I am getting mad with this problem and I have no idea how to solve it.
We are trying to trigger Jenkins builds from hooks on a Windows Central repository. This is actually working on an old Jenkins server (LTS 1.580.1).
The way we did it before was calling Jenkins CLI with the SSH private key stored on a file.
Here is the weird thing:
C:\Users\Username\jenkins>java -jar jenkins-cli.jar -s http://hostname:8080 -i ci.key list-jobs
hudson.security.AccessDeniedException2: jenkins_ci is missing the Overall/Read permission
at hudson.security.ACL.checkPermission(ACL.java:58)
at hudson.model.Node.checkPermission(Node.java:417)
at hudson.cli.CLICommand.main(CLICommand.java:236)
at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
at sun.reflect.GeneratedMethodAccessor345.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:320)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:295)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:254)
at hudson.remoting.UserRequest.perform(UserRequest.java:121)
at hudson.remoting.UserRequest.perform(UserRequest.java:49)
at hudson.remoting.Request$2.run(Request.java:324)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
at hudson.remoting.CallableDecoratorAdapter.call(CallableDecoratorAdapter.java:18)
at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21)
at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
The jenkins_ci user is an Active Directory Service Account which mostly worked with everything. In the Jenkins security matrix I have the same permissions that this service account.
When I use my ssh key and run exactly the same command, it worked like a charm.
If I run who-I-am it said "jenkins_ci" BUT if I change Anonymous permissions then jenkins_ci started to work.
It seems that it is not reading the defined user permissions and it is using the Anonymous ones instead.
Any ideas how to make it work? Is this one a bug that I should report to Jenkins or am I missing anything?
Thanks!
Ok, after hours and hours working on it, I had a "happy idea" and it worked.
Our Jenkins is authenticating against Active Directory using LDAP.
Somehow, the user created by Jenkins (and it's user folder) was:
"jenkins_ci" (lowercase) and our Active Directory account is "JENKINS_CI" (upper case).
It seems that Jenkins security is case-sensitive somehow.
I stopped Jenkins, removed the user folder on host and just started Jenkins.
The new folder is now called JENKINS_CI and now CLI is working.
java -jar jenkins-cli.jar -s http://server get-job myjob > myjob.xml
I am able to run above command using below link
https://wiki.jenkins-ci.org/display/JENKINS/Disable+security
Related
I'm facing an issue in scheduling a job in JENKINS.
Below the build statement and error which i got in JENKINS, Can anyone please help me to resolve it?
Started by user shreeshankari
Running as SYSTEM
BuildingInstalling C:\Users\Srisankari\.jenkins\tools\hudson.model.JDK\jdk-11.0.14\jdk.exe
[jdk-11.0.14] $ C:\Users\Srisankari\.jenkins\tools\hudson.model.JDK\jdk-11.0.14\jdk.exe /s ADDLOCAL="ToolsFeature" REBOOT=ReallySuppress INSTALLDIR=C:\Users\Srisankari\.jenkins\tools\hudson.model.JDK\jdk-11.0.14 /L C:\Users\Srisankari\.jenkins\tools\hudson.model.JDK\install10470724292190900076log
Unknown error (0x2e4)
FATAL: Cannot run program "C:\Users\Srisankari\.jenkins\tools\hudson.model.JDK\jdk-11.0.14\jdk.exe" (in directory "C:\Users\Srisankari\.jenkins\tools\hudson.model.JDK\jdk-11.0.14"): CreateProcess error=740, The requested operation requires elevation
java.io.IOException: CreateProcess error=740, The requested operation requires elevation
at java.base/java.lang.ProcessImpl.create(Native Method)
at java.base/java.lang.ProcessImpl.<init>(ProcessImpl.java:487)
at java.base/java.lang.ProcessImpl.start(ProcessImpl.java:154)
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1107)
Caused: java.io.IOException: Cannot run program "C:\Users\Srisankari\.jenkins\tools\hudson.model.JDK\jdk-11.0.14\jdk.exe" (in directory "C:\Users\Srisankari\.jenkins\tools\hudson.model.JDK\jdk-11.0.14"): CreateProcess error=740, The requested operation requires elevation
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1128)
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1071)
at hudson.Proc$LocalProc.<init>(Proc.java:254)
at hudson.Proc$LocalProc.<init>(Proc.java:223)
at hudson.Launcher$LocalLauncher.launch(Launcher.java:997)
at hudson.Launcher$ProcStarter.start(Launcher.java:509)
at hudson.Launcher$ProcStarter.join(Launcher.java:520)
at hudson.tools.JDKInstaller.install(JDKInstaller.java:283)
at hudson.tools.JDKInstaller.performInstallation(JDKInstaller.java:157)
at hudson.tools.InstallerTranslator.getToolHome(InstallerTranslator.java:70)
at hudson.tools.ToolLocationNodeProperty.getToolHome(ToolLocationNodeProperty.java:108)
at hudson.tools.ToolInstallation.translateFor(ToolInstallation.java:221)
at hudson.model.JDK.forNode(JDK.java:149)
at hudson.model.AbstractProject.getEnvironment(AbstractProject.java:341)
at hudson.model.Run.getEnvironment(Run.java:2430)
at hudson.model.AbstractBuild.getEnvironment(AbstractBuild.java:952)
at hudson.model.AbstractBuild$AbstractBuildExecution.decideWorkspace(AbstractBuild.java:453)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:507)
at hudson.model.Run.execute(Run.java:1896)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:44)
at hudson.model.ResourceController.execute(ResourceController.java:101)
at hudson.model.Executor.run(Executor.java:442)
Finished: FAILURE
According to your error message, you are trying to run jdk.exe /s ADDLOCAL="ToolsFeature" RE... but it requires elevated privileges to run. The simplest way around this issue is to run your Jenkins as a service with elevated privileges. The way to do this is outlined in this question.
On a different note, I'm not completely sure what is happening here but assuming that you are trying to install JDK. So it might make sense instead to install the JDK separately, and point Jenkins to it. This article has a good tutorial on it. Pay attention to point 3, which has the information you are looking for.
I've enabled 'Enable CLI over remoting'.
I've set TCP port for JNLP either fixed or random.
I've downloaded the jenkins-cli.jar successfully.
when preforming plugin-install command i receive:
When executing: java -jar jenkins-cli.jar -auth user:pass -s http://localhost:8080 install-plugin file:///folder/plugin.hpi
ERROR: Unexpected exception occurred while performing install-plugin command.
java.io.FileNotFoundException: /folder/plugin.hpi (No such file or directory)
Without the file://
/folder/plugin.hpi is neither a valid file, URL, nor a plugin artifact name in the update center
I've tried every possible combination, the file does exist.
Edit: from the exception it keeps thinking that it's url instead of file:
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
at java.net.URL.openStream(URL.java:1045)
at hudson.FilePath.copyFrom(FilePath.java:890)
"
Edit 2: It does work when given HTTP URL, but it will require me to upload it to a server which I don't have every time.
Edit 3: I tried moving the file to the same folder of Jenkins /var/lib/jenkins and give it permissions of 777.
It was a combination of #Alex O solution, and that I used -auth myuser:mypass instead of --username admin --password password and toggled --remoting.
It looks like this:
java -jar jenkins-cli.jar -s http://host-ip:8080/ -remoting install-plugin ./plugin.hpi --username my-user --password my-pass -restart
The URL that you provide as argument to install-plugin must be accessible by the Jenkins master process. If you get the error message
/folder/plugin.hpi (No such file or directory)
then there's most likely a problem with access rights, or /folder is not mounted on the master's host (or in the master's container, if you use docker).
This is why a HTTP URL does work.
So, for file:// URLs, you need to align filesystem mounts and permissions between CLI user/machine and Jenkins master user/machine.
How Jenkins can be integrated with CVS. If somebody can provide step by step instructions then it would be of great help.
I tried installing Jenkins but everytinme, i am getting below error.
Started by user anonymous
Building in workspace C:\Program Files\Jenkins\jobs\Umesh CVS Testing\workspace
Using locally configured password for connection to :ext:ssh#dwagda01:/usr/local/cvsroot
cvs checkout -P -D 12 Nov 2014 10:33:54 -0600 -d workspace dwagda01
ERROR: CVS Authentication failed: null
org.netbeans.lib.cvsclient.connection.AuthenticationException: SSH connection failed.
at org.netbeans.lib.cvsclient.connection.SSHConnection.open(SSHConnection.java:141)
at org.netbeans.lib.cvsclient.Client$1.run(Client.java:374)
at java.lang.Thread.run(Unknown Source)
Caused by: com.jcraft.jsch.JSchException: java.io.FileNotFoundException: C:\Documents and Settings\LocalService.ssh\id_rsa (The system cannot find the path specified)
at com.jcraft.jsch.KeyPair.load(KeyPair.java:524)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:389)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:370)
at org.netbeans.lib.cvsclient.connection.SSHConnection.open(SSHConnection.java:135)
... 2 more
Caused by: java.io.FileNotFoundException: C:\Documents and Settings\LocalService.ssh\id_rsa (The system cannot find the path specified)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.(Unknown Source)
at java.io.FileInputStream.(Unknown Source)
at com.jcraft.jsch.Util.fromFile(Util.java:492)
at com.jcraft.jsch.KeyPair.load(KeyPair.java:521)
... 6 more
ERROR: Cvs task failed
Finished: FAILURE
I got stuck with the same error.
As my setup did not require a private key, I didn't want to configure it in Jenkins.
However, you MUST have a private key, even if you don't use it. I created one from scratch and then things worked fine. I did not put the public key on the CVS server or anything like that - it seems that Jenkins just needs a key file and then it works...
To create a private key, I used putty - the PUTTYGEN.EXE file. Download the putty zip file (google it) and extracted out PUTTYGEN.EXE, then run it, create a new key pair, same the private key with no passphrase, load the private key, export it using the menu option Conversions -> Export OpenSSH key to "id_rsa". Then, I put that file in a folder I called "ssh" under my Jenkins folder, changed the Jenkins config to point to it and I was away...
I got a similar error using extssh and have it resolved now, thought of posting it in case anyone lands here.
Jenkins > Manage Jenkins > Configure System > CVS section
Set 'CVS Root' to
:ext:#host.name:path/to/repo
It should not contain the username or password as they will be set in their own fields in Jenkins; it is enough to provide 'ext' here even if the connection type is 'extssh' in Eclipse
Jenkins > Manage Jenkins > Configure System > CVS section
Make a note of the 'Private Key Location'
In my case it was like /opt/app/username/.ssh/id_rsa
To generate key, go to the location in Unix and generate the key
bash-4.1$ cd /opt/app/username/.ssh
bash-4.1$ ssh-keygen
Generating public/private rsa key pair. Enter file in which to save the key (/opt/fedex/efs/.ssh/id_rsa): id_rsa
Under job configuration, provide the same CVSROOT
:ext:#host.name:path/to/repo
Build should now be able to pick source from CVS.
I need to remotely trigger a Jenkins build hosted on CloudBees. Right now, I'm attempting to use jenkins-cli to no avail. Right now I am authenticating using a SSH key pair.
When I do:
$ java -jar jenkins-cli.jar -s https://... list-jobs All
I can see all the jobs, including the one I want to build. But when I do:
$ java -jar jenkins-cli.jar -s https://... build job1
No such job 'job1'
I've read about a workaround that involves adding permissions to the anonymous role. Even if I add every single permission to it, I get the same error.
If it helps, I'm using Jenkins 1.532.1.3. Thanks.
Today I ran into same problem and found the solution. The response 'no such job' comes when there is actually no such job or you don't have enough access to do requested operation.
Even when you have the access for requested operation and you are sending credentials with --username and --password arguments it still not works. Only solution I found was to use ssh authentication. So register your computer's ssh key to your jenkins and everything works fine. To register ssh key go to http://[yourjenkinsserver]/user/[username]/configure
I ran into the same error but managed to make it work by providing read permission in 'job' for anonymous user.
I encountered the same issue today on v1.621-1.1 while trying through a non-admin user which I named as 'vikas027'. In order to fix this I ticked all checkboxes under 'Job' column for user 'vikas027' and ticked 'Discover' and 'Read' (also under 'Job') for 'Anonymous' user. These settings are in http://<IP>:<port>/configureSecurity. Hope this helps someone.
I'm running jenkins and getting this error
hudson.security.AccessDeniedException2: anonymous is missing the Read
permission
I tried many times, deleted cookies and all.
Disabling security is not the solution. It's probably there for a reason. Try "login" instead
java -jar jenkins-cli.jar -s http://yourserver/jenkins/ login --username usr --password qwerty
cheers
Similar issue I faced but with GitHub OAuth plugin,my problem and solution explained here
Errors
hudson.security.AccessDeniedException2: anonymous is missing the Overall/Administer permission at hudson.security.ACL.checkPermission(ACL.java:57)
org.kohsuke.github.HttpException: Server returned HTTP response code: -1, message: 'null' for URL: https://ghe.acme.com/api/v3/user
https://wiki.jenkins-ci.org/display/JENKINS/Disable+security
I am able to run
java -jar jenkins-cli.jar -s http://server get-job myjob > myjob.xml
works for me using abouv url
In addition to the above link, use these simple and clear steps
I think some of the answers in here were partial. This is how I resolved it:
Step Jenkins
/etc/init.d/jenkins stop
sudo vi /var/lib/jenkins/config.xml (Please copy the complete text somewhere first, so that later you don't run in other problems)
2.A. change useSecurity element's value to false
false
2.B. Remove authorizationStrategy block
Start Jenkins again:
/etc/init.d/jenkins start
Access Jenkins through URL and reconfigure security again.