Project

General

Profile

Actions
Copy link

Feature #5380

closed

projects should be created with minimal secutrity/authentication enabled

Added by Brétel Foudil almost 11 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Low
Assigned To:
Brétel Foudil
Category:
admin tool
Target version:
v0.3
Start date:
10/22/2013
Due date:
% Done:

100%

Estimated time:

Description

see https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup

Related issues

Related to Intégration Continue - Feature #5386: gracefull shutdown broken when authentication enabledClosedBrétel Foudil10/23/2013

Actions
Blocks Intégration Continue - Task #5523: remove in2p3.fr http filtersRejectedBrétel Foudil11/18/2013

Actions
Actions
Copy link
 #1

Updated by Brétel Foudil almost 11 years ago

  • Tracker changed from Bug to Feature
Actions
Copy link
 #2

Updated by Brétel Foudil almost 11 years ago

  • Subject changed from projects should be created with minimal secutrity enabled to projects should be created with minimal secutrity/authenticcation enabled
Actions
Copy link
 #3

Updated by Brétel Foudil almost 11 years ago

  • Subject changed from projects should be created with minimal secutrity/authenticcation enabled to projects should be created with minimal secutrity/authentication enabled
Actions
Copy link
 #4

Updated by Brétel Foudil over 10 years ago

  • Status changed from New to Assigned
Actions
Copy link
 #5

Updated by Brétel Foudil over 10 years ago

Ok, so here is a sketch of what we want, and how we can achieve it:

Goals:
  • security enabled (most probably default to Jenkins’s own user database with Matrix-based security)
  • a user account for the corresponding instance admin user
  • a regular check that security is enabled
  • a cimaster user with Administer rights (this is needed for administrative tasks such as safe-restart, and statistics)
We will use the config.xml, init.groovy script, and cron. At project creation:
  • security is enabled in config.xml
  • an init.groovy script is created which, on firstRun:
    • creates an admin user with an uuid-generated password (to be changed afterwards by the corresponding admin)
    • creates a cimaster user with a generic password, and the project's SSH key
  • /etc/cron.d/jenkinsfarm is edited to add a line for periodically running a groovy script through the groovy jenkins-cli command. This script will check that the security is enabled.
Actions
Copy link
 #6

Updated by Brétel Foudil over 10 years ago

  • % Done changed from 0 to 60
Actions
Copy link
 #7

Updated by Brétel Foudil over 10 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 60 to 100

Issue fixed.
Existing projects will be corrected upon deployment by creating a cimaster user and checking security is enabled.

Actions
Copy link
 #8

Updated by Brétel Foudil over 10 years ago

  • % Done changed from 100 to 70

Missing the periodical check part. Update %Done to reflect that.

Actions
Copy link
 #9

Updated by Brétel Foudil over 10 years ago

  • % Done changed from 70 to 100

cron for checking security in place.

Actions
Copy link

Also available in: Atom PDF