I want to create jenkins credentials via ansible

Question

I am putting together a developer machine using ansible. In that machine i am installing jenkins.

I have created the jobs for jenkins with ansible:

- shell: "java -jar {{ jenkins.cli_jar }} -s {{ jenkins.server }} create-job \
      {{ item.name }} < {{ jenkins.jobs_dir }}/{{ item.xml_file }}"
  with_items: "jenkins.jobs"

And installed the plugins, via cli etc.

But now i am missing the ssh credentials for the jobs; i just want a ssh credential with user "jenkins" and that uses "From the Jenkins master ~/.ssh".

This type of credentials are the ones i am talking about:

Maybe is a groovy script but i haven't find a lot of information about it. Thanks for the help.

Answer 1

You can use the jenkins client from command line on the machine where the jenkins runs like:

java -jar jenkins-cli.jar -s http://localhost:8080/ groovy create-credential.groovy

with create-credential.groovy:

import jenkins.model.*
import com.cloudbees.plugins.credentials.CredentialsScope
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl

def addPassword = { username, new_password ->
    def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
        com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class,
        Jenkins.instance
    )

    def c = creds.findResult { it.username == username ? it : null }

    if ( c ) {
        println "found credential ${c.id} for username ${c.username}"
    } else {
        def credentials_store = Jenkins.instance.getExtensionList(
            'com.cloudbees.plugins.credentials.SystemCredentialsProvider'
            )[0].getStore()

        def scope = CredentialsScope.GLOBAL

        def description = ""

        def result = credentials_store.addCredentials(
            com.cloudbees.plugins.credentials.domains.Domain.global(), 
            new UsernamePasswordCredentialsImpl(scope, null, description, username, new_password)
            )

        if (result) {
            println "credential added for ${username}" 
        } else {
            println "failed to add credential for ${username}"
        }
    }
}

addPassword('pinky', 'narf')

This will add the global credential for user 'pinky' with password 'narf'

Answer 2

As of version 2.1.1 of the plugin (June 2016) this is possible through the CLI or the REST API:

https://github.com/jenkinsci/credentials-plugin/blob/master/docs/user.adoc#creating-a-credentials

from that page: $ cat > credential.xml <<EOF <com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl> <scope>GLOBAL</scope> <id>deploy-key</id> <username>wecoyote</username> <password>secret123</password> </com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl> EOF $ curl -X POST -H content-type:application/xml -d @credential.xml \ https://jenkins.example.com/job/example-folder/credentials/store/folder/\ domain/testing/createCredentials

Answer 3

Jenkins credentials plugin doesn't allow credentials creation using API (https://issues.jenkins-ci.org/browse/JENKINS-28407).

A viable solution would be recording a credential creation using your prefered browser and JMeter proxy or Selenium IDE. and replaying it using JMeter CLI or saving the Selenium recorded test as a groovy script.

You may also take a look at https://github.com/jenkinsci/credentials-plugin/pull/33