Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
jenkins init.groovy.d script for configuring users
import jenkins.*
import hudson.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import hudson.plugins.sshslaves.*;
import hudson.model.*
import jenkins.model.*
import hudson.security.*
global_domain = Domain.global()
credentials_store =
Jenkins.instance.getExtensionList(
'com.cloudbees.plugins.credentials.SystemCredentialsProvider'
)[0].getStore()
credentials = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL,null,"root",new BasicSSHUserPrivateKey.UsersPrivateKeySource(),"","")
credentials_store.addCredentials(global_domain, credentials)
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
def adminUsername = System.getenv('JENKINS_ADMIN_USERNAME') ?: 'admin'
def adminPassword = System.getenv('JENKINS_ADMIN_PASSWORD') ?: 'password'
hudsonRealm.createAccount(adminUsername, adminPassword)
//hudsonRealm.createAccount("charles", "charles")
def instance = Jenkins.getInstance()
instance.setSecurityRealm(hudsonRealm)
instance.save()
def strategy = new GlobalMatrixAuthorizationStrategy()
// Slave Permissions
//strategy.add(hudson.model.Computer.BUILD,'charles')
//strategy.add(hudson.model.Computer.CONFIGURE,'charles')
//strategy.add(hudson.model.Computer.CONNECT,'charles')
//strategy.add(hudson.model.Computer.CREATE,'charles')
//strategy.add(hudson.model.Computer.DELETE,'charles')
//strategy.add(hudson.model.Computer.DISCONNECT,'charles')
// Credential Permissions
//strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,'charles')
//strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.DELETE,'charles')
//strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.MANAGE_DOMAINS,'charles')
//strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.UPDATE,'charles')
//strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.VIEW,'charles')
// Overall Permissions
//strategy.add(hudson.model.Hudson.ADMINISTER,'charles')
//strategy.add(hudson.PluginManager.CONFIGURE_UPDATECENTER,'charles')
//strategy.add(hudson.model.Hudson.READ,'charles')
//strategy.add(hudson.model.Hudson.RUN_SCRIPTS,'charles')
//strategy.add(hudson.PluginManager.UPLOAD_PLUGINS,'charles')
// Job Permissions
//strategy.add(hudson.model.Item.BUILD,'charles')
//strategy.add(hudson.model.Item.CANCEL,'charles')
//strategy.add(hudson.model.Item.CONFIGURE,'charles')
//strategy.add(hudson.model.Item.CREATE,'charles')
//strategy.add(hudson.model.Item.DELETE,'charles')
//strategy.add(hudson.model.Item.DISCOVER,'charles')
//strategy.add(hudson.model.Item.READ,'charles')
//strategy.add(hudson.model.Item.WORKSPACE,'charles')
// Run Permissions
//strategy.add(hudson.model.Run.DELETE,'charles')
//strategy.add(hudson.model.Run.UPDATE,'charles')
// View Permissions
//strategy.add(hudson.model.View.CONFIGURE,'charles')
//strategy.add(hudson.model.View.CREATE,'charles')
//strategy.add(hudson.model.View.DELETE,'charles')
//strategy.add(hudson.model.View.READ,'charles')
// Setting Anonymous Permissions
strategy.add(hudson.model.Hudson.READ,'anonymous')
strategy.add(hudson.model.Item.BUILD,'anonymous')
strategy.add(hudson.model.Item.CANCEL,'anonymous')
strategy.add(hudson.model.Item.DISCOVER,'anonymous')
strategy.add(hudson.model.Item.READ,'anonymous')
// Setting Admin Permissions
strategy.add(Jenkins.ADMINISTER, "admin")
// Setting easy settings for local builds
def local = System.getenv("BUILD").toString()
if(local == "local") {
// Overall Permissions
strategy.add(hudson.model.Hudson.ADMINISTER,'anonymous')
strategy.add(hudson.PluginManager.CONFIGURE_UPDATECENTER,'anonymous')
strategy.add(hudson.model.Hudson.READ,'anonymous')
strategy.add(hudson.model.Hudson.RUN_SCRIPTS,'anonymous')
strategy.add(hudson.PluginManager.UPLOAD_PLUGINS,'anonymous')
}
instance.setAuthorizationStrategy(strategy)
instance.save()
@egelev

This comment has been minimized.

Copy link

egelev commented Jun 17, 2016

Thank you. This is really nice. A lot more useful than the official Jenkins API Javadoc.

@progovoy

This comment has been minimized.

Copy link

progovoy commented May 24, 2017

Thank you. Amazing

@RNiveau

This comment has been minimized.

Copy link

RNiveau commented Aug 30, 2017

Awesome help, thanks a lot.

@dejayc

This comment has been minimized.

Copy link

dejayc commented Sep 15, 2017

Thank you for keeping me away from text-based config.xml edits during my automated setups!

@upendran

This comment has been minimized.

Copy link

upendran commented Oct 3, 2017

Awesome. Thanks much

@jpigree

This comment has been minimized.

Copy link

jpigree commented Jan 16, 2018

Thank you sooooo much.

@TheNotary

This comment has been minimized.

Copy link

TheNotary commented Apr 10, 2019

This is super handy, thanks!

I put this at the bottom of mine to fully automate the configuration phase of my Jenkins instance:

(add_plugins.groovy)

/* https://github.com/coreos/jenkins-os/blob/master/init.groovy
 * Create all OS projects on a new Jenkins server.
 *
 * This entire script can be pasted directly into the text box found at
 * ${JENKINS_URL}/script to populate the server with OS jobs.  It will
 * define everything based on the contents of this repository.
 *
 * If any required plugins are not installed when this script is run,
 * they will be downloaded and installed automatically, and Jenkins will
 * be restarted to enable them.  In this case, this script must be run
 * again after the restart to create the jobs.
 *
 * Note that settings such as user permissions and secret credentials
 * are not handled by this script.
 */

/* Install required plugins and restart Jenkins, if necessary.  */

import jenkins.*
import hudson.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import hudson.plugins.sshslaves.*;
import hudson.model.*
import jenkins.model.*
import hudson.security.*

final List<String> REQUIRED_PLUGINS = [
    "ace-editor",
    "ant",
    "antisamy-markup-formatter",
    "apache-httpcomponents-client-4-api",
    "authentication-tokens",
    "aws-credentials",
    "aws-java-sdk",
    "bouncycastle-api",
    "branch-api",
    "build-timeout",
    "cloudbees-folder",
    "command-launcher",
    "copyartifact",
    "credentials",
    "credentials-binding",
    "cvs",
    "display-url-api",
    "docker-commons",
    "docker-workflow",
    "durable-task",
    "email-ext",
    "external-monitor-job",
    "git",
    "git-client",
    "git-server",
    "github",
    "github-api",
    "github-branch-source",
    "gradle",
    "handlebars",
    "jackson2-api",
    "javadoc",
    "jdk-tool",
    "jquery-detached",
    "jsch",
    "junit",
    "ldap",
    "lockable-resources",
    "mailer",
    "mapdb-api",
    "matrix-auth",
    "matrix-project",
    "maven-plugin",
    "momentjs",
    "pam-auth",
    "pipeline-build-step",
    "pipeline-github-lib",
    "pipeline-graph-analysis",
    "pipeline-input-step",
    "pipeline-milestone-step",
    "pipeline-model-api",
    "pipeline-model-declarative-agent",
    "pipeline-model-definition",
    "pipeline-model-extensions",
    "pipeline-rest-api",
    "pipeline-stage-step",
    "pipeline-stage-tags-metadata",
    "pipeline-stage-view",
    "plain-credentials",
    "resource-disposer",
    "scm-api",
    "script-security",
    "ssh-agent",
    "ssh-credentials",
    "ssh-slaves",
    "structs",
    "subversion",
    "tap",
    "timestamper",
    "token-macro",
    "translation",
    "windows-slaves",
    "workflow-aggregator",
    "workflow-api",
    "workflow-basic-steps",
    "workflow-cps",
    "workflow-cps-global-lib",
    "workflow-durable-task-step",
    "workflow-job",
    "workflow-multibranch",
    "workflow-scm-step",
    "workflow-step-api",
    "workflow-support",
    "ws-cleanup",
]

if (Jenkins.instance.pluginManager.plugins.collect {
        it.shortName
    }.intersect(REQUIRED_PLUGINS).size() != REQUIRED_PLUGINS.size()) {
    REQUIRED_PLUGINS.collect {
        Jenkins.instance.updateCenter.getPlugin(it).deploy()
    }.each {
        it.get()
    }
    Jenkins.instance.restart()
    println 'Run this script again after restarting to create the jobs!'
    throw new RestartRequiredException(null)
}

println "Plugins were installed successfully"

(setup-users.groovy)

.
.
.
def jlc = JenkinsLocationConfiguration.get()
jlc.setUrl("https://jenkins.{{ vm_domain_name }}/")
println(jlc.getUrl())
jlc.save()

instance.setInstallState(InstallState.INITIAL_SETUP_COMPLETED)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.