Jenkins reverts config.xml changes, preventing security bypass

Question

I'm setting up Jenkins 2.29 in Ubuntu(trusty64) in Vagrant, so everything needs to be done via a setup script. Jenkins starts up with a security lockdown, which one normally disables by copying and pasting an autogenerated password at the Jenkins startup screen. To bypass this using the command line, one should edit /var/lib/jenkins/config.xml, change the useSecurity node to false, and delete the authorizationStrategy and securityRealm nodes (https://wiki.jenkins-ci.org/display/JENKINS/Disable+security)

I've noticed that whenever I do this, and try to access Jenkins, it reverts config.xml to its installation state, so security is never disabled. Deleting config.xml doesn't disable the lockdown either, even though the official Jenkins documentation suggests this as a last-ditch solution.

How can I entirely remove the security lockdown from the command line? Is this something that broke in recent versions of Jenkins only?

Answer 1

After a lot of running in circles, I found a fix - turns out it's a combination of two different suggested solutions.

Part 1 - (credit to https://stackoverflow.com/a/37172067/1216792) - create a file in your Jenkins Home folder, call it jenkins.install.InstallUtil.lastExecVersion, set it's contents to "2.0". That disables the unlock wizard, but you'll still hit a login wall.

Part 2 - follow the official suggestion at https://wiki.jenkins-ci.org/display/JENKINS/Disable+security. Remember that if you hit your Jenkins instance without performing Part 1, the changes you made for Part 2 will be automatically reset by Jenkins.

Hope somebody finds this useful - works with 2.29, Debian install. Seems strange that the Jenkins team makes provisioning so cumbersome.