卸载 Role-based Authorization Strategy这个插件导致的错误
问题
如果配置错了,可以登录到Jenkins那台机器,找到$JENKINS_HOME目录下的config.xml配置文件,因为我配置错误了,所以这里面我贴一下出错后的配置:
<?xml version='1.1' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>2.121.1</version>
<installStateName>RUNNING</installStateName>
<numExecutors>3</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy">
<roleMap type="projectRoles">
<role name="op" pattern="op.*">
<permissions>
<permission>hudson.model.Item.Create</permission>
<permission>hudson.model.Run.Delete</permission>
<permission>hudson.model.Item.Workspace</permission>
<permission>hudson.model.Run.Replay</permission>
<permission>hudson.model.Item.Configure</permission>
<permission>hudson.model.Item.Cancel</permission>
<permission>hudson.model.Item.Delete</permission>
<permission>hudson.model.Item.Read</permission>
<permission>hudson.model.Item.Build</permission>
<permission>hudson.scm.SCM.Tag</permission>
<permission>hudson.model.Item.Move</permission>
<permission>hudson.model.Item.Discover</permission>
<permission>hudson.model.Run.Update</permission>
</permissions>
<assignedSIDs/>
</role>
</roleMap>
<roleMap type="globalRoles">
<role name="admin" pattern=".*">
<permissions>
<permission>hudson.model.View.Delete</permission>
<permission>hudson.model.Computer.Connect</permission>
<permission>hudson.model.Run.Delete</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains</permission>
<permission>hudson.model.Computer.Create</permission>
<permission>hudson.model.View.Configure</permission>
<permission>hudson.model.Computer.Build</permission>
<permission>hudson.model.Item.Configure</permission>
<permission>hudson.model.Hudson.Administer</permission>
<permission>hudson.model.Item.Cancel</permission>
<permission>hudson.model.Item.Read</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.View</permission>
<permission>hudson.model.Computer.Delete</permission>
<permission>hudson.model.Item.Build</permission>
<permission>hudson.scm.SCM.Tag</permission>
<permission>hudson.model.Item.Move</permission>
<permission>hudson.model.Item.Discover</permission>
<permission>hudson.model.Hudson.Read</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update</permission>
<permission>hudson.model.Item.Create</permission>
<permission>hudson.model.Item.Workspace</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete</permission>
<permission>hudson.model.Computer.Provision</permission>
<permission>hudson.model.Run.Replay</permission>
<permission>hudson.model.View.Read</permission>
<permission>hudson.model.View.Create</permission>
<permission>hudson.model.Item.Delete</permission>
<permission>hudson.model.Computer.Configure</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create</permission>
<permission>hudson.model.Computer.Disconnect</permission>
<permission>hudson.model.Run.Update</permission>
</permissions>
<assignedSIDs/>
</role>
<role name="op" pattern=".*">
<permissions>
<permission>hudson.model.Hudson.Read</permission>
<permission>hudson.model.Item.Cancel</permission>
<permission>hudson.model.Item.Read</permission>
<permission>hudson.model.Item.Build</permission>
<permission>hudson.scm.SCM.Tag</permission>
<permission>hudson.model.View.Read</permission>
</permissions>
<assignedSIDs>
<sid>chenmo</sid>
</assignedSIDs>
</role>
</roleMap>
<roleMap type="slaveRoles"/>
</authorizationStrategy>
<securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
<disableSignup>false</disableSignup>
<enableCaptcha>false</enableCaptcha>
</securityRealm>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
<jdks>
<jdk>
<name>java-1.8-openjdk</name>
<home>/usr/lib/jvm/default-jvm</home>
<properties/>
</jdk>
</jdks>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<quietPeriod>5</quietPeriod>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>all</name>
<description>### 部署项目之前请在微信里通知</description>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>all</primaryView>
<slaveAgentPort>50000</slaveAgentPort>
<disabledAgentProtocols>
<string>JNLP-connect</string>
<string>JNLP2-connect</string>
</disabledAgentProtocols>
<label></label>
<crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
<excludeClientIPFromCrumb>false</excludeClientIPFromCrumb>
</crumbIssuer>
<nodeProperties/>
<globalNodeProperties/>
</hudson>
这里面有个节点,authorizationStrategy,这个节点作用就是配置权限的策略,这里我们由于使用了Role-based Authorization Strategy插件,因此就会是这个策略。
<authorizationStrategy class="com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy">
</authorizationStrategy>
解决
解决办法很简单,你只需要修改conifg.xml文件中的这个策略,将下面节点整个删除掉。
<authorizationStrategy class="com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy">
</authorizationStrategy>
替换成:
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>false</denyAnonymousReadAccess>
</authorizationStrategy>
这个权限对应”登录用“可以做任何事”。
此时重启Jenkins后会重新加载此配置文件,然后就一切正常了,如果出现了有些项目未成功加载的情况,不要慌张,去升级一下插件就好!