Using the sandbox is typically recommended as without it, the scripts can do anything an administrator can do. Usually you'd only disable it for limited scripts where you need to dig into internal Jenkins state, but those types of scripts are usually things like Jenkins init scripts that customize some settings and are configured by admins.
Caveat: I haven't used JobDSL myself, so I'm not sure how useful that plugin is in the sandbox. On Sat, 15 Aug 2020 at 06:23, Enrico Olivelli <[email protected]> wrote: > > Thank you Gavin, > it looks like the script now has problems. > I can fix them, but I don't know how can I make changes if you need to > approve them every time. > > We were using Jenkins DSL in order to have Jenkins jobs configuration > committed to git > > Do you think that enabling the Groovy sandbox would be a good idea? > > Enrico > > Il giorno sab 15 ago 2020 alle ore 13:15 Gavin McDonald < > [email protected]> ha scritto: > > > Hi Enrico, > > > > > > On Sat, Aug 15, 2020 at 8:31 AM Enrico Olivelli <[email protected]> > > wrote: > > > >> Gavin, > >> thank you. > >> > >> Now I have this second problem, it looks like that in the new Jenkins > >> every Jenkins DSL script must be approved. > >> see > >> https://ci-hadoop.apache.org/job/BookKeeper/job/bookkeeper-seed/3/console > >> > >> I am not sure how can we make it work, the help reads "New or modified > >> scripts must either be approved by an Jenkins administrator before they can > >> be used or they must be run in the restricted sandbox." > >> > > > > I have approved all scripts waiting, please try again. > > > > > >> > >> > git config core.sparsecheckout # timeout=10 > >> > git checkout -f 7645cb839761b9dde6462c28a87a0d1c428bf5fa # timeout=10 > >> Commit message: "Bookie Client add quarantine ratio when error count > >> exceed threshold" > >> > git rev-list --no-walk 7645cb839761b9dde6462c28a87a0d1c428bf5fa # > >> timeout=10 > >> Processing DSL script > >> .test-infra/jenkins/job_bookkeeper_codecoverage.groovy > >> ERROR: script not yet approved for use > >> Finished: FAILURE > >> > >> > >> If I enable the "Groovy sandbox", then I see this second error > >> > >> Commit message: "Bookie Client add quarantine ratio when error count > >> exceed threshold" > >> > git rev-list --no-walk 7645cb839761b9dde6462c28a87a0d1c428bf5fa # > >> timeout=10 > >> > >> ERROR: You must configure the DSL job to run as a specific user in order > >> to use the Groovy sandbox. > >> Finished: FAILURE > >> > >> > >> Thank you > >> > >> Enrico > >> > >> Il giorno ven 14 ago 2020 alle ore 20:57 Gavin McDonald < > >> [email protected]> ha scritto: > >> > >>> Hi Enrico! > >>> > >>> On Fri, Aug 14, 2020 at 8:41 PM Enrico Olivelli <[email protected]> > >>> wrote: > >>> > >>> > Hi, > >>> > I am migrating Bookkeeper jobs and it looks like there is no 'Process > >>> DSL > >>> > actin' > >>> > > >>> > We have a seed job that creates all of the other jobs > >>> > > >>> > I have already created the new seed but actually it is useless. > >>> > > >>> > Any idea? > >>> > > >>> > >>> Right, so a part of this migration process involves finding out what > >>> plugins might be > >>> needed for Jobs, and installing them as we come across them. > >>> > >>> I just installed the Job DSL plugin and your Process DSL option should > >>> now > >>> be available for you. > >>> > >>> Let me know how you get on > >>> > >>> > >>> > Enrico > >>> > > >>> > >>> > >>> -- > >>> > >>> *Gavin McDonald* > >>> Systems Administrator > >>> ASF Infrastructure Team > >>> > >> > > > > -- > > > > *Gavin McDonald* > > Systems Administrator > > ASF Infrastructure Team > > -- Matt Sicker <[email protected]>
