Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated cli access, unable to set initial admin account #808

Closed
scoopex opened this issue Sep 14, 2017 · 9 comments
Closed

Deprecated cli access, unable to set initial admin account #808

scoopex opened this issue Sep 14, 2017 · 9 comments

Comments

@scoopex
Copy link

scoopex commented Sep 14, 2017

I setup jenkins using the following code

    apt::source { 'jenkins':
      location => 'http://pkg.jenkins-ci.org/debian-stable',
      release  => 'binary/',
      repos    => '',
      key      => {
        'id'     => '150FDE3F7787E7D11EF4E12A9B7D32F2D50582E6',
        'source' => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',
      },
      include  => {
        'src' => false,
      },
    }
    # interim hack: change this to a subscription on the apt-module in the real setup
    -> exec { 'jenkins update':
      command   => '/usr/bin/apt-get update',
      logoutput => 'on_failure',
      try_sleep => 1,
      # Compare the age of the sources.list files with pkgcache.bin and execute apt-get update if neccessary
      onlyif    => '/usr/bin/test -n "$(/usr/bin/find /etc/apt/sources.list.d/ /etc/apt/sources.list -newer /var/cache/apt/pkgcache.bin)"',
    } -> 
class {'::jenkins':
    repo => false,
    executors => 4,
    user_hash => $user_hash, # provided by hiera
    }

    # The jenkins module utilizes file_line, JAVA_ARGS is prefixed by "export" to prevent duplicate matches
    file_line { "Jenkins disable UPD Ports ${name} 5353 and 33848":
      path    => '/etc/default/jenkins',
      line    => "export JAVA_ARGS=\"\$JAVA_ARGS -Dhudson.udp=-1 -Dhudson.DNSMultiCast.disabled=true -Xmx${memory_in_megabytes}m\"",
      match   => 'hudson.DNSMultiCast.disabled',
      require => Package['jenkins'],
      notify  => Service['jenkins'],
    }
  
    jenkins::sysconfig{ 'JENKINS_ARGS':
>>    value => '--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1',
      require => Package['jenkins'],
      notify  => Service['jenkins'],
    }
  
   # Release 2.13 and higher needs Jenkins core 2.62+
   jenkins::plugin { 'workflow-job' :
       version   => '2.12.2',
   }
   jenkins::plugin { 'pipeline-multibranch-defaults':}
   jenkins::plugin { 'workflow-multibranch':}
   jenkins::plugin { 'config-file-provider':}
   jenkins::plugin { 'branch-api':}
   jenkins::plugin { 'cloudbees-folder':}

   jenkins::plugin { 'active-directory':}
   jenkins::plugin { 'authentication-tokens':}
   jenkins::plugin { 'bouncycastle-api':}
   jenkins::plugin { 'build-timeout':}
   jenkins::plugin { 'credentials-binding':}
   jenkins::plugin { 'plain-credentials':}
   jenkins::plugin { 'display-url-api':}
   jenkins::plugin { 'docker-commons': }
   jenkins::plugin { 'docker-workflow':}
   jenkins::plugin { 'docker-plugin':}
   jenkins::plugin { 'docker-build-step':}
   jenkins::plugin { 'durable-task':}
   jenkins::plugin { 'email-ext':}
   jenkins::plugin { 'external-monitor-job':}
   jenkins::plugin { 'gradle':}
   jenkins::plugin { 'ace-editor':}
   jenkins::plugin { 'jquery-detached':}
   jenkins::plugin { 'junit':}
   jenkins::plugin { 'ldap':}
   jenkins::plugin { 'mailer':}
   jenkins::plugin { 'mapdb-api':}
   jenkins::plugin { 'matrix-auth':}
   jenkins::plugin { 'matrix-project':}
   jenkins::plugin { 'antisamy-markup-formatter':}
   jenkins::plugin { 'pam-auth':}
   jenkins::plugin { 'workflow-api':}
   jenkins::plugin { 'workflow-cps':}
   jenkins::plugin { 'workflow-durable-task-step':}
   jenkins::plugin { 'workflow-scm-step':}
   jenkins::plugin { 'workflow-step-api':}
   jenkins::plugin { 'workflow-support':}
   jenkins::plugin { 'saml':}
   jenkins::plugin { 'scm-api': }
   jenkins::plugin { 'script-security':}
   jenkins::plugin { 'ssh-credentials':}
   jenkins::plugin { 'ssh-slaves':}
   jenkins::plugin { 'structs':}
   jenkins::plugin { 'timestamper':}
   jenkins::plugin { 'token-macro':}
   jenkins::plugin { 'icon-shim': }
   jenkins::plugin { 'subversion':}
   jenkins::plugin { 'scm-sync-configuration':}

If i execute the mentioned code, i get this:
(Installs jenkins release 2.60.3)

       Info: Applying configuration version '1505395595'
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: 
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: ERROR: This command is requesting the deprecated -remoting mode. See https://jenkins.io/redirect/cli-command-requires-channel
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: Sep 14, 2017 1:28:10 PM hudson.cli.CLI$5 run
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: WARNING: null
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: java.io.IOException: Stream is closed
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: 	at sun.net.www.protocol.http.HttpURLConnection$StreamingOutputStream.checkError(HttpURLConnection.java:3512)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: 	at sun.net.www.protocol.http.HttpURLConnection$StreamingOutputStream.write(HttpURLConnection.java:3486)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: 	at java.io.DataOutputStream.writeInt(DataOutputStream.java:197)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: 	at hudson.cli.PlainCLIProtocol$EitherSide.send(PlainCLIProtocol.java:175)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: 	at hudson.cli.PlainCLIProtocol$ClientSide.sendEndStdin(PlainCLIProtocol.java:347)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: 	at hudson.cli.CLI$5.run(CLI.java:679)
       Error: '/usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy set_num_executors 4' returned 5 instead of one of [0]
       Error: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: change from notrun to 0 failed: '/usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy set_num_executors 4' returned 5 instead of one of [0]

       Notice: /Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: 
       Notice: /Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: ERROR: This command is requesting the deprecated -remoting mode. See https://jenkins.io/redirect/cli-command-requires-channel
       Error: '/usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy create_or_update_user admin admin@foobar.net 'test' 'Managed by Puppet' ''' returned 5 instead of one of [0]
       Error: /Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: change from notrun to 0 failed: '/usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy create_or_update_user admin admin@foobar.net 'test' 'Managed by Puppet' ''' returned 5 instead of one of [0]
       Notice: /Stage[main]/Jenkins::Cli::Reload/Exec[reload-jenkins]: Dependency Exec[set_num_executors] has failures: true
@wiccan2
Copy link

wiccan2 commented Oct 13, 2017

I am having the same issue, did you ever manage to resolve this?

@leeuwenrjj
Copy link

Me2

@Kentzo
Copy link

Kentzo commented Oct 19, 2017
edited
Loading

Same issue.

@nick-george
Copy link

+1

@vStone
Copy link
Contributor

vStone commented Dec 4, 2017

Related to #761?

@ayk33
Copy link

ayk33 commented Jan 16, 2018
edited
Loading

Has this issue ever been resolved? If not what is a good workaround?
I run into the following error message:

Error: '/bin/cat /usr/lib/jenkins/puppet_helper.groovy | /usr/bin/java -jar /usr/lib/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy = create_or_update_user admin example@me.com 'changeme' 'Managed by Puppet' ''' returned 255 instead of one of [0]

Error: /Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: change from 'notrun' to ['0']

This is my puppet script looks like this

class jenkins_master {
  class {
    'jenkins':
      executors         => 2,
      install_java      => false,
      require           => [Class['java']],
      lts               => true,
      cli               => true,
      cli_remoting_free => true,
      user_hash => {
        'admin' => {
          'password' => 'changeme',
          'email'   => 'example@me.com',
        }
      }
  }
  class { 'jenkins::security':
      security_model => 'full_control',
  }

@esalberg esalberg mentioned this issue Feb 20, 2018
Closed
@cliffano
Copy link

cliffano commented Jul 14, 2019
edited
Loading

I'm seeing the same problem as @ayk33 reported above in 2019, with Jenkins 2.176.1 .
@esalberg is there any quick tip on what we can try to get around this problem?

The root of the error 255 on @ayk33's comment is:
/Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: java.io.FileNotFoundException: http://127.0.0.1:8080/securityRealm/cli?remoting=false

I have tried setting cli_remoting_free to true, to false, they both resulted in the same error.

From my understanding from reading the code and from the error, I think jenkins::security ends up setting the authorization strategy but it doesn't set the security realm. Security realm is a puppet type in puppet-jenkins, but it's not obvious how it's meant to be used, or even if user meant to touch on it directly at all without using jenkins::security.

@jeff1evesque
Copy link

@cliffano, what if we just templatize some of the main configurations files as a workaround to a hopeful idea that this module would have parameters we could easily set?

@ekohl
Copy link
Member

ekohl commented Sep 16, 2022

Closing for its age. Please open a new issue if this still persists.

@ekohl ekohl closed this as not planned Won't fix, can't repro, duplicate, stale Sep 16, 2022
@kenyon kenyon changed the title Deprecated cli access, unable to set inital admin account Deprecated cli access, unable to set initial admin account Sep 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@cliffano @Kentzo @ekohl @scoopex @vStone @leeuwenrjj @jeff1evesque @nick-george @ayk33 @wiccan2