Created
January 21, 2016 01:15
-
-
Save johnbuhay/c6213d3d12c8f848a385 to your computer and use it in GitHub Desktop.
jenkins init.groovy.d script for configuring users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import jenkins.* | |
| import hudson.* | |
| import com.cloudbees.plugins.credentials.* | |
| import com.cloudbees.plugins.credentials.common.* | |
| import com.cloudbees.plugins.credentials.domains.* | |
| import com.cloudbees.jenkins.plugins.sshcredentials.impl.* | |
| import hudson.plugins.sshslaves.*; | |
| import hudson.model.* | |
| import jenkins.model.* | |
| import hudson.security.* | |
| global_domain = Domain.global() | |
| credentials_store = | |
| Jenkins.instance.getExtensionList( | |
| 'com.cloudbees.plugins.credentials.SystemCredentialsProvider' | |
| )[0].getStore() | |
| credentials = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL,null,"root",new BasicSSHUserPrivateKey.UsersPrivateKeySource(),"","") | |
| credentials_store.addCredentials(global_domain, credentials) | |
| def hudsonRealm = new HudsonPrivateSecurityRealm(false) | |
| def adminUsername = System.getenv('JENKINS_ADMIN_USERNAME') ?: 'admin' | |
| def adminPassword = System.getenv('JENKINS_ADMIN_PASSWORD') ?: 'password' | |
| hudsonRealm.createAccount(adminUsername, adminPassword) | |
| //hudsonRealm.createAccount("charles", "charles") | |
| def instance = Jenkins.getInstance() | |
| instance.setSecurityRealm(hudsonRealm) | |
| instance.save() | |
| def strategy = new GlobalMatrixAuthorizationStrategy() | |
| // Slave Permissions | |
| //strategy.add(hudson.model.Computer.BUILD,'charles') | |
| //strategy.add(hudson.model.Computer.CONFIGURE,'charles') | |
| //strategy.add(hudson.model.Computer.CONNECT,'charles') | |
| //strategy.add(hudson.model.Computer.CREATE,'charles') | |
| //strategy.add(hudson.model.Computer.DELETE,'charles') | |
| //strategy.add(hudson.model.Computer.DISCONNECT,'charles') | |
| // Credential Permissions | |
| //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,'charles') | |
| //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.DELETE,'charles') | |
| //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.MANAGE_DOMAINS,'charles') | |
| //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.UPDATE,'charles') | |
| //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.VIEW,'charles') | |
| // Overall Permissions | |
| //strategy.add(hudson.model.Hudson.ADMINISTER,'charles') | |
| //strategy.add(hudson.PluginManager.CONFIGURE_UPDATECENTER,'charles') | |
| //strategy.add(hudson.model.Hudson.READ,'charles') | |
| //strategy.add(hudson.model.Hudson.RUN_SCRIPTS,'charles') | |
| //strategy.add(hudson.PluginManager.UPLOAD_PLUGINS,'charles') | |
| // Job Permissions | |
| //strategy.add(hudson.model.Item.BUILD,'charles') | |
| //strategy.add(hudson.model.Item.CANCEL,'charles') | |
| //strategy.add(hudson.model.Item.CONFIGURE,'charles') | |
| //strategy.add(hudson.model.Item.CREATE,'charles') | |
| //strategy.add(hudson.model.Item.DELETE,'charles') | |
| //strategy.add(hudson.model.Item.DISCOVER,'charles') | |
| //strategy.add(hudson.model.Item.READ,'charles') | |
| //strategy.add(hudson.model.Item.WORKSPACE,'charles') | |
| // Run Permissions | |
| //strategy.add(hudson.model.Run.DELETE,'charles') | |
| //strategy.add(hudson.model.Run.UPDATE,'charles') | |
| // View Permissions | |
| //strategy.add(hudson.model.View.CONFIGURE,'charles') | |
| //strategy.add(hudson.model.View.CREATE,'charles') | |
| //strategy.add(hudson.model.View.DELETE,'charles') | |
| //strategy.add(hudson.model.View.READ,'charles') | |
| // Setting Anonymous Permissions | |
| strategy.add(hudson.model.Hudson.READ,'anonymous') | |
| strategy.add(hudson.model.Item.BUILD,'anonymous') | |
| strategy.add(hudson.model.Item.CANCEL,'anonymous') | |
| strategy.add(hudson.model.Item.DISCOVER,'anonymous') | |
| strategy.add(hudson.model.Item.READ,'anonymous') | |
| // Setting Admin Permissions | |
| strategy.add(Jenkins.ADMINISTER, "admin") | |
| // Setting easy settings for local builds | |
| def local = System.getenv("BUILD").toString() | |
| if(local == "local") { | |
| // Overall Permissions | |
| strategy.add(hudson.model.Hudson.ADMINISTER,'anonymous') | |
| strategy.add(hudson.PluginManager.CONFIGURE_UPDATECENTER,'anonymous') | |
| strategy.add(hudson.model.Hudson.READ,'anonymous') | |
| strategy.add(hudson.model.Hudson.RUN_SCRIPTS,'anonymous') | |
| strategy.add(hudson.PluginManager.UPLOAD_PLUGINS,'anonymous') | |
| } | |
| instance.setAuthorizationStrategy(strategy) | |
| instance.save() |
Awesome help, thanks a lot.
Thank you for keeping me away from text-based config.xml edits during my automated setups!
Awesome. Thanks much
Thank you sooooo much.
This is super handy, thanks!
I put this at the bottom of mine to fully automate the configuration phase of my Jenkins instance:
(add_plugins.groovy)
/* https://github.com/coreos/jenkins-os/blob/master/init.groovy
* Create all OS projects on a new Jenkins server.
*
* This entire script can be pasted directly into the text box found at
* ${JENKINS_URL}/script to populate the server with OS jobs. It will
* define everything based on the contents of this repository.
*
* If any required plugins are not installed when this script is run,
* they will be downloaded and installed automatically, and Jenkins will
* be restarted to enable them. In this case, this script must be run
* again after the restart to create the jobs.
*
* Note that settings such as user permissions and secret credentials
* are not handled by this script.
*/
/* Install required plugins and restart Jenkins, if necessary. */
import jenkins.*
import hudson.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import hudson.plugins.sshslaves.*;
import hudson.model.*
import jenkins.model.*
import hudson.security.*
final List<String> REQUIRED_PLUGINS = [
"ace-editor",
"ant",
"antisamy-markup-formatter",
"apache-httpcomponents-client-4-api",
"authentication-tokens",
"aws-credentials",
"aws-java-sdk",
"bouncycastle-api",
"branch-api",
"build-timeout",
"cloudbees-folder",
"command-launcher",
"copyartifact",
"credentials",
"credentials-binding",
"cvs",
"display-url-api",
"docker-commons",
"docker-workflow",
"durable-task",
"email-ext",
"external-monitor-job",
"git",
"git-client",
"git-server",
"github",
"github-api",
"github-branch-source",
"gradle",
"handlebars",
"jackson2-api",
"javadoc",
"jdk-tool",
"jquery-detached",
"jsch",
"junit",
"ldap",
"lockable-resources",
"mailer",
"mapdb-api",
"matrix-auth",
"matrix-project",
"maven-plugin",
"momentjs",
"pam-auth",
"pipeline-build-step",
"pipeline-github-lib",
"pipeline-graph-analysis",
"pipeline-input-step",
"pipeline-milestone-step",
"pipeline-model-api",
"pipeline-model-declarative-agent",
"pipeline-model-definition",
"pipeline-model-extensions",
"pipeline-rest-api",
"pipeline-stage-step",
"pipeline-stage-tags-metadata",
"pipeline-stage-view",
"plain-credentials",
"resource-disposer",
"scm-api",
"script-security",
"ssh-agent",
"ssh-credentials",
"ssh-slaves",
"structs",
"subversion",
"tap",
"timestamper",
"token-macro",
"translation",
"windows-slaves",
"workflow-aggregator",
"workflow-api",
"workflow-basic-steps",
"workflow-cps",
"workflow-cps-global-lib",
"workflow-durable-task-step",
"workflow-job",
"workflow-multibranch",
"workflow-scm-step",
"workflow-step-api",
"workflow-support",
"ws-cleanup",
]
if (Jenkins.instance.pluginManager.plugins.collect {
it.shortName
}.intersect(REQUIRED_PLUGINS).size() != REQUIRED_PLUGINS.size()) {
REQUIRED_PLUGINS.collect {
Jenkins.instance.updateCenter.getPlugin(it).deploy()
}.each {
it.get()
}
Jenkins.instance.restart()
println 'Run this script again after restarting to create the jobs!'
throw new RestartRequiredException(null)
}
println "Plugins were installed successfully"
(setup-users.groovy)
.
.
.
def jlc = JenkinsLocationConfiguration.get()
jlc.setUrl("https://jenkins.{{ vm_domain_name }}/")
println(jlc.getUrl())
jlc.save()
instance.setInstallState(InstallState.INITIAL_SETUP_COMPLETED)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you. Amazing