convert declarative pipeline to scripted pipeline

I already used the following declarative script as a part of my cleanup script, now I should convert it to the scripted pipeline, how I can convert the post to the scripted pipeline?

stages {
stage ('Cleanup Feature Releases') {
    agent any
    steps {
        script {
            envParameters = Utils.getEnvParameters("${TARGET_ENV}")
            withKubeConfig([credentialsId: envParameters.K8S_TOKEN,
                            serverUrl: envParameters.K8S_API_SERVER,
                            contextName: CONTEXT_NAME
            ]) {
                sh "Running on ${params.OVERRIDE_NAMESPACE}"
            }
        }
    }
    post {
        failure {
            cleanUpNotification("FAILURE", params.DRY_RUN)
        }
        aborted {
            cleanUpNotification("ABORTED", params.DRY_RUN)
        }
        success {
            cleanUpNotification("SUCCESS", params.DRY_RUN)
        }
    }
}

}

Go to Source
Author: Mkash

git reflog is showing plain text password used

We are using Jenkins Freestyle Project to push the changes on the remote server. We are executing shell script on remote host using ssh for it. To pull the changes on remote host, we are using origin url with git username and git password. The credentials should not be visible in plain text in the url that’s why we have stored them in variables using ‘secret text(s) or file(s)’ option of ‘Build Environment’.

At the Jenkin’s end it is working as it is expected. The git credentials are not visible to the users who are using Jenkins for other projects but we are facing issue on the remote server where project was deployed. The remote server is showing git credentials in plain text. Any user with ssh access of the remote server is able to run the git reflog command in the project directory.

Port 22 cannot be opened on the server where gitlab is deployed so we cannot use ssh keys method to create the build in Jenkins. We can use only http method to pull the changes.

Is there any way so we could implement to avoid showing the git credentials in plain text in the project directory.

Go to Source
Author: Derek

Jenkins Slack plugin gives SSLHandshake Error

We have some restrict envronment for our Jenkins master. We had allowed limited IP addresses outbound traffic.

Slack might be using pool of IPs, when they match our range, we get the message in slack. When they are not in range, we are blind for any failure.

My configuration are as below.

Job Configuration
Config1

Slack Configuration
Config2

When I click on the Test Connection (ip choose by slack is not in our network allowed range), it failed and gives below error in logs.

2020-08-14 20:50:46.416+0000 [id=6027608]   WARNING j.p.slack.StandardSlackService#correctMisconfigurationOfBaseUrl: Overriding base url to team domain 'mycompany' this is due to mis-configuration, you don't need to set base url unless you're using a slack compatible app like mattermost
2020-08-14 20:50:46.426+0000 [id=6027608]   WARNING j.p.slack.StandardSlackService#postToSlack: Error posting to Slack
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2033)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade(DefaultHttpClientConnectionOperator.java:191)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:390)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:428)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
    at jenkins.plugins.slack.StandardSlackService.postToSlack(StandardSlackService.java:177)
    at jenkins.plugins.slack.StandardSlackService.publish(StandardSlackService.java:269)
    at jenkins.plugins.slack.StandardSlackService.publish(StandardSlackService.java:308)
    at jenkins.plugins.slack.StandardSlackService.publish(StandardSlackService.java:280)
    at jenkins.plugins.slack.SlackNotifier$DescriptorImpl.doTestConnection(SlackNotifier.java:908)
    at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
    at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
    at org.kohsuke.stapler.SelectionInterceptedFunction$Adapter.invoke(SelectionInterceptedFunction.java:36)
    at org.kohsuke.stapler.verb.HttpVerbInterceptor.invoke(HttpVerbInterceptor.java:48)
    at org.kohsuke.stapler.SelectionInterceptedFunction.bindAndInvoke(SelectionInterceptedFunction.java:26)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
    at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
    at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:280)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
    at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:239)
    at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:215)
    at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88)
    at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
    at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:36)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:566)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
    at org.eclipse.jetty.server.Server.handle(Server.java:500)
    at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
    at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
    at java.lang.Thread.run(Thread.java:748)

When the IP use by slack is in network allowed range, we get notifications.

slack messages

From above screenshot, we didn’t get any notifications between July 21 to August 14 (today). But there are failures in between. Today also, when IP might change, it stop sending again.

When we talked about this, they suspect jenkins configuration was wrong. Which is not the case, because we not change our configuration, and same configuration works sometimes.

How can I reproduce this handshake error using linux command ?

That way I can give something to them to show, its networking issue, not the application.

Go to Source
Author: Nilesh

How to run Dockerfile agent on a Jenkins Slave Node?

I have an issue with Running Dockerfile in Jenkins Pipeline on a Slave Node server.
Have posted in main StackOverflow portal. happy to see this DevOps Stackexachange portal.

just linking the ticket here : https://stackoverflow.com/questions/63364558/how-to-run-dockerfile-agent-on-a-jenkins-slave-node/63366121

It would be really helpful if someone can share their thoughts.
Thanks in advance.

Go to Source
Author: Venkatesha K

Control GKE CICD from a Jenkins in a lab with private network?

For a test purpose I need to use my locally provisioned Jenkins with Vagrant in order to connect to GKE and use pods to build. Is that possible, because from what I read K8s will need access to Jenkins as well. How can I achieve that?

Looks to be possible, but I am stuck on access rights for now:

o.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://xxxxxx/api/v1/namespaces/cicd/pods?labelSelector=jenkins%3Dslave. Message: pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "cicd". Received status: Status(apiVersion=v1, code=403, details=StatusDetails(causes=[], group=null, kind=pods, name=null, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "cicd", metadata=ListMeta(_continue=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Forbidden, status=Failure, additionalProperties={}).

Go to Source
Author: anVzdGFub3RoZXJodW1hbg

Jenkins – docker login doesn’t seem to persist: docker pull won’t work but docker-compose can pull without problems

I am setting up a new Jenkins as our old one is based on a deprecated base image.

Dockerfile is:

FROM jenkins/jenkins:lts-centos7

USER root

RUN yum -y install docker 
    && yum clean all

USER jenkins

When I docker exec ... into the container and log into our Sonatype Nexus to pull Docker images from it, the successful login does not seem to be heeded by Jenkins afterwards:

[root@909fb3a3d52c .docker]# docker login https://our.nexus.internal:<endpoint>
Username (jenkins): jenkins
Password:
Login Succeeded
[root@909fb3a3d52c .docker]# pwd
/root/.docker
[root@909fb3a3d52c .docker]# cat config.json
{
    "auths": {
        "https://our.nexus.internal:<endpoint>": {
            "auth": "<CORRECT base64 hash>"
        }
    }

Login has succeeded, the auth credentials are written to /root/.docker/config.json and when I base64-decode them they are correct “jenkins:”.

However:

[root@909fb3a3d52c .docker]# docker pull https://our.nexus.internal:<endpoint>/myImage:myTag
Error response from daemon: Get https://our.nexus.internal:<endpoint>/v2/myImage/manifests/myTag: no basic auth credentials

This will also happen during execution of a Jenkins pipeline (obviously), where job log reports:

docker pull https://our.nexus.internal:<endpoint>/myImage:myTag

Error response from daemon: Get Error response from daemon: Get https://our.nexus.internal:<endpoint>/v2/myImage/manifests/myTag: no basic auth credentials

script returned exit code 1

I assume this to not be a question about nexus but about how the credentials from docker login are stored and used.

Sidenote: We have a different Jenkins currently operational which is based on jenkinsci/blueocean:1.22.0 which does NOT display this behaviour. It can docker login fine and docker pull fine.

edit1:

Running docker-compose does work while a manual docker pull... will not:

[root@3eeee032ff08 /]# docker login https://nexus:port
Username: jenkins
Password:
Login Succeeded

[root@3eeee032ff08 /]# docker pull nexus:port/company/image:myTag
Error response from daemon: Get https://nexus:port/v2/company/image/manifests/myTag: no basic auth credentials

[root@3eeee032ff08 /]# cat docker-compose.yml
version: '3.3'

services:
jenkins:
    user: root
    image: nexus:port/company/image:myTag

[root@3eeee032ff08 /]# docker-compose up

Creating network "default_default" with the default driver
Pulling jenkins (nexus:port/company/image:myTag)...
myTag: Pulling from company/image
f34b00c7da20: Pull complete
3f316190de62: Pull complete
480967924aca: Pull complete
619ac94672e0: Pull complete
cb1c6713a236: Pull complete
55766a17b1c6: Pull complete
8f6e881b2ef2: Pull complete
f118a721eee8: Pull complete
fae3c8e02b83: Pull complete
093ceb59408d: Pull complete
e3bd3cbf474d: Pull complete
41a6f4e5de6d: Pull complete
aa1aece4c754: Pull complete
fc897d8ca22f: Pull complete
Digest: sha256:3fd74169f648784fe960add9c0138e3802a91e82c9b5fdbd734faaeaaef696f9
Status: Downloaded newer image for nexus:port/company/image:myTag

Go to Source
Author: Worp

What’s in THIS environment?

We work on multiple java web projects going on at the same time and those are all being tested on several different QA environments. Id like to show on our support portal what projects are in what environments without having to manually updated it all the time. I was thinking of some what to tag the build so I could just query tomcat or those linux servers themselves and show the results. The tags would be something like “August Release”, “Project 1”, “Project 2”, etc.. Has anyone done something similar? I’m looking for different options.

Go to Source
Author: DaveTX

Deploy .NET application from Jenkins on Linux to MS Azure Web service

We have .NET application which deployed to Azure Web services. Now is time to create deployment pipeline for it.

And want to know what is high level plan how .NET application can be deployed to Azure from Linux servers based on CentOS.

Do we need an AZ cli installed on Linux server to deploy it and Azure .NET SDK?

Go to Source
Author: pleyades

yaml files in jenkins pipeline

Just started out working on jenkins, among other things I’m trying to understand the role of yaml in pipelines. I understand that pipelines or declarative pipeline (do other type of pipelines exist in jenkins?) are defined using a syntax that is based on an extension of groovy and that yaml can be used along with some plugins or extended library to generate an on the fly groovy-based pipeline definition. Is my understanding correct?

Go to Source
Author: whatever

How to determine whether the Jenkins build was started by a user or the scheduler?

I have a Jenkins job which does some unit-testing for some code. It can be started in two possible ways:

  1. By the scheduler – it polls the Perforce server, and starts the job when it detects a code change
  2. By a user, on demand – it downloads a shelved/stashed code change, and checks whether it breaks the tests

The second way is called “Build Review”:

Build Review


If the job discovers problems, I want to send emails conditionally, to avoid spam:

  1. If invoked by the scheduler, send mails to everyone who did check-ins since last successful build (called “developers” in Jenkins jargon)
  2. If invoked by a specific user, send a mail only to that user

I am using the Any Build Step plugin to add two conditional instances of Editable email Notification into my job settings. But what are the conditions? How can I tell it to send mail only if invoked in a specific way, (1) or (2) above?

Go to Source
Author: anatolyg

Unable to get value of password parameter into another parameter

In Jenkins pipeline parameter say Branches of type Active Choice Reactive Parameter, I’ve to auto-populate branch names hence I’ve following command, which I can execute in parameter’s Groovy script –

svn ls <url> --non-interactive --no-auth-cache --trust-server-cert --username <username>--password <password>

username can be retrieved using User.current().getId()

I’ve Password parameter of Password Parameter type. To use value of this parameter in Groovy script of Branches, I’ve added Password parameter in Referenced parameters of Branches

But I cannot see its value reflected in Branches parameter. Can you please suggest how this can be handled?

Or any other way to pass Password value or authentication details so I can execute svn command.

Go to Source
Author: TDHM

How to get logged in username of Jenkins in parameter’s Groovy script?

In Jenkins parameter, I’m writing Groovy script and in that script I need to pass Jenkins logged in username NOT user. User and username, could be different

Ex – User, that is displayed left to ‘log out’, could be – Bob Gill and username, used to login – could be – bob

User can be retrieved using User.current(). Please tell me how to get username.

NOTE I don’t need username in pipeline code. I need it in Groovy script of parameter.

Go to Source
Author: TDHM

Where would the Jenkins job run if I don’t mention any Agent labels?

I my Jenkins setup I have a few set of jobs which uses agent to build and deploy. I achieved it by mentioning the agent label in the job configurations.

I have one job which has to execute on the master jenkins. If i don’t mention any label in job configuration and if no agents are online, the job gets executed on master jenkins. If any agent is online, instead of executing in master jenkins, it picks up some random agent and executes the job. How can i execute it on master even if agents are online?

Go to Source
Author: B. Akshay

simulate post step for dynamically generated Jenkins pipeline stages

The following simplified Jenkinsfile dynamically generates sequentially executed stages; however, I cannot create a post step for these dynamically stages, like so:

pipeline {
    agent none
    stages {
        stage('Gen Stages') {
            steps {
                script {
                    def stageNames = ["st1", "st2", "st3"]
                    stageNames.each { stageName ->
                        createStage(stageName)
                    }
                }
            }
        }
    }
    post {
        always {
            echo "post > always"
        }
        success {
            echo "post > success"
        }
    }
}

def createStage(String stageName) {
    stage(stageName) {
        echo "Stage: ${stageName}"
    }
    // I want to uncomment and use code below - or something effectively simiarl:
    // post {
    //     always {
    //         echo "${stageName} > post > always"
    //     }
    //     success {
    //         echo "${stageName} > success > always"
    //     }
    // }
}

I would like to be able to use the commented-out post {} stage, or something effectively similar.

If at all possible, I’d like to use the DSL as much as possible and avoid scripted pipelines.

Suggestions?

Go to Source
Author: Trevor