devops-docker-cx-server icon indicating copy to clipboard operation
devops-docker-cx-server copied to clipboard

Published 20 hours ago verified publisher icon SAP-archive

cx-server stop

Open T1mey opened this issue 4 years ago • 9 comments

Is there a way to supply username + password or even better an API Token to shutdown jenkins ?

image

T1mey avatar Jun 02 '20 12:06 T1mey

On the top of the log it asked for a username. If you type anything there, you will be asked for a password. If you press enter we assume an insecure Jenkins instance and try without credentials.

fwilhe avatar Jun 02 '20 13:06 fwilhe

As you're releasing every week a new version (or at least a new docker tag ) we're forced to automate this as well. So we would need someting which can be used in an automated manner.

Is there already a way to achieve that ?

T1mey avatar Jun 02 '20 13:06 T1mey

I quickly tried it out, and it seems like no automation method that I can think of works with the way the script currently works. I'm not exactly sure how this could be done, as the cx-server script itself calls a script in a docker container.

Maybe someone with more bash knowledge can help here? @marcusholl probably knows more.

fwilhe avatar Jun 02 '20 14:06 fwilhe

A workaround would be to stop the running docker container. Think this may corrupt data... so an official way to stop jenkins would be much better.

T1mey avatar Jun 03 '20 12:06 T1mey

I've just merged a change to allow automating this. Once the docker images are rebuilt you're welcome to provide feedback.

First, you'll need to ensure the cx-server script is up to date by running ./cx-server update script.

Then you can use environment variables to define credentials like in this example script

JENKINS_USERNAME=admin JENKINS_PASSWORD=admin123 ./cx-server stop
./cx-server remove
./cx-server start

Take care that in case your username or password contains any character that needs to be escaped on a command line, you will need to escape the inputs as we pass them literally.

Also please be aware the the password will appear in the logs of the jenkins master.

fwilhe avatar Jun 03 '20 15:06 fwilhe

Hi,

as we have configured SAML2 for authentication, I think there is no possibility to create a technical user.

Even if we supply our idp user credentials we get an error message saying.

image

T1mey avatar Jun 04 '20 09:06 T1mey

I can't replicate a SAML2 setup easily, I tested with a local Jenkins user database. Probably the idp user has not enough permissions?

fwilhe avatar Jun 04 '20 09:06 fwilhe

We assigned him admin and verified in UI. As we have no local database there will not be any technical & local user in Jenkins.

So the result would be that we must specify a productive user and password in a file or similar. Any possibility to use an API key of a user ?

T1mey avatar Jun 04 '20 09:06 T1mey

Any possibility to use an API key of a user ?

I have not tried this out, feel free to do so and let us know if it works for you.

As a last resort you might also consider calling ./cx-server stop --force. I would not recommend doing that as it does not attempt a "safe" shutdown of Jenkins, it literally removes the container using docker rm --force which might be harmful to data integrity in the volume, but it also does not require a Jenkins user. I don't have any experience of using that on a production system, but if you can take care of bringing the Jenkins into a "safe" state it could also be an option.

fwilhe avatar Jun 04 '20 12:06 fwilhe