Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 25 23:34
    wrender opened #1975
  • May 25 23:34
    wrender labeled #1975
  • May 25 16:51
    stephenjonesvizio forked
    stephenjonesvizio/configuration-as-code-plugin
  • May 25 08:10
    timja labeled #1973
  • May 25 07:37
    codecov[bot] commented #1974
  • May 25 07:35
    timja auto_merge_enabled #1974
  • May 25 07:28
    codecov[bot] commented #1974
  • May 25 07:25
    codecov[bot] commented #1974
  • May 25 06:55

    dependabot[bot] on maven

    (compare)

  • May 25 06:55
    dependabot[bot] closed #1962
  • May 25 06:55
    dependabot[bot] commented #1962
  • May 25 06:55
    dependabot[bot] labeled #1974
  • May 25 06:55
    dependabot[bot] labeled #1974
  • May 25 06:55
    dependabot[bot] review_requested #1974
  • May 25 06:55
    dependabot[bot] opened #1974
  • May 25 06:55

    dependabot[bot] on maven

    Bump error_prone_annotations fr… (compare)

  • May 25 06:53

    jetersen on master

    [JENKINS-57023] Switch dep from… (compare)

  • May 25 06:53
    jetersen closed #1973
  • May 24 23:35
    codecov[bot] commented #1973
  • May 24 23:24
    codecov[bot] commented #1973
dduportal
@dduportal:matrix.org
[m]

do we (infra) need it to be usable out of kubernetes?

Yes we do: we still have 3 instance in VMs

it seems to me that a chart would be the easier way in our case

Maybe. But I would like to have a solution that work for everyone, not only us. We already are going to use gotemplating in the infra as short term, but helm chart is only a solution for kubernetes users.

Marcos Ruiz
@MarcosJRuiz
image.png
this is error:
jenkins_MR | io.jenkins.plugins.casc.ConfiguratorException: No configurator for the following root elements jobs
jenkins_MR | at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:734)
jenkins_MR | at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:776)
jenkins_MR | at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:761)
jenkins_MR | at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:637)
jenkins_MR | at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:306)
jenkins_MR | at io.jenkins.plugins.casc.ConfigurationAsCode.doReload(ConfigurationAsCode.java:171)
jenkins_MR | at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
jenkins_MR | at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
jenkins_MR | Caused: java.lang.reflect.InvocationTargetException

my jenkins.yaml :

jobs:

  • script: >
    folder('qa')
    description("Environment reserved for Sysmap's Quality Assurance team")
1 reply
dduportal
@dduportal:matrix.org
[m]
@MarcosJRuiz: you can find some real life examples at https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/jobs
or https://github.com/jenkins-infra/kubernetes-management/blob/main/config/ext_jenkins-infra.yaml#L448
@MarcosJRuiz: and the Job-DSL wiki is a goldmine: https://github.com/jenkinsci/job-dsl-plugin/wiki/Dynamic-DSL
Jason Reslock
@jreslock
I have an issue that I've been trying to track down and I figured I would ask here. I'm using JCASC to automatically configure my Jenkins instance which runs as an ECS Fargate task. Sometimes (not every time) when I update my ECS Service to use a new task definition the links to all of my PR checks in GitHub end up with "unconfigured jenkins location" instead of a link back to the actual job. I am setting the JENKINS_URL as an environment variable for the task and I can see it in my running Jenkins configuration. Appears to be correct. Where can/should I be looking to investigate further?
More on this after digging into my ECS logs...I can see that InitialConfig.groovy is failing and I bet that is what breaks my JENKINS_URL setting.
Failed to run script file:/var/jenkins_home/init.groovy.d/InitialConfig.groovy java.lang.NullPointerException at jenkins.model.Jenkins.setInstallState
Pieter Van Dyck
@beardedbloke:matrix.org
[m]

Hi folks.
I'm puzzled by the following piece of casc configuration ...

  securityRealm:
    local:
      allowsSignup: false
      enableCaptcha: false
      users:
      - id: "user1"
        name: "user1"
        password: "somesecretstring"
      - id: "experiment"
        name: ${readFile:/mySecretsFolder/test}
        password: ${readFile:/mySecretsFolder/test}

User 'user1' works as expected.
User 'experiment' has the expected user name (experiment) but the password is somehow wrong.

Any hints to what may be going on here ?

Tim Jacomb
@timja
Maybe a space at the end? Or a new line character?
2 replies
Ghost
@ghost~5c78264ed73408ce4fb93e00
How do I helm-values/jenkins to populate the JCasC?
  • SIDECAR looks like the (kiwigrid)"config-reload" sidecar-container might have something to do with it, but I it looks more like a 'watcher/reloader'.
  • MAIN_CONTAINER CASC_JENKINS_CONFIG env variable might be an chance(on jenkins-container) but the helm doesn't seem to suggest a switch for it (for all those options, leaving it out in envvars can't be an accident)
  • INIT_CONTAINERthe init-container might be an clue - but the mounts don't match up for a /var/jenkins/home/jcasc_config
    what am I misunderstanding?
  • CM/SECRETS there seems to be no appropraite switch in configmaps or secrets to override the CASC_JENKINS_CONFIG
1 reply
Tim Jacomb
@timja
use the official helm chart?
e.g. https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins#configure-security-realm-and-authorization-strategy
Ghost
@ghost~5c78264ed73408ce4fb93e00

CasC examples/demos describe 'inline' addition of config scripts into helm (ie using a --values values.yaml).
Is that the recommended practice? It seems 'clunky'.
Other examples show using the CASC_JENKINS_CONFIG to: 

### [values.yaml]
  containerEnv:
    - name: CASC_JENKINS_CONFIG
      value: http://gitea-lb.operations.svc/rubbercable/jenkins/raw/branch/master/unclassified.yaml

### [ in describe ]
kubectl describe pod jenkins-0
<snip>
      CASC_JENKINS_CONFIG:       http://gitea-lb.operations.svc/rubbercable/jenkins/raw/branch/master/unclassified.yaml
      CASC_JENKINS_CONFIG:       /var/jenkins_home/casc_configs
<snip>

### [in container]
jenkins@jenkins-0:~/casc_configs$ env | grep CASC
CASC_JENKINS_CONFIG=/var/jenkins_home/casc_configs

I'm not sure what the accepted(best-practice) method of populating the folder - automatically. (do I just concentrate on the the initContainer route?)

Tim Jacomb
@timja
inline is the easiest to manage as config as code as the configmaps get updated and there's a container watching it
Ghost
@ghost~5c78264ed73408ce4fb93e00
I guess it makes helm rollbacks more straightforward.
So no one really bothers with the /var/jenkins_home/casc_configs or http://repo/casc.yaml shennanigans?
  • oh wait, I see what you mean with the configmap/sidecar thing
Michal Magun
@michalmagun
Hi guys, I'm trying to use k8s credential, added to additionalExistingSecrets, as Jenkins credential. I'm getting below error in logs: io.jenkins.plugins.casc.ConfiguratorException: No configurator for the following root elements system. This is how it looks in casc. What am I missing? Credentials plugin is installed.
image.png
Michal Magun
@michalmagun
Sorted it out, I needed jenkins-casc-config: | above credentials
Pam Gluss
@pamgluss-slack

Hello there, I'm trying to edit our J2 configuration file along the lines of this: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/matrix-auth#configure-matrix-authorization-strategy

We have custom groups (ops, jenkins_editor, things like that) but in the Jenkins UI, they're indicated as ambiguous entries. How would we solve that? The docs don't touch on a group outside of anonymous / authenticated

Pam Gluss
@pamgluss-slack
Also curious, what's the difference between projectMatrix and globalMatrix? and is it possible to have a permission like - "Overall/*:authenticated" or is that frowned upon?
alanmas
@alanmas:matrix.org
[m]

Hey good day all!
I have been with an "issue" a couple of days and hope someone in here could help me.

CONTEXT:
I am triying to deploy a Jenkins using helm with JCASC to get vault secrets. I am using a local minikube to create mi k8 cluster and a local vault instance in my machine (not in k8 cluster).

Even that I am trying using initContainerEnv and ContainerEnv I am not able to reach the vault values. For CASC_VAULT_TOKEN value I am using vault root token.
This is helm command i run locally:

helm upgrade --install -f values.yml mijenkins jenkins/jenkins

And here is my values.yml file code:

controller:
  installPlugins:
    # need to add this configuration-as-code due to a known jenkins issue: https://github.com/jenkinsci/helm-charts/issues/595
  - "configuration-as-code:1414.v878271fc496f"
  - "hashicorp-vault-plugin:latest"

  # passing initial environments values to docker basic container
  initContainerEnv:
  - name: CASC_VAULT_TOKEN
    value: "my-vault-root-token"
  - name: CASC_VAULT_URL
    value: "http://localhost:8200"
  - name: CASC_VAULT_PATHS
    value: "cubbyhole/jenkins"
  - name: CASC_VAULT_ENGINE_VERSION
    value: "2"
  ContainerEnv:
  - name: CASC_VAULT_TOKEN
    value: "my-vault-root-token"
  - name: CASC_VAULT_URL
    value: "http://localhost:8200"
  - name: CASC_VAULT_PATHS
    value: "cubbyhole/jenkins"
  - name: CASC_VAULT_ENGINE_VERSION
    value: "2"

  JCasC:
    configScripts:
      here-is-the-user-security: |
        jenkins:
          securityRealm:
            local:
              allowsSignup: false
              enableCaptcha: false
              users:
                - id: "${JENKINS_ADMIN_ID}"
                  password: "${JENKINS_ADMIN_PASSWORD}"

And in my local vault I can see/reach values:

>vault kv get cubbyhole/jenkins
============= Data =============
Key                       Value
---                       -----
JENKINS_ADMIN_ID          alan
JENKINS_ADMIN_PASSWORD    acosta

Any of you have an idea what I could be doing wrong?

1 reply
Bartosz Nowak
@DuMaM

Hi,
I'm looking for a help with this config.
https://github.com/jenkinsci/crowd2-plugin/blob/master/casc/jenkins.yml

I'm not sure why even though I backuped my master.key and included this into docker file, those encrypted ecrowd2 passwords differ each time I lunch new jenkins instance based on this dockerfile.
https://github.com/jenkinsci/crowd2-plugin/blob/master/casc/Dockerfile

I would be grateful of any hints, how to fix this.

Bartosz Nowak
@DuMaM
Ok I missed hudson.utils.secret file as a backup. :)
Manoj Kumar Maharana
@manoj016

Hi,
I am getting while applying a new configuration No hudson.model.UserProperty implementation found for samlCustomProperty

where I removed the saml authentication plugin still getting this error.

1 reply
Apurva Khurana
@ApurvaKhurana
image.png
Hi There,
I am trying to setup my jaaC instance. I am creating an ami with jenkins and plugin installed and then creating a server from the ami. Myjenkins server is coming up fine but when i browse to Jenkins-->manage plgins i see below error as in screenshot. Basically plugin is failing to expand.

`# Install necessary dependencies
sudo yum remove java-1.7.0-openjdk -y
sudo yum install java-1.8.0 -y
sudo yum update –y
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
sudo yum install jenkins -y
sudo service jenkins start
sudo systemctl enable jenkins.service
sudo systemctl start jenkins.service

configurations-as-code==1.41

sudo mv /tmp/jenkins.yaml /var/lib/jenkins/jenkins.yaml

export CASC_JENKINS_CONFIG=/var/lib/jenkins/jenkins.yaml

echo "============downloading plugins================"

sudo curl https://updates.jenkins.io/download/plugins/configuration-as-code/1414.v878271fc496f/configuration-as-code.hpi \
--output /var/lib/jenkins/plugins/configuration-as-code.hpi

sudo curl https://updates.jenkins.io/download/plugins/git/4.10.2/git.hpi \
--output /var/lib/jenkins/plugins/git.hpi`

2 replies
Matthew J. Oldach
@moldach

Not sure if I'm in the right place but this is what I'm hoping to achieve and wondering if the configuration-as-code plugin generates code from UI configuration?

Does anyone know how to get the underlying YAML parameters from Jenkins plugins?
For example, we create our Jenkins pipelines from .yml files so that the our string parameters typically look like this:

    parameters:
      - string:
          name: DATA_DIR
          default: "/mnt/bigdata/build/GLU_ASTHMA_SINGLE_VARIANT_TEST_POST_PROCESS"

I've added a parameter for multiple choices using the Extensible Choice Parameter plugin which I've set up in our Jenkins UI and works as expected.

However, I have no idea what the parameter section would look like in a .yml file... is there anyway to capture this from the UI using this plugin?

5 replies
hervelemeur
@hervelemeur:matrix.org
[m]
stalebot closed many staled issues and PRs a moment ago, but I noticed some of them were approved and seemed ready to merge, like jenkinsci/configuration-as-code-plugin#1603
Am I missing something here? Should a label of some sort was missing? Should it has been merged, or closing it was what has to be done?
Tim Jacomb
@timja
build was failing on it which is why it wasn't merged
hervelemeur
@hervelemeur:matrix.org
[m]
another one: jenkinsci/configuration-as-code-plugin#1301
no other case that I can see, sorry for the noise
Tim Jacomb
@timja
thanks, that PR should be able to be merged, just fixed it up
Preethy Venkat
@preevenkat
Hello - I am trying to add credentials from a secret provider for gitscm in the SecurityRealm config block. Can someone help is that possible? if yes, how to do it? wondering if there is a method to reference or use the azure key vault secrets with git scm checkout and ssh agents
Akram Ben Aissi
@akram
Hi all,
Is a plugin configured through casc supposed to be taken its configuration immediately? and if yes, how to investigate when the configure method seems to not be called?
1 reply
bassplay3r
@bassplay3r:matrix.org
[m]
How would I find out if jobdsl supports this https://plugins.jenkins.io/github-pr-comment-build/ ?
bassplay3r
@bassplay3r:matrix.org
[m]
I missed the part on their page that says it's supported. Now to find out what method to use
bassplay3r
@bassplay3r:matrix.org
[m]
I went to upgrade my jenkins using helm and we seem to have hit an issue the the init script fails to download jackson2-api-plugin. There seems to be breaking changes if certain plugins are not updated in lockstep. Is there best practice with JCasC to get around these issues?
1 reply
Setting checksum for: jackson2-api to dzEmT/T/61/pyA2y/wMWFKAODIAH6mPsTmvVFu1G3ow=
jackson2-api depends on:
io.jenkins.tools.pluginmanager.impl.DownloadPluginException: Unable to download jackson2-api-plugin
at io.jenkins.tools.pluginmanager.impl.PluginManager.lambda$downloadPlugins$4(PluginManager.java:565)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:290)
at java.base/java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:746)
at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020)
at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656)
at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594)
at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
Unable to download jackson2-api-plugin
bassplay3r
@bassplay3r:matrix.org
[m]
FYI We found that the Jira plugin, which we no longer use, requires Jackson2. Removing the plugin from our chart fixed the problem
bassplay3r
@bassplay3r:matrix.org
[m]
Thanks for the best practice tip. We have a staging instance which we tested the upgrade last Thursday but that will not protect you. Also we curate our own agent image so doing so for the controller image is not much of a stretch. On another note we have very long builds, ~ 4hrs, with lots of stages, 20 or 30 out of a possible 70+. We had to disable the pipeline durability to speed things up so a restart of the controller will kill jobs. I'd love to get to a place where configAutoReload or whatever it is true and I believe curating our own image will get us closer to that
1 reply
bassplay3r
@bassplay3r:matrix.org
[m]
We were using the Jira plugin which has a dep for jackso2, we removed the jira plugin and the jackson2 plugin came in from another dep
jjaaskel
@jjaaskel
I am looking for way how to configure node with launch method "Launch agent via execution of command on the controller" with JCASC. Any hints?
Pavel Saladukha
@pavel-saladukha
Good time everyone. Is there still no JCasC for Aqua Scanner plugin ?
Tim Jacomb
@timja
no idea, that's one to ask Aqua
Jamie Jackson
@jamiejackson
What's the difference with with a definition that is wrapped with pipelineJob {} vs. pipeline {}? my seed jobs in casc use pipelineJob {} but a lot of the docs online use pipeline {}.
shivakumar12
@shivakumar12
Hi Jekins instance is failing load the config -load JCasC during the staup getting the following error, any idea how to fix?
Received unknown exception: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /reload-configuration-as-code/?casc-reload-token=ss-jenkins-qacand-0 (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fd7275f6f40>: Failed to establish a new connection: [Errno 111] Connection refused'))
1 reply