[2.0] feedback on setup wizard

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[2.0] feedback on setup wizard

Kohsuke Kawaguchi
Administrator
I have two problems with the setup wizard in new alpha-3. I filed those as tickets, but ultimately it should be decided by how users perceive this, so in the hope of creating a discussion here they are:



The new security setup wizard in alpha-3 requies that the new user provides a security token that's printed to console to proceed, but knowing where it goes really isn't easy. You see some beginning of it in this Wiki page, but this is still far from complete.

For example, on Windows %JENKINS_HOME% is something the user can override during the setup, which I think defaults to either c:\jenkins or %APPDATA%\jenkins that I can't remember. The latter location would be different depending on Windows versions. And if you are a kind of guy who just clicks Next, Next, and Next, you probably don't know where it is.

On OS X, we support two ways of installing it, and they put things to different locations. I don't know exactly where so I couldn't add it to the page.

Then there's a whole can of worm about running Jenkins on a servlet container, which can do any number of things depending on how you installed the said servlet container.

I think this is too much hassle, especially given that I cannot think of any other tools that do this much. For example, Atlassian tools show the setup wizard to anyone accessing it.

I suggest we consider alternative ways of authenticating the user:

  • Create a random file name under $JENKINS_HOME and ask the user to touch that file by showing the path.
  • Instead of printing it out to stdout, create a file under $JENKINS_HOME and ask the user to paste in its content.

Both of these remove any ambiguity and sufficiently authenticate the user.

Daniel raised that this approach reveals the location of $JENKINS_HOME but I don't consider that a vulnerability by itself. This only happens briefly during the setup anyway.



During the setup wizard, Jenkins asks if I want to create an admin user or skip it. When I choose skip, it'll still create an admin user anyway.

This is unintuitive. The expectation with the 'Skip' label is that I'm NOT creating an admin user. There are legitimate reasons to do this - for example if I'm setting up Jenkins with a real security realm like LDAP, I really do not want the admin user.

The problem is further made worse by the fact that this default admin user has the security token as the password, which you can never recover if you haven't written it down.

I think we are going too far here. We make it very obvious and natural for people to create an admin user, and 'Skip' is very under-emphasized already. This should be sufficient. It shouldn't get in the way of people who know what they are doing, just like we let people not install any recommended plugins.

If we insist on forcing people to create an admin user just to install LDAP plugin & throw that user away, then I'd rather not have the "Skip" button. As a reference, Atlassian tools for example doesn't let you skip creating admin user. You always have to create one.


--
Kohsuke Kawaguchi

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAN4CQ4yKXzzZT%2B_zpeFtXvd%2BhazQQTZYYqGiQRkGtKi-qEOB8g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [2.0] feedback on setup wizard

Daniel Beck

On 16.03.2016, at 18:54, Kohsuke Kawaguchi <[hidden email]> wrote:

> https://issues.jenkins-ci.org/browse/JENKINS-33599
> …
> • Instead of printing it out to stdout, create a file under $JENKINS_HOME and ask the user to paste in its content.

This is my favored approach and probably the easiest one for production instances, as opposed to dev/test instances, for which the log content is easier to retrieve.

---

> https://issues.jenkins-ci.org/browse/JENKINS-33601
> …
> The expectation with the 'Skip' label is that I'm NOT creating an admin user. There are legitimate reasons to do this - for example if I'm setting up Jenkins with a real security realm like LDAP, I really do not want the admin user.

We cannot enable security without having an admin user, and requiring disabling security, even if temporary, so users can navigate to the Global Security Config, seems counterproductive. WRT integrating security setup into the initial configuration, Keith thought this would make this "wizard" sequence of dialogs too complex. I'm on the fence on this, so we opted to gather feedback. I guess we have one strong opinion now :-)

> The problem is further made worse by the fact that this default admin user has the security token as the password, which you can never recover if you haven't written it down.

This would be solved by the file based approach to the first issue. Just look up your password from there. (Which is kind of wonky and broken really… tf there's a file, it shouldn't exist forever!)

> I think we are going too far here. We make it very obvious and natural for people to create an admin user, and 'Skip' is very under-emphasized already. This should be sufficient. It shouldn't get in the way of people who know what they are doing, just like we let people not install any recommended plugins.
> If we insist on forcing people to create an admin user just to install LDAP plugin & throw that user away, then I'd rather not have the "Skip" button. As a reference, Atlassian tools for example doesn't let you skip creating admin user. You always have to create one.

Seems to me a lot of the problem stems from the label choice. It seems to fix most or all of your concerns if instead of "Skip creating an admin user" it said "Hey we have this cool user called admin whose password is the code we just told you -- do you want to Customize it? Maybe change the user name? Or use a terrible password you can actually remember?".

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0083BBAD-BF38-478A-932E-0449BFD1F45A%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.