I am trying to integrate Terraform (to create an AWS instance) with Jenkins and need to force (bypass) the approval process. I am trying to do it as a freestyle job providing the required information under the "Build ENv" section.
I am able to create an AWS instance from Terraform. Now I am trying to automate the process using Jenkins. The job is failing because I am not able to by pass the approval process.
Building in workspace C:\Program Files (x86)\Jenkins\workspace\TerrafromInstancecreation
[ModuleOne] $ "C:\Program Files (x86)\Jenkins\tools\org.jenkinsci.plugins.terraform.TerraformInstallation\Terrafrom_0.12.6\terraform.exe" get -update
[ModuleOne] $ "C:\Program Files (x86)\Jenkins\tools\org.jenkinsci.plugins.terraform.TerraformInstallation\Terrafrom_0.12.6\terraform.exe" apply -input=false "-state=C:\Program Files (x86)\Jenkins\workspace\TerrafromInstancecreation\terraform-plugin\terraform-plugin.tfstate"
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
[1mEnter a value:[0m [0m
Apply cancelled.
FATAL: java.lang.Exception: Terraform Apply failed: 1
at org.jenkinsci.plugins.terraform.TerraformBuildWrapper.executeApply(TerraformBuildWrapper.java:249)
at org.jenkinsci.plugins.terraform.TerraformBuildWrapper.setUp(TerraformBuildWrapper.java:269)
at hudson.model.Build$BuildExecution.doRun(Build.java:157)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
at hudson.model.Run.execute(Run.java:1810)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
I need to force the auto approval process so that the APPLY phase can run through without prompting and then failing.
My sincere request to please provide any scripts / parameters that I need to use . I am performing this as a freestyle jenkins job.
You should use the -auto-approve=true flag when running non interactively. This will also skip the showing of the plan before and just apply out any changes that Terraform deems necessary.
Related
I am building Jenkins for Test / QA automation scripts, lets name it TEST_JOB. For application, I have application source code Jenkins build, name it DEV_JOB.
My scenario is when DEV_JOB completes execution (successfully), execute TEST_JOB immediately. I am aware about setting up project upstream / downstream [ Build after other projects are built ] to accomplish this task. But here, Problem is DEV_JOB is on different server than TEST_JOB. Due to which, TEST_JOB fails to recognize DEV_JOB.
Now, how would I achieve this scenario?
You can use Jenkins API for remote trigger of Job.
Say you have job on DEV_JOB on JENKINS_1, add a penultimate step(or upstream/downstream project having only this step) which invokes TEST_JOB using remote API call of JENKINS_2 server.
Example command would be
$(curl --user "username:password" "http://JENKINS_2/job/TEST_JOB/buildWithParameters?SOMEPARAMETER=$SOMEPARAMETER")
username:password is a valid user on JENKINS_2.
Avoid using your own account here but rather a 'build trigger' account that only has permissions to start those jobs.
I'm working on a set of jobs to tag a bunch of related Git repos with the same tag. At the moment, the flow is decomposed into three types of jobs: an overall Jenkins scripted Pipeline, a job that does a build and drops a tag if the build succeeds, and a job triggered by the tagging job that does the final release build. My intention is to allow users to run either the overall pipeline or one of the jobs beneath it depending on if they need to re-run a step in the process or do an entire release.
One of my requirements is that this all needs to happen with the invoking user's credentials, which are then passed to Git so the updates (maven pom changes, etc.) are logged into the commit history as their user. I was successful in this by combining User-scoped credentials with the Authorize Project plugin (so the job can access the user-scoped credentials), the Build User Vars to set user.name and user.email in Git, and the SSH Agent plugin to supply the keys to Git so the commit and tag can be pushed as the correct user.
What I'm trying to do now is collect the user's SSH key with a credentials parameter to the scripted pipeline job and then pass that credentials parameter to the downstream tagging job (which also takes a credentials parameter). Unfortunately, when I do that the downstream job fails because the SSH Agent in the downstream job can't retrieve the credentials based on the value that the credentials parameter in the pipeline passes on to the credentials parameter in the tagging job.
The error I'm getting is:
FATAL:
java.io.IOException: [ssh-agent] Could not find specified credentials
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:209)
at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:490)
at hudson.model.Run.execute(Run.java:1737)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:421)
FATAL: [ssh-agent] Could not find specified credentials
java.io.IOException: [ssh-agent] Could not find specified credentials
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:209)
at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:490)
at hudson.model.Run.execute(Run.java:1737)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:421)
Right now, my Job DSL for the pipeline job looks like this:
parameters {
stringParam('sitePrefix',Projects.siteAbbr,"Three-character site code")
activeChoiceParam('modules'){
choiceType('MULTI_SELECT')
groovyScript{
script("[${projectsAsGroovyString}]")
}
description("Modules to build")
}
credentialsParam('gitUser'){
type('com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey')
required()
description('Personal SSH Key for tagging and releasing')
}
stringParam('gitBranch','develop','Branch to tag')
stringParam('releaseVersion',null,'Version you want to release')
stringParam('developmentVersion',null,'Snapshot version to set after release. If unset, generates a new patch snapshot based on the release version')
}
and my actual pipeline code contains code like this:
def tag_params = [
[$class:'com.cloudbees.plugins.credentials.CredentialsParameterValue',name: 'gitUser',value:params.gitUser],
// credentials(name:'gitUser',value:params.gitUser),
string(name:'gitBranch',value:params.gitBranch),
string(name:'releaseVersion',value:params.releaseVersion),
string(name:'developmentVersion',value:params.developmentVersion),
booleanParam(name:'buildRelease',value:false),
]
stage('Tag bom'){
// Run tag job
build job: "bom_tag_release", parameters: tag_params
// Run release build
build job: "bom_tag_build", parameters: build_params
}
The downstream job is just using another credentials parameter to receive the credentials, not the Credentials Binding plugin because that only seems to handle secret files not the SSH keys that SSH Agent needs. Is passing a credential id from a pipeline to a job even possible or should I be looking at another approach?
Thanks!
I am trying to set up a job in Jenkins using this p4 plugin. I successfully installed the plugin. While I am trying to run perforce commands in execute shell I got below exception.
[workspace] $ /bin/sh -xe /tmp/hudson6165069639422088214.sh
+ echo 'Trunk Release is r2017.1.0'
Trunk Release is r2017.1.0
++ /usr/local/perforce/p4 -P E208C3B005AB1F8E7C138F7156F857EC counter cos_sso_trunk_build_number
User jenkins doesn't exist.
+ BLD_NUM=
Build step 'Execute shell' marked build as failure
Warning: you have no plugins providing access control for builds, so falling back to legacy behavior of permitting any downstream builds to be triggered
Finished: FAILURE
I have included P4 Configuration, Its working fine. But above error is when I will try P4 commands in console earlier Perforce plugin (old) its working fine
It's expecting an account for the user "jenkins". Either create an account for that user, or use an existing user.
On the Configure page, under Source Code Management-->Perforce Software Perforce Credentials, select Add to add the user information.
I have a build step in my jenkins project. This is an Execute Shell step.
The following is the command is what I am running.
sudo gcloud --project=xxxx preview app deploy app.yaml ==version=1
During the deployment the above step breaks the build, with the following error.
sudo gcloud --project=cfc-melbourne-website preview app deploy app.yaml ==version=1
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
sudo: no tty present and no askpass program specified
Build step 'Execute shell' marked build as failure
No JDK named ‘null’ found
ERROR: Build step failed with exception
com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials$AccountIdNotSetException
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials.getUsername(GoogleRobotPrivateKeyCredentials.java:152)
at com.google.jenkins.plugins.credentials.oauth.RemotableGoogleCredentials.<init>(RemotableGoogleCredentials.java:54)
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotCredentials.forRemote(GoogleRobotCredentials.java:204)
at com.google.jenkins.plugins.storage.AbstractUpload.initiateUploadsAtWorkspace(AbstractUpload.java:342)
at com.google.jenkins.plugins.storage.AbstractUpload.perform(AbstractUpload.java:173)
at com.google.jenkins.plugins.storage.GoogleCloudStorageUploader.perform(GoogleCloudStorageUploader.java:109)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:785)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:726)
at hudson.model.Build$BuildExecution.post2(Build.java:185)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:671)
at hudson.model.Run.execute(Run.java:1766)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:410)
Build step 'Google Cloud Storage Uploader' marked build as failure
Finished: FAILURE
How do I resolve this ?
The no tty present error indicates that you have the requiretty setting in your sudoers file. This will require a tty. To solve this you can add your user to that file and turn .
change your sudoers-file:
vi /etc/sudoers
and add (assuming it's your jenkins-user):
Defaults:jenkins !authenticate
Normally your jenkins user can use sudo-commands without authentication.
I have a set of jobs that run shell scripts. Parameters for those scripts can be chosen via some choices defined in the build.
Now i want to use the release plugin to prevent people from accidentally choosing from a set of "release only" parameters.
So what i basically need is the ability to have one build with two distinct sets of parameter choices.
To achieve this i have configured the jobs as follows:
Master Job
normal build
- choiceParameter name:TEST values:"normal"
release build
- choiceParameter name:TEST values:"release"
Child Job
normal build
- choiceParameter name:TEST values:"normal"
release build
- choiceParameter name:TEST values:"release"
MasterJob triggers ChildJob via "Parameterized Build" plugin
When i execute a normal build everything works fine.
But when i trigger a Release Build on the MasterJob i get the following exception:
ERROR: Build step failed with exception
java.lang.IllegalArgumentException: Illegal choice for parameter TEST: release
at hudson.model.ChoiceParameterDefinition.checkValue(ChoiceParameterDefinition.java:75)
at hudson.model.ChoiceParameterDefinition.createValue(ChoiceParameterDefinition.java:87)
at hudson.model.ChoiceParameterDefinition.createValue(ChoiceParameterDefinition.java:19)
at hudson.plugins.parameterizedtrigger.ProjectSpecificParameterValuesActionTransform.convertToDefinedType(ProjectSpecificParameterValuesActionTransform.java:83)
at hudson.plugins.parameterizedtrigger.ProjectSpecificParameterValuesActionTransform.transformParametersAction(ProjectSpecificParameterValuesActionTransform.java:34)
at hudson.plugins.parameterizedtrigger.ProjectSpecificParametersActionFactory.getProjectSpecificBuildActions(ProjectSpecificParametersActionFactory.java:32)
at hudson.plugins.parameterizedtrigger.BuildTriggerConfig.getBuildActions(BuildTriggerConfig.java:290)
at hudson.plugins.parameterizedtrigger.BuildTriggerConfig.perform2(BuildTriggerConfig.java:336)
at hudson.plugins.parameterizedtrigger.BlockableBuildTriggerConfig.perform2(BlockableBuildTriggerConfig.java:57)
at hudson.plugins.parameterizedtrigger.TriggerBuilder.perform(TriggerBuilder.java:85)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:761)
at hudson.model.Build$BuildExecution.build(Build.java:203)
at hudson.model.Build$BuildExecution.doRun(Build.java:160)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:536)
at hudson.model.Run.execute(Run.java:1741)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:374)
Build step 'Trigger/call builds on other projects' marked build as failure
Finished: FAILURE
Fixing this error is easy. I just have to add the value "release" to the choices in the normal build. But this destroys the whole intention of this setup.
Is there a way to get this kind of setup to work?
If you want people to restrict running arbitrary script on production boxes, You can use Node label plugin.
You can configure the job to select which node(box/machine) user can run the job, This way you can restrict user running jobs on prod env.