Deprecated cli access, unable to set initial admin account

scoopex commented 7 years ago

I setup jenkins using the following code

    apt::source { 'jenkins':
      location => 'http://pkg.jenkins-ci.org/debian-stable',
      release  => 'binary/',
      repos    => '',
      key      => {
        'id'     => '150FDE3F7787E7D11EF4E12A9B7D32F2D50582E6',
        'source' => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',
      },
      include  => {
        'src' => false,
      },
    }
    # interim hack: change this to a subscription on the apt-module in the real setup
    -> exec { 'jenkins update':
      command   => '/usr/bin/apt-get update',
      logoutput => 'on_failure',
      try_sleep => 1,
      # Compare the age of the sources.list files with pkgcache.bin and execute apt-get update if neccessary
      onlyif    => '/usr/bin/test -n "$(/usr/bin/find /etc/apt/sources.list.d/ /etc/apt/sources.list -newer /var/cache/apt/pkgcache.bin)"',
    } -> 
class {'::jenkins':
    repo => false,
    executors => 4,
    user_hash => $user_hash, # provided by hiera
    }

    # The jenkins module utilizes file_line, JAVA_ARGS is prefixed by "export" to prevent duplicate matches
    file_line { "Jenkins disable UPD Ports ${name} 5353 and 33848":
      path    => '/etc/default/jenkins',
      line    => "export JAVA_ARGS=\"\$JAVA_ARGS -Dhudson.udp=-1 -Dhudson.DNSMultiCast.disabled=true -Xmx${memory_in_megabytes}m\"",
      match   => 'hudson.DNSMultiCast.disabled',
      require => Package['jenkins'],
      notify  => Service['jenkins'],
    }

    jenkins::sysconfig{ 'JENKINS_ARGS':
>>    value => '--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1',
      require => Package['jenkins'],
      notify  => Service['jenkins'],
    }

   # Release 2.13 and higher needs Jenkins core 2.62+
   jenkins::plugin { 'workflow-job' :
       version   => '2.12.2',
   }
   jenkins::plugin { 'pipeline-multibranch-defaults':}
   jenkins::plugin { 'workflow-multibranch':}
   jenkins::plugin { 'config-file-provider':}
   jenkins::plugin { 'branch-api':}
   jenkins::plugin { 'cloudbees-folder':}

   jenkins::plugin { 'active-directory':}
   jenkins::plugin { 'authentication-tokens':}
   jenkins::plugin { 'bouncycastle-api':}
   jenkins::plugin { 'build-timeout':}
   jenkins::plugin { 'credentials-binding':}
   jenkins::plugin { 'plain-credentials':}
   jenkins::plugin { 'display-url-api':}
   jenkins::plugin { 'docker-commons': }
   jenkins::plugin { 'docker-workflow':}
   jenkins::plugin { 'docker-plugin':}
   jenkins::plugin { 'docker-build-step':}
   jenkins::plugin { 'durable-task':}
   jenkins::plugin { 'email-ext':}
   jenkins::plugin { 'external-monitor-job':}
   jenkins::plugin { 'gradle':}
   jenkins::plugin { 'ace-editor':}
   jenkins::plugin { 'jquery-detached':}
   jenkins::plugin { 'junit':}
   jenkins::plugin { 'ldap':}
   jenkins::plugin { 'mailer':}
   jenkins::plugin { 'mapdb-api':}
   jenkins::plugin { 'matrix-auth':}
   jenkins::plugin { 'matrix-project':}
   jenkins::plugin { 'antisamy-markup-formatter':}
   jenkins::plugin { 'pam-auth':}
   jenkins::plugin { 'workflow-api':}
   jenkins::plugin { 'workflow-cps':}
   jenkins::plugin { 'workflow-durable-task-step':}
   jenkins::plugin { 'workflow-scm-step':}
   jenkins::plugin { 'workflow-step-api':}
   jenkins::plugin { 'workflow-support':}
   jenkins::plugin { 'saml':}
   jenkins::plugin { 'scm-api': }
   jenkins::plugin { 'script-security':}
   jenkins::plugin { 'ssh-credentials':}
   jenkins::plugin { 'ssh-slaves':}
   jenkins::plugin { 'structs':}
   jenkins::plugin { 'timestamper':}
   jenkins::plugin { 'token-macro':}
   jenkins::plugin { 'icon-shim': }
   jenkins::plugin { 'subversion':}
   jenkins::plugin { 'scm-sync-configuration':}

If i execute the mentioned code, i get this: (Installs jenkins release 2.60.3)

       Info: Applying configuration version '1505395595'
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: 
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: ERROR: This command is requesting the deprecated -remoting mode. See https://jenkins.io/redirect/cli-command-requires-channel
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: Sep 14, 2017 1:28:10 PM hudson.cli.CLI$5 run
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: WARNING: null
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: java.io.IOException: Stream is closed
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns:  at sun.net.www.protocol.http.HttpURLConnection$StreamingOutputStream.checkError(HttpURLConnection.java:3512)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns:  at sun.net.www.protocol.http.HttpURLConnection$StreamingOutputStream.write(HttpURLConnection.java:3486)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns:  at java.io.DataOutputStream.writeInt(DataOutputStream.java:197)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns:  at hudson.cli.PlainCLIProtocol$EitherSide.send(PlainCLIProtocol.java:175)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns:  at hudson.cli.PlainCLIProtocol$ClientSide.sendEndStdin(PlainCLIProtocol.java:347)
       Notice: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns:  at hudson.cli.CLI$5.run(CLI.java:679)
       Error: '/usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy set_num_executors 4' returned 5 instead of one of [0]
       Error: /Stage[main]/Jenkins/Jenkins::Cli::Exec[set_num_executors]/Exec[set_num_executors]/returns: change from notrun to 0 failed: '/usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy set_num_executors 4' returned 5 instead of one of [0]

       Notice: /Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: 
       Notice: /Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: ERROR: This command is requesting the deprecated -remoting mode. See https://jenkins.io/redirect/cli-command-requires-channel
       Error: '/usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy create_or_update_user admin admin@foobar.net 'test' 'Managed by Puppet' ''' returned 5 instead of one of [0]
       Error: /Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: change from notrun to 0 failed: '/usr/bin/java -jar /usr/share/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy /usr/share/jenkins/puppet_helper.groovy create_or_update_user admin admin@foobar.net 'test' 'Managed by Puppet' ''' returned 5 instead of one of [0]
       Notice: /Stage[main]/Jenkins::Cli::Reload/Exec[reload-jenkins]: Dependency Exec[set_num_executors] has failures: true

wiccan2 commented 7 years ago

I am having the same issue, did you ever manage to resolve this?

leeuwenrjj commented 7 years ago

Me2

Kentzo commented 6 years ago

Same issue.

nick-george commented 6 years ago

+1

vStone commented 6 years ago

Related to #761?

ayk33 commented 6 years ago

Has this issue ever been resolved? If not what is a good workaround? I run into the following error message:

Error: '/bin/cat /usr/lib/jenkins/puppet_helper.groovy | /usr/bin/java -jar /usr/lib/jenkins/jenkins-cli.jar -s http://127.0.0.1:8080 groovy = create_or_update_user admin example@me.com 'changeme' 'Managed by Puppet' ''' returned 255 instead of one of [0]

Error: /Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: change from 'notrun' to ['0']

This is my puppet script looks like this

class jenkins_master {
  class {
    'jenkins':
      executors         => 2,
      install_java      => false,
      require           => [Class['java']],
      lts               => true,
      cli               => true,
      cli_remoting_free => true,
      user_hash => {
        'admin' => {
          'password' => 'changeme',
          'email'   => 'example@me.com',
        }
      }
  }
  class { 'jenkins::security':
      security_model => 'full_control',
  }

cliffano commented 5 years ago

I'm seeing the same problem as @ayk33 reported above in 2019, with Jenkins 2.176.1 . @esalberg is there any quick tip on what we can try to get around this problem?

The root of the error 255 on @ayk33's comment is: /Stage[main]/Jenkins::Users/Jenkins::User[admin]/Jenkins::Cli::Exec[create-jenkins-user-admin]/Exec[create-jenkins-user-admin]/returns: java.io.FileNotFoundException: http://127.0.0.1:8080/securityRealm/cli?remoting=false

I have tried setting cli_remoting_free to true, to false, they both resulted in the same error.

From my understanding from reading the code and from the error, I think jenkins::security ends up setting the authorization strategy but it doesn't set the security realm. Security realm is a puppet type in puppet-jenkins, but it's not obvious how it's meant to be used, or even if user meant to touch on it directly at all without using jenkins::security.

jeff1evesque commented 4 years ago

@cliffano, what if we just templatize some of the main configurations files as a workaround to a hopeful idea that this module would have parameters we could easily set?

ekohl commented 2 years ago

Closing for its age. Please open a new issue if this still persists.

voxpupuli / puppet-jenkins

Deprecated cli access, unable to set initial admin account #808