Jenkins perforce triggered build on windows? - jenkins

I feel totally in the dark, and hope you guys can help.
So I have a jenkins server setup connect to p4v and everything running smoothly.
I can trigger the builds on jenkins manually without any problems.
Now however I'd like to setup so Jenkins (using the perforce plugin) acually polls from perforce everytime I submit something new in a specific folder.
This seems fairly straightforward running on linux, just adding a script file in perforce and a perforce trigger to run that file using curl to send a message to jenkins to start the build.
However i'm running windows, and I dont find any information about how to solve this particular problem on windows. Anyone, to help?
The main problem seems to be that all tutorials I find on this uses a .sh script which isnt run in windows, I wonder if there is some other way to do this in windows?

I managed to solve this by using the following Jenkins plugin:
https://wiki.jenkins.io/display/JENKINS/Build+Token+Trigger+Plugin
and curl:
https://curl.haxx.se/
If someone else has the same issue here is the step by step process I went through to set it up on Windows.
In your Jenkins project, enable: Trigger builds remotely (e.g., from scripts)
Enter an Authentication Token, can be anything, ex: buildCode
On the command line as p4 admin enter: p4 triggers
In the trigger, file go to the bottom
Enter the actual p4 trigger: SomeTriggerName change-commit //DepotLocationToTriggerOn/... %//DepotLocationOfScriptToBeTriggered/trigger.bat%
Observe: When the batch file to be run in the trigger is in a depot path it must be surrounded by %
Submit the trigger.bat to p4 in the choosen location. The batch file need to contain the following code C:\curl-7.60.0-win64-mingw\bin\curl.exe -u userID:APIToken JenkinsIP/job/TestJob/build?token=buildCode
Curl must be in that specific folder on the p4v server machine.
The userID and APIToken is found by going to the user drop down and enter Configure, then clicking API Token.
Hope this might help someone else with a similar problem :).

Related

Access is denied when running mkdir command from Jenkins

I am trying to create a new directory and copy files to it. So I'm using a job of "Execute batch command".
First I tried to run: robocopy source destination /e.
Then I tried: mkdir destination. In both cases I got an "Access is denied" mssage.
If I try it myself manualy I am able to create a directory and copy files to it.
The destination is a remote computer's shared folder: \computerName\sharedFolder\
Anyone knows how to get access rights with Jenkins?
I know this post is a bit old but I found two solutions that work pretty well so I'm posting it in case somebody needs it.
First: allowing the disk usage for the current run
On your "Execute batch command" you can add a line:
net use \\server\folder /USER:domain\user password
You can then use \server\folder in your commands and it'll work.
Jenkins can even deal with credentials so that there's not in plain text.
The second solution is to boot Jenkins as a specific user so that all the commands will be run as this user.
To do this:
Open services app in windows
Search for Jenkins
Right click, properties
On Log On tab configure the credentials you want to use
Reboot Jenkins
I hope this helps someone
To find out the user under which your jobs run, create a "scratch" job in Jenkins. Give it a single "Execute Windows Batch command" build step and enter "set" as the text of your batch command. If your affected job is running on a Windows slave, make sure this job runs on the same slave. Run the job. Your console will show a list of the environment variables known to that job, the same as if you typed "set" in a Command Prompt window on your desktop. The difference will be that near the bottom, the username shown for "USERDOMAIN" and "USERNAME" in your command window will be you (the user you are logged in as); in the console output, it will be the user account that your Jenkins job runs under.
That user may not actually have login rights. And, if Jenkins is running as a service, you can't just set up a share in your command window: Jenkins jobs run under a different Windows "session" and that session will not see the share you created in your login session.
A not-very-secure way to get you over the hump would be to add parameters to your job for the username (string parameter) and password (password parameter). Before you need access to the drive, either in the same build step or in a 'Execute Windows Batch Command' step that runs prior to that build step, run "#net use : \computername\sharename %% /USER:%% /persistent:no". (for example: "#net use p: \COMPUTER\SHARE %PASSWORD% %USER% /persistent:no"). The "#" will keep the password from showing in the log. (However, the password will be associated with the job and will be encoded in Jenkins if "Allow rebuild" is enabled.) Make sure when you are done you clean up ("net use /delete") and you may need to test and clean up the drive letter before you try to connect, in case a previous job failed without releasing the drive letter.
In this scenario you would have to enter a username and password for someone who can access the share when you run the job. You could encode hidden parameters with these values pre-filled in, but that means that user's username and password are encoded into the job definition, and the default for the hidden password parameter would not be encrypted in the Jenkins config files.
There are definitely more secure ways to get the drive share enabled in the Jenkins service session, but depending on your environment this may be 'good enough' to get you past the block you are faced with right now. I have used tricks like these in an environment where I was not a Jenkins administrator and I had very limited access rights (and no admin rights) on the Jenkins slaves.
In my setup, the Jenkins slave service runs under a specific user (named jenkins).
It makes it easy to verify the access rights for that specific user.
Of course jenkins needs to have write access on the remote folder, both on the physical disk and the share.

Running FTP through Jenkins on windows server 2012

I have installed Jenkins in our server successfully, and we can run configure and run jobs.
I want to run a Windows Batch Command on a Jenkins job, that should download some files through FTP. Initially I had some issues with FTP as I was able to connect to the server, but couldn't download files or list them, as FTP was unable to establish a data channel because of the server's firewall configuration.
I was able to fix this issue, opening ports to the FTP executable, and I was finally able to download the files from command line.
Now I want to make the same operation I'm running on command line, but in a Jenkins job.
The problem is that once I try to make a wget or ls, the job stalls and nothing happens. This behavior is similar to what I experienced in command line before opening ports, but I can't tell if its the same issue as Jenkins is not giving any feedback (on command line I could see the line "150 File status okay; about to open data connection.", Jenkin's console is only displaying the commands sent with FTP, but not the FTP response).
I have tried applying the same firewall configuration as the one applied to the FTP executable, to the Jenkins executable and service. No go.
I also changed the user that launches the Jenkins service, so it is launched by an administrator account. But it's just not working.
Anyone has any idea of whats going on?
Instead of using "Execute Windows Batch Command", I executed the FTP command through a "Execute shell", and the process completes correctly.

Deploy web app via Jenkins

I have recently started to mess about with Jenkins and am unsure how to deploy my web app to a basic server. I've gotten into the Pipeline (https://jenkins.io/doc/book/pipeline/) and it seems like a fantastic way to work.
Where I'm a bit stuck is in two spots:
Once my repo is in my workspace within Jenkins, how do I prep it so I am only deploying the files necessary for the application? For example, I don't need my src/ directory or my Vagrantfile when I'm deploying things.
How do I deploy my app to the server? I see examples all over the place, but I am getting a bit lost since there seems to be so many ways to do this. I'm assuming scp or something like that...?
To build off of #2, is there a way to deploy web apps as transactions (in one shot) rather than file-by-file?
Please let me know if I can provide any information for potential answers!
I can't speak to your specific use case but a common way to do this is the build-and-deploy model, where you will have 2 Jenkins jobs. The "build" job will check out from source, run build commands such as maven or make, and lastly will "archive" the build artifacts. The latter is an option under the 'post-build actions' tab at the bottom.
In the "deploy" job, you will grab the artifacts of your choice. You can fetch a single file, all of them, and everything in between. This requires use of the 'Copy Artifact' plug-in and it allows you to copy files generated by other jobs. Now you can run your usual deploy script in the 'Execute Command' box. Most command line paradigms are supported out of the box such as setting environment variables.
The instructions above assume that you want to run your application off of a host that you've provisioned as a Jenkins slave.
Use artifacts as mentioned by Paul Back, or a 3rd party artifactory server as in video
This is always tricky and error-prone. Why not spin up a fresh server with new release (humanly verified once)
Jenkins & Ansible is the answer here. This is how I deploy to production, since I am in no need to use anything like Docker (too many issues with particular app) so have to run the app natively. Quick example would be
You monitor a specific branch in gitlab / github or whatever else and then call a webhook on push / merge etc on that branch, at this point you deal with anything you need to do by running a playbook on the jenkins job that monitors that branch (jenkins).
in my case jenkins and ansible run on the same server. Jenkins runs the ansible playbook that does whatever I need to do.
for example with ansible, I copy certain files that need to be there, run configs / change filenames etc. setup nginx, run composer,
you get the point.

How to securely backup Jenkins configuration?

I am setuping a Jenkins environment to manage workflows of Python projects. This Jenkins install is running on a Windows 7 machine and I need to backup the Jenkins config to avoid potential loss of work in case of HDD failure (for example).
I tried the SCM sync configuration plugin but this one is not compatible with the Subversion plugin I use and caused Jenkins to display only a white screen when I activated it. So it is not usable.
I also tried the thinBackup. It works well but, due to Jenkins being ran as a local service, it is not able to save backups on a network drive (and backuping on the same drive than Jenkins is not very insteresting). You would think that I just have to run Jenkins with a network user, but in this case it would not have sufficient local privilèges.
I am thinking about creating a Batch (or Python) script which could deal with SVN to backup the Jenkins configuration by adapting what is described in this page but I am not very happy to write a SVN account password in a Batch (or Python) script which could potentially be seen by anybody.
So I would know if it exists an other way to achieve this Jenkins configuration backup.
Or at least, does it exists a way to perform svn commands without showing anybody a clear password?
The issues with the SCM sync configuration plugin sadden me, too. What we do with our Jenkins instances, is: we use thinBackup to run regular backups and store them in the default folder on the same HDD. Then we have a daily cron job rsync them with a folder on another HDD. So if Jenkins is running on Windows, you would probably achieve the same using the Windows Task Scheduler and cwRsync, for example.

How can we execute Jenkins job using other user credential

I need to execute few of the Jenkins jobs such as "Release to Production" through Jenkins UI using logged on user credential. The reason is, we have separate Support Team Members, who have access to the production boxes and not the Dev team members. So, in order to deploy any code base to production, all the Windows Deploy Commands (ex, create, update files, folder etc.) needs to be run with specific user credential who has access to the Production Box. So that even the Dev team members who don't have access to the Production box but are Jenkins Admin, execute the same job should result in failure due to "Access Denied". The job should succeed only if its been run by Support Team members with their credential.
I tried using parameterized plugin but couldn't able to pass the Password successfully to the batch file which contains MSDeploy instructions. Even the Jenkins console log displays the parameter passed in its console output, which is a security issue.
I checked Role based security plugin, but that doesn't help me much. I just need a plugin which should ask for user to provide their credential before start building the Job and should use the user credential to get the job executed, so that my MSDeploy command will be able to deploy the code on Production boxes, when the Support team member build that Job using their credential. I wish there was support for impersonation.
Right now all the Jenkins Jobs are getting executed using the service account which the Tomcat service is configured to run with on which Jenkins is hosted.
Any help would be appreciated.
Just in case there is any confusion a Jenkins job will always run as the same OS user. The Matrix based security applies to users who log into the Jenkins server and controls features like creating or launching jobs.
You could configure the job to use a set of generic production credentials and then prevent your developers from invoking the job.
Perhaps a better approach would be to separate the process that builds the code from the one that deploys the code. The following diagram (Taken from the xebia-france project) demonstrates how some of my favourite tools Rundeck and Nexus can be integrated with Jenkins.
Finally, I highly recommend reading the following link:
Using Rundeck and Chef to build devops tool chains
Hi I know I'm coming late on this thread, but I just fell on this issue and had a hard time solving it, so I thought I might just share what I managed to set-up.
First things first: if you want to run a Jenkins job "as a specific user" (with all the correct habilitations) the easiest way is to run a Jenkins SLAVE as this user.
Then you might very well stumble into the following: you probably want to run serveral slaves on the same windows machine as windows services. This is very fine, as long as each slave has his own Remote root directory and probably have a specific "label" too.
Once you managed to run your slave as a windows service, launch the service console (run services.msc). Edit the newly created service properties, go to Log On tab. Select "Log on as: This account" and enter your account credentials.
Cheers :)
You can utilize the built in windows runas or Powershell InvokeCommand cmdlet and -Credential to run - Both these would store the username/password in plain text - So do think about the risks, but this gives you flexibility.
I'm surprised this doesn't have a better answer of set an agent on another machine to run as another service and define agent as a special "type" which picks up the jobs - Something along those lines is what I would expect but I haven't seen an implementation like that in Jenkins (I'm new to Jenkins so was looking for an answer and found this thread).
Something else that could be considered for someone more familiar with Jenkins is when you set the custom path to MSBuild could you set that to runas /user:... msbuild.exe perhaps? I don't have an extra Jenkins server currently to try that on.

Resources