How to handle TFS password on multiple Jenkins jobs? - jenkins

I have set up a few Jenkins jobs which are using TFS. For each one I had to manually input TFS username and password inside the TFS plugin.
Is there a way to change password in all jobs using some king of global setting? Or do I have to manually change password on all jobs when I change my password.
Any help would be appreciated.
Thanks,
Daniel

Get latest TFS (5.0.0) and Credentials (2.1.4) plugins.
Add domain and credentials usable to connect to your TFS server via Jenkins > Configure Credentials.
Now select just added domain, click "Configure", and add your TFS server hostname (or proper wildcard) under Hostname > Include, so jenkins will know where provided credentials can be used.
Now, you can just leave user/password fields empty in job's TFS SCM configuration.
Instructions are mostly taken from TFS plugin GitHub page
Even though TFS Plugin bug Allow use of credentials from Credentials Plugin isn't resolved, all is working fine.

The TFS Plugin for Jenkins does not read the global credentials. You need to enter the username and password for each job manually.

In the Jenkins admin you can add "global" credentials. For this, as a Jenkins admin, go in :
Manage Jenkins > Manage Credentials > Add Credentials > Username with password and save it.
These credentials will be available in all the jobs configuration of this Jenkins instance.
If you don't the the Manage Credentials item, you'll maybe need to install the Jenkins Credentials Plugin

Related

Jira trigger plugin for Jenkins doesn't work

I'm trying to use JIRA Trigger Jenkins plugin. I've read maybe all similar issues but can't understand why it doesn't work.
I want to build when an issue status changed. I troubleshooted but it didn't help me. My web hook works I checked it as it shows in documentation, the plugin for Jenkins is installed, firewall checked (I have whitelisted 3 Jira cloud IPs for Jenkins instance on AWS), ssl checks on Jenkins passes. Also I configured logs on Jenkins from Jira, but can't get anything.
In trigger configuration I inserted my Jira user's email (my-email#gmail.com) as user and password. The user has administrator privileges. What else can be wrong? Please any idea.

How to configure Jenkins to access Gitlab private repository without Gitlab plugin?

I have installed latest Jenkins on ubuntu server and Jenkinsfile in my project repo on Gitlab.
I am able to connect to private repo on Gitlab using username/password credential on Jenkins configuration for the project pipeline without using Jenkins Gitlab plugin. This does not seem safe to me. How can I use Gitlab API token instead of username/password for Jenkins to access remote private Gitlab repo without using Jenkins Gitlab plugin. Another option is to set ssh private key on Jenkins server to athenticate against Gitlab repo. Is this option possible?
Jenkins Gitlab plugin is not officially supported and not well maintained because Gitlab wants customers to user their own CI/CD solution in order to tie customers to their platform for marketing reasons.
A relatively safe way to handle this situation is to store your credentials is the credentials system in Jenkins (that way you do not have to include the credentials in the JenkinsFile), and using a deploy token (available for Gitlab 10.7 and later) for the relevant repository. That token allows you to provide read-only rights to the repository.
Step 1 - setup the deploy token in GitLab
From the GitLab documentation
You can create as many deploy tokens as you like from the settings of your project:
Log in to your GitLab account.
Go to the project you want to create Deploy Tokens for.
Go to Settings > Repository.
Click on “Expand” on Deploy Tokens section.
Choose a name and optionally an expiry date for the token.
Choose the desired scopes.
Click on Create deploy token.
Save the deploy token somewhere safe. Once you leave or refresh the page, you won’t be able to access it again.
Step 2 - Saving the deploy token in Jenkins' credentials system
Since the deploy tokens have a username and password, pick that as the type in the steps below. Write down the id you will use in this step (see below) as you will need it in your pipeline declaration.
From the Jenkins documentation
To add new global credentials to your Jenkins instance:
If required, ensure you are logged in to Jenkins (as a user with the Credentials > Create permission).
From the Jenkins home page (i.e. the Dashboard of the Jenkins classic UI), click Credentials > System on the left.
Under System, click the Global credentials (unrestricted) link to access this default domain.
Click Add Credentials on the left. Note: If there are no credentials in this default domain, you could also click the add some credentials link (which is the same as clicking the Add Credentials link).
From the Kind field, choose the type of credentials to add.
From the Scope field, choose either:
Global - if the credential/s to be added is/are for a Pipeline project/item. Choosing this option applies the scope of the credential/s to the Pipeline project/item "object" and all its descendent objects.
System - if the credential/s to be added is/are for the Jenkins instance itself to interact with system administration functions, such as email authentication, agent connection, etc. Choosing this option applies the scope of the credential/s to a single object only.
Add the credentials themselves into the appropriate fields for your chosen credential type:
(...)
Username and password - specify the credential’s Username and Password in their respective fields.
(...)
In the ID field, specify a meaningful credential ID value - for example, jenkins-user-for-xyz-artifact-repository. You can use upper- or lower-case letters for the credential ID, as well as any valid separator character. However, for the benefit of all users on your Jenkins instance, it is best to use a single and consistent convention for specifying credential IDs. Note: This field is optional. If you do not specify its value, Jenkins assigns a globally unique ID (GUID) value for the credential ID. Bear in mind that once a credential ID is set, it can no longer be changed.
Specify an optional Description for the credential/s.
Click OK to save the credentials.
Step 3 - Use the credentials in your pipeline declaration
You can use the credentials in your jenkinsFile like so:
pipeline {
stages {
stage('Clone stage') {
steps {
git url: 'https://gitlab.com/[username]/[my-repo].git', branch: 'master', credentialsId: 'my-gitlab-repo-creds'
}
}
}
}
In the above example I assume you picked the id my-gitlab-repo-creds in step 2.

Jenkins: Use credentials from Credentials Plugin in the M2 Release Plugin

I want to use the M2 Relase Plugin to release artifacts on a Jenkins server. The access to and checkout of the sources from Subversion is done with help of the Credentials Plugin. For tagging and committing the changes during the maven release:prepare phase I need (in my case) the same credentials.
Is there a way to convince the M2 Release Plugin to take credentials from the Credentials Plugin?
Note: I don’t want to insert the credentials manually in the SCM login/password fields and I don’t want to store the credentials in an extra settings.xml file on the server as often suggested.
I have implemented the following solution, where I do not have to insert the credentials manually again, but where the credentials are stored in a temporary settings.xml file on the file system during the build.
With help of the Config File Provider Plugin I have created an empty settings.xml and used the stored credentials as server settings. The server id I have filled with the hostname from the scm url (see answer to Externalising SCM credentials with Maven). In the Build Environment section of the Jenkins job configuration I have enabled Provide Configuration Files, selected the self created settings.xml, assigned a Variable and used this variable in Release goals and options with -s $variable (like in Running the Maven Release Plugin with Jenkins).

Working with jenkins credentials

I want to know how to Create the credentials that can be used by Jenkins and by jobs running in Jenkins to connect to 3rd party services.
You should specify which 3rd party service you will work on.
Below is an example of credentials with bitbucket
I am now working with Jenkins ver. 1.568.
By default, there's Credentials feature. So, if you want to add a credential, just click on Add Credentials. For example, I'd like to add SSH Username with password, so I can use it in checking out code from bitbucket
Credentials plugin - provides a centralized way to define credentials that can be used by your Jenkins instance, plugins and build jobs.
Credentials Binding plugin - allows you to configure your build jobs to inject credentials as environment variables.
The third party plugins need to be installed in your Jenkins instance. For example, Assembla Auth Plugin allows you to authenticate to an Assembla repository.
Which 3rd party services are you working with?
Instead of using SSH Username with private key you can simply use username with password option

gerrit: use LDAP auth and have a gerrit-local account for Jenkins

We a new gerrit 2.2.1 server using LDAP authentication in our corporate environment. We also have a Jenkins server running as a local UNIX jenkins user that I want to get check in with gerrit and post build results into gerrit.
We don't have a "jenkins" LDAP account, and even if we did, the systems group doesn't give out passwords for system accounts, so I can't go into the web UI, create the account and add jenkins' publich ssh key. How I can add a "jenkins" account to gerrit that Jenkins can use? We already have a number of people registered in Gerrit, so I need to be careful with any operations.
A little more Google searching found Paulo Pires's blog post, which led to using Gerrit's create-account command.

Resources