Enabling hudson security kills hudson

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Enabling hudson security kills hudson

Stephan Zeissler (KUTTIG)
Hi everyone,

For jnlp slave I need to enable the security feature in the hudson
configuration. Due to  my setup, there isn't any real authentication in
the j2ee container and (I guess) so all hudson become blank. I have to
disable the security feature manually to get hudson working again.
Because of the redirect to /hudson/secured/? I guess this is wanted, but
how can I enable security without becoming white pages?

Setup:
Apache2 with ajp_proxy for hudson
Hudson running standalone (Winestone)

-Stephan

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

stephan.zeissler.vcf (381 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Enabling hudson security kills hudson

Kohsuke Kawaguchi
Administrator
See http://hudson.gotdns.com/wiki/display/HUDSON/Winstone

But it's bit strange that the entire top page becomes blank. Can you
check if "java -jar hudson.jar" is reporting any errors?

Stephan Zeissler (KUTTIG) wrote:

> Hi everyone,
>
> For jnlp slave I need to enable the security feature in the hudson
> configuration. Due to  my setup, there isn't any real authentication in
> the j2ee container and (I guess) so all hudson become blank. I have to
> disable the security feature manually to get hudson working again.
> Because of the redirect to /hudson/secured/? I guess this is wanted, but
> how can I enable security without becoming white pages?
>
> Setup:
> Apache2 with ajp_proxy for hudson
> Hudson running standalone (Winestone)
--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Enabling hudson security kills hudson

Stephan Zeissler (KUTTIG)
[root@dev1 hudson]# apachectl restart
[root@dev1 hudson]# java -jar hudson.war --prefix=/hudson
[Winstone 2007/08/28 17:48:40] - Beginning extraction from war file
[Winstone 2007/08/28 17:48:42] - No webapp classes folder found -
/tmp/winstone/hudson.war.132/WEB-INF/classes
hudson home directory: /root/.hudson
Aug 28, 2007 5:48:42 PM hudson.TcpSlaveAgentListener <init>
INFO: JNLP slave agent listener started on TCP port 48042
Aug 28, 2007 5:48:43 PM hudson.model.Hudson load
INFO: Took 75 ms to load
[Winstone 2007/08/28 17:48:43] - HTTP Listener started: port=8080
[Winstone 2007/08/28 17:48:43] - AJP13 Listener started: port=8009
[Winstone 2007/08/28 17:48:43] - Winstone Servlet Engine v0.9.9 running:
controlPort=disabled


http://dev1.kuttig.com:8080/ => 404 (which is ok)
[Winstone 2007/08/28 17:49:11] - Request URL / not found - doesn't match
any webapp prefix

http://dev1.kuttig.com:8080/hudson/ => 200 (Hudson Dashboard with Login
link)

http://dev1.kuttig.com/hudson/ => Redirect to
http://dev1.kuttig.com/hudson/secured/? with blank page.

This looks like a ajp problem to me. I configured my apache to secure
/hudson by checking the user in our internal ldap.

- Stephan


Kohsuke Kawaguchi schrieb:

> See http://hudson.gotdns.com/wiki/display/HUDSON/Winstone
>
> But it's bit strange that the entire top page becomes blank. Can you
> check if "java -jar hudson.jar" is reporting any errors?
>
> Stephan Zeissler (KUTTIG) wrote:
>> Hi everyone,
>>
>> For jnlp slave I need to enable the security feature in the hudson
>> configuration. Due to  my setup, there isn't any real authentication
>> in the j2ee container and (I guess) so all hudson become blank. I
>> have to disable the security feature manually to get hudson working
>> again. Because of the redirect to /hudson/secured/? I guess this is
>> wanted, but how can I enable security without becoming white pages?
>>
>> Setup:
>> Apache2 with ajp_proxy for hudson
>> Hudson running standalone (Winestone)
>
--
Stephan Zeissler
Software-Development

KUTTIG Computeranwendungen GmbH
Frankfurter Straße 35
53840 Troisdorf
MOB +49 (173) 7207900
FON +49 (2241) 9833-413
FAX +49 (2241) 9833-100
EMAIL [hidden email]
WEB www.kuttig.com
GF Dipl.-Kfm. Klaus Kuttig
Michael Wessels
HR Siegburg Nr 2848


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

stephan.zeissler.vcf (381 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Enabling hudson security kills hudson

Kohsuke Kawaguchi
Administrator

If you put Hudson behind AJP and if you are using Apache to do
authentication, do you really need to enable security in Hudson? I guess
you set it up so that users would need to be authenticated before seeing
anything.

When you enable security in Hudson, that means Hudson will also do the
authentication, so you'd end up doubly authenticating users.

Stephan Zeissler (KUTTIG) wrote:

> [root@dev1 hudson]# apachectl restart
> [root@dev1 hudson]# java -jar hudson.war --prefix=/hudson
> [Winstone 2007/08/28 17:48:40] - Beginning extraction from war file
> [Winstone 2007/08/28 17:48:42] - No webapp classes folder found -
> /tmp/winstone/hudson.war.132/WEB-INF/classes
> hudson home directory: /root/.hudson
> Aug 28, 2007 5:48:42 PM hudson.TcpSlaveAgentListener <init>
> INFO: JNLP slave agent listener started on TCP port 48042
> Aug 28, 2007 5:48:43 PM hudson.model.Hudson load
> INFO: Took 75 ms to load
> [Winstone 2007/08/28 17:48:43] - HTTP Listener started: port=8080
> [Winstone 2007/08/28 17:48:43] - AJP13 Listener started: port=8009
> [Winstone 2007/08/28 17:48:43] - Winstone Servlet Engine v0.9.9 running:
> controlPort=disabled
>
>
> http://dev1.kuttig.com:8080/ => 404 (which is ok)
> [Winstone 2007/08/28 17:49:11] - Request URL / not found - doesn't match
> any webapp prefix
>
> http://dev1.kuttig.com:8080/hudson/ => 200 (Hudson Dashboard with Login
> link)
>
> http://dev1.kuttig.com/hudson/ => Redirect to
> http://dev1.kuttig.com/hudson/secured/? with blank page.
>
> This looks like a ajp problem to me. I configured my apache to secure
> /hudson by checking the user in our internal ldap.
>
> - Stephan
>
>
> Kohsuke Kawaguchi schrieb:
>> See http://hudson.gotdns.com/wiki/display/HUDSON/Winstone
>>
>> But it's bit strange that the entire top page becomes blank. Can you
>> check if "java -jar hudson.jar" is reporting any errors?
>>
>> Stephan Zeissler (KUTTIG) wrote:
>>> Hi everyone,
>>>
>>> For jnlp slave I need to enable the security feature in the hudson
>>> configuration. Due to  my setup, there isn't any real authentication
>>> in the j2ee container and (I guess) so all hudson become blank. I
>>> have to disable the security feature manually to get hudson working
>>> again. Because of the redirect to /hudson/secured/? I guess this is
>>> wanted, but how can I enable security without becoming white pages?
>>>
>>> Setup:
>>> Apache2 with ajp_proxy for hudson
>>> Hudson running standalone (Winestone)
>>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Enabling hudson security kills hudson

Stephan Zeissler (KUTTIG)
Well, I enabled security because I wanted to use/test the jnlp slaves
feature :)
- Stephan

Kohsuke Kawaguchi schrieb:

>
> If you put Hudson behind AJP and if you are using Apache to do
> authentication, do you really need to enable security in Hudson? I
> guess you set it up so that users would need to be authenticated
> before seeing anything.
>
> When you enable security in Hudson, that means Hudson will also do the
> authentication, so you'd end up doubly authenticating users.
>
> Stephan Zeissler (KUTTIG) wrote:
>> [root@dev1 hudson]# apachectl restart
>> [root@dev1 hudson]# java -jar hudson.war --prefix=/hudson
>> [Winstone 2007/08/28 17:48:40] - Beginning extraction from war file
>> [Winstone 2007/08/28 17:48:42] - No webapp classes folder found -
>> /tmp/winstone/hudson.war.132/WEB-INF/classes
>> hudson home directory: /root/.hudson
>> Aug 28, 2007 5:48:42 PM hudson.TcpSlaveAgentListener <init>
>> INFO: JNLP slave agent listener started on TCP port 48042
>> Aug 28, 2007 5:48:43 PM hudson.model.Hudson load
>> INFO: Took 75 ms to load
>> [Winstone 2007/08/28 17:48:43] - HTTP Listener started: port=8080
>> [Winstone 2007/08/28 17:48:43] - AJP13 Listener started: port=8009
>> [Winstone 2007/08/28 17:48:43] - Winstone Servlet Engine v0.9.9
>> running: controlPort=disabled
>>
>>
>> http://dev1.kuttig.com:8080/ => 404 (which is ok)
>> [Winstone 2007/08/28 17:49:11] - Request URL / not found - doesn't
>> match any webapp prefix
>>
>> http://dev1.kuttig.com:8080/hudson/ => 200 (Hudson Dashboard with
>> Login link)
>>
>> http://dev1.kuttig.com/hudson/ => Redirect to
>> http://dev1.kuttig.com/hudson/secured/? with blank page.
>>
>> This looks like a ajp problem to me. I configured my apache to secure
>> /hudson by checking the user in our internal ldap.
>>
>> - Stephan
>>
>>
>> Kohsuke Kawaguchi schrieb:
>>> See http://hudson.gotdns.com/wiki/display/HUDSON/Winstone
>>>
>>> But it's bit strange that the entire top page becomes blank. Can you
>>> check if "java -jar hudson.jar" is reporting any errors?
>>>
>>> Stephan Zeissler (KUTTIG) wrote:
>>>> Hi everyone,
>>>>
>>>> For jnlp slave I need to enable the security feature in the hudson
>>>> configuration. Due to  my setup, there isn't any real
>>>> authentication in the j2ee container and (I guess) so all hudson
>>>> become blank. I have to disable the security feature manually to
>>>> get hudson working again. Because of the redirect to
>>>> /hudson/secured/? I guess this is wanted, but how can I enable
>>>> security without becoming white pages?
>>>>
>>>> Setup:
>>>> Apache2 with ajp_proxy for hudson
>>>> Hudson running standalone (Winestone)
>>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>
>
--
Stephan Zeissler
Software-Development

KUTTIG Computeranwendungen GmbH
Frankfurter Straße 35
53840 Troisdorf
MOB +49 (173) 7207900
FON +49 (2241) 9833-413
FAX +49 (2241) 9833-100
EMAIL [hidden email]
WEB www.kuttig.com
GF Dipl.-Kfm. Klaus Kuttig
Michael Wessels
HR Siegburg Nr 2848


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

stephan.zeissler.vcf (381 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Enabling hudson security kills hudson

Kohsuke Kawaguchi
Administrator
Stephan Zeissler (KUTTIG) wrote:
> Well, I enabled security because I wanted to use/test the jnlp slaves
> feature :)

You can you use JNLP slaves without security, too.

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Enabling hudson security kills hudson

Stephan Zeissler (KUTTIG)
Uhm, no? When I add the slave, navigate to the slaves page
(/hudson/computer/slavename/) is says:

TCP port for JNLP slave agentsis is disabled. Go to system config screen
and change it <http://dev1.kuttig.com/hudson/configure>.

Going there, I need to activate the security checkbox to see the "TCP
Port for JNLP slave".
Or did I check the wrong option?

- Stephan

Kohsuke Kawaguchi schrieb:
> Stephan Zeissler (KUTTIG) wrote:
>> Well, I enabled security because I wanted to use/test the jnlp slaves
>> feature :)
>
> You can you use JNLP slaves without security, too.
>

--
Stephan Zeissler
Software-Development

KUTTIG Computeranwendungen GmbH
Frankfurter Straße 35
53840 Troisdorf
MOB +49 (173) 7207900
FON +49 (2241) 9833-413
FAX +49 (2241) 9833-100
EMAIL [hidden email]
WEB www.kuttig.com
GF Dipl.-Kfm. Klaus Kuttig
Michael Wessels
HR Siegburg Nr 2848


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

stephan.zeissler.vcf (381 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How to get artefacts from a build to dependants?

Corneil du Plessis
I have projects of which the artefacts will be used in more than one other
projects.

Is there some nice way to share/copy artefacts into dependant projects?


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to get artefacts from a build to dependants?

Wolfram Kroll-2
Corneil du Plessis schrieb:
> I have projects of which the artefacts will be used in more than one other
> projects.
>
> Is there some nice way to share/copy artefacts into dependant projects?

I use this by getting artifacts over http from other projects:
in Ant
<get src="${url}" dest="${file}" verbose="off" usetimestamp="on"/>
where url is something like
http://server:8080/hudson/job/myjob/lastSuccessfulBuild/artifact/myfile.extension

In this list it was already discussed if there could be a safe way to
access a consistent set of artifacts from different jobs. But currently
Hudson has no support for this.

Wolfram

>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to get artefacts from a build to dependants?

Kohsuke Kawaguchi
Administrator
Wolfram Kroll wrote:

> Corneil du Plessis schrieb:
>> I have projects of which the artefacts will be used in more than one other
>> projects.
>>
>> Is there some nice way to share/copy artefacts into dependant projects?
>
> I use this by getting artifacts over http from other projects:
> in Ant
> <get src="${url}" dest="${file}" verbose="off" usetimestamp="on"/>
> where url is something like
> http://server:8080/hudson/job/myjob/lastSuccessfulBuild/artifact/myfile.extension
>
> In this list it was already discussed if there could be a safe way to
> access a consistent set of artifacts from different jobs. But currently
> Hudson has no support for this.
Right. I think such a feature would have to come as an Ant task
implementation. The basic idea is to first fetch
.../lastSuccessfulBuild/buildNumber and then use that to download the
rest of the files.

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Enabling hudson security kills hudson

Kohsuke Kawaguchi
Administrator
In reply to this post by Stephan Zeissler (KUTTIG)
Stephan Zeissler (KUTTIG) wrote:
> Uhm, no? When I add the slave, navigate to the slaves page
> (/hudson/computer/slavename/) is says:
>
> TCP port for JNLP slave agentsis is disabled. Go to system config screen
> and change it <http://dev1.kuttig.com/hudson/configure>.
>
> Going there, I need to activate the security checkbox to see the "TCP
> Port for JNLP slave".
> Or did I check the wrong option?

By default JNLP slave agent port is set to "random". This configuration
can be only modified from web UI when the security is enabled, but
internally the value was maintained separately even when the security is
off. So if you do:

   1. enable security and change JNLP port setting to disabled
   2. submit
   3. disable security and submit

then you'll end updisabling the security but still also disable the JNLP
port. I fixed this in 1.136 so that disabling security will force the
JNLP port setting to be random.

In the mean time, you can work around the issue by:

   1. enable security and change JNLP port setting to random
   2. submit
   3. disable security

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Loading...