CI/CD full automation on RHEL - Problems with jenkins configuration regarding security (user and password)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CI/CD full automation on RHEL - Problems with jenkins configuration regarding security (user and password)

leginox
Hi all,

I have a question regarding the setup of a full automated Jenkins configuration and I'm thankful for any help that you might have.

I created a Container with a RHEL via Docker on which I installed a jenkins which I'm running in a cloud environment.

I'm able to start the jenkins via java {java_opts} -jar /usr/lib/jenkins/jenkins.war {jenkins_oprts}.

My plan so far was to hand over the initianal password via curl/or python requests library via a post to the "enter initial password form". Therefore I'm opening a session, requesting a Jenkins-Crumb via another post (which successfully works) and then creating a post with authentication admin/initianalpassword as user/pw + crumb in the header. I'm getting a success, but if I try then to access jenkins manually I get asked to enter the initianal password again. I know that the form redirects me to another page where I need to deny that I want to install plugins (I have a script which is transferring the .hpi files automatically and which is working fine), but I'm not able to access this site via a get and I have no clue how to access this site.

Therefor I tried to use the java option -Djenkins.install.runSetupWizard=false when I'm calling the jenkins.war file. Now I'm actually on the the jenkins home page, but I'm not able to set a user and password from there via curl/requests.

I also tried to pass --argumentsRealm.passwd.$ADMIN_USER and --argumentsRealm.roles.$ADMIN_USER=admin, but it did not work.

I also played around with the config.xml by enabling/disabling certain things inside.

Last but not least I tried also to set the jenkins env user and pw on the rhel directly via the deploy.yaml, but jenkins did not pick them up while starting.


I'm very new to all this and went through a lot of trial and error and I would appreciate if someone of you sees my mistake or if I'm on the complete wrong path to help me out.


Thank you so much in advance and I hope that I can come back with any help for other users in the future as well.

Best to you all
Leginox

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/395ec864-d129-43df-9300-ee84e448a631%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

CI/CD full automation on RHEL - Problems with jenkins configuration regarding security (user and password)

Ivan Fernandez Calvo
Take a look to this article, I think it could help you https://www.praqma.com/stories/start-jenkins-config-as-code/

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/b109c19b-9520-4884-8f53-70ce38f43b07%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: CI/CD full automation on RHEL - Problems with jenkins configuration regarding security (user and password)

JonathanRRogers
In reply to this post by leginox
On Thursday, February 13, 2020 at 8:02:49 PM UTC-5, leginox wrote:
Hi all,

I have a question regarding the setup of a full automated Jenkins configuration and I'm thankful for any help that you might have.

I created a Container with a RHEL via Docker on which I installed a jenkins which I'm running in a cloud environment.

Are you running Red Hat Enterprise Linux on a virtual machine managed by a service such as AWS or GCP? Is the Docker daemon running on a host system you control? Are you using an official Jenkins Docker image from https://hub.docker.com/r/jenkins/jenkins or did you create your own?


I'm able to start the jenkins via java {java_opts} -jar /usr/lib/jenkins/jenkins.war {jenkins_oprts}.

My plan so far was to hand over the initianal password via curl/or python requests library via a post to the "enter initial password form". Therefore I'm opening a session, requesting a Jenkins-Crumb via another post (which successfully works) and then creating a post with authentication admin/initianalpassword as user/pw + crumb in the header. I'm getting a success, but if I try then to access jenkins manually I get asked to enter the initianal password again. I know that the form redirects me to another page where I need to deny that I want to install plugins (I have a script which is transferring the .hpi files automatically and which is working fine), but I'm not able to access this site via a get and I have no clue how to access this site.

Therefor I tried to use the java option -Djenkins.install.runSetupWizard=false when I'm calling the jenkins.war file. Now I'm actually on the the jenkins home page, but I'm not able to set a user and password from there via curl/requests.

I also tried to pass --argumentsRealm.passwd.$ADMIN_USER and --argumentsRealm.roles.$ADMIN_USER=admin, but it did not work.

I also played around with the config.xml by enabling/disabling certain things inside.

Last but not least I tried also to set the jenkins env user and pw on the rhel directly via the deploy.yaml, but jenkins did not pick them up while starting.

What is the "rhel directory" and what is the purpose of "deploy.yaml"? I'm not aware of Jenkins itself interpreting any file called "deploy.yaml" but that is a common name for files representing Kubernetes objects. Are you attempting to deploy Jenkins via Kubernetes?



I'm very new to all this and went through a lot of trial and error and I would appreciate if someone of you sees my mistake or if I'm on the complete wrong path to help me out.


Thank you so much in advance and I hope that I can come back with any help for other users in the future as well.

Best to you all
Leginox

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/fd6adeb4-f466-41cf-ae0d-483ab80d50f0%40googlegroups.com.