I accidentally turned require login on before adding any users for my Jenkins server. It is on an EC2 instance, is there any way to SSH into the command line and add a user?
To fix this follow the instructions
Stop Jenkins (the easiest way to do this is to kill the servlet
container.)
Go to $JENKINS_HOME in the file system and find config.xml file.
Open this file in the editor.
Look for the <useSecurity>true</useSecurity> element in this file.
Replace true with false
Remove the elements authorizationStrategy and securityRealm
Start Jenkins
Related
How can I apply a new Jenkins configuration as code YAML file from a groovy script, similar to clicking the "Apply new configuration" button in the UI.
I didn't try yet, but this looks as a feasible approach to me:
In the Jenkins home directory (/var/lib/jenkins on my Ubuntu installation) there is a file io.jenkins.plugins.casc.CasCGlobalConfig.xml. Edit that in order to provide a path/URL to your YAML file. On my system that file has the content like below, and I assume that just replacing the value of the <configurationPath> element with your yaml path should be sufficient.
<io.jenkins.plugins.casc.CasCGlobalConfig plugin="configuration-as-code#1569.vb_72405b_80249">
<configurationPath>/PATH/TO/MY/jenkins.casc.yaml</configurationPath>
</io.jenkins.plugins.casc.CasCGlobalConfig>
This configuration seems to be automatically applied each time when Jenkins is restarted.
In order to apply the configuration immediately, there seems to be jenkins-cli api for that. See the http://YOUR_JENKINS/manage/cli page and look for the reload-jcasc-configuration command, which suggests: java -jar jenkins-cli.jar -s http://YOUR_JENKINS/ -webSocket reload-jcasc-configuration
You ask for a "groovy script". With that I can't help, but I guess that modifying a file or running the jenkins-cli should be perfectly doable in a groovy script.
When opening my Jenkins in the URL I cant seem to log in it throws out the message "User is missing the Overall/Read permission". I have tried the answer from a similar question but disabling the security does not work. Jenkins continue's to throw out the error. Somebody recommended that I remove the file all together but also failed. Any other solution anybody could supply me with?
Posts I have visited already include: Jenkins Wiki
Edit the /var/lib/jenkins/config.xml file and add you as an Admin as follows:
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
.
.
<permission>hudson.model.Hudson.Administer:***Here is your username***</permission>
.
.
</authorizationStrategy>
Don't forget to go to restart the Server.
Hope this helps!
I discovered one additional scenario where this might occur:
I had a user that was defined with an all lowercase username (e.g. "john.doe"), but when this user was assigned a role their username was entered with different casing (e.g. "John.Doe"). In this case, the user was able to login, but the role was not associated correctly and therefore the overall/read permission was not granted.
To fix this, I simply deleted the bad record for the role assignment and recreated it with proper casing.
Disabling Security
One may accidentally set up security realm / authorization in such a way that you may no longer able to reconfigure Jenkins.
When this happens, you can fix this by the following steps:
Stop Jenkins (the easiest way to do this is to stopthe servlet container.)
Go to $JENKINS_HOME in the file system and find config.xml file.
Open this file in the editor.
Look for the <useSecurity>true</useSecurity> element in this file.
Replace true with false
Remove the elements authorizationStrategy and securityRealm
Start Jenkins
When Jenkins comes back, it will be in an unsecured mode where everyone gets full access to the system.
If this is still not working, trying renaming or deleting config.xml.
above was quoted from https://jenkins.io/doc/book/system-administration/security/
So Once we come back to jenkins in unsecured mode we need to delete the users and add a new user .
[Project-based Matrix Authorization Strategy related]
Hello there,
the same error happened to me when I unchecked the global/read permission for anonymous.
If you are using the project based matrix ahtorization plugin, for an unclear reason, this read permission seems to be required by the plugin.
In Windows: When I've enabled the LDAP under Global security, I lost my admin right too. with error as "Access Denied is missing the Overall/Read permission jenkins windows".
In such case, Please retain the existing instance, have a new jenkins install on someother machine or VM. Copy the config.xml from Jenkins_Home and replace it with config.xml from your Jenkin_Home directory. While performing this, ensure Jenkins service is stopped. once replaced, Start the instance and VOILA.
Restart your jenkins server using below command,
service jenkins restart
It works for me.
I was also having the same issue. Adding fresh roles from Manage and assign Roles section and assigning them to the users worked for me.
In my case (Jenkins v 2.205) I edited JENKINS_HOME in jenkins.xml in windows, to move the workspace due to a bug from angular / webpack in a project. What I didn't realize is that you must move a whole host of files and folders, not just workspace and jobs subfolders.
Here's a list of what I ended up moving to the new location (with Jenkins stopped, of course):
[folder] fingerprints
[folder] jobs
[folder] logs
[folder] nodes
[folder] plugins
[folder] secrets
[folder] tools
[folder] updates
[folder] userContent
[folder] users
[folder] workflow-libs
[folder] workspace
[file] .lastStarted
[file] config.xml
[file] credentials.xml
[file] **plugin-configuration.xml (any file that is configuring one of your plugins)
[file] hudson.*.xml (all hudson files)
[file] identity.key.enc
[file] jenkins.* (all Jenkins files)
[file] locale.xml
[file] nodeMonitors.xml
[file] org.*.xml (all org config files)
[file] queue.xml
[file] scriptApproval.xml
[file] secret.key
[file] secret.key.not-so-secret
I'm not entirely sure if ALL of them were required, but I'm pretty sure all the hudson, jenkins and users/secrets/credentials are needed
User is missing the Overall/Read permission sometime we forget to update the security configuration after adding the user in jobs,
https://<jenkins-url>/configureSecurity/
under Authorization Strategy, Provide Overall permission to list and access the jobs that has permission to access
I would like Jenkins' data to be written to drive "E:" since this is the large drive on the server. Jenkins itself is installed on "C:".
How do I do that?
The default configuration that I saw is:
Workspace Root Directory: ${ITEM_ROOTDIR}/workspace
Build Record Root Directory: ${ITEM_ROOTDIR}/builds
Will the following changes help me achieve what I need?
Workspace Root Directory: E:/Jenkins/workspace
Build Record Root Directory: E:/Jenkins/builds/${ITEM_FULL_NAME}
In addition, what does "${ITEM_FULL_NAME}" mean?
I figured it out.
In order to save your Jenkins data on other drive you'll need to do the following:
Workspace Root Directory: E:\Jenkins\${ITEM_FULL_NAME}\workspace
Build Record Root Directory: E:\Jenkins\${ITEM_FULL_NAME}\builds
You can modify the path on the config.xml file in the default directory
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>D:/Workspace/${ITEM_FULL_NAME}</workspaceDir>
<buildsDir>D:/Logs/${ITEM_ROOTDIR}/Build</buildsDir>
EDIT: Per other comments, the "Advanced..." button appears to have been removed in more recent versions of Jenkins. If your version doesn't have it, see knorx's answer.
I had the same problem, and even after finding this old pull request I still had trouble finding where to specify the Workspace Root Directory or Build Record Root Directory at the system level, versus specifying a custom workspace for each job.
To set these:
Navigate to Jenkins -> Manage Jenkins -> Configure System
Right at the top, under Home directory, click the Advanced... button:
Now the fields for Workspace Root Directory and Build Record Root Directory appear:
The information that appears if you click the help bubbles to the left of each option is very instructive. In particular (from the Workspace Root Directory help):
This value may include the following variables:
${JENKINS_HOME} — Absolute path of the Jenkins home directory
${ITEM_ROOTDIR} — Absolute path of the directory where Jenkins stores the configuration and related metadata for a given job
${ITEM_FULL_NAME} — The full name of a given job, which may be slash-separated, e.g. foo/bar for the job bar in folder foo
The value should normally include ${ITEM_ROOTDIR} or ${ITEM_FULL_NAME}, otherwise different jobs will end up sharing the same workspace.
The variables you need are explained here in the jenkins wiki: https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties
The default variable ITEM_ROOTDIR points to a directory inside the jenkins installation. As you already found out you need:
Workspace Root Directory:
E:/myJenkinsRootFolderOnE/${ITEM_FULL_NAME}/workspace
Build Record Root Directory: E:/myJenkinsRootFolderOnE/${ITEM_FULL_NAME}/builds
You need to achieve this through config.xml nowerdays. Citing from the wiki page linked above:
This used to be a UI setting, but was removed in 2.119 as it did not
support migration of existing build records and could lead to
build-related errors until restart.
I would suggest editing the /etc/default/jenkins
vi /etc/default/jenkins
And changing the $JENKINS_HOME variable (around line 23) to
JENKINS_HOME=/home/jenkins
Then restart the Jenkins with usual
/etc/init.d/jenkins start
Cheers!
You can also edit the config.xml file in your JENKINS_HOME directory.
Use c32hedge's response as a reference and set the workspace location to whatever you want between the tags
By default, Jenkins stores all of its data in this directory on the file system.
There are a few ways to change the Jenkins home directory:
Edit the JENKINS_HOME variable in your Jenkins configuration file (e.g. /etc/sysconfig/jenkins on Red Hat Linux).
Use your web container's admin tool to set the JENKINS_HOME environment variable.
Set the environment variable JENKINS_HOME before launching your web container, or before launching Jenkins directly from the WAR file.
Set the JENKINS_HOME Java system property when launching your web container, or when launching Jenkins directly from the WAR file.
Modify web.xml in jenkins.war (or its expanded image in your web container). This is not recommended.
This value cannot be changed while Jenkins is running.
It is shown here to help you ensure that your configuration is taking effect.
If you go into Configure under Home there is a "Help" note on how to:
Home directory /var/lib/jenkins Help for feature: Home directory
By default, Jenkins stores all of its data in this directory on the file system.
There are a few ways to change the Jenkins home directory:
Edit the JENKINS_HOME variable in your Jenkins configuration file (e.g. /etc/sysconfig/jenkins on Red Hat Linux).
Use your web container's admin tool to set the JENKINS_HOME environment variable.
Set the environment variable JENKINS_HOME before launching your web container, or before launching Jenkins directly from the WAR file.
Set the JENKINS_HOME Java system property when launching your web container, or when launching Jenkins directly from the WAR file.
Modify web.xml in jenkins.war (or its expanded image in your web container). This is not recommended.
This value cannot be changed while Jenkins is running.
It is shown here to help you ensure that your configuration is taking effect.
def finder = new FileNameFinder()
def files = finder.getFileNames '\\pkg\\stage\\', '*.sln'
echo "$files"
jenkins is serching file in /var/lib/jenkins/pkg/stage
it is automatically adding /var/lib/jenkins path before
In any answer and in jenkins website tell me to set
<useSecurity>true</useSecurity>
in config.xml but in my jenkins folder don't have this file
config.xml doesn't get written until server is restarted at least once since installation.
Try restarting the Jenkins server.
This likely sounds like invalid Jenkins installation, or the file is in another place pointed by $JENKINS_HOME or $CATALINA_OPTS (e.g. ~/.jenkins or /var/usr/jenkins/.jenkins).
Another reason could be that by default Jenkins load all data from memory and you need to reload the configuration files from file system, so try restarting Jenkins.
Then double check in System Properties (at /systemInfo) that user.home points to the folder where you expect that file. Check also your System Log (/log/all) for any issues.
If above won't help, check the folder permission and if there is enough space (but you should have some error anyway). Or try reinstalling Jenkins.
According to Administering Jenkins documentation page, the config.xml Jenkins root configuration should be always in your JENKINS_HOME folder.
Once you've got config.xml, to disable security remove the lines with useSecurity and authorizationStrategy and restart Jenkins, or try executing these commands:
sudo ex +g/useSecurity/d +g/authorizationStrategy/d -scwq /var/lib/jenkins/config.xml
sudo /etc/init.d/jenkins restart
How can I change the location where jenkins store temp data in its slaves. Currently, it shuts down the connection to my slaves because it complains about the following
Disk space is too low. Only 0.119GB left on /tmp.
I want to move the tmpdir location to something like /var/tmp/ instead of /tmp. How can I do that?
Just add "-Djava.io.tmpdir=/path/to/tmp" to the java command line options (you don't need any extra service wrapper).
Depending on your installation there might be an existing startup script and/or config file this can go into. On my fedora system, I can add the option to the /etc/sysconfig/jenkins file:
## Type: string
## Default: "-Djava.awt.headless=true"
## ServiceRestart: jenkins
#
# Options to pass to java when running Jenkins.
#
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Djava.io.tmpdir=/var/tmp"
On a debian/ubuntu machine, add the following to the file /etc/default/jenkins:
# use a different tmpdir for jenkins
JAVA_ARGS="$JAVA_ARGS -Djava.io.tmpdir=/var/tmp/"
If using "SSH Slaves Plugin", you can set JVM Options in "Advanced settings" and add:
-Djava.io.tmpdir=/my/temp
You can use Java Service Wrapper.
And config your wrapper(look example)
wrapper.java.additional.2=-Djava.io.tmpdir=../tmp
Or you can create symbolic link /var/tmp folder and put on home jenkins daemon.
On a Windows agent, assuming you have set it up as a Windows service wrapping a call to Java Web start, you should see a jenkins-slave.xml file in the agent's target folder.
You can edit this file and add -Djava.io.tmpdir=D:\Whatever\folder\ in the <arguments> tag to configure the temporary folder.
E.g.
<arguments>-Xrs -Djava.io.tmpdir=D:\Temp\ -jar "%BASE%\slave.jar" -jnlpUrl http://jenkins-master-whatever/slave-agent.jnlp -secret 999999999999999999999999999999999999999999999999999999999999</arguments>
You'll need to restart the service to see your modifications at work.
Running on FreeBSD, you can configure the temp directory by adding this line to your /etc/rc.conf:
jenkins_java_opts="-Djava.io.tmpdir=/var/tmp"
When jenkins is wrapped, e.g. bootstrapped as a windows service, add the configuration to the %JENKINS_HOME%\jenkins.xml <arguments> element
or on a slave, %JENKINS_HOME%\jenkins-slave.xml
Same information as other answers but official support article from CloudBees regading JNA error on Jenkins Master (although the same applies for Jenkins Nodes):
https://support.cloudbees.com/hc/en-us/articles/215281717-Jenkins-fails-to-start-with-JNA-error
To change the temporary directory that Jenkins uses, you need to:
append -Djava.io.tmpdir=$JENKINS_HOME/tmp into JENKINS_JAVA_OPTIONS variable in either /etc/sysconfig/jenkins or /etc/default/jenkins file depending on your OS
create /var/lib/jenkins/tmp using the Unix user that runs the Jenkins process
On modern Jenkins you can use UI option in the Jenkins Configuration which is called "Override temporary dir location"
On a slave you can just add it to the slaves advanced parameter in Jenkins -Djava.io.tmpdir=/var/tmp/