Jenkin: Role-Based Access Control (RBAC)

Jenkins provides Role-Based Access Control (RBAC) as a way to manage user permissions and access control more granularly. RBAC allows you to define roles with specific permissions and assign those roles to users and groups. Here's how you can set up Role-Based Access Control in Jenkins:

1. Install the Role-based Authorization Strategy Plugin:

To enable RBAC in Jenkins, you need to install the "Role-based Authorization Strategy" plugin. You can install it via the Jenkins plugin manager:

a. Go to the Jenkins dashboard.
b. Click on "Manage Jenkins."
c. Select "Manage Plugins."
d. Navigate to the "Available" tab.
e. In the "Filter" box, type "Role-based Authorization Strategy."
f. Check the checkbox next to the "Role-based Authorization Strategy" plugin.
g. Click "Install without restart."

2. Configure Global Roles:

a. After installing the plugin, go to "Manage Jenkins" > "Configure Global Security."

b. Under the "Access Control" section, select "Role-Based Strategy."

In my case already installed. But you can follow the same step as per snippet.

3.Define Global Roles:

*.Scroll down to the "Role-Based Authorization Strategy" section and click on "Add global role."
*.Define the roles you want to create, giving them meaningful names (e.g., Administrator, Developer, QA, etc.).
*.For each role, specify the desired permissions by checking the corresponding checkboxes. Jenkins provides a list of common permissions you can assign.
*.Click "Add" to save the global roles.

4.Assign Users or Groups to Roles:

*.After defining global roles, you can assign users or groups to these roles.

*.Scroll down to the "Role to User/Group Mapping" section.

*.Select a role from the "Role" dropdown.

*.Enter the usernames or group names (if using groups) in the "User/Group Names" field. You can separate multiple names with commas.

*.Click "Add" to map users or groups to the role.

*.Repeat this step for each role and its corresponding users or groups.

5. Apply and Save:

    *.Click the "Apply" button to apply the RBAC configuration.

    *.Then, click the "Save" button to save the changes.

6. Test Permissions:

Log in as different users and verify that they have the expected permissions based on the roles you assigned to them.

7. Fine-Tune Role Permissions:

You can further refine role permissions by modifying the roles and their associated permissions as needed.

Role-Based Access Control allows you to manage access control in a more flexible and organized manner, making it easier to control who can do what within your Jenkins instance. It's especially useful in larger Jenkins installations with many users and complex access requirements.

Jenkin: User Create

 To create a new user in Jenkins, you'll need administrative privileges.

 Follow these steps to add a user to your Jenkins instance:

1.Log into Jenkins: 

Open a web browser and access your Jenkins instance by navigating to http://mongodb:8080

2.Access User Management:

Click on "Manage Jenkins" in the Jenkins dashboard.

3.Access User Management Page:

Click on "Manage Users" to access the User Management page.

4.Create a New User:

Click on the "Create User" link.

5.Fill in User Details:

Fill out the user details for the new user, including:

Username: Choose a unique username for the new user.

Password: Set a secure password for the user. You can click the "Generate" button to have Jenkins generate a random password.

Full Name: Enter the user's full name.

Email Address: Provide the user's email address.

Click the "Create User" button.

6.Configure User Permissions:

By default, new users are given read-only access to Jenkins.

To grant additional permissions, click on the user's name on the User Management page.

7.Configure User Permissions:

Scroll down to the "Add user to roles" section.

Check the roles that you want to assign to the user. For example, you can give them "Overall" or "Job" permissions based on your requirements.

8.Save User Configuration:

Click the "Save" button to save the user's configuration.

9.Verify User Creation:

The new user is now created and should have access to Jenkins based on the assigned permissions.

10.Notify the User:

Share the username and password with the new user.

It's advisable to have users change their password upon their first login for security reasons.

Keep in mind that Jenkins also supports various authentication methods, including LDAP, Active Directory, and others. If you have an existing user directory (e.g., LDAP or Active Directory), you can configure Jenkins to use that directory for user authentication and authorization, which can simplify user management.

Remember to manage user permissions carefully to ensure that users have access to the appropriate Jenkins resources and functions while maintaining security and access control.

Jenkin: Change the theme or appearance

To change the theme or appearance of the Jenkins web interface, you can use Jenkins plugins that provide themes or styles. One such plugin is the "Simple Theme Plugin," which allows you to customize the CSS and JavaScript of the Jenkins UI. Here's how you can change the theme in Jenkins:

1. Log into Jenkins: 

    Open your web browser and access your Jenkins instance by navigating to (In my case)                             http://mongodb:8080

2. Install the Simple Theme Plugin:

    a. Click on "Manage Jenkins" in the Jenkins dashboard.
    b. Select "Manage Plugins" from the dropdown menu.
    c. Go to the "Available" tab.
    d. In the "Filter" box, type "Simple Theme Plugin."
    e. Check the checkbox next to "Simple Theme Plugin."
    f. Click the "Install without restart" button.

3. Create or Edit a Theme:

    a. After the plugin is installed, go back to the Jenkins dashboard and click on "Manage Jenkins"                 again.
    b. Select "Configure System."
    c. Scroll down to the "Theme" section. Here, you can add or edit themes.

4. Add/Edit a Theme:

    a. Click on the "Add" button to add a new theme or edit an existing one.
    b. Provide a name for your theme in the "Name" field.
    c. In the "URL of theme CSS" field, you can specify the URL of a CSS file that defines your custom     styles. This file should be hosted on a web server accessible to your Jenkins server.
    d. You can also add JavaScript files to customize the behavior of the Jenkins UI.
    e. Click "Save" to save your theme.

CSS URL where you can download/use theme: http://afonsof.com/jenkins-material-theme/

5. Apply the Theme:

    a. Once you've created or edited a theme, you can apply it to your Jenkins instance.
    b. Go to the Jenkins dashboard and click on your username in the top right corner.
    c. Select "Configure" from the dropdown menu.
    d. In the "User Themes" section, select the theme you created or edited from the "Theme" dropdown         list.
    e. Click "Save" to apply the theme.

6. View the New Theme:

Refresh your Jenkins dashboard, and you should see the changes applied by your custom theme.

Please note that modifying the Jenkins UI through custom themes can be powerful but should be used judiciously. 

Ensure that any changes you make do not compromise the functionality or security of your Jenkins instance. Additionally, be aware that Jenkins may undergo updates, and custom themes may need to be maintained accordingly.

Jenkin : Forgot Admin password

 Prerequisites:

*.A super user( root) or any user with SUDO privileges.

*.vim/ vi/ text editor to edit the configuration files.

Steps to recover forgotten password in Jenkins

1.Now, copy and take the backup of configuration file of Jenkins and save it.

# cp -v /var/lib/jenkins/config.xml ./config.xml_0923_passwordreset

Step 2: Open the /var/lib/jenkins/config.xml configuration file and turn off the protection.

# vi /var/lib/jenkins/config.xml 

And now, find the <useSecurity> tag and change the value from true to false.

  <useSecurity>true</useSecurity>   ####Put the value is false

  

Step 3: After making the above changes, restart the Jenkins services. After restarting the services, make sure the status of Jenkins is running and enabled

[root@jenkins]# systemctl stop jenkins.service

[root@jenkins]# systemctl start jenkins.service

Step 4: Now, open your browser, and hit try to open the jenkins. You will now not be asked to enter the credentials.

After this, navigate to "Manage Jenkins" button from the option from the left side menu and click on "Configure Global Security" just as shown below.

Step 5: Now, navigate to Security Realm, and select the "Jenkins' own user database" from the dropdown menu. and click on save button from the button and click on Dashboard.

Step 6: Now, after clicking on "Dashboard", go to "People" menu, as shown below. And, select the username of which you want to change the password.

Step 7: Now, go to your server and either replace the existing configuration file with that of you had make in step 2 or replace from "false" to "true", that you had make in step 3.

mv ./config.xml_0923_passwordreset /var/lib/jenkins/config.xml

or

vi /var/lib/jenkins/config.xml

Step 8: Now just restart the jenkins service and test your login to your Jenkins using browser.

[root@jenkins]# systemctl stop jenkins.service

[root@jenkins]# systemctl start jenkins.service

And this is how you will recover the forgotten password of admin user in Jenkins.

Jenkin Installation on RHEL7

Note: Before installation make sure create yum repository then go to installation part.

To install Jenkins on Red Hat Enterprise Linux 7 (RHEL 7), you can follow these steps. Jenkins is a widely used automation server for building, testing, and deploying code. Before you begin, make sure you have administrative access to your RHEL 7 server.

Here's how you can install Jenkins on RHEL 7:

1. Update Your System:

It's a good practice to update your system's package repository to ensure you have the latest software packages:

sudo yum update

2. Install Java:

Jenkins requires Java to run. You can install Java using the following command:

sudo yum install java-1.8.0-openjdk

Verify that Java has been installed correctly by running:

java -version

3. Add Jenkins Repository:

Jenkins provides an official repository for RHEL. You can add it to your system using the following commands:

sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins.io/redhat-stable/jenkins.repo

sudo rpm --import http://pkg.jenkins.io/redhat-stable/jenkins.io.key

4. Install Jenkins:

Now that you've added the Jenkins repository, you can install Jenkins with the following command:

sudo yum install jenkins

5. Start and Enable Jenkins:

Once Jenkins is installed, you can start the Jenkins service and enable it to start on boot:

# systemctl start jenkins

# systemctl enable jenkins

6. Check Jenkins Status:

You can verify that Jenkins is running by checking its status:

# systemctl status jenkins

If Jenkins is running correctly, you should see a status message indicating that it's active and running.

7. Firewall Configuration:

If you have a firewall enabled on your RHEL 7 system, you need to open port 8080 to access the Jenkins web interface. You can do this with the following command:

# firewall-cmd --zone=public --permanent --add-port=8080/tcp

# firewall-cmd --reload

8. Access Jenkins Web Interface:

Open a web browser and access Jenkins by navigating to http://your-server-IP-or-domain:8080. You should see the Jenkins setup wizard.

To get the initial admin password required for setup, you can run:

# cat /var/lib/jenkins/secrets/initialAdminPassword

Copy and paste the generated password into the Jenkins setup wizard to complete the installation.

9. Install Plugins and Configure Jenkins:

Follow the Jenkins setup wizard to install the recommended plugins and configure your Jenkins instance according to your needs.

10. Start Using Jenkins:

Once the setup is complete, you can start using Jenkins for your automation and CI/CD needs.

That's it! You now have Jenkins installed and running on your RHEL 7 server. You can customize Jenkins further and install additional plugins as needed for your projects.

Useful links:

https://www.jenkins.io/doc/book/installing/linux/

https://sysadminxpert.com/how-to-install-jenkins-on-centos-7-or-rhel-7/