Recently I was trying to install and configure a jenkins server automatically using this very good chef cookbook. Part of that installation was to activate global security and add an administrator by default. Fortunately I found this great blog post which contained all information needed to do this.
As described in this post, I used the jenkins script console along with the function jenkins_script from the cookbook to secure jenkins:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
jenkins_script 'activate global security' do command <<-EOH.gsub(/^ {4}/, '') import jenkins.model.* import hudson.security.* // Get access to the jenkins instance def instance = Jenkins.getInstance() // Activate clobal seufiry with internal hudsonRealm def hudsonRealm = new HudsonPrivateSecurityRealm(false) instance.setSecurityRealm(hudsonRealm) // Create an admin account hudsonRealm.createAccount("#{node['jenkins']['admin']['name']}", "#{node['jenkins']['admin']['password']}") // Activate matrix seurity and add admin user def strategy = new GlobalMatrixAuthorizationStrategy() strategy.add(Jenkins.ADMINISTER, "#{node['jenkins']['admin']['name']}") instance.setAuthorizationStrategy(strategy) instance.save() EOH end |
It does the following:
- Activate global security
- Add a user called admin
- Add matrix bases security
- Add user admin as as an administrator
The complete recipe I wrote can be found here.
The next thing to do would be to restrict access to the jenkins cli interface as described here.