Jenkins is configured to run with Jenkins Service Log On Account user: Domain1\User1
My job runs the command:
echo %USERDOMAIN%\%USERNAME%
And it prints: Domain1\User1
Now I change the Jenkins Service Log On Account user: Domain1\User2
Restart Jenkins service.
Run the job again, but it still prints: Domain1\User1
Why the %USERNAME% isn't refreshed?
The %USERNAME% environment variable shows the username of who runs the jenkins service, not that one, who is currently logged in.
I've found some bug reports regarding this issue:
https://issues.jenkins-ci.org/browse/JENKINS-27739
https://issues.jenkins-ci.org/browse/JENKINS-27739
Should be solved in Jenkins version 1.617
Related
I have a simple jenkins job that just runs aws ssm send-command and it fails with:
"An error occurred (AccessDeniedException) when calling the SendCommand operation: User: arn:aws:sts::1234567890:assumed-role/jenkins-live/i-1234567890abc is not authorized to perform: ssm:SendCommand on resource: arn:aws:ssm:us-east-1:1234567890:document/my-document-name"
However, the IAM permissions are correct. To prove it, I directly SSH onto that instance and run the exact same ssm command, and it works. I verify it's using the instance role by running aws sts get-caller-identity and it returns arn:aws:sts::1234567890:assumed-role/jenkins-live/i-1234567890abc which is the same user mentioned in the error message.
So indeed, this assumed role can run the command.
I even modified the jenkins job to run aws sts get-caller-identity first, and it outputs the same user json.
Does jenkins do some caching that I am unaware of? Why would I get that AccessDeniedException if that jenkins-live user can run the command otherwise?
First, install the AWS Credentials and AWS Steps plugins and register your AWS key and secret access key in Jenkins credential store. Then, the next steps depends if you're using a freestyle or a declarative/scripted pipeline.
If you're using a freestyle pipeline: On "Build Environment", click on "Use secret text(s) or file(s)" and follow the next steps. After that, you're gonna have your credentials as variables in your pipeline;
If you're using a declarative/scripted pipeline: Enclose your aws calls with a withAWS block, something like this:
withAWS(region: 'us-east-1', credentials: 'my-pretty-credentials') {
// let's explode something
}
Best regards.
I'm in the process of migrating Jenkins from one server to another. I've no issues with the migration process.
But sooner I start my new server the scheduled jobs start executing, which is proving to be dangerous. I need to make sure that everything is in place before activating the new server.
Is there any way to deter any of the jobs from executing while the new server is active?
execute an '/script':
Jenkins.instance.getAllItems(org.jenkinsci.plugins.workflow.job.WorkflowJob.class).each {i -> i.setDisabled(true); i.save() }
Jenkins.instance.getAllItems(hudson.model.AbstractProject.class).each {i -> i.setDisabled(true); i.save() }
Not my idea, from jenkins wiki
Setup a post-initialization script that puts Jenkins into quiet mode right after startup.
https://wiki.jenkins.io/display/JENKINS/Post-initialization+script
Try using https://wiki.jenkins.io/display/JENKINS/Exclusive+Execution+Plugin. You can keep jenkins in shutdown or Quiet mode for some time till your new instance is ready to function.
Use the Jenkins CLI
To prevent any jobs from being run, use quiet-down:
java -jar jenkins-cli.jar -s http://localhost:9090 -auth user:token quiet-down
To re-enable job scheduling:
java -jar jenkins-cli.jar -s http://localhost:9090 -auth user:token cancel-quiet-down
Scheduled jobs will be added to the queue during the quiet-down time, and will be run after canceling the quiet-down. If that's not what you want, you may use clear-queue before canceling the quiet-down.
There is a little downside: in the GUI, Jenkins will announce that it is preparing for shutdown, which wouldn't be true in this case. I find that acceptable, because we use it during backup at night when no one will read the announcement anyway. However, another option would be to take nodes offline, then online again using offline-node and online-node.
Quick Setup
Only if you haven't set up Jenkins CLI already:
You can obtain the Jenkins CLI from your Jenkins server by downloading it from <your_jenkins_url>/jnlpJars/jenkins-cli.jar
Instead of using your actual password to authenticate, obtain a token from <your_jenkins_url>/me/configure
For more details, refer to the Jenkins Handbook: Jenkins CLI
Referencie: https://xanderx.com/post/cancel-all-queued-jenkins-jobs/
Run this in Manage Jenkins > Script Console:
Jenkins.instance.queue.clear()
I have a docker container with jenkins deployed using OpenShift Origin.
Now I want to use Jenkins to build/test and deploy other OpenShift apps.
So I try to login on my OpenShift-server (from inside my jenkins) but than I get the following error. Can someone help me?
Started by user Jenkins Admin
[EnvInject] - Loading node environment variables.
Building in workspace /var/lib/jenkins/jobs/s2i-build-deploy/workspace
[EnvInject] - Executing scripts and injecting environment variables after the SCM step.
[EnvInject] - Injecting as environment variables the properties content
APP_HOSTNAME=http://test.apps.example.com
USER_NAME=admin
PASSWORD=admin
OSO_SERVER=ip.compute.internal:8443
DEVEL_PROJ_NAME=test
SERVICE=test
[EnvInject] - Variables injected successfully.
[workspace] $ /bin/sh -xe /tmp/hudson1352752763797328747.sh
+ oc login -uadmin -padmin --server=ip.compute.internal:8443
error: x509: certificate signed by unknown authority
Build step 'Execute shell' marked build as failure
Finished: FAILURE
The oc login-command is working when I'm performing directly in my server.
That error means you need to also specify the CA that was used to sign the API server's certificate. You will need to also specify --ca-file (check oc help options) with the ca.crt of the master in order to login.
As mentioned in this comment try:
oc login $OPENSHIFT_URL --insecure-skip-tls-verify=true
I have a Hudson build job which runs a script called 'testUser.sh' which contains only one command: 'whoami'. The first line of the console output says 'Started by user ctisbuild', but the output of the whoami/testUser.sh script is 'root'.
Any idea what's going on? This used to be working properly, I don't know what changed to cause this.
Thanks
I guess you are running hudson as root from the command line? Using java -jar hudson.war?
The "Started by user ctisbuild" is the user if of the user that trigger the build, the person who clicked on "Build Now". This is not the userid that Hudson will use. This user id is specified in the /etc/default/hudson as HUDSON_USER
For more details read the hudson wiki
I am trying to do End-to-End automation for an iOS project. My aim is to automate the continuous integration process with attaching UIAutomation scripts as post build action.
So from the time when a user do check his code in SVN and till we get test result of automation, everything will be automated.
Jenkins is installed on my local machine and running on localhost.
Now I have automated build process through jenkins and at other end I have my shell script ready which will run UIAutomation java scripts on build output.
When I use my shell script as post build action then I get error in running instrument command(written inside shell script) but if I run this script manually through terminal then it works fine.
instruments[64703:60f] -[NSAlert alertWithError:] called with nil NSError. A generic error message will be displayed, but the user deserves better.
_RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL. Mon Feb 6 13:15:20 inpunml310743 instruments[64703] <Error>: kCGErrorFailure: Set a breakpoint # CGErrorBreakpoint() to catch errors as they are logged. 2012-02-06 13:15:20.179 instruments[64703:60f] Recording cancelled : At least one target failed to launch; aborting run Instruments Trace Error : Failed to start trace. Build step 'Execute shell' marked build as failure Finished: FAILURE
then i tried this command with sudo then I got following error
sudo: no tty present and no askpass program specified
Please let me know how can I run these commands successful, only this step is left in my task.
Jenkins by default installs as a LaunchDaemon, which means it has insufficient permissions to launch WindowsServer.
You’ll need to configure it as a LaunchAgent:
sudo launchctl unload /Library/LaunchDaemons/org.jenkins-ci.plist
sudo mv /Library/LaunchDaemons/org.jenkins-ci.plist /Library/LaunchAgents/org.jenkins-ci.plist
Then login as Jenkins and keep a session open.
If you don't know the Jenkins password you can change it with:
sudo passwd jenkins
Jenkins is running as a daemon and is therefore not allowed to connect to the window server. More info here http://developer.apple.com/library/mac/#technotes/tn2083/_index.html.
Sorry - not got time to put a complete answer now, will update later....
This is possible if you run jenkins as a user app rather than as a deamon -- this might come in handy (https://github.com/stisti/jenkins-app) I haven't tried it but looks like it should work -- I went down another route setting up an always logged in user, that ran jenkins from a login script, it did mean I had to re-install jenkins but managed to get it up and running... word of warning from someone thats been through it, are you using instruments for automated testing? If so, you'll need to do some transformation on the output so it displays in Jenkins.
We have a Jenkins Linux instance that builds to a Mac slave over SSH. One interesting requirement that we noticed with this error is that the build user on the slave must be logged into the console in order for everything to work correctly.
In addition, we had to make the build user an Admin, developer permissions were insufficient.
See more info here:
UIAutomation : Failed to authorize rights with status: -60007