Issue #205 invalid

jenkins gets not informed about git push

olze
created an issue

I tried it now for some hours and can only think of that this is a bug.

I have jenkins running on, lets say http://server:8080/jenkins I have also scm manager running on http://server:8080/scm

I created an account for jenkins called scm with scm as password (very secure, i know, but for testing its enough). This account has administrator rights.

I also copied the api token from the scm user into the repository jenkins settings. And of course the url (http://server:8080/jenkins) and the project name. As token i use scm and as username i use scm. But still the same behavior. I have the feeling that jenkins is never getting called from scm manager. I am lost at the moment.

In general - jenkins configuration, i only entered the url http://server:8080/jenkins

Is there any way i can turn on debug logging or such? It would be really awesome if this would work.

Comments (11)

  1. olze reporter

    08:57:28.479 [Thread-8] DEBUG sonia.scm.repository.RepositoryHookTask - execute async POST_RECEIVE hook sonia.scm.jenkins.JenkinsHook for repository project.git 08:57:28.479 [Thread-9] DEBUG sonia.scm.repository.RepositoryHookTask - execute async POST_RECEIVE hook sonia.scm.repository.api.RepositoryServiceFactory$CacheClearHook for repository project.git 08:57:28.526 [Thread-9] DEBUG sonia.scm.repository.api.RepositoryServiceFactory - clear caches for repository id 92a02515-11ed-4e45-861a-58df9d2511c0 08:57:28.541 [Thread-8] INFO sonia.scm.jenkins.JenkinsRepositoryHookHandler - call jenkins at http://somehost.local:8080/jenkins/job/project/build 08:57:28.541 [Thread-8] DEBUG sonia.scm.jenkins.JenkinsRepositoryHookHandler - added authentication for user scm 08:57:28.541 [Thread-8] DEBUG sonia.scm.net.URLHttpClient - fetch 'http://somehost.local:8080/jenkins/job/project/build' 08:57:28.541 [Thread-8] TRACE sonia.scm.net.URLHttpClient - header map is emtpy 08:57:28.541 [Thread-8] DEBUG sonia.scm.net.URLHttpClient - append Authorization header for user scm 08:57:29.852 [Thread-8] ERROR sonia.scm.jenkins.JenkinsRepositoryHookHandler - jenkins returned status code 403

  2. Sebastian Sdorra repo owner

    Jenkins with authentication is always tricky. Could you please test the following:

    • remove all jenkins settings from the repository
    • make sure that your jenkins project is configured for polling (I know this sounds strange, but your project have to be configured for polling)
    • Configure you rjenkins server at Config->General Settings->Jenkins
    • try the push again

    This configuration will use the "Push notification", please read "Push notification from repository" at https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin.

    I know there is a lack of documentation. I will create a wiki page for this.

  3. olze reporter

    the output is now:

    09:47:42.009 [Thread-22] DEBUG sonia.scm.repository.RepositoryHookTask - execute async POST_RECEIVE hook sonia.scm.jenkins.JenkinsHook for repository project.git
    09:47:42.009 [Thread-23] DEBUG sonia.scm.repository.RepositoryHookTask - execute async POST_RECEIVE hook sonia.scm.repository.api.RepositoryServiceFactory$CacheClearHook for repository project.git
    09:47:42.009 [Thread-22] INFO  sonia.scm.jenkins.JenkinsRepositoryHookHandler - call jenkins at http://somehost.local:8080/jenkins/job/project/build
    09:47:42.009 [Thread-23] DEBUG sonia.scm.repository.api.RepositoryServiceFactory - clear caches for repository id 92a02515-11ed-4e45-861a-58df9d2511c0
    09:47:42.009 [Thread-22] DEBUG sonia.scm.jenkins.JenkinsRepositoryHookHandler - no project token is available
    09:47:42.009 [Thread-22] DEBUG sonia.scm.jenkins.JenkinsRepositoryHookHandler - added authentication for user scm
    09:47:42.009 [Thread-22] DEBUG sonia.scm.net.URLHttpClient - fetch 'http://somehostl:8080/jenkins/job/project/build'
    09:47:42.009 [Thread-22] TRACE sonia.scm.net.URLHttpClient - header map is emtpy
    09:47:42.009 [Thread-22] DEBUG sonia.scm.net.URLHttpClient - append Authorization header for user scm
    09:47:42.056 [Thread-22] ERROR sonia.scm.jenkins.JenkinsRepositoryHookHandler - jenkins returned status code 403
    

    But it works??

    I changed the project based matrix authorization strategy: Anonymous: Job->Read and Job->Discover are marked now (looks like thats neccessary). When i do: Anonymous: Overall->Read

    I get no error message but i dont want everybody being able to read my jenkins. Also i changed the polling strategy (was disabled because thats the reason why i must use another strategy, as there is an evil bug which led to corrupt archives which lead to build all time long all projects -> server load increases drastically, see https://issues.jenkins-ci.org/browse/JENKINS-11547?focusedCommentId=164983#comment-164983) and used year as cronjob (so i even dont care about the bug, if all projects got build only once a year because of that bug, thats ok ;) )

    Then i entered my credentials for the repository->jenkins settings again, but left the token empty. I have now the Url (points to the same as in config->general->jenkins configuration), the project name, the username (scm) and the api token, given by jenkins.

    This is really strange somehow. But i guess its working now.

  4. Sebastian Sdorra repo owner

    Sorry, but i don't understand your last post. The log you postet is it from a working push? Because it ends with error 403. Could you post your configuration?

    I'll try to explain how the plugin works:

    The plugin looks first for a configuration on the repository. If the repository has a jenkins configuration, the configuration at Conifg->General is completely ignored. The repository configuration works best for public jenkins installation and is designed for configuration by the owner of the repository.

    When there is no repository configuration, the plugin uses the global configuration (Config->General Settings). The plugin uses now the "Push notification" function of the jenkins git and mercurial plugin. The push notification works without authentication, even if the jenkins installation is not public.

    In my company we are using the global configuration with a non public jenkins and it works without of problems.

  5. olze reporter
    10:13:13.750 [http-bio-8080-exec-18] TRACE sonia.scm.web.filter.BasicAuthenticationFilter - could not find user send unauthorized
    10:13:13.766 [http-bio-8080-exec-35] TRACE sonia.scm.web.filter.BasicAuthenticationFilter - found basic authorization header, start authentication
    10:13:13.766 [http-bio-8080-exec-35] TRACE sonia.scm.web.filter.BasicAuthenticationFilter - try to authenticate user oli
    10:13:13.766 [http-bio-8080-exec-35] TRACE sonia.scm.web.security.BasicSecurityContext - start authentication for user oli
    10:13:13.766 [http-bio-8080-exec-35] DEBUG sonia.scm.web.security.ChainAuthenticatonManager - authenticate oli via cache
    10:13:13.766 [http-bio-8080-exec-35] TRACE sonia.scm.web.security.BasicSecurityContext - authentication ends with user: oli, state: SUCCESS
    10:13:13.766 [http-bio-8080-exec-35] DEBUG sonia.scm.web.security.BasicSecurityContext - authenticator xml marked user oli as admin
    10:13:13.766 [http-bio-8080-exec-35] DEBUG sonia.scm.web.security.BasicSecurityContext - user oli of type xml is marked as admin by local database
    10:13:13.766 [http-bio-8080-exec-35] DEBUG sonia.scm.web.security.BasicSecurityContext - user oli is member of developers
    10:13:13.766 [http-bio-8080-exec-35] TRACE sonia.scm.web.filter.BasicAuthenticationFilter - user oli successfully authenticated
    10:13:13.766 [http-bio-8080-exec-35] TRACE sonia.scm.web.filter.PermissionFilter - write access to repository project.git for user oli granted
    10:13:13.766 [http-bio-8080-exec-35] TRACE sonia.scm.repository.RepositoryRequestListenerUtil - no repository request listener defined
    10:13:13.766 [http-bio-8080-exec-35] DEBUG sonia.scm.web.GitRepositoryResolver - try to open git repository at E:\git\repositories\sealsignFileMonitorMVN.git
    10:13:13.781 [http-bio-8080-exec-35] TRACE sonia.scm.web.filter.BasicAuthenticationFilter - found basic authorization header, start authentication
    10:13:13.781 [http-bio-8080-exec-35] TRACE sonia.scm.web.filter.BasicAuthenticationFilter - try to authenticate user oli
    10:13:13.781 [http-bio-8080-exec-35] TRACE sonia.scm.web.security.BasicSecurityContext - start authentication for user oli
    10:13:13.781 [http-bio-8080-exec-35] DEBUG sonia.scm.web.security.ChainAuthenticatonManager - authenticate oli via cache
    10:13:13.781 [http-bio-8080-exec-35] TRACE sonia.scm.web.security.BasicSecurityContext - authentication ends with user: oli, state: SUCCESS
    10:13:13.781 [http-bio-8080-exec-35] DEBUG sonia.scm.web.security.BasicSecurityContext - authenticator xml marked user oli as admin
    10:13:13.781 [http-bio-8080-exec-35] DEBUG sonia.scm.web.security.BasicSecurityContext - user oli of type xml is marked as admin by local database
    10:13:13.781 [http-bio-8080-exec-35] DEBUG sonia.scm.web.security.BasicSecurityContext - user oli is member of developers
    10:13:13.781 [http-bio-8080-exec-35] TRACE sonia.scm.web.filter.BasicAuthenticationFilter - user oli successfully authenticated
    10:13:13.781 [http-bio-8080-exec-35] TRACE sonia.scm.web.filter.PermissionFilter - write access to repository project.git for user oli granted
    10:13:13.781 [http-bio-8080-exec-35] TRACE sonia.scm.repository.RepositoryRequestListenerUtil - no repository request listener defined
    10:13:13.781 [http-bio-8080-exec-35] DEBUG sonia.scm.web.GitRepositoryResolver - try to open git repository at E:\git\repositories\project.git
    10:13:13.906 [Thread-28] DEBUG sonia.scm.repository.RepositoryHookTask - execute async POST_RECEIVE hook sonia.scm.jenkins.JenkinsHook for repository project.git
    10:13:13.906 [Thread-28] INFO  sonia.scm.jenkins.JenkinsRepositoryHookHandler - call jenkins at http://somehost:8080/jenkins/job/project/build
    10:13:13.906 [Thread-28] DEBUG sonia.scm.jenkins.JenkinsRepositoryHookHandler - no project token is available
    10:13:13.906 [Thread-28] DEBUG sonia.scm.jenkins.JenkinsRepositoryHookHandler - added authentication for user scm
    10:13:13.906 [Thread-28] DEBUG sonia.scm.net.URLHttpClient - fetch 'http://somehost:8080/jenkins/job/project/build'
    10:13:13.906 [Thread-28] TRACE sonia.scm.net.URLHttpClient - header map is emtpy
    10:13:13.906 [Thread-28] DEBUG sonia.scm.net.URLHttpClient - append Authorization header for user scm
    10:13:13.906 [Thread-29] DEBUG sonia.scm.repository.RepositoryHookTask - execute async POST_RECEIVE hook sonia.scm.repository.api.RepositoryServiceFactory$CacheClearHook for repository project.git
    10:13:13.906 [Thread-29] DEBUG sonia.scm.repository.api.RepositoryServiceFactory - clear caches for repository id 92a02515-11ed-4e45-861a-58df9d2511c0
    10:13:13.953 [Thread-28] ERROR sonia.scm.jenkins.JenkinsRepositoryHookHandler - jenkins returned status code 403
    

    I know that it returns a 403 and "usually" it should not work, but it somehow does. Is there a "simple" way how i can post you my configuration? I dont want to make screenshots... Or can you tell me which configuration exactly?

    The global configuration in config->general does not hold any credentials, so how should this work except letting _all_ persons who can reach that url trigger it? IMO this is pretty dangerous. This may work ok in an intranet, but if jenkins would run over the internet in a collaborated way, an attacker could simply start all jobs, which can have the same result as a DoS.

  6. olze reporter

    But in combination with my bug (as posted above) the "result" of the jenkins polling will always be "changes found". Even if there are no changes.

  7. olze reporter

    I am afraid but i guess the initial bug can be closed as invalid. I was running another application for git repositories which is far not that good like scm manager. But i forgot to: a) stop the server b) change the origin of the repositories

    If i would have done a) i would instantly notice that i cannot push anymore. But i was able as a) did never happen. So i did not notice that i have to do b)

    Its working like a charm now, without any error message or such. The login works like expected. Thanks for that great support!

  8. Log in to comment