Is there command in Perforce to get information which clients has mapping for particular folder from depot ?
Example:
I have depot location //depot/myfolder/somefile.java
I want to know information which clients map this location to which path:
//client1/c:/folder1/somefile.java
//client2/d:/folder2/somefile.java
...
I can get this information from "p4 client" but it is for current client and not for particular folder/file.
Regards, Victor
You could do it with a small script using the p4 clients command to list clients:
p4 help clients
clients -- Display list of clients
workspaces -- synonym for 'clients'
p4 clients [-u user] [-e nameFilter -m max]
Lists all client workspaces currently defined in the server.
The -u user flag lists client workspaces that are owned by the
specified user.
The -e nameFilter flag lists workspaces with a name that matches
the nameFilter pattern, for example: -e 'svr-dev-rel*'
The -m max flag limits output to the specified number of workspaces.
and then iterate over each client using
p4 client -o <client name>
to list the client spec, and finally search for the path(s) you are interested in.
Related
We have our company users list and with that users list we need to prepare a report that each user have access to which gerrit project.
So how to list the project(s) for particular user from gerrit?
Some direction to achieve this will be helpful. Thanks in advance.
You have two options to give a try:
Use the "gerrit ls-projects" SSH command
Using the "--has-acl-for GROUP" option, you can list projects on which access rights for this group are directly assigned. Note: projects which only inherit access rights for this group are not listed:
ssh -p 29418 USER#GERRIT-SERVER gerrit ls-projects --has-acl-for GROUP
See more details in Gerrit documentation here.
Use the "Check Access" project REST endpoint
Using this endpoint you can verify if a user has access to a repository. Note: this requires the View Access global capability:
curl --user USER:PASS --request GET "https://GERRIT-SERVER/a/projects/PROJECT/check.access?account=ACCOUNT-ID&ref=refs%2Fheads%2Fmaster"
This command checks if the user with the ACCOUNT-ID number has access to the branch "master" of the PROJECT. As you have noted, you need to know the user ACCOUNT-ID. You can find the user ACCOUNT-ID using REST too:
curl --user USER:PASS --request GET "https://GERRIT-SERVER/a/accounts/?q=username:USERNAME" | sed 1d | jq --raw-output .[]._account_id
See more details in Gerrit documentation here.
I need to create perforce clients from my jenkins build scripts, and this needs to be done unattended. This is mainly because jenkins jobs run in unique folders, Perforce insists that each client has a unique root target folder, and we create new jenkins jobs all the time based on need. Right now each time I create a unique jenkins job, I have to manually create a perforce client for that job - I can do this from the command line, but Perforce also insists on pausing the client creation to show me the specification settings file, which I need to manually close before the client is created.
To create the client I'm using
p4 -u myuser -P mypassword client -S //mydepo/mystream someclientname
and I'm using this awful hack to simultaneously kill notepad
p4 -u myuser -P mypassword client -S //mydepo/mystream someclientname | taskkill /IM notepad.exe /F
This sort of works, but it doesn't feel right. Is there an official/better way I can force p4 to silently force create a client?
Do this:
p4 -u user -P ticket client -S //depot/stream -o someclientname | p4 -u user -P ticket client -i
You can prepare client form upfront and pass the path by:
p4 client -i newClientForm.txt
I guess that you can have a script that prepare such file before calling p4 client.
Take a look on the default form that is popping up every time.
I don't know how you can deal with passing both options -S and -i though.
I have latest Jenkins and it's Swarm plugin client jar (2.0).
I downloaded the swarm-client jar and I ran the following command to create the slave: (Note: : I'm using user Anonymous to connect to Jenkins master without requiring username/password and have provided Create Slave permission in Global Roles, and all access in Slave section under Slave roles by creating a new role with pattern swarm.*). Jenkins Swarm client: https://wiki.jenkins-ci.org/display/JENKINS/Swarm+Plugin
A user can provide a valid username/password if that user has Create Slave (Global Roles) and other access like connect, delete, etc in Slave Roles in Jenkins under Manage Roles).
$ which swarm-client.jar
~/tools/bin/swarm-client.jar
$ pwd
/home/confman/slaves
$ ~/tools/jdk1.7.0_60/bin/java -jar `which swarm-client.jar` -name "swarm_`hostname -a`" -fsroot "~/slaves/swarm_`hostname -a`" -master http://jenkins_master.srvr.company.com:8083 -username Anonymous -description "`hostname -a` " -executors 5 -labels "ANSIBLE_CENTOS CENTOS" -mode 'exclusive' -showHostName -t java=~/tools/jdk1.8.0_45 -t gradle=~/tools/gradle-2.3 -t Maven=~/tools/apache-maven-3.3.3 -t Groovy2=~/tools/groovy-2.4.5 --showHostName -retry 0 -disableClientsUniqueId &
But, instead of the above command setting Slave's Remote Root Directory to ~/slaves/swarm_jmeter01, it's setting the remote root path including the folder as prefix/relative to from where I ran the above command (as shown below). In my case, hostname command value is jmeter01.
The documentation doesn't mention that this paramter is relative to the current folder (where you'd run the java -jar slave-client jar command).
Has anyone found a solution for this i.e. it can ignore the current folder and set it to ~/slaves/swarm_01 or something like that?
Obviously In my automation to resolve this issue, I can first "cd" (change directory) to the correct folder ~/slaves and then just pass -fsroot "swarm_`hostname -a`" to get remote directory path value set as: ~/slaves/swarm_jmeter01 (in that case, it'll work fine).
~ is shell expansion ... if this not works, then use $HOME instead
I want to automate the entire installation of Jenkins, given a list of user names I want to be able to create user accounts for each. The only method I've read to set up user accounts is here:
https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup
Tried seeing if there was an option to configure with command line at:
https://localhost:8080/cli/
But does not seem to the be case.
Is it possible to add user accounts without using the web interface? More specifically a method that is scriptable.
My last resort is to do raw post requests but hoping there is a nicer way.
Yes of course, it is possible to script provisioning for jenkins. But not with the cli tool alone.
I guess you want to use "Jenkins own user database" with Project Matrix Authorization Strategy.
Steps to prepare provisioning:
Configure your Jenkins manually (enable security, add rolls and at least one user)
Shutdown your jenkins (to let him write all in-memory changes to disk)
Copy $JENKINS_HOME/config.xml to your provisioning script (as as seed data)
Copy $JENKINS_HOME/users/ (as seed data)
Get the cli tool: cd /tmp; wget -nv http://localhost:8080/jnlpJars/jenkins-cli.jar
If you do not want to have static seed data (one config.xml for each user) you can generate a (users/username/)config.xml using a bash script or a more advanced tool. But for simplicity sake you can take users/username1/config.xml as a template. Replace relevant data with a placeholder e.g. "PLACEHOLDER_FULLNAME" for full user name.
e.g.:
change
"<fullName>sample full username</fullName>"
to
"<fullName>PLACEHOLDER_FULLNAME</fullName>"
In your provisioning script, iterate over all users. For each user, replace each placeholder with the correct value.
e.g.
cp $SEED_DATA/templates/user/config.xml /tmp/config.xml
sed -e "s/\${PLACEHOLDER_USERNAME}/1/" -e "s/\${ChuckNorris}/dog/" /tmp/config.xml
sed -e "s/\${PLACEHOLDER_EMAIL}/1/" -e "s/\${he#findsyou.com}/dog/" /tmp/config.xml
...
mkdir -p $SEED_DATA/users/$USERNAME/
cp /tmp/config.xml $SEED_DATA/users/$USERNAME/config.xml
When you want to use generated users config.xml please generate for each user some permission settings in $JENKINS_HOME/config.xml:
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
...
<permission>hudson.model.View.Create:username1</permission>
<permission>hudson.model.View.Delete:username1</permission>
<permission>hudson.model.View.Read:username1</permission>
...
<permission>hudson.model.View.Create:username2</permission>
<permission>hudson.model.View.Delete:username2</permission>
<permission>hudson.model.View.Read:username2</permission>
...
</authorizationStrategy>
Provisioning steps:
Install jenkins as you did before & maybe dynamic config generator (see above)
cp $SEED_DATA/config.xml $JENKINS_HOME/
cp -R $SEED_DATA/users/ $JENKINS_HOME/
chown -R "jenkins:jenkins" $JENKINS_HOME/users/ (maybe optional)
cd /tmp; java -jar jenkins-cli.jar -s http://localhost:8080/ reload-configuration
Some of our Jenkins jobs are such that they deploy e.g. to a client acceptance test environment. It is very important that this type of jobs are not triggered by accident. Is it therefore possible to configure Jenkins to somehow require a password when triggering a specific build?
Set up Project based security, then you can restrict build access on a per-job basis.
From the help on the Jenkins configuration page:
[Project based security] is an extension to "Matrix-based security"
that allows additional ACL matrix to be defined for each project
separately (which is done on the job configuration screen.)
This allows you to say things like "Joe can access project A, B, and C
but he can't see D." See the help of "Matrix-based security" for the
concept of matrix-based security in general.
ACLs are additive, so the access rights granted below will be
effective for all the projects.*
ok.
my 5cents about this question.
Our Jenkins uses Redmine's mysql db as auth input.
in Jenkins you'll need next plugins:
Parameterized Build
Build User Vars Plugin
and after activating Password parameter, you'll be asked for it before build.
So, i figured out 2 options.
It is applicable, if your slaves has direct connection with mysql (or any DB engine).
then pre-build check:
SALT=$(mysql --defaults-extra-file="~/redmcheck.my" -B -se "select salt from redmine.users where login='${BUILD_USER}';")
HASH=$(mysql --defaults-extra-file="~/redmcheck.my" -B -se "select hashed_password from redmine.users where login='${BUILD_USER}';")
CHECK=$(sha1 -qs $SALT$(sha1 -qs $Password))
if [ $HASH != $CHECK ]
then
exit 1;
fi
It will broke build, if your entered password doesn't equal.
Second solution, is to use Rest API in Redmine.
And it allows to recheck user on remote slaves.
CODE=$(curl -X GET -u ${BUILD_USER}:${Password} --write-out "%{http_code}" -o /dev/null -s https://redmine/users/current.json);
if [ $CODE != "200" ]
then
exit 1;
fi
If it gets 200 code, so it goes build.