Jenkins採坑之路(一)------許可權問題
阿新 • • 發佈:2019-01-10
前言
以前Jenkins經常使用,但是從不主動維護,最近想配置一下許可權,想使用Role-based Authorization Strategy這個外掛,結果由於不熟悉,悲劇產生了,把所有使用者的許可權都給整沒了。。。
正文
我這裡是使用的是這個外掛,安裝很方便:
步驟一,安裝外掛
步驟二,配置許可權
這裡就忽略吧,反正我配錯了
問題
如果配置錯了,可以登入到Jenkins那臺機器,找到$JENKINS_HOME目錄下的config.xml配置檔案,因為我配置錯誤了,所以這裡面我貼一下出錯後的配置:
<?xml version='1.1' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>2.121.1</version>
<installStateName>RUNNING</installStateName>
<numExecutors>3</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy">
<roleMap type="projectRoles">
<role name="op" pattern="op.*">
<permissions>
<permission>hudson.model.Item.Create</permission>
<permission> hudson.model.Run.Delete</permission>
<permission>hudson.model.Item.Workspace</permission>
<permission>hudson.model.Run.Replay</permission>
<permission>hudson.model.Item.Configure</permission>
<permission>hudson.model.Item.Cancel</permission>
<permission>hudson.model.Item.Delete</permission>
<permission>hudson.model.Item.Read</permission>
<permission>hudson.model.Item.Build</permission>
<permission>hudson.scm.SCM.Tag</permission>
<permission>hudson.model.Item.Move</permission>
<permission>hudson.model.Item.Discover</permission>
<permission>hudson.model.Run.Update</permission>
</permissions>
<assignedSIDs/>
</role>
</roleMap>
<roleMap type="globalRoles">
<role name="admin" pattern=".*">
<permissions>
<permission>hudson.model.View.Delete</permission>
<permission>hudson.model.Computer.Connect</permission>
<permission>hudson.model.Run.Delete</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains</permission>
<permission>hudson.model.Computer.Create</permission>
<permission>hudson.model.View.Configure</permission>
<permission>hudson.model.Computer.Build</permission>
<permission>hudson.model.Item.Configure</permission>
<permission>hudson.model.Hudson.Administer</permission>
<permission>hudson.model.Item.Cancel</permission>
<permission>hudson.model.Item.Read</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.View</permission>
<permission>hudson.model.Computer.Delete</permission>
<permission>hudson.model.Item.Build</permission>
<permission>hudson.scm.SCM.Tag</permission>
<permission>hudson.model.Item.Move</permission>
<permission>hudson.model.Item.Discover</permission>
<permission>hudson.model.Hudson.Read</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update</permission>
<permission>hudson.model.Item.Create</permission>
<permission>hudson.model.Item.Workspace</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete</permission>
<permission>hudson.model.Computer.Provision</permission>
<permission>hudson.model.Run.Replay</permission>
<permission>hudson.model.View.Read</permission>
<permission>hudson.model.View.Create</permission>
<permission>hudson.model.Item.Delete</permission>
<permission>hudson.model.Computer.Configure</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create</permission>
<permission>hudson.model.Computer.Disconnect</permission>
<permission>hudson.model.Run.Update</permission>
</permissions>
<assignedSIDs/>
</role>
<role name="op" pattern=".*">
<permissions>
<permission>hudson.model.Hudson.Read</permission>
<permission>hudson.model.Item.Cancel</permission>
<permission>hudson.model.Item.Read</permission>
<permission>hudson.model.Item.Build</permission>
<permission>hudson.scm.SCM.Tag</permission>
<permission>hudson.model.View.Read</permission>
</permissions>
<assignedSIDs>
<sid>chenmo</sid>
</assignedSIDs>
</role>
</roleMap>
<roleMap type="slaveRoles"/>
</authorizationStrategy>
<securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
<disableSignup>false</disableSignup>
<enableCaptcha>false</enableCaptcha>
</securityRealm>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
<jdks>
<jdk>
<name>java-1.8-openjdk</name>
<home>/usr/lib/jvm/default-jvm</home>
<properties/>
</jdk>
</jdks>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<quietPeriod>5</quietPeriod>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>all</name>
<description>### 部署專案之前請在微信裡通知</description>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>all</primaryView>
<slaveAgentPort>50000</slaveAgentPort>
<disabledAgentProtocols>
<string>JNLP-connect</string>
<string>JNLP2-connect</string>
</disabledAgentProtocols>
<label></label>
<crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
<excludeClientIPFromCrumb>false</excludeClientIPFromCrumb>
</crumbIssuer>
<nodeProperties/>
<globalNodeProperties/>
</hudson>
這裡面有個節點,authorizationStrategy,這個節點作用就是配置許可權的策略,這裡我們由於使用了Role-based Authorization Strategy外掛,因此就會是這個策略。
<authorizationStrategy class="com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy">
解決
解決辦法很簡單,你只需要修改conifg.xml檔案中的這個策略,將下面節點整個刪除掉。
<authorizationStrategy class="com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy">
</authorizationStrategy>
替換成:
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>false</denyAnonymousReadAccess>
</authorizationStrategy>
這個許可權對應”登入用“可以做任何事”。
此時重啟Jenkins後會重新載入此配置檔案,然後就一切正常了,如果出現了有些專案未成功載入的情況,不要慌張,去升級一下外掛就好!