Re: Groovy Script to Skip Installation of Plugins and Enable Slave

[Vikas Kumar]

All,

This stands solved now.

To ignore the plugins, just use this

echo ${JENKINS_VERSION} > 
/usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state
echo ${JENKINS_VERSION} > 
/usr/share/jenkins/ref/jenkins.install.InstallUtil.lastExecVersion

and for the enabling slave, the answer here 
<http://stackoverflow.com/questions/41578991/set-enable-slave-%E2%86%92-master-access-control-from-script-console>
 
is good, all one needs is to import the package *import 
jenkins.security.s2m.**

Hope this helps someone.

Cheers,
Vikas

On Wednesday, 15 February 2017 20:38:04 UTC+11, Vikas Kumar wrote:
>
> Hello Everyone,
>
> I am trying to automate initialization of Jenkins Docker container and 
> looking to automate two parts.
>
>
>- Ignore this part to select plugins. I don't need this as I am 
>installing required plugins at the build time
>
>
>
> <https://lh3.googleusercontent.com/-gGElyXPcp8o/WKQgILL71mI/BSc/PR1zR3zjGkYlpkSvJZH0Nkpi4nxfdpmBQCLcB/s1600/2017-02-15_19-28-17.png>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>- Enable Slave -> Master Access Control (listed under Configure 
>System). This has been answered here 
>
> <http://stackoverflow.com/questions/41578991/set-enable-slave-%E2%86%92-master-access-control-from-script-console>
>  
>but is not working for Jenkins v2.32.2 (latest as on date).
>
>
> <https://lh3.googleusercontent.com/-1RlmxRmxhaw/WKQgsUfFKuI/BSk/22YPsyXPcpAB7GgwYkVSbIaTmEEtXXZFwCLcB/s1600/2017-02-15_19-53-00.png>
>
>
>
>
>
>
>
>
>
>
> Thanks,
> Vikas
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/b38aca98-57c6-4441-8ca2-1b5466582fa8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Groovy Script to Skip Installation of Plugins and Enable Slave

[Vikas Kumar]

Hello Everyone,

I am trying to automate initialization of Jenkins Docker container and 
looking to automate two parts.


   - Ignore this part to select plugins. I don't need this as I am 
   installing required plugins at the build time




















   - Enable Slave -> Master Access Control (listed under Configure System). 
This 
   has been answered here 
   

 
   but is not working for Jenkins v2.32.2 (latest as on date).












Thanks,
Vikas

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/76513c7b-3a9c-4acb-b1fb-3375ce033ef9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Username and Password to checkout git in Jenkinsfile (groovy)

[Vikas Kumar]

I have got a solution. Pls see this link 
<https://stackoverflow.com/questions/46511419/jenkins-username-and-password-to-checkout-git-in-jenkinsfile-groovy>
 
for details. Thanks.

On Monday, 2 October 2017 15:13:20 UTC+11, Vikas Kumar wrote:
>
> Thanks Mark, yeah this is one option but in this case, username and 
> password are visible in console output. I am thinking to use SSH Keys.
>
>
> On Monday, 2 October 2017 13:46:24 UTC+11, Mark Waite wrote:
>>
>> If your GIT_URL is https, then you could embed the username and password 
>> into the URL.  For example, the URL:
>>
>> https://github.com/user/repo
>>
>> can be 
>>
>> https://username:passw...@github.com/user/repo 
>>
>> Mark Waite
>>
>> On Sun, Oct 1, 2017 at 8:36 PM Vikas Kumar <vika...@gmail.com> wrote:
>>
>>> We are trying to use AWS DynamoDB (with KMS encrypted values) to store 
>>> our secrets rather than using Jenkins Credentials. This is advised by our 
>>> security team.
>>>
>>> I am able to fetch secrets (git username and password) as variables on 
>>> Jenkins slaves, but not sure how to use those to *checkout* git 
>>> repository using those.
>>>
>>>
>>> This is our existing code
>>>
>>>
>>> stage('SCM Checkout') {
>>> checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]],
>>> doGenerateSubmoduleConfigurations: false, extensions: [], 
>>> submoduleCfg: [],
>>> userRemoteConfigs: [[credentialsId: 'GIT_PASSWORD', url: 
>>> "${GIT_URL}"]]])}
>>>
>>>
>>> I want to use variable GIT_USER and GIT_PASSWORD (fetched from AWS) 
>>> instead of using *credentialsId*
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Jenkins Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to jenkinsci-use...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com
>>>  
>>> <https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com?utm_medium=email_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/9343240a-fab3-4269-bfe2-a5bcf2ddc24c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Username and Password to checkout git in Jenkinsfile (groovy)

[Vikas Kumar]

Thanks Mark, yeah this is one option but in this case, username and 
password are visible in console output. I am thinking to use SSH Keys.


On Monday, 2 October 2017 13:46:24 UTC+11, Mark Waite wrote:
>
> If your GIT_URL is https, then you could embed the username and password 
> into the URL.  For example, the URL:
>
> https://github.com/user/repo
>
> can be 
>
> https://username:passw...@github.com/user/repo 
>
> Mark Waite
>
> On Sun, Oct 1, 2017 at 8:36 PM Vikas Kumar <vika...@gmail.com 
> > wrote:
>
>> We are trying to use AWS DynamoDB (with KMS encrypted values) to store 
>> our secrets rather than using Jenkins Credentials. This is advised by our 
>> security team.
>>
>> I am able to fetch secrets (git username and password) as variables on 
>> Jenkins slaves, but not sure how to use those to *checkout* git 
>> repository using those.
>>
>>
>> This is our existing code
>>
>>
>> stage('SCM Checkout') {
>> checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]],
>> doGenerateSubmoduleConfigurations: false, extensions: [], 
>> submoduleCfg: [],
>> userRemoteConfigs: [[credentialsId: 'GIT_PASSWORD', url: 
>> "${GIT_URL}"]]])}
>>
>>
>> I want to use variable GIT_USER and GIT_PASSWORD (fetched from AWS) 
>> instead of using *credentialsId*
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkinsci-use...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/4c5d568f-4ff0-4acc-b509-dc8ca0adec67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Username and Password to checkout git in Jenkinsfile (groovy)

[Vikas Kumar]

We are trying to use AWS DynamoDB (with KMS encrypted values) to store our 
secrets rather than using Jenkins Credentials. This is advised by our 
security team.

I am able to fetch secrets (git username and password) as variables on 
Jenkins slaves, but not sure how to use those to *checkout* git repository 
using those.


This is our existing code


stage('SCM Checkout') {
checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]],
doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: 
[],
userRemoteConfigs: [[credentialsId: 'GIT_PASSWORD', url: 
"${GIT_URL}"]]])}


I want to use variable GIT_USER and GIT_PASSWORD (fetched from AWS) instead 
of using *credentialsId*

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: jenkins, saml and Keycloak SSO

[Vikas Kumar]

Hello James,

Did you get this working? I am too facing all sorts of issues trying to do 
so.

Regards,
Vikas

On Monday, 16 January 2017 14:09:07 UTC+11, James Regis wrote:
>
> Hello,
>
> I am trying to make jenkins + saml plugin + keycloak working together and 
> I am facing a issue.
>
> I have gnerate the IDP metadata and once I am trying to login : 
> http://jenkins.example.com/securityRealm/finishLogin, I am redirected to 
> the keycloak login page.
>
> When I am trying to login with my googel credentials, I have this error : 
>
> *javax.servlet.ServletException: org.pac4j.saml.exceptions.SamlException: 
> Error decoding saml message
>   at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:796)
>   at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
>   at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:197)
>   at 
> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)*
>
> *...*
>
> *Caused by: org.opensaml.ws.security.SecurityPolicyException: Validation of 
> protocol message signature failed
>   at 
> org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule.doEvaluate(SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java:138)
>   at 
> org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule.evaluate(SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java:107)
>   at 
> org.opensaml.ws.security.provider.BasicSecurityPolicy.evaluate(BasicSecurityPolicy.java:50)
>   at 
> org.opensaml.ws.message.decoder.BaseMessageDecoder.processSecurityPolicy(BaseMessageDecoder.java:131)
>   at 
> org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:82)
>   at 
> org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70)*
>
> After some googling, I found this website : 
>
> http://samaratips.blogspot.ca/2016/10/sso-using-saml.html
>
> which said : 
>
> Add IDP public key for signing messages to java key store. It can be found in 
> incoming saml message from IDP.
>
>
> My questions are : 
>
> - Is there somebody  who have succeed to make jenkins/saml plugin + keycloak 
> work together ?
>
> - How can I add the IDP public key to my keystore and how to configure 
> jenkins to decode saml message with the key in the keystore ?
>
> Any help/hints will be appriacated.
>
> Regards.
>
> James
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/413f3a73-71b6-46d4-bad8-8a3899729549%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: jenkins, saml and Keycloak SSO

[Vikas Kumar]

Hello Ivan,

Thanks for your response. To be honest, I am a novice in SAML at the moment 
but have managed to hook Keycloak to AWS using some tutorials :).

I have tried turning off signing and encryption in Keycloak and configured 
below parameters after google-ing.



This is my IDP metadata configured in Jenkins


http://13.211.108.58/auth/realms/amp;
   xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
   xmlns:dsig="http://www.w3.org/2000/09/xmldsig#;
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;>
   
  http://13.211.108.58/auth/realms/amp/protocol/saml; />
   urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

   urn:oasis:names:tc:SAML:2.0:nameid-format:transient

   urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

   urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress



  http://13.211.108.58/auth/realms/amp/protocol/saml; />
  

  -3exGGnBkt9XwDMBUwkkkXg2JYGXg-_YAcr5gwYTSN0

  

MIIClTCCAX0CBgFhnj1EXDANBgkqhkiG9w0BAQsFADAOMQwwCgYDVQQDDANhbXAwHhcNMTgwMjE2MTA0OTMwWhcNMjgwMjE2MTA1MTEwWjAOMQwwCgYDVQQDDANhbXAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXWPRbbOOjiDlBR3retdd1hIrdbPbsQw88AoYj3+4kIJGmAl+g7z/DIEdjTMsn5Jbx6NF2UUS4b2c/rIkCqEMAMz4CKfOFKppbEGTgAJmyAM0uNvo56K01lhsiGVgj9JRqrX5ANoH5PQWkHeF/miyCm1n6EFdyefheNP2lGksofpphrgW9ChTXPHyLhdv1KCJCTI2c7b+HwAhslI0Zw/XT9ZlKQ3/dkc4mYVRsTKjVKPWXSZwvp7eSNDPn1cbEtuUCOikaxcKVKZBghW4ZwspY7DJZIulhnS4rZB8JO2+GWWAJAqIUZffoh99yHANM/wVHwtEdl6Eckw0IiVTW3RSFAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHEkunR6dy+/b3cPl+GJNKpmkMbjMjNQ3P/7YMHQYldl6pr0njYGIl7wh6uA5JF176bz5oP+XddNiySue7lPm+AbsEvefOcfpWt0eBAOHWmZrZLWvp5toE7ipNYd+coicRsddDTAm9ZIdP9X2jNDHrouCkfNHgNIIeLYWdlYUb9VvYW0JbdiwqJs5iCLBIo9M3buffltGyI1ghK0S0/xQf6SgxDLLH4kjU0POj3XMMNDGB4YlPcWeA9DzEQzvWI2gK8Ul/MV3TbYdTXxIRJqef3Qv5ZkCKFBMPORdfLKZyOvP7vex3MSZZzfX342ZjZmzvrlQtOekvldP2OupFeLV8M=

  

  
   


I have configured this as below








Request you to please have a quick look and let me know where I am going 
wrong. The above configuration in Jenkins has this stack trace

org.pac4j.saml.exceptions.SAMLException: Identity provider has no single 
sign on service available for the selected profileorg.opensaml.saml.saml2.
metadata.impl.IDPSSODescriptorImpl@3ce818f6
 at org.pac4j.saml.context.SAML2MessageContext.getIDPSingleSignOnService(
SAML2MessageContext.java:93)
 at org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder.build(
SAML2AuthnRequestBuilder.java:70)
 at org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder.build(
SAML2AuthnRequestBuilder.java:34)


Thanks in advance.


Regards



On Monday, 19 February 2018 05:50:36 UTC+11, Ivan Fernandez Calvo wrote:
>
> >How can I add the IDP public key to my keystore and how to configure 
> jenkins to decode saml message with the key in the keystore ?
>
> The IdP key should be in the IdP Metadata as described in 
> https://www.oasis-open.org/committees/download.php/51890/SAML%20MD%20simplified%20overview.pdf
>  If You are generating the IdP metadata in a manual way, you can use this 
> tool https://www.samltool.com/idp_metadata.php
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/64276bab-fbda-4731-89ea-5699e6d93391%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins Fails to restart after installing plugins , Jenkins Version 2.105

[Vikas Kumar Choudhary]

java.lang.NullPointerException
at 
smartjenkins.SmartJenkinsComputerListener.onConfigurationChange(SmartJenkinsComputerListener.java:41)
at 
hudson.model.AbstractCIBase.updateComputerList(AbstractCIBase.java:231)
at jenkins.model.Jenkins.updateComputerList(Jenkins.java:1547)
at jenkins.model.Nodes$8.run(Nodes.java:333)
at hudson.model.Queue._withLock(Queue.java:1370)
at hudson.model.Queue.withLock(Queue.java:1247)
at jenkins.model.Nodes.load(Nodes.java:324)
at jenkins.model.Jenkins$14.run(Jenkins.java:3060)
at 
org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1064)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused: org.jvnet.hudson.reactor.ReactorException
at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:282)
at jenkins.InitReactorRunner.run(InitReactorRunner.java:48)
at jenkins.model.Jenkins.executeReactor(Jenkins.java:1098)
at jenkins.model.Jenkins.(Jenkins.java:900)
at hudson.model.Hudson.(Hudson.java:85)
at hudson.model.Hudson.(Hudson.java:81)
at hudson.WebAppMain$3.run(WebAppMain.java:233)
Caused: hudson.util.HudsonFailedToLoad
at hudson.WebAppMain$3.run(WebAppMain.java:250)


How may I know which plugin is causing issue?

Please help.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/f3b6c569-e468-4193-91ab-699f456f8140%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.