CODEWITHSUNDEEP
jenkinsansible
civilian
civilian

Reputation: 157

I want to create jenkins credentials via ansible

I am putting together a developer machine using ansible. In that machine i am installing jenkins.

I have created the jobs for jenkins with ansible:

- shell: "java -jar {{ jenkins.cli_jar }} -s {{ jenkins.server }} create-job \
      {{ item.name }} < {{ jenkins.jobs_dir }}/{{ item.xml_file }}"
  with_items: "jenkins.jobs"

And installed the plugins, via cli etc.

But now i am missing the ssh credentials for the jobs; i just want a ssh credential with user "jenkins" and that uses "From the Jenkins master ~/.ssh".

This type of credentials are the ones i am talking about:

enter image description here

Maybe is a groovy script but i haven't find a lot of information about it. Thanks for the help.

Upvotes: 5

Views: 6976

Answers (4)

c4augustus
c4augustus

Reputation: 306

Here is an example ansible task that uses "jenkins_script" instead of directly specifying the CLI or calling the REST API, and it adds the benefit of updating existing credentials.

- name: establish credentials
  jenkins_script:
    script: |
      import jenkins.model.*
      import com.cloudbees.plugins.credentials.CredentialsProvider
      import com.cloudbees.plugins.credentials.CredentialsScope
      import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials
      import com.cloudbees.plugins.credentials.domains.Domain
      import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl
      def domain = Domain.global()
      def instance = Jenkins.instance
      def credstore = instance.getExtensionList(
          'com.cloudbees.plugins.credentials.SystemCredentialsProvider'
          )[0].getStore()
      def existingCreds = CredentialsProvider.lookupCredentials(
          StandardUsernameCredentials.class, instance).findResult {
              it.username == '${username}' ? it : null
          }
      def newCreds = new UsernamePasswordCredentialsImpl(
          CredentialsScope.GLOBAL, null,
          '${description}', '${username}', '${password}')
      if (existingCreds) {
          credstore.updateCredentials(domain, existingCreds, newCreds)
      } else {
          credstore.addCredentials(domain, newCreds)
      }
    args:
      description: "entrada credential"
      username: "{{ item.username }}"
      password: "{{ item.password }}"
    user: "{{ entrada_user_name }}"
    password: "{{ entrada_user_password }}"
  with_items: "{{ entrada_cicd_credentials }}"

Upvotes: 1

Korny
Korny

Reputation: 2028

As of version 2.1.1 of the plugin (June 2016) this is possible through the CLI or the REST API:

https://github.com/jenkinsci/credentials-plugin/blob/master/docs/user.adoc#creating-a-credentials

from that page: $ cat > credential.xml <<EOF <com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl> <scope>GLOBAL</scope> <id>deploy-key</id> <username>wecoyote</username> <password>secret123</password> </com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl> EOF $ curl -X POST -H content-type:application/xml -d @credential.xml \ https://jenkins.example.com/job/example-folder/credentials/store/folder/\ domain/testing/createCredentials

Upvotes: 4

DevOoops
DevOoops

Reputation: 121

You can use the jenkins client from command line on the machine where the jenkins runs like:

java -jar jenkins-cli.jar -s http://localhost:8080/ groovy create-credential.groovy

with create-credential.groovy:

import jenkins.model.*
import com.cloudbees.plugins.credentials.CredentialsScope
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl

def addPassword = { username, new_password ->
    def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
        com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class,
        Jenkins.instance
    )

    def c = creds.findResult { it.username == username ? it : null }

    if ( c ) {
        println "found credential ${c.id} for username ${c.username}"
    } else {
        def credentials_store = Jenkins.instance.getExtensionList(
            'com.cloudbees.plugins.credentials.SystemCredentialsProvider'
            )[0].getStore()

        def scope = CredentialsScope.GLOBAL

        def description = ""

        def result = credentials_store.addCredentials(
            com.cloudbees.plugins.credentials.domains.Domain.global(), 
            new UsernamePasswordCredentialsImpl(scope, null, description, username, new_password)
            )

        if (result) {
            println "credential added for ${username}" 
        } else {
            println "failed to add credential for ${username}"
        }
    }
}

addPassword('pinky', 'narf')

This will add the global credential for user 'pinky' with password 'narf'

Upvotes: 12

Zandao
Zandao

Reputation: 371

Jenkins credentials plugin doesn't allow credentials creation using API (https://issues.jenkins-ci.org/browse/JENKINS-28407).

A viable solution would be recording a credential creation using your prefered browser and JMeter proxy or Selenium IDE. and replaying it using JMeter CLI or saving the Selenium recorded test as a groovy script.

You may also take a look at https://github.com/jenkinsci/credentials-plugin/pull/33

Upvotes: 1

Related Questions