Weird configuration with a clean install of Jenkins

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Weird configuration with a clean install of Jenkins

Karl Davis
Howdy all,

I am really stumped here. I've got an Ansible role that installs and configures Jenkins using the Debian packages: https://github.com/karlmdavis/ansible-role-jenkins2. It uses the -Djenkins.install.runSetupWizard=false flag, and handles the first-time setup itself.

In my tests using that role, it seems that Jenkins is ending up with this weird config.xml:

<?xml version='1.0' encoding='UTF-8'?>
<hudson>
  <disabledAdministrativeMonitors/>
  <version>1.0</version>
  <numExecutors>2</numExecutors>
  <mode>NORMAL</mode>
  <useSecurity>true</useSecurity>
  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
  <securityRealm class="hudson.security.SecurityRealm$None"/>
  <disableRememberMe>false</disableRememberMe>
  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
  <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
  <jdks/>
  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
  <clouds/>
  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
  <views>
    <hudson.model.AllView>
      <owner class="hudson" reference="../../.."/>
      <name>all</name>
      <filterExecutors>false</filterExecutors>
      <filterQueue>false</filterQueue>
      <properties class="hudson.model.View$PropertyList"/>
    </hudson.model.AllView>
  </views>
  <primaryView>all</primaryView>
  <slaveAgentPort>0</slaveAgentPort>
  <label></label>
  <nodeProperties/>
  <globalNodeProperties/>
</hudson>


That... doesn't seem right? Shouldn't a clean install of Jenkins end up configured to use hudson.security.HudsonPrivateSecurityRealm? And also, what's up with the <version>1.0</version> in there?

Just to make this even more confusing, when I'm running this role in a different environment (but also a clean install) the config.xml has hudson.security.HudsonPrivateSecurityRealm and -- sometimes (?!) -- ends up with <version>2.whatever</version>.

I'm really confused as to 1) what a clean install's configuration is supposed to be, and 2) why I'm getting different results intermittently. Does anyone have any clues?

Thanks much,
Karl M. Davis


P.S. The two environments that I'm seeing different behavior in are 1) a custom Ubuntu 16.04 Docker container, and 2) an Ubuntu 16.04 EC2 VM. I wouldn't expect there to be any default config.xml differences between those two, but what do I know?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/f7dd1472-6a96-4b01-96cc-d18d1b05f307%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Weird configuration with a clean install of Jenkins

Daniel Beck

> On 8. Oct 2017, at 17:20, Karl Davis <[hidden email]> wrote:
>
> Shouldn't a clean install of Jenkins end up configured to use hudson.security.HudsonPrivateSecurityRealm?

Not if you explicitly disable the setup wizard (then you're expected to set things up yourself from scratch). The behavior is as documented on https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/765EF528-76AB-4C5A-9225-EB5566B6023A%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Weird configuration with a clean install of Jenkins

Daniel Beck
In reply to this post by Karl Davis

> On 8. Oct 2017, at 17:20, Karl Davis <[hidden email]> wrote:
>
> Just to make this even more confusing, when I'm running this role in a different environment (but also a clean install) the config.xml has hudson.security.HudsonPrivateSecurityRealm and -- sometimes (?!) -- ends up with <version>2.whatever</version>.

To clarify, I answered this from Jenkins' perspective. I don't know what the role does, but as it seems to behave inconsistently, perhaps ask over there?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/68D8417E-3D91-4710-B736-648F0C9AD282%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Weird configuration with a clean install of Jenkins

Karl Davis
In reply to this post by Daniel Beck
Daniel,

Okay, that makes sense. Unfortunately, that leaves me completely stumped as to why it's ending up configured to use hudson.security.HudsonPrivateSecurityRealm when I run it in EC2. Historically speaking, it's likely that I'm doing something stupid that gets it into that state, except... I can't see what that might be.

Any chance there's some weird race condition, where the initial config transitions from one state to another -- and mine's just getting stuck with the one?

Confusedly yours,
Karl M. Davis


On Sunday, October 8, 2017 at 11:27:38 AM UTC-4, Daniel Beck wrote:

> On 8. Oct 2017, at 17:20, Karl Davis <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="Zp4Flyt2AgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">ka...@...> wrote:
>
> Shouldn't a clean install of Jenkins end up configured to use hudson.security.HudsonPrivateSecurityRealm?

Not if you explicitly disable the setup wizard (then you're expected to set things up yourself from scratch). The behavior is as documented on <a href="https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwiki.jenkins.io%2Fdisplay%2FJENKINS%2FFeatures%2Bcontrolled%2Bby%2Bsystem%2Bproperties\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFU-4EUh7ILPhPyr-33Htuyvv791Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwiki.jenkins.io%2Fdisplay%2FJENKINS%2FFeatures%2Bcontrolled%2Bby%2Bsystem%2Bproperties\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFU-4EUh7ILPhPyr-33Htuyvv791Q&#39;;return true;">https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/b75cb573-6c9f-4f0a-ae68-0e38d9db96eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Weird configuration with a clean install of Jenkins

Karl Davis
In reply to this post by Daniel Beck
Heh. Unfortunately, I'm the idiot responsible for the role. And I'm stumped.

On Sunday, October 8, 2017 at 11:30:34 AM UTC-4, Daniel Beck wrote:

> On 8. Oct 2017, at 17:20, Karl Davis <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="3w_6dlR2AgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">ka...@...> wrote:
>
> Just to make this even more confusing, when I'm running this role in a different environment (but also a clean install) the config.xml has hudson.security.HudsonPrivateSecurityRealm and -- sometimes (?!) -- ends up with <version>2.whatever</version>.

To clarify, I answered this from Jenkins' perspective. I don't know what the role does, but as it seems to behave inconsistently, perhaps ask over there?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e8b01149-945d-4ca1-878b-3ae0de173a72%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Weird configuration with a clean install of Jenkins

Karl Davis
Daniel,

Actually... maybe it is a race condition. When the role installs Jenkins, it doesn't pre-create the /etc/default/jenkins file, which is where the -Djenkins.install.runSetupWizard=false flag is. So, the order of operations is this:
  1. Install the jenkins package from APT.
  2. Jenkins is auto-started by systemd.
  3. Add the flag to disable the setup wizard.
  4. Restart Jenkins.
  5. Do all the other config needed.
The race condition would be: how far does Jenkins get on that first boot, before being restarted without the setup wizard?

Shoot. That makes a lot of sense. I guess I need to pre-create the /etc/default/jenkins file, with the setup wizard disabled and then install Jenkins.

Slightly less confusedly yours,
Karl M. Davis


On Sunday, October 8, 2017 at 11:36:20 AM UTC-4, Karl Davis wrote:
Heh. Unfortunately, I'm the idiot responsible for the role. And I'm stumped.

On Sunday, October 8, 2017 at 11:30:34 AM UTC-4, Daniel Beck wrote:

> On 8. Oct 2017, at 17:20, Karl Davis <[hidden email]> wrote:
>
> Just to make this even more confusing, when I'm running this role in a different environment (but also a clean install) the config.xml has hudson.security.HudsonPrivateSecurityRealm and -- sometimes (?!) -- ends up with <version>2.whatever</version>.

To clarify, I answered this from Jenkins' perspective. I don't know what the role does, but as it seems to behave inconsistently, perhaps ask over there?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/fedb8725-a961-4af9-93c5-5dc0a347abea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Weird configuration with a clean install of Jenkins

Karl Davis
Confirmed: that was the problem. Pre-creating /etc/default/jenkins resolved it.

On Sunday, October 8, 2017 at 11:42:28 AM UTC-4, Karl Davis wrote:
Daniel,

Actually... maybe it is a race condition. When the role installs Jenkins, it doesn't pre-create the /etc/default/jenkins file, which is where the -Djenkins.install.runSetupWizard=false flag is. So, the order of operations is this:
  1. Install the jenkins package from APT.
  2. Jenkins is auto-started by systemd.
  3. Add the flag to disable the setup wizard.
  4. Restart Jenkins.
  5. Do all the other config needed.
The race condition would be: how far does Jenkins get on that first boot, before being restarted without the setup wizard?

Shoot. That makes a lot of sense. I guess I need to pre-create the /etc/default/jenkins file, with the setup wizard disabled and then install Jenkins.

Slightly less confusedly yours,
Karl M. Davis


On Sunday, October 8, 2017 at 11:36:20 AM UTC-4, Karl Davis wrote:
Heh. Unfortunately, I'm the idiot responsible for the role. And I'm stumped.

On Sunday, October 8, 2017 at 11:30:34 AM UTC-4, Daniel Beck wrote:

> On 8. Oct 2017, at 17:20, Karl Davis <[hidden email]> wrote:
>
> Just to make this even more confusing, when I'm running this role in a different environment (but also a clean install) the config.xml has hudson.security.HudsonPrivateSecurityRealm and -- sometimes (?!) -- ends up with <version>2.whatever</version>.

To clarify, I answered this from Jenkins' perspective. I don't know what the role does, but as it seems to behave inconsistently, perhaps ask over there?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6c6397c2-e614-4ce3-a41e-ad27ed2731ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.