TL; DR
Jenkins告诉我在从Ansible脚本安装插件时传递了无效的crumb值
详情
我使用官方Docker容器在Docker容器中运行Jenkins 2.32.2。
我已将其安装到Vagrant VM,并尝试使用Ansible配置插件。
我正在使用以下任务迭代插件列表
- name: Install plugins
include: install_plugin.yml
with_items: "{{ plugins }}"
loop_control:
loop_var: plugin_name
tags: [jenkins]
使用defaults / main.yml文件中定义的以下列表
plugins:
- git
- template-project
- pipeline
- docker-workflow
- template-project
- config-file-provider
- bitbucket
- disk-usage
- greenballs
- jacoco
- slack
- sonar
以下是从main.yml文件中调用的install_plugin.yml的定义
---
- name: Get Jenkins crumb
uri:
user: admin
password: "{{ jenkins_admin_password }}"
force_basic_auth: yes
url: "http://{{ ansible_hostname }}:8080/crumbIssuer/api/json"
return_content: yes
register: crumb_token
until: crumb_token.content.find('Please wait while Jenkins is getting ready') == -1
retries: 10
delay: 5
tags: [jenkins]
- name: Plugins are installed
uri:
url: "http://{{ ansible_host }}:8080/pluginManager/installNecessaryPlugins"
method: POST
user: admin
password: "{{ jenkins_admin_password }}"
body: '<jenkins><install plugin="{{ plugin_name }}@latest" /></jenkins>'
headers:
Content-Type: "text/xml"
Jenkins-Crumb: "{{ crumb_token.json.crumb }}"
creates: "{{ jenkins_home }}/plugins/{{ plugin_name }}"
register: plugins_result
tags: [jenkins]
- wait_for:
path: "{{ jenkins_home }}/plugins/{{ plugin_name }}"
tags: [jenkins]
当我尝试使用命令行中的curl模拟它时,我使用以下2个命令获得预期结果,它成功运行
~/Projects/ci> curl --user admin:admin cluster01:8080/crumbIssuer/api/json
{"_class":"hudson.security.csrf.DefaultCrumbIssuer","crumb":"646966a811fe84bdc5dc00a0de942b80","crumbRequestField":"Jenkins-Crumb"}%
~/Projects/ci> curl -X POST --user admin:admin -d '<jenkins><install plugin="git@latest" /></jenkins>' --header 'Jenkins-Crumb: 646966a811fe84bdc5dc00a0de942b80' --header 'Content-Type: text/xml' http://cluster01:8080/pluginManager/installNecessaryPlugins
但是当我运行Ansible playbook时,我收到以下错误
status code was not [200]: HTTP Error 403: No valid crumb was included in the request
以下是此步骤的-vvvv的日志输出
TASK [jenkins : Install plugins] ***********************************************
task path: /Users/chris/Projects/ci/roles/jenkins/tasks/main.yml:56
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
TASK [jenkins : Get Jenkins crumb] *********************************************
task path: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml:2
Using module file /usr/local/Cellar/ansible/2.2.0.0_2/libexec/lib/python2.7/site-packages/ansible/modules/core/network/basics/uri.py
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r cluster01 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555 `" && echo ansible-tmp-1486148016.3-32614286575555="` echo $HOME/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555 `" ) && sleep 0'"'"''
<cluster01> PUT /var/folders/g5/h48p994d3qn7d9_nz7xv2lvh0000gn/T/tmprL_Pye TO /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/uri.py
<cluster01> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r '[cluster01]'
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r cluster01 '/bin/sh -c '"'"'chmod u+x /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/ /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/uri.py && sleep 0'"'"''
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r -tt cluster01 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-vzqwuvcglpsfrrzkvwdcupjtukijcwvl; /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/uri.py; rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''
ok: [cluster01] => {
"attempts": 1,
"changed": false,
"connection": "close",
"content": "{\"_class\":\"hudson.security.csrf.DefaultCrumbIssuer\",\"crumb\":\"ad67abc734af7eae279df5c68098a29e\",\"crumbRequestField\":\"Jenkins-Crumb\"}",
"content_type": "application/json;charset=UTF-8",
"date": "Fri, 03 Feb 2017 18:53:36 GMT",
"invocation": {
"module_args": {
"backup": null,
"body": null,
"body_format": "raw",
"content": null,
"creates": null,
"delimiter": null,
"dest": null,
"directory_mode": null,
"follow": false,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": true,
"group": null,
"headers": {
"Authorization": "Basic YWRtaW46YWRtaW4="
},
"http_agent": "ansible-httpget",
"method": "GET",
"mode": null,
"owner": null,
"password": "admin",
"regexp": null,
"remote_src": null,
"removes": null,
"return_content": true,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
200
],
"timeout": 30,
"unsafe_writes": null,
"url": "http://cluster01:8080/crumbIssuer/api/json",
"url_password": "admin",
"url_username": "admin",
"use_proxy": true,
"user": "admin",
"validate_certs": true
},
"module_name": "uri"
},
"json": {
"_class": "hudson.security.csrf.DefaultCrumbIssuer",
"crumb": "ad67abc734af7eae279df5c68098a29e",
"crumbRequestField": "Jenkins-Crumb"
},
"msg": "OK (unknown bytes)",
"redirected": false,
"server": "Jetty(9.2.z-SNAPSHOT)",
"status": 200,
"url": "http://cluster01:8080/crumbIssuer/api/json",
"x_content_type_options": "nosniff",
"x_jenkins": "2.32.2",
"x_jenkins_session": "3abb7e45"
}
TASK [jenkins : Plugins are installed] *****************************************
task path: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml:15
Using module file /usr/local/Cellar/ansible/2.2.0.0_2/libexec/lib/python2.7/site-packages/ansible/modules/core/network/basics/uri.py
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r cluster01 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735 `" && echo ansible-tmp-1486148016.66-148559593691735="` echo $HOME/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735 `" ) && sleep 0'"'"''
<cluster01> PUT /var/folders/g5/h48p994d3qn7d9_nz7xv2lvh0000gn/T/tmp1RWIY4 TO /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/uri.py
<cluster01> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r '[cluster01]'
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r cluster01 '/bin/sh -c '"'"'chmod u+x /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/ /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/uri.py && sleep 0'"'"''
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r -tt cluster01 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-qixxmffrdktqhuyukutskswbxfsaxrdd; /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/uri.py; rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''
fatal: [cluster01]: FAILED! => {
"cache_control": "must-revalidate,no-cache,no-store",
"changed": false,
"connection": "close",
"content": "<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"/>\n<title>Error 403 No valid crumb was included in the request</title>\n</head>\n<body><h2>HTTP ERROR 403</h2>\n<p>Problem accessing /pluginManager/installNecessaryPlugins. Reason:\n<pre> No valid crumb was included in the request</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>\n\n</body>\n</html>\n",
"content_length": "387",
"content_type": "text/html; charset=ISO-8859-1",
"date": "Fri, 03 Feb 2017 18:53:37 GMT",
"failed": true,
"invocation": {
"module_args": {
"backup": null,
"body": "<jenkins><install plugin=\"git@latest\" /></jenkins>",
"body_format": "raw",
"content": null,
"creates": "/var/jenkins_home/plugins/git",
"delimiter": null,
"dest": null,
"directory_mode": null,
"follow": false,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": false,
"group": null,
"headers": {
"Content-Type": "text/xml",
"Jenkins-Crumb": "ad67abc734af7eae279df5c68098a29e"
},
"http_agent": "ansible-httpget",
"method": "POST",
"mode": null,
"owner": null,
"password": "admin",
"regexp": null,
"remote_src": null,
"removes": null,
"return_content": false,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
200
],
"timeout": 30,
"unsafe_writes": null,
"url": "http://cluster01:8080/pluginManager/installNecessaryPlugins",
"url_password": "admin",
"url_username": "admin",
"use_proxy": true,
"user": "admin",
"validate_certs": true
},
"module_name": "uri"
},
"msg": "Status code was not [200]: HTTP Error 403: No valid crumb was included in the request",
"redirected": false,
"server": "Jetty(9.2.z-SNAPSHOT)",
"status": 403,
"url": "http://cluster01:8080/pluginManager/installNecessaryPlugins",
"x_content_type_options": "nosniff"
}
我已将整个构建(Vagrant和Ansible)推送到github
答案 0 :(得分:0)
我也遇到了这个问题,发现您需要在安装插件的uri任务中指定crumb_token。我看到您在注册name: Get Jenkins crumb变量(name: Plugins are installed)的任务中拥有它,因此您只需将其添加到{{1}}任务中。