I have a job in jenkins with a configuration, then, with the jenkins API in /cli i can get-job (API method) with an xml structure of my job and then i can create-job (API method) in jenkins with the followed xml.
?xml version='1.0' encoding='UTF-8'?>
<project>
<actions/>
<description></description>
<keepDependencies>false</keepDependencies>
<properties/>
<scm class="hudson.plugins.git.GitSCM" plugin="git#2.2.7">
<configVersion>2</configVersion>
<userRemoteConfigs>
<hudson.plugins.git.UserRemoteConfig>
<url>https://username:password#bitbucket.org/repoowner/project.git</url>
<credentialsId>550e8400-e29b-41d4-a716-446655440000</credentialsId>
</hudson.plugins.git.UserRemoteConfig>
</userRemoteConfigs>
....
Even if i give this url tag "https://username:password#bitbucket.org/repoowner/project.git" jenkins needs authentication to work, so in credentialsId tag jenkins give an UUID.
I want to be able to create a job dynamically by an external application with a given URL in this format "https://username:password#bitbucket.org/repoowner/project.git".
How can it be done?
Thanks.
You can get the credentialsId via the API and the credentials-store plugin.
e.g. for credentials in global Domain
${ your-jenkins-domain }/credential-store/domain/_/api/xml
<domainWrapper>
<credentials>
<_XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/>
</credentials>
<description></description>
<displayName></displayName>
<fullDisplayName></fullDisplayName>
<fullName>credential-store/_</fullName>
<global>true</global>
<urlName>_</urlName>
</domainWrapper>
But on some point it is a bit tricky:
when accessing the xml api for global domain the id already has a '_' as prefix. When using other domains the prefix is missing (but in a job a prefix is added... couldn't figure out where the prefix can be found)
e.g. I stored github access data in a separated domain, the credentialsId tag was:
<XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/>
but used in a job id was:
0XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Actually i solve the problem just creating an generic user in bitbucket, then the UUID its always the same and i can just copy and paste that UUID to the others project.xml files.
Related
Jenkins - 2.263.1(LTS) deployed through tomcat on CentOS-8.2and have Nginx reverse proxy running in-front of Jenkins.
Under Manage Jenkins > Configure Systems - Apply and Save not working, Due to this error, i cannot Apply (or) Save any of my configurations, It always shows below error on browser (Firefox & Chrome).
HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize
it. Apache Tomcat/9.0.30
Also Jenkins > Manage Jenkins > Configure Global Security - Apply works. But Save not working this too results same above given error.
Systems log error message.
Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter
doFilter No valid crumb was included in request for
/jenkins/configSubmit by ankit.sahu. Returning 403.
Workaround tried:-
1) Under Configure Global security > CSRF Protection > Enable proxy compatibility( Tick marked Enabled). - Didn't work so disabled with below command.
2) hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true - Even this didn't solve the problem.
3) Installed the Strict Crumb Issuer plugin.
Enabled this plugin and unchecked Check the session ID from its configuration (Under Jenkins Configure Global Security).
4) Restated the Jenkins.
Even tried by adding below in /apache-tomcat-9.0.30/conf/tomcat-users.xml file.
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="user" password="password" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
</tomcat-users>
However still experiencing same problem. I don't know how to fix it, Can someone help me?
You can (temporarily) disable CSRF with below groovy script. Go to Manage Jenkins >> Script Console, then execute the below groovy script.
import jenkins.model.Jenkins
def instance = Jenkins.instance
instance.setCrumbIssuer(null)
The nonces embedded into web output from Jenkins with CSRF protection are based (at least in part as I've read) on values from the requesting client. In addition to making sure your reverse proxy is correctly configured to pass X-Forwarded-For and X-Forwarded-Proto, make sure that Tomcat valve is in place to expose those header values in the servlet request API so Jenkins has access to them.
Add the following to $CATALINA_BASE/conf/server.xml, subordinate to the <Host> element:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" />
ref: https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-troubleshooting/
ref: https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/
ref: https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Valve
If you're using jenkinsapi, I resolved this error by specifying useCrumb=True in the constructor:
j = Jenkins(base_url, username=username, password=password, useCrumb=True)
I want to refer/specify (syntax) branch which is set as an environment variable for Jenkins shared library which will be provide during docker container.
For Example:
#Library(['my-shared-library', BRANCH_NAME])
Tried using ${BRANCH_NAME} ${env.BRANCH_NAME}
I will provide BRANCH_NAME as environment variable in docker-compose.yml
Also i want to get the env variable effected in org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml
like if i set PIPELINE_VERSION as env variable
<?xml version='1.1' encoding='UTF-8'?>
<org.jenkinsci.plugins.workflow.libs.GlobalLibraries plugin="workflow-cps-global-lib#2.15">
<libraries>
<org.jenkinsci.plugins.workflow.libs.LibraryConfiguration>
<name>XXXXXXXXXXXX</name>
<retriever class="org.jenkinsci.plugins.workflow.libs.SCMSourceRetriever">
<scm class="jenkins.plugins.git.GitSCMSource" plugin="git#3.12.0">
<id>XXXXXXXXXXXXXXXXXXXXXXXX</id>
<remote>XXXXXXXXXXXXXXXXXXX</remote>
<credentialsId>jXXXXXXXXXXXXXXXXXXXX</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
</traits>
</scm>
</retriever>
<defaultVersion>${PIPELINE_RELEASE_VERSION}</defaultVersion>
<implicit>true</implicit>
<allowVersionOverride>true</allowVersionOverride>
<includeInChangesets>false</includeInChangesets>
</org.jenkinsci.plugins.workflow.libs.LibraryConfiguration>
</libraries>
</org.jenkinsci.plugins.workflow.libs.GlobalLibraries>
Thanks,
Kusuma
I don't think anyway it possible to make the environment variable available for org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml. But If you use Jenkins Code As Configuration plugins, you can pass the variable from docker-compose and make that available to the config file, and when Jenkins load the config file to prepare config for Jenkins would work.
An example can be found here
Using this info https://hayato-iriumi.net/2019/05/23/how-to-install-jenkins-slave-as-windows-service/ we are setting up the Jenkins Slave on Windows server. Jenkins agent start from command line. but when we start from Windows service, its giving below error message? How to resolve this error message?
Service cannot be started. System.IO.InvalidDataException: Attribute <className> is missing in configuration XML
at winsw.Util.XmlHelper.SingleAttribute[TAttributeType](XmlElement node, String attributeName)
at winsw.Extensions.WinSWExtensionDescriptor.FromXml(XmlElement node)
at winsw.Extensions.WinSWExtensionManager.LoadExtension(String id)
at winsw.Extensions.WinSWExtensionManager.LoadExtensions()
at winsw.WrapperService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
xml file we have
<service>
<id>JenkinsSlave</id>
<name>Jenkins agent</name>
<description>This service runs an agent for Jenkins automation server.</description>
<executable>c:\java\jdk-11\bin\java.exe</executable>
<arguments>-Xrs -jar "c:\jenkins\slave.jar" -jnlpUrl https://jenkinsmaster/jenkins/computer/slave01/slave-agent.jnlp -secret a4b5b4ddfd34a016cd3a8eb94cbe8f908613e33a66db5fa6f5f43a080aea3116 -workDir=c:\jenkins</arguments>
<workingdirectory>c:\jenkins</workingdirectory>
<logmode>rotate</logmode>
<onfailure action="restart">
<download from="https://jenkinsmaster/jenkins/jnlpJars/slave.jar" to="c:\jenkins\slave.jar">
<extensions>
<extension enabled="false" classname="winsw.Plugins.RunawayProcessKiller.RunawayProcessKillerExtension" id="killOnStartup">
<pidfile>c:\jenkins\jenkins_agent.pid</pidfile>
<stoptimeout>5000</stoptimeout>
<stopparentfirst>false</stopparentfirst>
</extension>
</extensions>
</download>
</onfailure>
</service>
Thanks
There are some errors in the sample "Jenkins-Slave.xml" that is presented at the linked web page (which yours is apparently based on). It has all elements and attributes named in lowercase, but actually some of them should be mixed case (as can be seen by the error message that it doesn't find attribute className).
Try this one instead:
<service>
<id>YourJenkinsSlaveServiceId</id>
<name>Your Jenkins Slave Service Name</name>
<description>This service runs an agent for Jenkins automation server.</description>
<executable>C:\Program Files\Java\JRE8\bin\java.exe</executable>
<arguments>-Xrs -jar "%BASE%\slave.jar" -jnlpUrl http://YourJenkinsServer:8080/computer/YourNodeName/slave-agent.jnlp -secret YourSecretStringConsistingOfHexadecimalCharacters -workDir=C:\YourNodeWorkDir</arguments>
<logmode>rotate</logmode>
<onfailure action="restart" />
<download from="http://YourJenkinsServer:8080/jnlpJars/agent.jar" to="%BASE%\slave.jar"/>
<extensions>
<extension enabled="true" className="winsw.Plugins.RunawayProcessKiller.RunawayProcessKillerExtension" id="killOnStartup">
<pidfile>%BASE%\jenkins_agent.pid</pidfile>
<stopTimeout>5000</stopTimeout>
<stopParentFirst>false</stopParentFirst>
</extension>
</extensions>
</service>
This is from a more detailed explanation of how to install an agent as a Windows service which I have given in this answer.
I too has the same issue similarly..
System.IO.FileNotFoundException: Unable to locate jenkins.xml file within executable directory or any parents
at winsw.ServiceDescriptor..ctor()
at winsw.WrapperService.Run(String[] _args, ServiceDescriptor descriptor)
at winsw.WrapperService.Main(String[] args)
Solution:
Save your jenkins-agent file as xml format. not just jenkins-agent.xml
we can use notepad++ to save the xml type.
similarly remove .exe at end of jenkins-agent.exe
Hope its useful.... cheers !!
The className, stopTimeout and stopParentFirst should not be in lower case.
I need to poll the artifactory URL every night and find out which file got added, and use that name of the new artifact as a parameter to trigger another job in Jenkins. But the URLTrigger plugin doesn't return the name of the new artifacts? Is there any way to derive that?
I use groovy to run a curl command to extract and parse the metadata.xml to work out the jar name.
Assuming Artifactory has metadata content that looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<metadata>
<groupId>path.to.application</groupId>
<artifactId>jarName</artifactId>
<versioning>
<latest>6.1.12-SNAPSHOT</latest>
<release>6.1.11</release>
<versions>
<version>6.1.11</version>
<version>6.1.12-SNAPSHOT</version>
</versions>
<lastUpdated>20181122121509</lastUpdated>
</versioning>
</metadata>
Thus the build information I want want is 'jarName-6.1.12-SNAPSHOT.jar'
import org.xml.sax.SAXParseException;
//Assumed artifactory path to application.jar
def metaDataPath = 'https://your.artifactory.server/artifactory/path/to/application/jarName/maven-metadata.xml'
//Get the file using curl (you might need to use a proxy), with an api token for authentication
def metadataContent = 'curl -x<your-proxy:80> -H "X-JFrog-Art-Api:<your token>" -XGET ' + metaDataPath
metadataContent = metadataContent.execute().text
//Parse it to get the 'latest' element
def parsedXml = (new XmlParser()).parseText(metadataContent)
println parsedXml.versioning.latest.text() //6.1.12-SNAPSHOT
If your snapshot builds include a timestamp in their name, then you would need to use the returned 6.1.12-SNAPSHOT to build a new metadata path:
https://your.artifactory.server/artifactory/path/to/application/jarName/6.1.12-SNAPSHOT/maven-metadata.xml
To then repeat the extract and parse process to get the timestamped name from the child metadata.xml
I am only allowed to work with the command line terminal on Ubuntu.
I need to create a job in Jenkins with security credentials.
I already installed Jenkins in my machine, but the access is open. If I set-up security credentials on Jenkins, how can I specify these on the command line?
Follow these steps:
Generate a public ssh-key in the user you want to work with from the command line:
ssh-keygen
Just press enter whenever yo are asked to enter some value.
Copy the content of the file ~/.ssh/id_rsa.pub.
Go to your jenkins home screen in a browser and login with a user with full access, Then click on the right on Users and then on the user you are currently logged with. Then click on settings (or configuration??).
In the field SSH public keys paste the content of the id_rsa.pub file. Save the changes.
And that's all! Now you are able to work with jenkins from the command line.
From the command line
The following is the configuration file of my jenkins main user (with all the privileges). Pay attention to the setting <authorizedKeys>. You should paste there the public ssh key. I haven't made that, but surely if you add the necessary lines to your config file it works. The file is in /path_to_jenkins/users/user_name/config.xml
<?xml version='1.0' encoding='UTF-8'?>
<user>
<fullName>admin</fullName>
<description></description>
<properties>
<jenkins.security.ApiTokenProperty>
<apiToken>pP08W9tzs2jlCrVCY9I2o6y2RNu3Huw85Y2f99/Uif7dia1W7piGpzsrpstln/jw</apiToken>
</jenkins.security.ApiTokenProperty>
<com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty plugin="credentials#1.4">
<credentials/>
</com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty>
<hudson.tasks.Mailer_-UserProperty plugin="mailer#1.4">
<emailAddress>admin#mail.com</emailAddress>
</hudson.tasks.Mailer_-UserProperty>
<hudson.model.MyViewsProperty>
<primaryViewName></primaryViewName>
<views>
<hudson.model.AllView>
<owner class="hudson.model.MyViewsProperty" reference="../../.."/>
<name>Alle</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
</hudson.model.MyViewsProperty>
<hudson.security.HudsonPrivateSecurityRealm_-Details>
<passwordHash>1DF2ykjkkkjkkQXW</passwordHash>
</hudson.security.HudsonPrivateSecurityRealm_-Details>
<org.jenkinsci.main.modules.cli.auth.ssh.UserPropertyImpl>
<authorizedKeys>ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4P1b/5RpibQgDZpKPD7lTQLjtyMrIQH43ns62PO72koL9zJe6qrAYcTIDNOUvSYNYyKfrgt6Z5zB8MvvENQLWezDKTWNXINhZml0PxOlc9ZaHbQX6UqyFbTS6o+ZEGs+K92Yi/XwK5hTmN5Igsw5BQYEs5cOsd5H2PoEZdhK1X0XAEBX/+p6aNy585+/scgZj0jSIvcX+pnzsCJLKmeYadlLnbrvebf9u6pu8MI9RuAY5dvPfpSL4WynWwS1QvY4z535TqPaaAlM3qXqH0pcOlxgW1iUkJqti3JnnxpBNXLmXalmq+4/d7mUrRBx+HKbh5ZpNZad9vaelAjAsNg+uw== user#machine_name</authorizedKeys>
</org.jenkinsci.main.modules.cli.auth.ssh.UserPropertyImpl>
<hudson.search.UserSearchProperty>
<insensitiveSearch>false</insensitiveSearch>
</hudson.search.UserSearchProperty>
</properties>
</user>
I just changed the starting prompt location to the folder in which the jar file is located. For example, if your jar file's location and name is:
C:\Users\Tod\file.jar
you can do two commands:
cd C:\Users\Tod
java -jar file.jar