问题
I am getting mad with this problem and I have no idea how to solve it.
We are trying to trigger Jenkins builds from hooks on a Windows Central repository. This is actually working on an old Jenkins server (LTS 1.580.1).
The way we did it before was calling Jenkins CLI with the SSH private key stored on a file.
Here is the weird thing:
C:\Users\Username\jenkins>java -jar jenkins-cli.jar -s http://hostname:8080 -i ci.key list-jobs
hudson.security.AccessDeniedException2: jenkins_ci is missing the Overall/Read permission
at hudson.security.ACL.checkPermission(ACL.java:58)
at hudson.model.Node.checkPermission(Node.java:417)
at hudson.cli.CLICommand.main(CLICommand.java:236)
at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
at sun.reflect.GeneratedMethodAccessor345.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:320)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:295)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:254)
at hudson.remoting.UserRequest.perform(UserRequest.java:121)
at hudson.remoting.UserRequest.perform(UserRequest.java:49)
at hudson.remoting.Request$2.run(Request.java:324)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
at hudson.remoting.CallableDecoratorAdapter.call(CallableDecoratorAdapter.java:18)
at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21)
at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
The jenkins_ci user is an Active Directory Service Account which mostly worked with everything. In the Jenkins security matrix I have the same permissions that this service account.
When I use my ssh key and run exactly the same command, it worked like a charm.
If I run who-I-am it said "jenkins_ci" BUT if I change Anonymous permissions then jenkins_ci started to work. It seems that it is not reading the defined user permissions and it is using the Anonymous ones instead.
Any ideas how to make it work? Is this one a bug that I should report to Jenkins or am I missing anything?
Thanks!
回答1:
Ok, after hours and hours working on it, I had a "happy idea" and it worked.
Our Jenkins is authenticating against Active Directory using LDAP.
Somehow, the user created by Jenkins (and it's user folder) was: "jenkins_ci" (lowercase) and our Active Directory account is "JENKINS_CI" (upper case).
It seems that Jenkins security is case-sensitive somehow.
I stopped Jenkins, removed the user folder on host and just started Jenkins. The new folder is now called JENKINS_CI and now CLI is working.
回答2:
java -jar jenkins-cli.jar -s http://server get-job myjob > myjob.xml
I am able to run above command using below link
https://wiki.jenkins-ci.org/display/JENKINS/Disable+security
来源:https://stackoverflow.com/questions/28591952/jenkins-cli-using-anonymous-permissions-instead-of-the-user-defined-ones