I'm trying to create a completely automatized Jenkins status screen for our office wall with a Raspberry Pi. I was able to configure the Pi to show a browser with a specific URL on the TVs as well as configuring the Build Monitor Plugin in Jenkins with our build jobs.
Our Jenkins uses matrix-based security, so I created separate raspberry
user with the required privileges. (After logging in manually the wall plugin is shown properly.)
I can see a valid HTTP answer with the following command:
curl "http://raspberry:0b45...06@localhost:8080/view/wall1/"
0b45...06
is the API Token of the raspberry
Jenkins user. (From
http://localhost:8080/user/raspberry/configure
)
Unfortunately this URL scheme does not work in graphical browsers. I've also tried the token parameter without success:
$ curl "http://localhost:8080/view/wall1/?token=0b45...06"
<html><head>...</head><body ...>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
How can I get an URL which works without login in browsers (like Chromium or Midori) and shows my Jenkins view?
I don't want any manual step, including logging in (though VNC, for example) since it does not scale too well to multiple offices/Pis.
Go to Manage Jenkins | Manage Plugins | Available tab. Install the Build Monitor View plugin: Go to the Jenkins dashboard.
Setting up. To create a new Build Monitor View, click on the "New View" tab, select "Build Monitor View" and select jobs you wish to display on the monitor. You can have as many Build Monitor Views as you wish - the most popular approach is to have one per team or one per project.
On the Jenkins main page, click the + tab to start the new view wizard (If you do not see a +, it is likely you do not have permission to create a new view). On the create new view page, give your view a name and select the Dashboard type and click ok.
I'd like to see a simpler solution but a workaround could be the following.
I've created a local Apache proxy which listens on port 80, sets authorization headers and forwards requests to our Jenkins instance with the following Apache config:
<VirtualHost 127.0.0.1:80>
ProxyRequests Off
ProxyPreserveHost Off
ProxyErrorOverride Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerExpire On
ProxyPass / https://jenkins.example.com/ nocanon
ProxyPassReverse / https://jenkins.example.com/
AllowEncodedSlashes NoDecode
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLURLMap https://jenkins.example.com/ /
SetEnv proxy-nokeepalive 1
<Location />
RequestHeader set Authorization "Basic {{ jenkins_basic_header }}"
Header edit Set-Cookie "Secure;" ""
Order allow,deny
Allow from all
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
(You might need to fine-tune SSL or other paramters, Apache debug log could be helpful.)
Note the Header edit Set-Cookie "Secure;" ""
line which removes the secure flag from cookies. It's required since Jenkins uses https and sends secure cookies while the Apache proxy listens only on port 80. Without that the browser gets the session cookie (and other ones) as secure ones but does not send them back on a plain http connection. (It's a problem if your dashboard plugin works with new sessions on every call. The linked Build Monitor Plugin in Jenkins does not support that, it requires stable session IDs.)
Using https on the Apache seemed an overkill here if the Apache listens only on localhost (ports.conf
):
Listen 127.0.0.1:80
The jenkins_basic_header
variable can be generated with the following Python script:
#!/usr/bin/python
import base64
import errno
import sys
if len(sys.argv) != 3:
print('Missing user pass/token arguments')
print('Usage: ./basic-pass.py <user> <pass/token>')
sys.exit(errno.EINVAL)
hash = base64.b64encode(sys.argv[1] + ':' + sys.argv[2])
sys.stdout.write(hash) # do not print new-line char
It works with the token too.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With