Re: Using git describe in Jenkins differs from regular clones

[Randall Becker]

OK: Blame the operator. shallow: true made the difference. It was shallow: 
false before. So that makes the difference. I'm now getting the desired 
results inside Jenkins.

Randall

On Monday, 3 August 2020 17:13:00 UTC-4, Randall Becker wrote:
>
> I know I should know the answer to this one, but it's eluding me. When I 
> run git describe from within a Jenkins pipeline, I am getting different 
> results from when git describe is run from a normal clone/checkout. This 
> happens even if I move to a detached head state.
>
> Obviously I'm missing an option in the Git clone in Jenkins but I can't 
> figure out what I'm missing. The current checkout is:
>
> checkout([$class: 'GitSCM',
> changelog: true,
> poll: true,
> branches: [[name: 'master']],
> extensions: [
> [$class: 'CleanBeforeCheckout'],
> [$class: 'SubmoduleOption', disableSubmodules: false, 
> parentCredentials: true,
> recursiveSubmodules: true, reference: '', 
> trackingSubmodules: false]],
> doGenerateSubmoduleConfigurations: false, extensions: [
> [$class: 'CleanCheckout'],
> [$class: 'CloneOption', timeout: 60, shallow: true],
> [$class: 'CheckoutOption', timeout: 60],
> ],
> userRemoteConfigs: [[url: 'git://
> git.samba.org/rsync.git']] ])
>
> shallow makes no difference - I don't think it's supported anymore, 
> correct?
>
> Inside Jenkins, git describe reports 47351c2b.
> In a standard clone, detached head (or on a branch) at this commit, I get 
> v3.2.3pre1-9-g47351c2b, which is what I'm expecting.
>
> Thanks,
> Randall
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/28e96d92-7e98-41c4-a69d-ec1554d35275o%40googlegroups.com.

Using git describe in Jenkins differs from regular clones

[Randall Becker]

I know I should know the answer to this one, but it's eluding me. When I 
run git describe from within a Jenkins pipeline, I am getting different 
results from when git describe is run from a normal clone/checkout. This 
happens even if I move to a detached head state.

Obviously I'm missing an option in the Git clone in Jenkins but I can't 
figure out what I'm missing. The current checkout is:

checkout([$class: 'GitSCM',
changelog: true,
poll: true,
branches: [[name: 'master']],
extensions: [
[$class: 'CleanBeforeCheckout'],
[$class: 'SubmoduleOption', disableSubmodules: false, 
parentCredentials: true,
recursiveSubmodules: true, reference: '', 
trackingSubmodules: false]],
doGenerateSubmoduleConfigurations: false, extensions: [
[$class: 'CleanCheckout'],
[$class: 'CloneOption', timeout: 60, shallow: true],
[$class: 'CheckoutOption', timeout: 60],
],
userRemoteConfigs: [[url: 
'git://git.samba.org/rsync.git']]])

shallow makes no difference - I don't think it's supported anymore, correct?

Inside Jenkins, git describe reports 47351c2b.
In a standard clone, detached head (or on a branch) at this commit, I get 
v3.2.3pre1-9-g47351c2b, which is what I'm expecting.

Thanks,
Randall

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/067e5fc2-b8e9-452f-8ce5-02f6c7ce0f6eo%40googlegroups.com.

Required to understand the behavior of project recognissors in GitHub organization project

[kishore babu]

Hi Jenkins Users/Development Team,

Would like to know the behavior of project recognissors in GitHub
organization project. Currently I'm successfully getting triggers and
pipelines created for the branch having *jenkinfile, further I *want to
have Jenkins file only in master branch and would like to get triggers and
pipelines created for each release tag created(any branch of that
repository).

Thanks and Regards,
Kishore

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CACHhAwOdJJQTWqnC9m9utNpcJyBVX%2B1N4YZVL2NPGfZgq_aCrw%40mail.gmail.com.

Running parallel kubernetes jobs in Jenkins pipeline

[Alex Taran]

I'm running *perfomance tests* on Jenkins. Test that may *include multiple 
instances of the same container* to generate necessary load. I can't 
hardcode number of instances as it varies based on params for tests. I've 
tried to use the following code:

pipeline {
agent any
stages {
  stage('Running Jmeter') {
agent {
  kubernetes {
  label "jmeter_tests_executor"
  yaml '''
  apiVersion: batch/v1
kind: Job
metadata:
name: jmeter
namespace: jenkins
spec:
  parallelism: 2 
  completions: 2 
  backoffLimit: 1 
  ttlSecondsAfterFinished: 100 
  template:
spec:
  initContainers:
  - name: nft-tests-downloader
image: git
command: ['sh', '-c', "git clone --depth 1  --branch master 
https://some.org.com/repo.git /tmp/nft/;chown 1000:1000 /tmp/nft_logs"]
securityContext:
volumeMounts:
- mountPath: /tmp/nft
  name: nft-tests
- name: nft-test-logs
  mountPath: /tmp/nft_logs
  containers:
  - name: jmeter
image: jmeter
command: ["/bin/sh","-c"]
args: ["jmeter run performance test"]
tty: true
imagePullPolicy: Always
securityContext:
runAsUser: 1000
volumeMounts:
- mountPath: /tmp/nft
  name: nft-tests
- name: nft-test-logs
  mountPath: /tmp/nft_logs
  restartPolicy: OnFailure
  volumes:
  - emptyDir: {}
name: nft-tests
  - name: nft-test-logs
persistentVolumeClaim:
  claimName: nft-test-logs

But it doesn't work. It's hanging on pod scheduling(jobs works ok if you 
apply this manifest directly on kubernetes cluster without Jenkins).
If someone had experience with it, please share your workarounds or ideas 
how to implement this idea.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/33b2c31c-5c84-4a88-b731-717f75ae7457o%40googlegroups.com.

Re: Jenkins and HTTPS

[Gaiseric Vandal]

Changed port to 8443.  That seems to have fixed it.


Thanks



On 7/24/2020 11:12 AM, Gianluca wrote:

Trying to guess:

"java.net.SocketException: Permission denied"

this smells of Java not running with enough privileges to open ports 
below 1024

Usually on Linux systems only root can open such ports.


On Friday, 24 July 2020 16:04:36 UTC+1, gaiseric.vandal wrote:

I am setting up jenkins on an CentOS 8 machine. Currently have one
running under Ubuntu 16.


On the new machine, I am unable to get HTTPS working, even tho the
config seems the same as the other machine.


My partial config file is



# cat /etc/sysconfig/jenkins
#
JENKINS_HOME="/var/lib/jenkins"
JENKINS_JAVA_CMD=""
JENKINS_USER="jenkins"
#JENKINS_INSTALL_SKIP_CHOWN="false"
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"
JENKINS_PORT="8080"
JENKINS_LISTEN_ADDRESS=""
JENKINS_HTTPS_PORT="443"
JENKINS_HTTPS_KEYSTORE="/etc/jenkins/jenkins.jks"
JENKINS_HTTPS_KEYSTORE_PASSWORD="xxx"
JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0"
JENKINS_HTTP2_PORT=""
JENKINS_HTTP2_LISTEN_ADDRESS=""
JENKINS_DEBUG_LEVEL="5"
JENKINS_ENABLE_ACCESS_LOG="no"
JENKINS_HANDLER_MAX="100"

JENKINS_HANDLER_IDLE="20"
JENKINS_EXTRA_LIB_FOLDER=""
JENKINS_ARGS=""
#




I am quite certain I have the key store correct


I set up with

    keytool -genkey -alias servername.mydomain.com
   -keyalg RSA -keystore
/etc/jenkins/jenkins.jks -keysize 2048


Then generated a CSR, had it signed by our internal CA.

Also imported the certificates for the CA's.





I have the following errors


            $ cat /var/log/jenkins/jenkins.log

Running from: /usr/lib/jenkins/jenkins.war

Exception in thread "Jenkins initialization thread"
java.lang.NoClassDefFoundError: hudson/util/HudsonFailedToLoad

at hudson.WebAppMain$3.run(WebAppMain.java:276)

Caused by: java.lang.ClassNotFoundException:
hudson.util.HudsonFailedToLoad

at java.net.URLClassLoader.findClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at

org.eclipse.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:543)

at java.lang.ClassLoader.loadClass(Unknown Source)

... 1 more

java.io.IOException: Failed to start Jetty

at winstone.Launcher.(Launcher.java:184)

at winstone.Launcher.main(Launcher.java:355)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at Main._main(Main.java:375)

at Main.main(Main.java:151)

Caused by: java.net.SocketException: Permission denied

at sun.nio.ch.Net.bind0(Native Method)

at sun.nio.ch.Net.bind(Unknown Source)

at sun.nio.ch.Net.bind(Unknown Source)

at sun.nio.ch.ServerSocketChannelImpl.bind(Unknown Source)

at sun.nio.ch.ServerSocketAdaptor.bind(Unknown Source)

at

org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:342)

at
org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:307)

at

org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)

at
org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231)

at

org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)

at org.eclipse.jetty.server.Server.doStart(Server.java:385)

at

org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)

at winstone.Launcher.(Launcher.java:182)

... 7 more

$



I also tried extracting the key and cert  and tried the following

 /etc/alternatives/java -Dcom.sun.akuma.Daemon=daemonized
-Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins -jar
/usr/lib/jenkins/jenkins.war
--logfile=/var/log/jenkins/jenkins.log
--webroot=/var/cache/jenkins/war --daemon --httpPort=8080
--httpsPort=443 --httpsListenAddress=0.0.0.0 --debug=5
--handlerCountMax=100 --handlerCountMaxIdle=20
--httpsCertificate=/etc/jenkins/jenkins.cer
--httpsPrivateKey=/etc/jenkins/jenkins.key



Same errors.


I disabled selinux.  Did not help.


Tried linking /etc/alternative/java (default in the search path )
to Oracle 8 Java, OpenJDK8 and OpenJDK11.  No luck.



Appreciate any advice.


Thanks




--
You received this message because you are subscribed to the Google 
Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to jenkinsci-users+unsubscr...@googlegroups.com 
.
To view this discussion on 

Calling functions in Jenkins Shared Libraries

[Chris Shannon]

I've been using Jenkins shared libraries for quite a while, but something 
just popped up which is confusing me quite a bit. Instead of just creating 
steps, I'm now trying to create a full declarative pipeline inside the 
shared library.


In any case, what I'm finding is that this works great when my pipeline is 
defined directly inside the call method. As soon as I do a simple function 
call, I get errors like:


hudson.remoting.ProxyException: groovy.lang.MissingPropertyException: No such 
property: any for class

To be clear, here is working code:

def call() {
  pipeline {
agent any

stages {
  stage("Stage") {
steps {
  echo "hi"
}
  }
}
  }
} 


And here is non-working code:

def call() {
  execute()
}

def execute() {
  pipeline {
agent any

stages {
  stage("Stage") {
steps {
  echo "hi"
}
  }
}
  }
} 


For reasons beyond this post, we are trying to add some commonality and 
argument checking to our steps, which is why I'd like to be able to use 
that concept of the extra function call..


Any help/pointers would be much appreciated.


Thanks!

Chris

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/4ca259ae-831f-4b3a-9075-2af8e2afef1ao%40googlegroups.com.

Re: SAML plugin - differentiate between encryption and signing certificate

[Chris DW]

Hi , 

Having a signing certificate different from the encryption certificate was 
a request from my IDP. 
So I created both seperately.(from the same private key) .

I was a bit confused as to the role of the saml-sp-metadata.xml being 
generated by the saml plugin.
The way I understand it now, is that is serves the purpose of helping the 
user to generate SP metadata from the Jenkins UI in order to forward the 
meta data to the IDP. 
It is not being used by the plugin 'at runtime'. 

Since I had already sent my SP meta-data prior to installing and 
configuring the SAML plugin, I wasn't required to do anything with the 
generated  saml-sp-metadata.xml  file. 
All I needed to do was set up a keystore with the proper private key (which 
in my case is the same for the encryption and signing certificate) 

Thanks for your time, 

Chris


Op dinsdag 28 juli 2020 20:07:54 UTC+2 schreef Ivan Fernandez Calvo:
>
> Hi,
>
> The configuration only allows one certificate, this is used for singing 
> and encryption, so it is not possible to use two different certificates.
>
> El lunes, 27 de julio de 2020, 21:54:03 (UTC+2), Chris DW escribió:
>>
>> Hi , 
>>
>> When setting up the Jenkins SAML plugin, is it possible to configure two 
>> different certificates (generated from the same private key) for signing 
>> and encryption? 
>> The plugin seems to allow to configure just one key alias from one 
>> keystore. (
>> https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md)
>> I'ml looking to configure 
>> alias 1 = private key A + signing certificate chain C1
>> alias 2 = private key A+ encryption certificate chain C2
>>
>> When enabling option 'Auth Request Signature' to  enable the signature 
>> of the Redirect Binding Auth Request, I can see two key descriptors being 
>> written to the saml-sp-metadata.xml file: 
>>
>> 
>> http://www.w3.org/2000/09/xmldsig#;>
>> 
>> ...
>>
>> and 
>>
>>  
>> http://www.w3.org/2000/09/xmldsig#;>
>> 
>> ...
>>
>> This leads me to believe that a setup with different sign and encryption 
>> certs is a possibility.
>> I've tried to configure the correct values for my setup directly in the 
>> saml-sp-metadata.xml file, but the file gets overwritten on each login 
>> attempt. 
>>
>> Does the current implementation of the saml plugin dictate the encryption 
>> and signing cert to be the same and if not, how do I configure these? 
>>
>> Kind regards, 
>> Chris
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/cd77a6d8-9db8-44d0-bac9-0bdf7a0d5952o%40googlegroups.com.

Re: Help required: jenkins SSH connectivity issue

[jeremy mordkoff]

The same solutions offered for client to host should apply for local system 
to host. Did you add the local system's public ssh key to the host's 
authorized key file? 

I have no clue what a "crumb" is


On Monday, August 3, 2020 at 2:14:59 AM UTC-4, Sakshi Rathore wrote:
>
> could you please help here? 
>
> On Fri, Jul 31, 2020 at 3:52 PM Sakshi Rathore  > wrote:
>
>>  thanks a lot, i just solved permission denied issue and able to ssh from 
>> client to host
>> 1. 
>> jenkins@harbortest-master-gro-a7c3cedfab:~/.ssh$ ssh 
>> ccpuser@harbortest-master-gro-a7c3cedfab
>> Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-64-generic x86_64)
>>
>>  * Documentation:  https://help.ubuntu.com
>>  * Management: https://landscape.canonical.com
>>  * Support:https://ubuntu.com/advantage
>>
>>  * Are you ready for Kubernetes 1.19? It's nearly here! Try RC3 with
>>sudo snap install microk8s --channel=1.19/candidate --classic
>>
>>https://www.microk8s.io/ has docs and details.
>> This system has been minimized by removing packages and content that are
>> not required on a system that users do not log into.
>>
>> To restore this content, you can run the 'unminimize' command.
>> Last login: Fri Jul 31 13:31:29 2020 from 10.36.174.37
>> ccpuser@harbortest-master-gro-a7c3cedfab:~$ cd .ssh/
>>
>>  2. But in jenkins console i am still getting cant connect to the server :
>>
>> [image: image.png]
>>
>>
>> [image: image.png]
>>
>> and still from my local system to host i cant ssh directly:
>>
>> sakshi_rathore@MCN234 MINGW64 ~/.ssh (master)
>> $ ssh ccp...@10.32.141.35 
>> ccp...@10.32.141.35 : Permission denied 
>> (publickey,keyboard-interactive).
>>
>> Could you please also suggest for this. 
>>
>> On Fri, Jul 31, 2020 at 3:18 PM jeremy mordkoff > > wrote:
>>
>>> ssh is picky about permissions. 
>>>
>>> make sure the .ssh directory itself has perms 770 and any files in that 
>>> folder have perms 660 and that they are all owned by the correct user on 
>>> both the client and server. 
>>>
>>> try adding *-o identitiesOnly=yes* on the ssh client command line. 
>>> There is a server config that limits the number of failed connects. 
>>>
>>> try running the client in verbose mode (-v or -vv) -- every now and then 
>>> a message shows up there with a hint. 
>>>
>>> if you're still stuck, set the server logging to debug and check there. 
>>> *Always 
>>> keep one ssh session open as root to the server when changing the ssh 
>>> server config file (usually /etc/ssh/sshd_config)*
>>>
>>>
>>>
>>> On Friday, July 31, 2020 at 4:09:19 AM UTC-4, sakshira...@gmail.com 
>>> wrote:


 thanks very much for all the advice , i tried in the given way but 
 while conencting to the server to the client using manual ssh 

 i get below error everytime:

 ccpuser@harbortest-master-gro-a7c3cedfab:~$ ssh ccp...@10.32.141.35
 The authenticity of host '10.32.141.35 (10.32.141.35)' can't be 
 established.
 ECDSA key fingerprint is 
 SHA256:bSeIr7zG7863687fvTDsZrG3Kc77pUXMLZKwu4YMRfrY.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added '10.32.141.35' (ECDSA) to the list of known 
 hosts.
 ccp...@10.32.141.35: Permission denied 
 (publickey,keyboard-interactive). 
 respective keys have been already added , public key to 
 /home/.ssh/authorized_key 
 ialso tried to add private key identity as part of troubleshoot

 ccpuser@harbortest-master-gro-a7c3cedfab:~/.ssh$ ssh-add ~/.ssh/id_rsa
 Identity added: /home/ccpuser/.ssh/id_rsa (/home/ccpuser/.ssh/id_rsa)


 i have also tried to disable host key checking in etc/ssh/ssh_config 
 file
 StrictHostKeyChecking no

 if i try to avoid permission denied error google suggestion leads me to 
 password authentication and i want to do ssh login 

 I have tried everything to get it owkr adding ssh key authentication 
 tojenkins server in credentials section and ssh-sites but nothing seems 
 working for me  , i am not able to conenct to jenkins client to my remote 
 server. 


 my humble request to suggest a way forward or any approach so i can 
 proceed further. It will be great help.

 On Wednesday, July 29, 2020 at 3:46:41 PM UTC+2 jeremy@riftio.com 
 wrote:

> There are two SSH keys involved when establishing a session 
>
> The one you are setting here is the key used ti identify the client to 
> the server (host). There is also the key that the server (host) sends 
> down 
> to the client. You can see this the first time you ssh to a host and it 
> asks you if you want to accept the key. Once you do accept it, it is 
> stored 
> in .ssh/known_hosts and subsequent connections are verified 
> automatically. 
>
> You have two choices. Disable host key verification or add the host 
> key manually to jenkins' known_hosts file.
>
>