Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 12:45
    amuniz commented #912
  • Jun 23 17:55
    akaryakina commented #1631
  • Jun 23 05:05
    jetersen commented #1631
  • Jun 23 04:11
    jetersen commented #1631
  • Jun 22 22:35
    Unforgettable631 starred jenkinsci/configuration-as-code-plugin
  • Jun 22 22:08
    akaryakina commented #1631
  • Jun 22 22:06
    akaryakina commented #1631
  • Jun 22 22:05
    tduchateau-pro starred jenkinsci/configuration-as-code-plugin
  • Jun 22 21:29
    jetersen commented #1631
  • Jun 22 21:13
    akaryakina labeled #1631
  • Jun 22 21:13
    akaryakina opened #1631
  • Jun 22 03:06
    lvaikunt starred jenkinsci/configuration-as-code-plugin
  • Jun 21 20:01

    dependabot[bot] on maven

    (compare)

  • Jun 21 20:01
    dependabot[bot] closed #1627
  • Jun 21 20:01
    dependabot[bot] commented #1627
  • Jun 21 20:01
    dependabot[bot] labeled #1630
  • Jun 21 20:01
    dependabot[bot] opened #1630
  • Jun 21 20:01
    dependabot[bot] review_requested #1630
  • Jun 21 20:01

    dependabot[bot] on maven

    Bump kubernetes from 1.6.4 to 1… (compare)

  • Jun 21 20:00
    dependabot[bot] labeled #1629
Gopi V
@gopivalleru
https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/credentials
https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/kubernetes-secrets
https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/blob/master/src/test/resources/filters.yml
https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin
Julian Xhokaxhiu
@julianxhokaxhiu

Hi, I'm trying to setup an automated installation of Jenkins on Kubernetes using the active-directory plugin. So far, it works fine and i can login, although it's stated in the documentation that it's possible to use a fallback user to login in case the AD server goes down. As I'm using JCasC to setup Jenkins on deployment using the relative helm chart, how can I on a fresh install be able to:

  • Create a default admin user and,
  • Enable AD plugin and configure it and,
  • Do all of these using JCasC?

The main goal here is having a 0 click setup that wires up everything.

Thank you in advance for any help given.

Oleg Nenashev
@oleg-nenashev
Do we do the JCasC meeting today?
schnort
@schnort

I'm investigating using JCasC to export our jenkins server to redeploy into a new network. (We're being bought).

When I installed the plugin and ran 'view configuration', I don't see plugins obviously listed in the output.

Are they supposed to show up? Or maybe I'm not looking at the right thing?

Specifically, I'm also looking at migrating to jenkins-swarm instead of hand configuring nodes, so I installed that plug-in and rebooted and looked at JCasC output and can't spot anything related to swarm.

HALP!

halkeye
@halkeye:g4v.dev
[m]
like installation of plugins? or the configuration of plugins? if the plugins have the code right with descriptors and setters, which i believe swarm does, it should export the config
schnort
@schnort

Hmm, I search the exported yaml and I don't find 'swarm' anywhere (matter of fact, I don't see 'plugin' anywhere), even after reboot, but maybe this is total driver error. We haven't really been keeping it up to date because we're terrified of breaking it. A few years ago, we had an engineer force an update of something and brought the server down and it took us a 'long' time to get it back up due to devops ignorance (we're an embedded firmware shop)

This lack of care and attention is what's bringing me to investigate JCasC so we don't end up in that position again...

I think the server itself is 2.223, and we have a bunch of plugin security warnings we haven't addressed for a long time. I'll try updating to latest and see if it is better.

15 replies
dry4ng
@dry4ng

Can someone please suggest a way to create Fall-back user programmatically when using Active Directory plugin combined with JCasC?

internalUsersDatabase:
    jenkinsInternalUser: admin

Ad described here https://plugins.jenkins.io/active-directory/

Julian Xhokaxhiu
@julianxhokaxhiu
I'm asking for the very same thing, and no one yet is replying... https://gitter.im/jenkinsci/configuration-as-code-plugin?at=60b4af5643fc4a24c5d689fb
Also, can someone please explain how to expand this section specifying a user id?
jenkins:
  authorizationStrategy:
    globalMatrix:
      permissions:
        - "Overall/Read:authenticated"
Julian Xhokaxhiu
@julianxhokaxhiu
nvm, figured it out :) All is left now is to understand how to create the fallback user
Chris Wiggins
@cwiggs_gitlab
Is there a way to use the JENKINS_URL environment variable in the JCasC config.yml? I tried to call it with "${JENKINS_URL}" but that value seems to be empty.
Tim Jacomb
@timja
only if you set it yourself as an environment variable
Chris Wiggins
@cwiggs_gitlab
Okay, thank you.
sandeepbaldawa
@sandeepbaldawa_twitter
Is there a way to define a common jcasc configuration file which can be imported by other config files. Our use-case is we have multiple Jenkins instances using jcasc yaml file and it's difficult to remember to apply a common fix to all the yaml files. Rather applying to a single common yaml file would be v helpful.
Gopi V
@gopivalleru
@sandeepbaldawa_twitter you can templatize your CasC
4 replies
Tim Jacomb
@timja
@sandeepbaldawa_twitter the normal pattern is to supply multiple files
2 replies
a base common file and then others
BipinXavier
@BipinXavier
Does anyone face any issues with ec2 plugin configuration after upgrading to latest version? It does not pick the values for ec2 key privateKeyand the connectionStrategy:. When we configure it through the fronend it seems working. But we have to configure connectionStrategy: everytime.
9 replies
Ehud Yonasi
@eyonasi
Hi, is there a way to use jcasc in CI on the jenkins master itself when you want to merge a job? is it possible?
Tim Jacomb
@timja
@eyonasi https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/configurationReload.md
via groovy script but you will need to whitelist methods i assume
we normally recommend via http POST to JENKINS_URL/reload-configuration-as-code
which you can also do from the controller
Ehud Yonasi
@eyonasi
I assumed something like that, thanks Tim!
Tim Black
@timblaktu

Reviving an old (deleted?) thread about backup/restore of build history on Jenkins controllers which of course is not handled by JCasC.

Before we "roll our own" solution in which we:

  • make hourly restic backups of production controller, then
  • restore the most recent backup to staging and testing/dev environments (which we fully create/configure using Packer/Ansible/JCasC),

I thought I'd ask @Gaurav2Github, @jetersen, @oleg-nenashev, is there a better way in 2021, or do you still say "don't rely on Jenkins for build history"?

Managing multi-environment Jenkins clusters that need to frequently roll out new features, bugfixes, and updates from dev --> staging --> prod requires a certain level of continuity in build history when the promotions happen. I'm not saying the artifacts are important (I agree that artifacts should live elsewhere), but the historical information of what builds happened, when, and how long did they take, is essential in monitoring used by an Engineering org to make business decisions.

Related, instead of just backing up the jobs/ dir (we're using restic to make external backups from a simple hourly cron job), I'm considering using the new-ish jenkins.model.Jenkins.buildsDir system property to separate builds/ from jobs/.

Without this change, since CasC and our restic restore operation would both be writing to jobs/, I'm thinking that separating jobs/ from builds/ in this way would provide some insurance against unforeseen conflicts of these two mechanisms interfering with one another.

Thoughts?

Neil H Watson
@neilhwatson
Hi, I'm trying to a minimal casc config working but Jenkins is returning an unhelpful error: io.jenkins.plugins.casc.ConfiguratorException: Item isn't a Scalar How can I debug this?
Tim Jacomb
@timja
@neilhwatson best to export a working configuration, that error probably means you indentation is, scalar is explained here: https://yaml-multiline.info/
iamroddo
@iamroddo
Is it possible to change the path from which JCasC configuration YAML is loaded via the Jenkins REST interface?
Trivalik
@trivalik
Since few days or weeks we have: 2021-06-17 11:20:20.755+0000 [id=31] WARNING hudson.ExtensionFinder$Sezpoz#scout: Failed to scout com.sonyericsson.hudson.plugins.gerrit.trigger.config.GerritJcascConfigurator$ServerConfigurator
java.lang.ClassNotFoundException: io.jenkins.plugins.casc.BaseConfigurator
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1394)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1349)
at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1095)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
Caused: java.lang.NoClassDefFoundError: io/jenkins/plugins/casc/BaseConfigurator
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
at jenkins.util.AntClassLoader.defineClassFromData(AntClassLoader.java:1161)
at jenkins.util.AntClassLoader.getClassFromStream(AntClassLoader.java:1332)
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1384)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1349)
at jenkins.ClassLoaderReflectionToolkit._findClass(ClassLoaderReflectionToolkit.java:108)
at hudson.PluginManager$UberClassLoader.findClass(PluginManager.java:2158)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at net.java.sezpoz.IndexItem.element(IndexItem.java:134)
Caused: java.lang.InstantiationException
at net.java.sezpoz.IndexItem.element(IndexItem.java:146)
at hudson.ExtensionFinder.getClassFromIndex(ExtensionFinder.java:744)
at hudson.ExtensionFinder.access$900(ExtensionFinder.java:86)
at hudson.ExtensionFinder$Sezpoz.scout(ExtensionFinder.java:729)
at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:344)
at hudson.ExtensionList.load(ExtensionList.java:383)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:319)
at hudson.ExtensionList.getComponents(ExtensionList.java:183)
at jenkins.model.Jenkins$6.onInitMilestoneAttained(Jenkins.java:1190)
at jenkins.InitReactorRunner$1.onAttained(InitReactorRunner.java:89)
at org.jvnet.hudson.reactor.ReactorListener$Aggregator.lambda$onAttained$3(ReactorListener.java:102)
at org.jvnet.hudson.reactor.ReactorListener$Aggregator.run(ReactorListener.java:109)
at org.jvnet.hudson.reactor.ReactorListener$Aggregator.onAttained(ReactorListener.java:102)
at org.jvnet.hudson.reactor.Reactor$1.run(Reactor.java:177)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Has anybody an idea?
iamroddo
@iamroddo

Is it possible to change the path from which JCasC configuration YAML is loaded via the Jenkins REST interface?

The path seems to be stored in /var/jenkins_home/io.jenkins.plugins.casc.CasCGlobalConfig.xml. Updating the path via GUI updates the path in the file, but modifying the file doesn't cause the path used to be changed. Is there a process that can be triggered to re-read this file after making a change to the path in it?

Tim Jacomb
@timja
normally you update the file not the path
iamroddo
@iamroddo
I agree, I want to be able to deal with a situation where someone makes a change to the path via the GUI to something incorrect and I want to change it back without having to manual click through the GUI, ie update it with a script or so.
Tim Jacomb
@timja
i assume don't give them access to do that isn't an option?
iamroddo
@iamroddo

Is it possible to remove access to change this setting in the GUI?

If not, then I can imagine that someone with admin privileges could make an accidental change.

I want to have Jenkins fully configurable through code. Any deviation from the desired state should be correctable via code. I don't want to have to go into the GUI to fix a mistake.

Tim Jacomb
@timja
@iamroddo give out the systemread permission instead of administer
keep administer permissions really low
iamroddo
@iamroddo
@timja Thanks. Is there any way other than via the GUI to configure the path to the CasC file?
Tim Jacomb
@timja
yes system property and environment value
I think they overwrite ui changes on restart
not 100% sure though
1 reply
search CASC_JENKINS_CONFIG in the main README
Oleg Nenashev
@oleg-nenashev
@timja As a part of the yet-to-be-implemented "Configuration-as-Code SIG" idea, does it make sense to start a category in community.jenkins.io for it?
iamroddo
@iamroddo
@timja is "casCGlobalConfig.configurationPath" in the CasC file the "system property" that you refer to? If not, what is it and how can this set?
Tim Jacomb
@timja
-Dcasc.jenkins.config
Hakeem
@hak33m16
Has anybody ever found a way to not have their seed job trigger hundreds of builds the first time you update a regex? I really don't care about having Jenkins run all builds for the configuration I'm passing it, I just care about the webhook portion
3 replies
Christian Allred
@christianallred
Heyo everyone, im using casc to spin up a dev cluster for our release testing / publication systems but im running into an issue in local development where jenkins is caching some .jar's that have been updated. is there a way to set the caching mechanism for globalLibraries in the casc file? i can't find the documentation for the casc file interface maybe im looking in the wrong places.