How to share Jenkins BUILD Monitor - jenkins

We're running a Jenkins build server that is responsible for composing dozens of jobs for our team. The Build Monitor Plugin is being use to create a dashboard of various builds, and we then project this on a TV in the office; the TV is connected to a dedicated computer (chromebox) that is logged into the Jenkins server and shows the plugin dashboard.
How could I see the dashboard without sitting next to the TV? Ideally, anyone on the team from anywhere should see the Build Monitor dashboard without logging into the jenkins server (we'd have to share a login).
Any ideas on how to achieve this? The best I can think of is to turn the chromebox into a remote access point it remotely, but this feels sloppy.

You can use Role Strategy Plugin to a get finer grain authorization control.
Then you can limit Anonymous read access to just the Dashboard view you want to make public. And require authentication for everything else.
In summary, you require:
A Project Role for anonymous users
That Project Role will only have read views permission for the pattern of the dashboard (.*view/your-build-monitor-name/)
Assing this role to Anonymous special user

Related

How to get the System properties from where Jenkins is accessed?

I have a server where Jenkins is configured and running as a service. My team is of 8 people who access the Jenkins via browser for performing deployments on demand.
How do get the System properties like the Username or the host name of the System where the Jenkins is accessed.
How do i configure the job so that i get to know who performed the deployment?
NOTE: I do not want to create users for all of them and provide credentials. There will be a unique credentials and everyone uses the same.
Regards
Kaushik
I think there is no way around to create different Users or use #Ian w suggestion.
If you stick to your idea to use only One credential for all user you should consider setting a Parameter Choice for everyone of your 8 People. So everyone pick his/her Name when he/she Starts a Job.
Take a looks at https://st-g.de/2016/12/parametrized-jenkins-pipelines

What is the benefit of implementing Active Directory based Security to servers like Jenkins

What is the benefit of implementing Active Directory based Security to servers like Jenkins?
The only benefit I can think is the admin of the sever does not need to add/remove users because user can login themselves using AD credential.
But In my case I do not want to have the whole company access my server. the server is only used by my team. How can I disable the whole company from login in. (case1)
Besides, I want to grant different permissions to different members in my team. The new members get less permission, the experienced team members get more permissions. I believe this is very common. But using Active Directory based Security looks like they get the same permission because they are in the same groups (case2)
So why should I use Active Directory based Security? Can I resolve the above two cases in a server configured with Active Directory based Security?
Some corporate environments make this a security requirement. In said environments they usually have an internal request system where users can request they have their credentials added to an appropriate group for access to Jenkins. This is better than Jenkins own database and having them email you, the Jenkins administrator.
Once AD Authentication is configured in Jenkins and appropriate groups created in AD you can do a one-time setup of those groups with the Role-Based Strategy plugin in Jenkins and define what those groups have authorization to do.
Plan your groups well and it is a function that you will no longer have to worry about.
Warning: Be very careful when switching over from Jenkins own database user authentication to AD authentication. If you don't get the BindDN details just right you can get locked out.

Security options in Jenkins

I am learning Jenkins and i am using version 1.605. I am learning about setting security options in jenkins. I found below options in jenkins configure global security page under the security realms:-
Delegate to servlet container
Jenkins'own user database
LDAP
I want to understand in which scenario, which option should be used?Please help me understand.
The "servlet container" refers to the web server that you are using to host Jenkins, typically Tomcat. The configuration file $CATALINA_BASE/conf/tomcat-users.xml may already be set up and managed by your organization. In this case: "why reinvent the wheel?". Use this if your organization already has a process that manages the Tomcat users configuration. This is also probably the most archaic solution.
The "own user database" is just what it sound like. Instead of relying on something else, Jenkins keeps it's own database of users. You can create and delete users through the Jenkins UI. You can even let new users sign up right from UI. If you don't know what to use, use this one. It's simple and self-contained.
The "LDAP" provides integration with LDAP/ Windows Active Directory. If you are in a corporate/small business environment that already utilizes LDAP for maintaining users and groups, it will be very beneficial to hook into that and off-load user management to the IT team that manages LDAP/AD. Note that unless you are that IT admin, you will need to contact the said admins for connection information/credentials to the LDAP/AD
Slav did a very clear answer.
If you choose the option 2 or 3, you can use the Role Stragegy plugin to create application roles and assign roles to Jenkins users, LDAP users or LDAP static/virtual groups.
If you have a lot of users, this plugin can save your life to assign permissions :)

Jenkins (cloudbees): remotely trigger build (e.g.via instant message) w/o creating user account in Cloudbees

We're using Jenkins (and precisely Cloudbees) for couple years. Well, it works.
Not I have new use case when I would like to allow trigger build remotely (w/o user account in Cloudbees).
Looks like it's impossible (standard token trigger mechanism requires an account in Cloudbees).
The only one way that I see it to set-up instant message integration (e.g. Jabber) and trigger builds in chat. It's nice solution that I would like to have, but ... it doesn't work for me. No errors and no messages (I tried different jabber servers).
Because I have only one such weird user I don't want to install special software (like Jabber/IRC server) and wanna use existing (like Gtalk or similar).
Any thoughts will be welcome.
standard token trigger mechanism requires an account in Cloudbees
You can use the Build Token Root plugin to bypass authentication long enough to check the token.
In the long term it would be desirable for Jenkins to let users create non-user principals that would have their own API tokens and SSH keys (but no UI login) and a restricted subset of permissions, so you could freely create a one-off principal for a specific purpose such as triggering builds. The infrastructure for such a feature does not exist today, however.

Implementing security for users in jenkins

I am after a better solution for security in Jenkins. After my play around this space, my current solution is to implement the 'Project-based Matrix Authorization Strategy'. I was previously considering running Jenkins behind Apache and control security through Apache. But during my trial with matrix based security, I was able to assign full access to logged in users and block anonymous users from seeing anything on the dashboard except login-page.
Before I proceed with my beta servers, I would like to seek experts advice to understand what I am doing is correct ?or there is a better way to do this. At the moment I have around 30 users created in my system.
If matrix based solution is the best and easiest, I would like to know,
1) Is it possible to group users and assign access based on groups ? So that I don't have to give users on individual basis
2) I also saw a post about 'Role strategy plug-in', but I couldn't see that in my Jenkins. Not sure if this plug-in out of date and/or nomore supported
Thanks in advance.
I'm using the Role Strategy plugin with a LDPA directory and it works well.
You just have to install this plugin on your Jenkins server and to switch from "Matrix-based security" to "Role-Based Strategy".
Next, you will be able to define roles:
And assign them to users (or LDAP groups, if you have a LDAP directory):

Resources