json file but I don't know how I can give it this permission.
thank you for helping
Please follow this command to give the permissions.
sudo chown -R <jenkins user>:<jenkins group> /jenkins_root_path
here <jenkins user> and jenkins group is the user and group which you are running jenkins under.
If the jenkins user is a member in the sudoers list:
sudo rm -rf /Users/****/.jenkins/workflow-libs/testCollections
But this can be dangerous.
I would highly suggest you run the Jenkins process as the jenkins user/group and not muck around in there as your own user account.
This will ensure your file permissions are proper and that the jenkins process only has access to the areas it needs as well as letting you spin up new slaves without worrying about permissions and custom settings.
You can always use sudo to become the 'jenkins' user to work with the files.
I'm trying to set up jenkins pipeline according to
this article but instead use google container registry to push the docker images to.
The Problem: The part which fails me is this jenkinsfile stage block
stage ('Push Docker Image To Container Registry') {
docker.image('google/cloud-sdk:alpine').inside {
sh "echo ${env.GOOGLE_AUTH} > gcp-key.json"
sh 'gcloud auth activate-service-account --key-file ./service-account-creds.json'
}
}
The Error:
Please verify that you have permissions to write to the parent directory.)
ERROR: (gcloud.components.update) Could not create directory [/.config/gcloud]: Permission denied.
I can't run any command to do with gcloud as the error above is what i get all the time.
I tried create the "/.config" directory manually logged into the aws instance and open up the permission of the folder to everyone but that didn't help either.
I also can't find anywhere how to properly setup google cloud for jenkins pipeline using docker.
Any suggestions are greatly appreciated :)
It looks like it's trying to write data directly into your root file system directory.
The .config directory for gcloud would normally be in the following locations for username and/or root user:
/home/yourusername/.config/gcloud
/root/.config/gcloud
It looks like, for some reason, jenkins thinks the parent directory should be in /.
I would try checking where your cloud sdk config directories are on the machine you are running this on (and for the user the scripts runs as):
$ sudo find / -iname "gcloud"
And look for location similars to those printed above.
Could it be that the Cloud SDK is installed in a none standard location on the machine?
I am trying Jenkins to execute an ansible playbook.
But I am getting the unreachable host error which I don't get otherwise.
fatal: [vogo-alpha.cloudapp.net]: UNREACHABLE! => {"changed": false, "msg": "Authentication failure.", "unreachable": true}
I have given this variable in ansible hosts file,
ansible_ssh_private_key_file=/home/luvpreet/.ssh/id_rsa
I think it is because the user jenkins is playing those playbooks and it cannot read this private key file. I tried to make jenkins' user home folder but it was not successful.
It can be done if I switch to the user luvpreet and then run these playbooks.
How do I switch to another user via jenkins shell ?
OR
Is there any other way this problem can be solved ?
There are a couple of possibilities why your solution is working. Most likely because Ansible is trying to ssh to your target machine as the jenkins user which isn't on said machine. I'd approach the problem from a different angle.
First, I'd install the Ansible plugin for Jenkins. This allows you to use the built in credentials located at "Manage Jenkins > Manage Credentials". There you can copy and paste your key in (or point to a key file located on the jenkins server) and set the username that will ssh to the target machine. In your job configuration choose "Invoke Ansible Playbook" for your build step rather than shell. There will be a "Credentials" parameter where you can specify the ssh key you added earlier. The rest should be pretty self explanatory.