I´m starting to use jenkins and I have problems with the authentication when I deploy the project. I dont know where to write the credentials.
Authentication failed: The host was not known and was not accepted by the configuration
Where could I write my credentials? I dont see that point in the configuration panel. Many thanks!
The problem came on settings.xml file (in .m2), that did not have the appropriate login and password.
If you use ssh keys for authentication a server section like this can be used:
<server>
<id>repository-id</id>
<username>john/username>
<privateKey>/home/john/.ssh/id_rsa</privateKey>
</server>
still you may run into trouble in jenkins. You might have to run the maven deploy once in interactive mode to accept the e.g. RSA host key.
Related
I am trying to setup a Jenkins server using one of the Chef cookbooks from the supermarket. Unfortunately it is failing with the below error. The plugin recipe requires for the Global security configuration - "Enable CLI with remoting" to be enabled. Can anybody help me to enable it from a Chef recipe so that
java -jar jenkins-cli.jar -s http://localhost:8080 -remoting
installs the plugin.
Thanks
Here is the error log
java.io.IOException: No X-Jenkins-CLI2-Port among [X-Jenkins, null, Server, X-Content-Type-Options, X-You-Are-In-Group-Disabled, X-Hudson, X-Permission-Implied-By, Date, X-Jenkins-Session, X-You-Are-Authenticated-As, X-Required-Permission, Set-Cookie, Expires, Content-Length, Content-Type]
at hudson.cli.CLI.getCliTcpPort(CLI.java:311)
at hudson.cli.CLI.<init>(CLI.java:137)
at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:82)
at hudson.cli.CLI._main(CLI.java:615)
at hudson.cli.CLI.main(CLI.java:426)
Suppressed: java.io.IOException: Server returned HTTP response code: 403 for URL: http://localhost:8080/cli?remoting=true
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1876)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:101)
at hudson.cli.CLI.connectViaHttp(CLI.java:163)
at hudson.cli.CLI.<init>(CLI.java:141)
As per the official documentation, remoting option is disabled by default. you can enable it by going to Configure Global Security. I don't think by programatically we can't enable it. For more details use this official link. Remoting Connection Mode | official Jenkins
This is the solution they are providing for your problem. Hope this helps.
Go to Manage Jenkins > Configure Global Security and choose "Fixed" or "Random" under TCP port for JNLP agents.
You can enable the remoting option by writing a bit of Groovy that gets run when Jenkins starts, but a better option is to configure the proper authentication and use the ssh or http methods.
https://github.com/chef-cookbooks/jenkins#authentication
See also: https://stackoverflow.com/a/51106793/3794873
I am not getting option to install plugins in Jenkins. Instead getting two options Configure Proxy and Skip Plugin Installations.
Might be worth checking - I did a mistake myself and spent a day checking.
Just mention the IP, and not the complete address in Server field in jenkins while configuring proxy.
So, let us suppose your proxy is http://x.x.x.x:8080 - so just put x.x.x.x in server field.
Navigate to C:\Windows\System32\config\systemprofile\AppData\Local\Jenkins.jenkins,
Modify "hudson.model.UpdateCenter.xml" file by changing the URL property to "http"
Finally Open CMD with Admin privilege and run.
net stop jenkins
net start jenkins
What i am trying seems quite simple, but i cant really get my head wrapped around what i need to do:
Inside a job, i have a build-step that executes shell-commands. This shell command tries using the Jenkins CLI.
So basically it says "java -jar theCliFile -s jenkinsURL / command
So inside of a job, i am trying to make a SSH connection to the jenkins-server itself.
This fails, console output says that "[WARN] Failed to authenticate with your SSH keys. Proceeding as anonymous
You must authenticate to access this Jenkins.".
I could provide a username and password as clear text inside of the shell, but i would like to avoid that.
What do i need to setup in order to allow an automatic authentication? I don't understand who needs what kind of keys.
The Jenkins CLI Wiki says to configured a /me/configure user. I just don't see how this makes sense. I guess this was meant to be for use cases where someone tries to build a SSH connection from a remote machine, not from the Jenkins itself, as in my case.
Actually, i solved it myself:
I had both a private and public key on the Jenkins-Server (incase you don't have those, just generate them on the server machine that the Jenkins runs on (there are tons of tutorials on how to do so out there)).
To allow what i was trying in my question, i had to take the public key and enter it in some user existing for the jenkins-application.
As far as i understand, entering the Jenkins Servers public key in any user will make the SSH request authenticate as this user and thus the shell will have the rights of said user.
I am currently running Jenkins on a GCE VM. As a build step, I want to trigger a Jenkins job on another VM in the same project. The problem is, HTTP and HTTPS access to the VMs is disabled, and I cannot use curl to trigger it remotely. An SSH tunnel remains the only option. But SSH onto a VM requires a google_compute_engine private key file, which helps you log in to a particular user..I was confused about how to use this file for the Jenkins user, which does not have a separate shell and was hoping for some advice. Thanks in advance!
The easiest way is to apply the default firewall rules to allow HTTP and HTTPS traffic to the instance by setting the Allow HTTP traffic and Allow HTTPS traffic checkboxs on in its detailed view at Developers Console, or adding the http-server and https-server tags manually by using gcloud command: "
gcloud compute instances add-tags INSTANCE --tags http-server https-server".
Setting up an SSH tunnel to Jenkins port of service is a possibility and it doesn't require using google_compute_engine key necessarily. You can configure and additional key and copy the public part for that key into Jenkins user's authorized_keys file directly, as you would with any other server. See this link for more details. If you use a custom SSH key, remember to specify the related private key when setting up the tunnel.
Another more straight-forward option would be creating new firewall rules for Jenkins ports and applying them to the Jenkins instance.
I have an Ant build that will sometimes execute a 'git push' within a directory on my server. I can do this fine interactively because it asks for the passphrase for my key, but this becomes problematic if you set up a cron job to run the build unattended.
Are there options for me beyond not using a passphrase? I've heard of using ssh-agent, but I've also heard for unattended processes that route won't work. Does anyone have any recommendations for this, and perhaps an example of how to implement it?
I saw that someone suggested to run the cron as a daemon here:
Accessing SSH key from bash script running via a cron job -- but I'm not sure how I could do that or put in my passphrase without compromising it by putting it in plain text, etc.
Any help greatly appreciated.
First, set yourself up for password-less login.
Use ssh-keygen to generate a public/private key pair with no password. Append the public key to ~/.ssh/authorized_keys on the server.
Then run ssh -i /path/to/private_key server to confirm that the password-less login is working.
Finally, configure git to use that ssh -i ... command.
As #mah suggests, you might want to create a specific git account on the server. You add the public key to ~git/.ssh/authorized_keys to enable the password-less login.
authorized_keys also has options to restrict what commands the incoming connection can run. If you are interested in those features, read the SSH documentation.
And of course, you want to keep the private key file readable only by you.
I would solve this by creating a restricted account on the git server and have the ant client use a keyless cert to that restricted account.