helm-charts
helm-charts copied to clipboard
Published
20 hours ago •
jenkinsci
jenkinsci
Can not set googleOAuth2, get error hudson.security.csrf.DefaultCrumbIssuer is missing its descriptor
Describe the bug
When use auth by googleOAuth2, get error hudson.security.csrf.DefaultCrumbIssuer is missing its descriptor
Version of Helm and Kubernetes
- Helm: v3.7.0
- Kubernetes: v1.21.5
Chart version
jenkins-4.1.13
What happened?
JCasC:
defaultConfig: true
configScripts: {}
securityRealm: |-
googleOAuth2:
clientId:"xxx-xxx.apps.googleusercontent.com"
clientSecret:"xxx-xxx"
authorizationStrategy: |-
loggedInUsersCanDoAnything:
allowAnonymousRead: false
Configure script try connect to Jenkins, but get error hudson.security.csrf.DefaultCrumbIssuer is missing its descriptor. Because Jenkins use googleOAuth2 auth.
### What you expected to happen?
I expect Jenkins configured correctly.
### How to reproduce it
```markdown
helm upgrade --install --atomic jenkins -f jenkins-values.yaml jenkins/jenkins
Anything else we need to know?
Full log pod jenkins-0
Defaulted container "jenkins" out of: jenkins, config-reload, init (init)
Running from: /usr/share/jenkins/jenkins.war
2022-08-03 07:17:25.775+0000 [id=1] INFO org.eclipse.jetty.util.log.Log#initialized: Logging initialized @516ms to org.eclipse.jetty.util.log.JavaUtilLog
2022-08-03 07:17:25.881+0000 [id=1] INFO winstone.Logger#logInternal: Beginning extraction from war file
2022-08-03 07:17:25.915+0000 [id=1] WARNING o.e.j.s.handler.ContextHandler#setContextPath: Empty contextPath
2022-08-03 07:17:25.998+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: jetty-9.4.45.v20220203; built: 2022-02-03T09:14:34.105Z; git: 4a0c91c0be53805e3fcffdcdcc9587d5301863db; jvm 11.0.15+10
2022-08-03 07:17:26.301+0000 [id=1] INFO o.e.j.w.StandardDescriptorProcessor#visitServlet: NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet
2022-08-03 07:17:26.357+0000 [id=1] INFO o.e.j.s.s.DefaultSessionIdManager#doStart: DefaultSessionIdManager workerName=node0
2022-08-03 07:17:26.357+0000 [id=1] INFO o.e.j.s.s.DefaultSessionIdManager#doStart: No SessionScavenger set, using defaults
2022-08-03 07:17:26.358+0000 [id=1] INFO o.e.j.server.session.HouseKeeper#startScavenging: node0 Scavenging every 660000ms
2022-08-03 07:17:26.905+0000 [id=1] INFO hudson.WebAppMain#contextInitialized: Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME")
2022-08-03 07:17:27.114+0000 [id=1] INFO o.e.j.s.handler.ContextHandler#doStart: Started w.@53bf7094{Jenkins v2.346.2,/,file:///var/jenkins_cache/war/,AVAILABLE}{/var/jenkins_cache/war}
2022-08-03 07:17:27.159+0000 [id=1] INFO o.e.j.server.AbstractConnector#doStart: Started ServerConnector@6025e1b6{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2022-08-03 07:17:27.159+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: Started @1902ms
2022-08-03 07:17:27.164+0000 [id=23] INFO winstone.Logger#logInternal: Winstone Servlet Engine running: controlPort=disabled
2022-08-03 07:17:27.461+0000 [id=30] INFO jenkins.InitReactorRunner$1#onAttained: Started initialization
2022-08-03 07:17:27.682+0000 [id=30] INFO jenkins.InitReactorRunner$1#onAttained: Listed all plugins
2022-08-03 07:17:31.130+0000 [id=28] INFO jenkins.InitReactorRunner$1#onAttained: Prepared all plugins
2022-08-03 07:17:31.169+0000 [id=28] INFO jenkins.InitReactorRunner$1#onAttained: Started all plugins
2022-08-03 07:17:31.179+0000 [id=29] INFO jenkins.InitReactorRunner$1#onAttained: Augmented all extensions
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v7.Java7$1 (file:/var/jenkins_cache/war/WEB-INF/lib/groovy-all-2.4.21.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.vmplugin.v7.Java7$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2022-08-03 07:17:32.469+0000 [id=29] INFO jenkins.InitReactorRunner$1#onAttained: System config loaded
2022-08-03 07:17:33.132+0000 [id=29] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is abstract but not Describable.
2022-08-03 07:17:33.176+0000 [id=29] SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init
io.jenkins.plugins.casc.ConfiguratorException: Item isn't a Mapping
at io.jenkins.plugins.casc.model.CNode.asMapping(CNode.java:18)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:265)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277)
at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
at io.vavr.control.Option.map(Option.java:392)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
at io.vavr.Tuple2.apply(Tuple2.java:238)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:350)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776)
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712)
Caused: io.jenkins.plugins.casc.ConfiguratorException: jenkins: error configuring 'jenkins' with class io.jenkins.plugins.casc.core.JenkinsConfigurator configurator
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:718)
at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:776)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:761)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:637)
at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:306)
at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:298)
Caused: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109)
Caused: java.lang.Error
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)
at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1158)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:222)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:121)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
2022-08-03 07:17:33.180+0000 [id=22] SEVERE hudson.util.BootFailure#publish: Failed to initialize Jenkins
io.jenkins.plugins.casc.ConfiguratorException: Item isn't a Mapping
at io.jenkins.plugins.casc.model.CNode.asMapping(CNode.java:18)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:265)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277)
at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
at io.vavr.control.Option.map(Option.java:392)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
at io.vavr.Tuple2.apply(Tuple2.java:238)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:350)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776)
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712)
Caused: io.jenkins.plugins.casc.ConfiguratorException: jenkins: error configuring 'jenkins' with class io.jenkins.plugins.casc.core.JenkinsConfigurator configurator
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:718)
at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:776)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:761)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:637)
at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:306)
at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:298)
Caused: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109)
Caused: java.lang.Error
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)
at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1158)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:222)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:121)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused: org.jvnet.hudson.reactor.ReactorException
at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:291)
at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)
at jenkins.model.Jenkins.executeReactor(Jenkins.java:1193)
at jenkins.model.Jenkins.<init>(Jenkins.java:983)
at hudson.model.Hudson.<init>(Hudson.java:86)
at hudson.model.Hudson.<init>(Hudson.java:82)
at hudson.WebAppMain$3.run(WebAppMain.java:247)
Caused: hudson.util.HudsonFailedToLoad
at hudson.WebAppMain$3.run(WebAppMain.java:264)
2022-08-03 07:17:33.191+0000 [id=22] INFO hudson.lifecycle.Lifecycle#onStatusUpdate: Stopping Jenkins
2022-08-03 07:17:33.221+0000 [id=22] INFO jenkins.model.Jenkins$16#onAttained: Started termination
2022-08-03 07:17:33.250+0000 [id=22] INFO jenkins.model.Jenkins$16#onAttained: Completed termination
2022-08-03 07:17:33.250+0000 [id=22] INFO jenkins.model.Jenkins#_cleanUpDisconnectComputers: Starting node disconnection
2022-08-03 07:17:33.255+0000 [id=22] INFO jenkins.model.Jenkins#_cleanUpShutdownPluginManager: Stopping plugin manager
2022-08-03 07:17:33.278+0000 [id=22] INFO jenkins.model.Jenkins#_cleanUpPersistQueue: Persisting build queue
2022-08-03 07:17:33.287+0000 [id=22] INFO jenkins.model.Jenkins#_cleanUpAwaitDisconnects: Waiting for node disconnection completion
2022-08-03 07:17:33.288+0000 [id=22] INFO hudson.lifecycle.Lifecycle#onStatusUpdate: Jenkins stopped
get error hudson.security.csrf.DefaultCrumbIssuer is missing its descriptor is just a warning
This is your error:
2022-08-03 07:17:33.176+0000 [id=29] SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init
io.jenkins.plugins.casc.ConfiguratorException: Item isn't a Mapping
Not sure from a quick look but the yaml won't be quite right most likely
Fixed. Work jenkins-values-google-login.yaml
---
controller:
tag: "2.346.2-jdk11"
imagePullPolicy: "IfNotPresent"
numExecutors: 0
additionalPlugins:
- google-login:1.6
- job-dsl:1.81
- allure-jenkins-plugin:2.30.2
- ws-cleanup:0.42
- build-timeout:1.21
- timestamper:1.18
- google-storage-plugin:1.5.6
- permissive-script-security:0.7
- ansicolor:1.0.2
- google-oauth-plugin:1.0.6
javaOpts: '-Dpermissive-script-security.enabled=true'
JCasC:
configScripts:
jenkins-configuration: |
jenkins:
systemMessage: This Jenkins is configured and managed 'as code' by Managed Cloud team.
job-config: |
jobs:
- script: >
pipelineJob('job1') {
logRotator(120, -1, 1, -1)
authenticationToken('secret')
definition {
cps {
script("""\
pipeline {
agent any
parameters {
string(name: 'Variable', defaultValue: '', description: 'Variable', trim: true)
}
options {
timestamps()
ansiColor('xterm')
timeout(time: 10, unit: 'MINUTES')
}
stages {
stage ('build') {
steps {
cleanWs()
echo "hello job1"
}
}
}
}""".stripIndent())
sandbox()
}
}
}
- script: >
pipelineJob('job2') {
logRotator(120, -1, 1, -1)
authenticationToken('secret')
definition {
cps {
script("""\
pipeline {
agent any
parameters {
string(name: 'Variable', defaultValue: '', description: 'Variable', trim: true)
}
options {
timestamps()
ansiColor('xterm')
timeout(time: 10, unit: 'MINUTES')
}
stages {
stage ('test') {
steps {
cleanWs()
echo "hello job2"
}
}
}
}""".stripIndent())
sandbox()
}
}
}
views: |
jenkins:
views:
- all:
name: "all"
- list:
columns:
- "status"
- "weather"
- "jobName"
- "lastSuccess"
- "lastFailure"
- "lastDuration"
- "buildButton"
jobNames:
- "job1"
name: "stage"
- list:
columns:
- "status"
- "weather"
- "jobName"
- "lastSuccess"
- "lastFailure"
- "lastDuration"
- "buildButton"
jobNames:
- "job2"
name: "test"
viewsTabBar: "standard"
securityRealm: |-
googleOAuth2:
clientId: "xxx-xxx.apps.googleusercontent.com"
clientSecret: "xxx-xxx"
domain: ""
authorizationStrategy: |-
loggedInUsersCanDoAnything:
allowAnonymousRead: false
ingress:
enabled: true
ingressClassName: nginx
apiVersion: networking.k8s.io/v1
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hostName: xxxx
tls:
- secretName: jenkins-tls
hosts:
- xxxx
A question @patsevanton, have you found a way to encrypt the clientId and clientSecret and pass the encrypted values in the values.yaml file? Not with any external operator or project, but with whatever is given in the helm chart. I am trying to achieve that but my attempts are failing so far.
I will create a bug if you haven't found out a way, but wanted to ask first.
