I have created a jenkins node using jenkins-cli create node command. The node gets created successfully and I could see it in the web interface.
NODE_NAME=$1
LABEL=$2
cat <<EOF | java -jar jenkins-cli.jar -s http://myjenkins/jenkins/ create-node --username userId --password testPwd $1
<?xml version='1.0' encoding='UTF-8'?>
<slave>
<name>${NODE_NAME}</name>
<description></description>
<remoteFS>/Users/jenkins1/Desktop/workspace</remoteFS>
<numExecutors>1</numExecutors>
<mode>EXCLUSIVE</mode>
<retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
<launcher class="hudson.plugins.sshslaves.SSHLauncher" plugin="ssh-slaves#1.22">
<host>test</host>
<port>22</port>
<credentialsId>test</credentialsId>
<maxNumRetries>0</maxNumRetries>
<retryWaitTime>0</retryWaitTime>
<sshHostKeyVerificationStrategy class="hudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy"/>
</launcher>
<label>${LABEL}</label>
<nodeProperties>
<hudson.slaves.EnvironmentVariablesNodeProperty>
<envVars serialization="custom">
<unserializable-parents/>
<tree-map>
<default>
<comparator class="hudson.util.CaseInsensitiveComparator"/>
</default>
<int>1</int>
<string>MVN_REPOS</string>
<string>/Users/jenkins1/Desktop/workspace</string>
</tree-map>
</envVars>
</hudson.slaves.EnvironmentVariablesNodeProperty>
</nodeProperties>
</slave>
EOF
But when I try to get the node after it has been created using jenkins-cli I get no such node error. However, I am able to get the node after saving the configuration through Jenkins UI. Could you please help me to fix this error.
java -jar jenkins-cli.jar -s http://myjenkins/jenkins/ get-node 'tests' --username userId --password testPwd
ERROR: No such node 'tests'
When you create a node or job from the cli, most times you have to return to Jenkins UI and run "Manage Jenkins >> Reload Configuration From Disk", otherwise cli changes sometime remain ineffective. Have you already tried doing this?
#funkfan As I have mentioned in my post, I am able to get the node after saving the configuration through Jenkins UI. I have even tried jenkins-cli reload-configuration command before saving the configuration from the Jenkins UI without any luck.
Related
I am working on scan automatisation and trying it on metasploitable2 VM using the following command:
docker container run --rm -v $(pwd):/zap/wrk --name container01 owasp/zap2docker-stable:latest zap-api-scan.py -g gen.conf -t http://192.168.56.104/ -f openapi -d -n fContext.context -U admin -r reporAdmin-test.html
My context file contains the following info:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
<context>
<name>Default context</name>
<desc/>
<inscope>true</inscope>
<incregexes>http://192.168.56.104/</incregexes>
<tech>
....
<authentication>
<type>2</type>
<strategy>EACH_RESP</strategy>
<pollurl/>
<polldata/>
<pollheaders/>
<pollfreq>60</pollfreq>
<pollunits>REQUESTS</pollunits>
<loggedout>Login failed</loggedout>
<form>
<loginurl>http://192.168.56.104/dvwa/</loginurl>
<loginbody>username={%username%}&password={%password%}</loginbody>
<loginpageurl>http://192.168.56.104/dvwa/login.php</loginpageurl>
</form>
</authentication>
<users>
<user>2;true;YWRtaW4=;2;YWRtaW4=~cGFzc3dvcmQ=~</user>
<user>3;true;dXNlcg==;2;dXNlcg==~dXNlcg==~</user>
<user>4;true;dXNlcnA=;2;dXNlcg==~cGFzc3dvcmQ=~</user>
</users>
<forceduser>2</forceduser>
The context file has been generated via the UI of zap.
There's the right user and password set (admin & password) for the page http://192.168.56.104/dvwa/login.php and in the command I specify I that I want to use the user admin.
I get the following report:
summary screenshot
I get the same without using -U admin parameter, So I guess I missed something about authentication but I can't figure what it is.
The problem is that I have a small report, not including all the page of dvwa (SQL injection pages, XSS vulnerable pages etc.)
The following pages should also be scaned
Thanks for your help !
Hey I am creating user from jenkins-cli:
echo 'jenkins.model.Jenkins.instance.securityRealm.createAccount("newuser", "123456")' | java -jar jenkins-cli.jar -auth admin:adminpass -s http://url:8080/ groovy =
This will create user but as it has no permission so user cant do nothing. What I am trying to do is to add it in a role to. like when user create it get add in a role "devs" too by command line
This works for me on Jenkins 2.204.2 with Role-based Authorization Strategy 2.13.
role=testRole
user=testUser
java -jar /var/jenkins_home/war/WEB-INF/jenkins-cli.jar -s http://localhost:8080/ groovy = <<EOF
jenkins.model.Jenkins.instance.securityRealm.createAccount("$user", "$user")
com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy.getInstance().doAssignRole("globalRoles", "$role", "$user" )
EOF
I am able to create a new node via the Jenkins web GUI and then have the node running in a container connect back to the Jenkins master via the name and -secret value
ex.
docker run jenkinsci/jnlp-slave -url http://jenkins-server:port <secret> <slave name>
Is there a way to programmatically create a Jenkins node and get the secret and slave name so I don't have to do it via the GUI?
Creating an agent programmatically
You can use the create-node CLI command to create new agents with a given configuration.
For example, given this minimal JNLP agent configuration in a file config.xml:
<slave>
<remoteFS>/opt/jenkins</remoteFS>
<numExecutors>2</numExecutors>
<launcher class="hudson.slaves.JNLPLauncher" />
</slave>
you can run the create-node command via the CLI client, or the SSH interface:
cat config.xml | java -jar jenkins-cli.jar -s https://jenkins/ create-node my-agent
Viewing agent configuration
To see what the XML configuration looks like for an existing agent, you can append config.xml to an agent URL, e.g. https://jenkins/computer/some-agent-name/config.xml, or you can use the get-node CLI command.
Fetching the per-agent secret programmatically
To fetch the secret hex value without using the Jenkins web UI, you can run a script via the groovy CLI command:
echo 'println jenkins.model.Jenkins.instance.nodesObject.getNode("my-agent")?.computer?.jnlpMac' \
| java -jar ~/Downloads/jenkins-cli.jar -s https://jenkins/ groovy =
This will return the secret value directly. Note that in order to use the groovy command via the SSH interface, you need Jenkins 2.46 or newer. In earlier versions, it only works via the CLI client.
You can also create an agent using the REST API. This is especially useful when having an apache proxy in front (see issue JENKINS47279) and no direct access to the jenkins otherwise (e.g. in a corporate network) where CLI will not work.
I recommend to create an API token for this purpose. Then you can do something like this
Linux (Bash)
export JENKINS_URL=https://jenkins.intra
export JENKINS_USER=papanito
export JENKINS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxx
export NODE_NAME=testnode
export JSON_OBJECT="{ 'name':+'${NODE_NAME}',+'nodeDescription':+'Linux+slave',+'numExecutors':+'5',+'remoteFS':+'/home/jenkins/agent',+'labelString':+'SLAVE-DOCKER+linux',+'mode':+'EXCLUSIVE',+'':+['hudson.slaves.JNLPLauncher',+'hudson.slaves.RetentionStrategy\$Always'],+'launcher':+{'stapler-class':+'hudson.slaves.JNLPLauncher',+'\$class':+'hudson.slaves.JNLPLauncher',+'workDirSettings':+{'disabled':+true,+'workDirPath':+'',+'internalDir':+'remoting',+'failIfWorkDirIsMissing':+false},+'tunnel':+'',+'vmargs':+'-Xmx1024m'},+'retentionStrategy':+{'stapler-class':+'hudson.slaves.RetentionStrategy\$Always',+'\$class':+'hudson.slaves.RetentionStrategy\$Always'},+'nodeProperties':+{'stapler-class-bag':+'true',+'hudson-slaves-EnvironmentVariablesNodeProperty':+{'env':+[{'key':+'JAVA_HOME',+'value':+'/docker-java-home'},+{'key':+'JENKINS_HOME',+'value':+'/home/jenkins'}]},+'hudson-tools-ToolLocationNodeProperty':+{'locations':+[{'key':+'hudson.plugins.git.GitTool\$DescriptorImpl#Default',+'home':+'/usr/bin/git'},+{'key':+'hudson.model.JDK\$DescriptorImpl#JAVA-8',+'home':+'/usr/bin/java'},+{'key':+'hudson.tasks.Maven\$MavenInstallation\$DescriptorImpl#MAVEN-3.5.2',+'home':+'/usr/bin/mvn'}]}}}"
curl -L -s -o /dev/null -v -k -w "%{http_code}" -u "${JENKINS_USER}:${JENKINS_API_TOKEN}" -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "json=${JSON_OBJECT}" "${JENKINS_URL}/computer/doCreateItem?name=${NODE_NAME}&type=hudson.slaves.DumbSlave"
In order to get the agent secret via REST API checkout this, which would look something like this:
curl -L -s -u ${JENKINS_USER}:${JENKINS_API_TOKEN} -X GET ${JENKINS_URL}/computer/${NODE_NAME}/slave-agent.jnlp | sed "s/.*<application-desc main-class=\"hudson.remoting.jnlp.Main\"><argument>\([a-z0-9]*\).*/\1/"
Windows (PS)
And here my solution for Windows using Powershell:
$JENKINS_URL="https://jenkins.intra"
$JENKINS_USER="papanito"
$JENKINS_API_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxx"
$NODE_NAME="testnode-ps"
# https://stackoverflow.com/questions/27951561/use-invoke-webrequest-with-a-username-and-password-for-basic-authentication-on-t
$bytes = [System.Text.Encoding]::ASCII.GetBytes("${JENKINS_USER}:${JENKINS_API_TOKEN}")
$base64 = [System.Convert]::ToBase64String($bytes)
$basicAuthValue = "Basic $base64"
$headers = #{ Authorization = $basicAuthValue; }
$hash=#{
name="${NODE_NAME}";
nodeDescription="Linux slave";
numExecutors="5";
remoteFS="/home/jenkins/agent";
labelString="SLAVE-DOCKER linux";
mode="EXCLUSIVE";
""=#(
"hudson.slaves.JNLPLauncher";
'hudson.slaves.RetentionStrategy$Always'
);
launcher=#{
"stapler-class"="hudson.slaves.JNLPLauncher";
"\$class"="hudson.slaves.JNLPLauncher";
"workDirSettings"=#{
"disabled"="true";
"workDirPath"="";
"internalDir"="remoting";
"failIfWorkDirIsMissing"="false"
};
"tunnel"="";
"vmargs"="-Xmx1024m"
};
"retentionStrategy"=#{
"stapler-class"= 'hudson.slaves.RetentionStrategy$Always';
'$class'= 'hudson.slaves.RetentionStrategy$Always'
};
"nodeProperties"=#{
"stapler-class-bag"= "true";
"hudson-slaves-EnvironmentVariablesNodeProperty"=#{
"env"=#(
#{
"key"="JAVA_HOME";
"value"="/docker-java-home"
};
#{
"key"="JENKINS_HOME";
"value"="/home/jenkins"
}
)
};
"hudson-tools-ToolLocationNodeProperty"=#{
"locations"=#(
#{
"key"= 'hudson.plugins.git.GitTool$DescriptorImpl#Default';
"home"= "/usr/bin/git"
};
#{
"key"= 'hudson.model.JDK\$DescriptorImpl#JAVA-8';
"home"= "/usr/bin/java"
};
#{
"key"= 'hudson.tasks.Maven$MavenInstallation$DescriptorImpl#MAVEN-3.5.2';
"home"= "/usr/bin/mvn"
}
)
}
}
}
#https://stackoverflow.com/questions/17929494/powershell-convertto-json-with-embedded-hashtable
$JSON_OBJECT = $hash | convertto-json -Depth 5
$JSON_OBJECT
Invoke-WebRequest -Headers $headers -ContentType "application/x-www-form-urlencoded" -Method POST -Body "json=${JSON_OBJECT}" -Uri "${JENKINS_URL}/computer/doCreateItem?name=${NODE_NAME}&type=hudson.slaves.DumbSlave"
Just chiming in a bit late to the party here, but I would highly recommend looking at the Jenkins Client plugin instead. Once the plugin is installed, you need only to start the client JAR from the build node and give it the IP address of the master.
As far as the master goes, you don't need to bother configuring anything. Nodes that register with the master are available automatically to start executing jobs. This is much easier than any of the slave.jar-based approaches.
I am executing parameterised build in jenkins to count no. of lines in file which has 1 file parameter. Its file location is pqr. The name of the script file is linecount.sh which is saved at remote server. When i tried to execute it using command sh linecount.sh filename, it works perfectly from jenkins. But as i remove filename from the argument and execute same script as parameterised build it is showing below error on console :
Started by user Prasoon Gupta
[EnvInject] - Loading node environment variables.
Building in workspace users/Prasoon/sample_programs
Copying file to pqr
[sample_programs] $ /bin/sh -xe /tmp/hudson3529902665956638862.sh
+ sh linecount.sh
PRASOON4
linecount.sh: line 15: parameterBuild.txt: No such file or directory
Build step 'Execute shell' marked build as failure
Finished: FAILURE
I am uploading file (parameterBuild.txt) from my local machine. Why is it giving this error?
My doubt is in shell script I used argument as $1. How can I refer this when I am taking file as parameter.
The uploaded file will not retain the same name as it has on your local computer. It will be named after the File location argument specified in the file parameter settings:
In this example I will get a file called file.txt in my workspace root, regardless of what I call it on my computer.
So if I now build my job and enter the following in the parameter dialog (note that my local filename is table.html):
Then I get the following in the log (I have a build step which does ls -l):
Building on master in workspace /var/lib/jenkins/workspace/fs
Copying file to file.txt
[fs] $ /bin/sh -xe /tmp/hudson845437350739055843.sh
+ ls -l
total 4
-rw-r--r-- 1 jenkins jenkins 292 Feb 15 07:23 file.txt
Finished: SUCCESS
Note that table.html now is called file.txt, e.g. what I entered as File location.
So in you're case the command should be:
sh linecount.sh pqr
There is a a bug since ages that makes impossible to use fileParameter:
Handle file parameters
file parameter not working in pipeline job
There is a workaround for this issue https://github.com/janvrany/jenkinsci-unstashParam-library
and in a pipeline script you do:
library "jenkinsci-unstashParam-library"
node {
def file_in_workspace = unstashParam "file"
sh "cat ${file_in_workspace}"
}
If it's to do with Free-Style job & if your configuration looks similar to this - https://i.stack.imgur.com/vH7mQ.png then you can run simply do sh linecount.sh ${pqr} to get what you are looking for?
I am trying to set up a job in Jenkins using this p4 plugin. I successfully installed the plugin and set up the p4 configuration to point to my company's p4 executable.
Now the actual failure happens when I build the project. I am seeing the following:
Started by user anonymous
Building remotely on scspr0011492003.gdl.englab.netapp.com (scspr0011492003) in workspace /tmp/workspace/TestP4
Using remote perforce client: test--2000486220
[TestP4] $ /usr/software/rats/bin/p4 workspace -o test--2000486220
Last build changeset: 2464123
[TestP4] $ /usr/software/rats/bin/p4 changes -s submitted -m 1 //test--2000486220/...
[TestP4] $ /usr/software/rats/bin/p4 -s changes -s submitted //test--2000486220/...#2464124,#2515192
[TestP4] $ /usr/software/rats/bin/p4 describe -s 2515192
[TestP4] $ /usr/software/rats/bin/p4 -G where //...
[TestP4] $ /usr/software/rats/bin/p4 -s users alirezam
[TestP4] $ /usr/software/rats/bin/p4 user -o alirezam
Sync'ing workspace to changelist 2515192.
[TestP4] $ /usr/software/rats/bin/p4 -s sync //test--2000486220/...#2515192
Sync complete, took 1755 ms
[TestP4] $ /usr/software/rats/bin/p4 -xe /tmp/hudson6814857322401659205.sh
(b4p4: for help on the 'b4p4' wrapper, use 'p4 b4p4help'; p4 -V for version)
Perforce client error:
open for read: e: No such file or directory
Build step 'Execute shell' marked build as failure
Finished: FAILURE
I am not sure what -xe is in p4 and not sure why it's failing. Can someone help? Thank you.
The issue here appears to be a combination of things. Wrong p4 command syntax and a possible non-valid file name.
The ‘-x’ global option in Perforce is for feeding a list of files as arguments to a command. For example, see the reference here:
http://www.perforce.com/perforce/doc.current/manuals/cmdref/global.options.html
I see a couple of things wrong with this command:
/usr/software/rats/bin/p4 -xe /tmp/hudson6814857322401659205.sh
1] Unless the ‘e’ is a file or file list it is not passing anything in
2] On that line, there is no Perforce command used with the global option -x. For example, a command such as ‘edit’ or ‘add’.
Should this line instead be perhaps like this?:
/usr/software/rats/bin/p4 -x /tmp/hudson6814857322401659205.sh edit
You could also try something like this here:
echo /tmp/hudson6814857322401659205.sh|p4 -x - edit
to see if you get the same error of “Perforce client error:
open for read: e: No such file or directory”? That error indicates that it might be returning something that is not a valid filename.