Chef:启用Jenkins安全性会导致插件安装失败 [英] Chef: Enabling Jenkins security causes plugin installation to fail
问题描述
我目前正在使用Chef在受管节点上部署Jenkins实例.我正在使用以下公共超市食谱: https://supermarket.chef.io/cookbooks/jenkins.
I am currently using Chef to deploy a Jenkins instance on a managed node. I am using the following public supermarket cookbook: https://supermarket.chef.io/cookbooks/jenkins .
我正在我的配方文件中使用以下代码来启用身份验证:
I am using the following code in my recipe file to enable authentication:
jenkins_script 'activate global security' do
command <<-EOH.gsub(/^ {4}/, '')
import jenkins.model.*
import hudson.security.*
def instance = Jenkins.getInstance()
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount("Administrator","Password")
instance.setSecurityRealm(hudsonRealm)
instance.save()
def strategy = new GlobalMatrixAuthorizationStrategy()
strategy.add(Jenkins.ADMINISTER, "Administrator")
instance.setAuthorizationStrategy(strategy)
instance.save()
EOH
end
当在托管节点上首次运行配方时,这对于在实例上设置安全性非常有用.它在Jenkins服务器上创建具有管理员权限的管理员用户.除了在Jenkins实例上启用安全性外,还使用此食谱安装插件.
This works great to setup security on the instance the first time the recipe is run on the managed node. It creates an administrator user with administrator permissions on the Jenkins server. In addition to enabling security on the Jenkins instance, plugins are also installed using this recipe.
启用安全性后,安装尚不存在(但已指定要安装)的插件将失败:
Once security has been enabled, installation of plugins which do not yet exist (but are specified to be installed), fail:
ERROR: anonymous is missing the Overall/Read permission
我认为这是与新创建的管理员帐户有关的错误,并且Chef尝试使用匿名用户(而不是管理员用户)安装插件.为了解决此权限问题,应在我的配方文件中进行任何设置吗?
I assume this is an error related to the newly created administrator account, and Chef attempting to install the plugins using the anonymous user as opposed to the administrator user. Is there anything that should be set in my recipe file in order to work around this permissions issue?
此处的目标是,如果插件升级到不需要的版本或完全卸载,则运行配方将重新安装/回滚任何插件更改.如果我还对Jenkins实例启用了安全性,那么目前看来这是不可能的.
The goal here is that in the event a plugin is upgraded to an undesired version or uninstalled completely, running the recipe will reinstall / rollback any plugin changes. Currently this does not appear to be possible if I also have security enabled on the Jenkins instance.
EDIT 还应注意,当前每次需要以这种方式修复插件时,都必须禁用安全性,然后运行整个配方(插件安装+安全性启用).
EDIT It should also be noted that currently each time I need to repair plugins in this way, I have to disable security then run the entire recipe (plugin installation + security enable).
感谢您的帮助!
推荐答案
jenkins_plugin资源似乎没有公开任何身份验证选项,因此您可能需要构建自己的资源.如果深入研究代码,您会发现菜谱中的底层执行程序层确实支持auth(以及其他很多东西),因此在复制叉中很容易做到(并向我们发送补丁)只是这种资源.
The jenkins_plugin resource doesn't appear to expose any authentication options so you'll probably need to build your own resource. If you dive in to the code you'll see that the underlying executor layer in the cookbook does support auth (and a whole bunch of other stuff) so it might be easy to do in a copy-fork (and send us a patch) of just that resource.
这篇关于Chef:启用Jenkins安全性会导致插件安装失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
