Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document skipping initial setup wizard #833

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Document skipping initial setup wizard #833

wants to merge 1 commit into from

Conversation

ringerc
Copy link

@ringerc ringerc commented Jun 6, 2019

Documented steps to skip setup wizard didn't appear to work on jenkins/jenkins:latest or jenkins/jenkins:latest. Neither did variants of them that tried to cope with volume-mounting etc, like:

RUN echo $JENKINS_VERSION | tee \
    /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state \
    /usr/share/jenkins/ref/jenkins.install.InstallUtil.lastExecVersion

Instead, recommend use of a system property that is known to work.

@ringerc
Document skipping initial setup wizard
26b76a7 
Documented steps to skip setup wizard didn't appear to work on `jenkins/jenkins:latest`  or `jenkins/jenkins:latest`. Neither did variants of them that tried to cope with volume-mounting etc, like:

```
RUN echo $JENKINS_VERSION | tee \
    /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state \
    /usr/share/jenkins/ref/jenkins.install.InstallUtil.lastExecVersion
```

Instead, recommend use of a system property that is known to work.
@ringerc ringerc mentioned this pull request Jun 6, 2019
Open
oleg-nenashev
oleg-nenashev reviewed Jun 6, 2019
View reviewed changes
Copy link
Member

@oleg-nenashev oleg-nenashev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me overall, just minor suggestions

README.md

This will disable creation of the default admin user and password, and will leave Jenkins in an unsecured configuration where anyone who can connect has full admin rights. So it should generally be coupled with automation to install plugins and to configure the server.

Note: Some documentation suggested creating `jenkins.install.UpgradeWizard.state` and/or `jenkins.install.InstallUtil.lastExecVersion`. Using the system property is simpler and more reliable.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is

README.md
which may be inappropriate.
docker run ..otheroptions... --env JAVA_OPTS="-Djenkins.install.runSetupWizard=false" jenkins/jenkins:lts`

This will disable creation of the default admin user and password, and will leave Jenkins in an unsecured configuration where anyone who can connect has full admin rights. So it should generally be coupled with automation to install plugins and to configure the server.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This will disable creation of the default admin user and password, and will leave Jenkins in an unsecured configuration where anyone who can connect has full admin rights. So it should generally be coupled with automation to install plugins and to configure the server.
Unless you use some kind of Configuration-as-Code to configure the instance (Groovy Hooks, JCasC plugin, etc.),
this will disable creation of the default admin user and password, and will leave Jenkins in an unsecured configuration where anyone who can connect has full admin rights. So it should generally be coupled with automation to install plugins and to configure the server.

README.md

Note: Some documentation suggested creating `jenkins.install.UpgradeWizard.state` and/or `jenkins.install.InstallUtil.lastExecVersion`. Using the system property is simpler and more reliable.

## Applying an initial server configuration
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it worth referencing https://speakerdeck.com/onenashev/docker-and-jenkins-as-code or a similar slidedeck

daniel-beck
daniel-beck reviewed Jun 6, 2019
View reviewed changes
README.md
which may be inappropriate.
docker run ..otheroptions... --env JAVA_OPTS="-Djenkins.install.runSetupWizard=false" jenkins/jenkins:lts`

This will disable creation of the default admin user and password, and will leave Jenkins in an unsecured configuration where anyone who can connect has full admin rights. So it should generally be coupled with automation to install plugins and to configure the server.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additionally, several other security-related settings will not be enabled by default. While I don't think we should provide an exhaustive list that might easily become outdated, it's important to point this out.

@daniel-beck
Copy link
Member

daniel-beck commented Jun 6, 2019
edited
Loading

Documented steps

FWIW the "documented" (in this repo only) steps have always been an unsupported hack and I don't understand how they became preferable over the intended method. Perhaps because it didn't require changing how to invoke docker? Understanding of how this happened may help with documenting the supported method.

Re-reading the discussion in JENKINS-40279 makes apparent that many users involved do not properly distinguish between the setup wizard and the upgrade wizard.

  • Setup: First launch only (except in rare circumstances like a mostly pristine Jenkins home directory). Installs plugins from a selection and creates initial admin user.
  • Upgrade: When crossing a version boundary on upgrade that introduces new recommended plugins. I don't think this has happened since the release 2.0 from early 2016 (or 2.7.x for LTS).

Perhaps that could explain part of this? The system property does not help with the latter?

@NorseGaud
Copy link

NorseGaud commented Mar 16, 2021
edited
Loading

None of the proposed methods work with the latest LTS (2.277.1)

@slide
Copy link
Member

slide commented Mar 16, 2021

@NorseGaud Are you referring to 2.277.1?

@NorseGaud
Copy link

@slide Yep -- it seems like JAVA_OPTS="-Djenkins.install.runSetupWizard=false" when launching lts tag from docker has no impact and the admin password wizard/login still shows. Maybe I'm misunderstanding.

@NorseGaud NorseGaud mentioned this pull request Mar 17, 2021
Closed
whoami-anoint
whoami-anoint suggested changes Aug 3, 2023
View reviewed changes
README.md
@@ -164,6 +172,10 @@ FROM jenkins/jenkins:lts
COPY custom.groovy /usr/share/jenkins/ref/init.groovy.d/custom.groovy
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
COPY custom.groovy /usr/share/jenkins/ref/init.groovy.d/custom.groovy
```dockerfile
FROM jenkins/jenkins:lts
COPY custom.groovy /usr/share/jenkins/ref/init.groovy.d/custom.groovy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oleg-nenashev oleg-nenashev oleg-nenashev left review comments

@daniel-beck daniel-beck daniel-beck left review comments

@whoami-anoint whoami-anoint whoami-anoint approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ringerc @daniel-beck @NorseGaud @slide @oleg-nenashev @whoami-anoint