我尝试使用Keycloak插件和Docker-compose 100%自动化Jenkins的部署。目的是我们除了执行单个命令外不愿做任何事情。
为了使Jenkins自动化,我尝试使用Jenkins API,但Groovy脚本似乎是最好,最简单的解决方案。问题是我不是开发人员...
我尝试过类似的操作,但是在Keycloak conf上失败了:
Failed to run script file:/var/jenkins_home/init.groovy.d/init.groovy groovy.lang.GroovyRuntimeException: Could not find matching constructor for: org.jenkinsci.plugins.KeycloakSecurityRealm(java.lang.Boolean)
import jenkins.model.*
import hudson.security.*
import org.jenkinsci.plugins.*
def instance = Jenkins.getInstance()
def env = System.getenv()
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
String password = env.JENKINS_PASSWORD
hudsonRealm.createAccount("admin", password)
instance.setSecurityRealm(hudsonRealm)
instance.save()
def keycloak_realm = new KeycloakSecurityRealm(true)
instance.setSecurityRealm(keycloak_realm)
instance.setAuthorizationStrategy(new FullControlOnceLoggedInAuthorizationStrategy())
instance.save()
最后,我想
创建管理员用户
配置Keycloak插件
设置用户自动权限。
感谢您的帮助:)
一个可能已过时的问题,但是我想分享一下,在init.groovy.d中使用Groovy脚本维护Jenkins中的配置(包括Keycloak配置)时,我也遇到了问题。解决此问题的最佳方法是使用Jenkins Configuration as Code (JCasC)插件通过声明性模型。
示例:
[Keycloak
jenkins:
securityRealm: keycloak
unclassified:
keycloakSecurityRealm:
keycloakJson: |-
{
"realm": "my-realm",
"auth-server-url": "https://my-keycloak-url/auth",
"ssl-required": "all",
"resource": "jenkins",
"public-client": true,
"confidential-port": 0
}
来源:https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/keycloak
凭证
credentials:
system:
domainCredentials:
- domain:
name: "test.com"
description: "test.com domain"
specifications:
- hostnameSpecification:
includes: "*.test.com"
credentials:
- usernamePassword:
scope: SYSTEM
id: sudo_password
username: root
password: ${SUDO_PASSWORD}
来源:https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/credentials