Hi Folks,
We will be having a maintenance window starting at 1AM UTC on Friday, May 27th to do the following work:
- Upgrade to the latest Jenkins LTS - Upgrade all plugins (including the Github Plugin) to their latest versions - Install the Pipeline Plugin (bug: 10825) - Update the ansible version on slave01.ci.centos.org 1.9.2 -> 1.9.6 - Reboot the storage node
The following services will be affected: - ci.centos.org: Jenkins Frontend - artifacts.ci.centos.org: File availability
As usual we will have a quiet period starting 1 hour before in order to let pending jobs clear out.
If there are any questions please let us know.
Cheers!
-- Brian Stinson CentOS CI Infrastructure Team
On 23/05/16 20:58, Brian Stinson wrote:
Hi Folks,
We will be having a maintenance window starting at 1AM UTC on Friday, May 27th to do the following work:
- Upgrade to the latest Jenkins LTS
Just a heads up, the latest Jenkins LTS (1.651.2) broke a few plugins in its default configuration which filters out unknown job parameters. Notably it broke the matrix project plugin which will probably affect a few users - I had to disable the new security feature on the Foreman Jenkins server.
https://issues.jenkins-ci.org/browse/JENKINS-34758 and https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECU... have more details about the plugins affected.
On May 23 14:58, Brian Stinson wrote:
Hi Folks,
We will be having a maintenance window starting at 1AM UTC on Friday, May 27th to do the following work:
- Upgrade to the latest Jenkins LTS
- Upgrade all plugins (including the Github Plugin) to their latest versions
- Install the Pipeline Plugin (bug: 10825)
- Update the ansible version on slave01.ci.centos.org 1.9.2 -> 1.9.6
- Reboot the storage node
The following services will be affected:
- ci.centos.org: Jenkins Frontend
- artifacts.ci.centos.org: File availability
As usual we will have a quiet period starting 1 hour before in order to let pending jobs clear out.
If there are any questions please let us know.
Cheers!
-- Brian Stinson CentOS CI Infrastructure Team
Hi All,
Just a reminder that this maintenance window will take place tonight!
Cheers!
-- Brian Stinson CentOS CI Infrastructure Team
On May 26 12:14, Brian Stinson wrote:
On May 23 14:58, Brian Stinson wrote:
Hi Folks,
We will be having a maintenance window starting at 1AM UTC on Friday, May 27th to do the following work:
- Upgrade to the latest Jenkins LTS
- Upgrade all plugins (including the Github Plugin) to their latest versions
- Install the Pipeline Plugin (bug: 10825)
- Update the ansible version on slave01.ci.centos.org 1.9.2 -> 1.9.6
- Reboot the storage node
The following services will be affected:
- ci.centos.org: Jenkins Frontend
- artifacts.ci.centos.org: File availability
As usual we will have a quiet period starting 1 hour before in order to let pending jobs clear out.
If there are any questions please let us know.
Cheers!
-- Brian Stinson CentOS CI Infrastructure Team
Hi All,
Just a reminder that this maintenance window will take place tonight!
Cheers!
-- Brian Stinson CentOS CI Infrastructure Team
Ok Folks,
We should be back up and accepting new jobs.
Please let us know if there is any trouble
Cheers! -- Brian Stinson CentOS CI Infrastructure Team
On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
Please let us know if there is any trouble
jenkins-job-builder now fails with:
``` $ /usr/bin/make update jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:. INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([]) Traceback (most recent call last): File "/usr/bin/jenkins-jobs", line 10, in <module> sys.exit(main()) File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main execute(options, config) File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute options.names) File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job self.load_files(input_fn) File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files self.parser = YamlParser(self.global_config, self.plugins_list) File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list self._plugins_list = self.jenkins.get_plugins_info() File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info raise e jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden ```
It seems it's trying to do the equivalent of:
https://ci.centos.org/pluginManager/api/json?tree=plugins%5BshortName,versio...]
For which I now get:
Access Denied
atomic-sig is missing the Overall/Administer permission
Even though both I and JJB aren't trying to administer anything, just retrieve the list of plugins.
On May 27 11:44, Colin Walters wrote:
On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
Please let us know if there is any trouble
jenkins-job-builder now fails with:
$ /usr/bin/make update jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:. INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([]) Traceback (most recent call last): File "/usr/bin/jenkins-jobs", line 10, in <module> sys.exit(main()) File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main execute(options, config) File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute options.names) File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job self.load_files(input_fn) File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files self.parser = YamlParser(self.global_config, self.plugins_list) File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list self._plugins_list = self.jenkins.get_plugins_info() File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info raise e jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: ForbiddenIt seems it's trying to do the equivalent of:
https://ci.centos.org/pluginManager/api/json?tree=plugins%5BshortName,versio...]
For which I now get:
Access Denied
atomic-sig is missing the Overall/Administer permission
Even though both I and JJB aren't trying to administer anything, just retrieve the list of plugins.
This is due to a fix for SECURITY-250: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-...
We had a hotfix to re-enable plugin lists but it looks like I missed one of the permission checks. I'll investigate, re-patch and report back here.
Cheers! -- Brian
On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:
We had a hotfix to re-enable plugin lists but it looks like I missed one of the permission checks. I'll investigate, re-patch and report back here.
Anything we can do to help with this? At the moment this is a blocker for continuing to use CentOS CI, and while no time is opportune for CI to break, I've been in the middle of increasing investment in it and trying to bring others on board.
On May 31 13:00, Colin Walters wrote:
On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:
We had a hotfix to re-enable plugin lists but it looks like I missed one of the permission checks. I'll investigate, re-patch and report back here.
Anything we can do to help with this? At the moment this is a blocker for continuing to use CentOS CI, and while no time is opportune for CI to break, I've been in the middle of increasing investment in it and trying to bring others on board.
Issuing a Jenkins saferestart as soon as the currently running jobs are finished to get the hotfix in. Can you verify tomorrow or later this week?
--Brian
On May 31 20:43, Brian Stinson wrote:
On May 31 13:00, Colin Walters wrote:
On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:
We had a hotfix to re-enable plugin lists but it looks like I missed one of the permission checks. I'll investigate, re-patch and report back here.
Anything we can do to help with this? At the moment this is a blocker for continuing to use CentOS CI, and while no time is opportune for CI to break, I've been in the middle of increasing investment in it and trying to bring others on board.
Issuing a Jenkins saferestart as soon as the currently running jobs are finished to get the hotfix in. Can you verify tomorrow or later this week?
--Brian
This should be done now.
--Brian
I'm seeing the same error today: jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
Is it possible that it was not fixed for sclo-sig user? or is the problem back for everybody? Or could it be problem on my side?
Honza
On 06/01/2016 05:12 PM, Brian Stinson wrote:
On May 31 20:43, Brian Stinson wrote:
On May 31 13:00, Colin Walters wrote:
On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:
We had a hotfix to re-enable plugin lists but it looks like I missed one of the permission checks. I'll investigate, re-patch and report back here.
Anything we can do to help with this? At the moment this is a blocker for continuing to use CentOS CI, and while no time is opportune for CI to break, I've been in the middle of increasing investment in it and trying to bring others on board.
Issuing a Jenkins saferestart as soon as the currently running jobs are finished to get the hotfix in. Can you verify tomorrow or later this week?
--Brian
This should be done now.
--Brian _______________________________________________ Ci-users mailing list Ci-users@centos.org https://lists.centos.org/mailman/listinfo/ci-users
On Oct 23 17:03, Honza Horak wrote:
I'm seeing the same error today: jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
Is it possible that it was not fixed for sclo-sig user? or is the problem back for everybody? Or could it be problem on my side?
Honza
On 06/01/2016 05:12 PM, Brian Stinson wrote:
On May 31 20:43, Brian Stinson wrote:
On May 31 13:00, Colin Walters wrote:
On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:
We had a hotfix to re-enable plugin lists but it looks like I missed one of the permission checks. I'll investigate, re-patch and report back here.
Anything we can do to help with this? At the moment this is a blocker for continuing to use CentOS CI, and while no time is opportune for CI to break, I've been in the middle of increasing investment in it and trying to bring others on board.
Issuing a Jenkins saferestart as soon as the currently running jobs are finished to get the hotfix in. Can you verify tomorrow or later this week?
--Brian
This should be done now.
--Brian _______________________________________________ Ci-users mailing list Ci-users@centos.org https://lists.centos.org/mailman/listinfo/ci-users
Hi Honza,
The appropriate fix for this was announced here (set query_plugins_info = False in your jjb.ini): https://lists.centos.org/pipermail/ci-users/2016-October/000420.html
If you enable this setting and still run into trouble let us know.
Cheers!
-- Brian Stinson
-
Brian Stinson -
Brian Stinson -
Colin Walters -
Dominic Cleal -
Honza Horak