Closed cdenneen closed 2 years ago
Did you get 2.1
by default from one of the managed repos?
Yes from the jenkins repo 2.1-1.1
Which platform? It is not yet in the EL repo.
Oh, I see, it is in the non-lts repo. @rtyler How would you feel about using the LTS repo by default?
Here's the reference: baseurl=http://pkg.jenkins-ci.org/redhat/
Damn, we probably should default to the LTS one for now.
@jhoblitt yep, I'm in favor of defaulting to LTS.
This only seems to be an issue with RedHat (applying the module), With Ubuntu 16.04 it installs 2.1 without problems.
I merged the lts by default pr yesterday. I have not had time to look at what is needed to support 2.x.
In case it helps, I've been playing with a new Jenkins build using the forge version of this module (1.6.1) and allowing the latest version of jenkins to be used (2.10, at time of writing).
The new 'secure-by-default' configuration blocks CLI access until a secret key has been retrieved from the file system and entered into the UI by hand. These guys have also been struggling with the same issues: https://github.com/geerlingguy/ansible-role-jenkins/issues/50.
I found that adding -Djenkins.install.runSetupWizard=false
to jenkins::config_hash['JENKINS_JAVA_OPTIONS']['value'] seems to work - so long as this is done before the first run of the jenkins service.
(The default JENKINS_JAVA_OPTIONS in the /etc/sysconfig/jenkins on RedHat already contained -Djava.awt.headless=true
, so this should maybe be included in any default settings.)
[ed: Checking the provenance of this flag, it looks it originated with you guys, so you're clearly on the case!: https://issues.jenkins-ci.org/browse/JENKINS-34035)
Updating the CLI options does work as long as 2.x wasn't previous started. I would like to know what state we need to blow away to make this idempotent...
2.7.1 has been added to the LTS repos: http://pkg.jenkins-ci.org/redhat-stable/jenkins-2.7.1-1.1.noarch.rpm
Hi folks,
using latest LTS (2.7.4) and latest version of the module I still face issues.
This is a part of my manifest:
class { 'jenkins':
lts => $uselts,
install_java => false,
proxy_host => $jenkinsproxy,
proxy_port => $jenkinsproxyport,
manage_user => false,
manage_group => false,
manage_datadirs => false,
cli => true,
user_hash => {
'myadmin' => { 'password' => 'xxx',
'email' => 'admin@localhost'}
},
config_hash => {
'JENKINS_JAVA_OPTIONS' => {value => '-Djenkins.install.runSetupWizard=false'},
},
}
During the puppet run I got several errors regarding the creation of the user:
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: java.io.IOException: No X-Jenkins-CLI2-Port among [null, X-Required-Permission, X-Jenkins, X-You-Are-In-Group, X-Hudson, Content-Length, Expires, X-You-Are-Authenticated-As, X-Permission-Implied-By, Set-Cookie, Server, X-Content-Type-Options, Date, X-Jenkins-Session, Content-Type]
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: at hudson.cli.CLI.getCliTcpPort(CLI.java:284)
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: at hudson.cli.CLI.<init>(CLI.java:128)
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:72)
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: at hudson.cli.CLI._main(CLI.java:473)
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: at hudson.cli.CLI.main(CLI.java:384)
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: Suppressed: java.io.IOException: Server returned HTTP response code: 403 for URL: http://127.0.0.1:8080/cli
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1628)
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: at hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:78)
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: at hudson.cli.CLI.connectViaHttp(CLI.java:152)
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: at hudson.cli.CLI.<init>(CLI.java:132)
==> srv1 Notice: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: ... 3 more
==> srv1 Error: /usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy create_or_update_user myadmin admin@localhost 'xxx' 'Managed by Puppet' '' returned 255 instead of one of [0]
==> srv1 Error: /Stage[main]/Jenkins::Users/Jenkins::User[myadmin]/Jenkins::Cli::Exec[create-jenkins-user-myadmin]/Exec[create-jenkins-user-myadmin]/returns: change from notrun to 0 failed: /usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy create_or_update_user myadmin admin@localhost 'xxx' 'Managed by Puppet' '' returned 255 instead of one of [0]
==> srv1 Notice: /Stage[main]/Jenkins::Cli::Reload/Exec[reload-jenkins]: Dependency Exec[create-jenkins-user-myadmin] has failures: true
In the log file jenkins complains about missing crumb:
WARNING: No valid crumb was included in request for /cli. Returning 403.
Sep 19, 2016 11:36:52 AM hudson.security.csrf.CrumbFilter doFilter
And browsing to the start page shows me the login page.
Any suggestions?
Are you able to use the CLI jar manually?
Hi Joshua,
no, I run into the same error:
# java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 help
java.io.IOException: No X-Jenkins-CLI2-Port among [null, X-Required-Permission, X-Jenkins, X-You-Are-In-Group, X-Hudson, Content-Length, Expires, X-You-Are-Authenticated-As, X-Permission-Implied-By, Set-Cookie, Server, X-Content-Type-Options, Date, X-Jenkins-Session, Content-Type]
at hudson.cli.CLI.getCliTcpPort(CLI.java:284)
at hudson.cli.CLI.<init>(CLI.java:128)
at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:72)
at hudson.cli.CLI._main(CLI.java:473)
at hudson.cli.CLI.main(CLI.java:384)
Suppressed: java.io.IOException: Server returned HTTP response code: 403 for URL: http://127.0.0.1:8080/cli
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1628)
at hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:78)
at hudson.cli.CLI.connectViaHttp(CLI.java:152)
at hudson.cli.CLI.<init>(CLI.java:132)
... 3 more
This is after a fresh provisioning.
But I see that during the puppet apply the jenkins service gets restarted:
==> srv1: Debug: Class[Jenkins::Config]: The container Stage[main] will propagate my refresh event
==> srv1: Debug: Service[jenkins](provider=upstart): Could not find jenkins.conf in /etc/init
==> srv1: Debug: Service[jenkins](provider=upstart): Could not find jenkins.conf in /etc/init.d
==> srv1: Debug: Service[jenkins](provider=upstart): Could not find jenkins in /etc/init
==> srv1: Debug: Executing '/etc/init.d/jenkins status'
==> srv1: Debug: Executing '/etc/init.d/jenkins status'
==> srv1: Debug: Executing '/etc/init.d/jenkins restart'
==> srv1: Notice: /Stage[main]/Jenkins::Service/Service[jenkins]: Triggered 'refresh' from 6 events
==> srv1: Debug: /Stage[main]/Jenkins::Service/Service[jenkins]: The container Class[Jenkins::Service] will propagate my refresh event
==> srv1: Debug: Class[Jenkins::Service]: The container Stage[main] will propagate my refresh event
May this is due to the restart of jenkins?
Does not seem to work with 2.1
Also the "initial admin secret available in /var/lib/jenkins/secrets/..." need a way to bypass when building via puppet.