Blog
Token
About Us
AiDOOS Wiki
Project Cost Estimation

Welcome to Knowledge Base!

KB at your finger tips

This is one stop global knowledge base where you can learn about all the products, solutions and support features.

Categories
All
CRM
Salesforce
ERP
SAP
Storage and Backups
Purestorage Netapp Nutanix
Cloud
AWS
Computing
IBM
Database
MongoDB MySQL PostgreSQL
DevOps
Docker Kubernetes Jenkins GitLab
Mobile
React Native Android
Web
React Angular PHP
Programming
Python
Products
CNC Software (Mastercam) 3D perception 7shifts

DevOps-Jenkins

Windows

Windows

Table of Contents
  • Prerequisites
  • Installation steps using Windows MSI installer
  • Silent Install with the MSI installers
  • Post-installation setup wizard
    • Unlocking Jenkins
    • Customizing Jenkins with plugins
    • Creating the first administrator user
  • Troubleshooting Windows installation
    • Invalid service logon credentials

The simplest way to install Jenkins on Windows is to use the Jenkins Windows installer. That program will install Jenkins as a service using a 64 bit JVM chosen by the user. Keep in mind that to run Jenkins as a service, the account that runs Jenkins must have permission to login as a service.

Prerequisites

Minimum hardware requirements:

  • 256 MB of RAM

  • 1 GB of drive space (although 10 GB is a recommended minimum if running Jenkins as a Docker container)

Recommended hardware configuration for a small team:

  • 4 GB+ of RAM

  • 50 GB+ of drive space

Comprehensive hardware recommendations:

  • Hardware: see the Hardware Recommendations page

Software requirements:

  • Java: see the Java Requirements page

  • Web browser: see the Web Browser Compatibility page

  • For Windows operating system: Windows Support Policy

  • For Linux operating system: Linux Support Policy

  • For servlet containers: Servlet Container Support Policy

Installation steps using Windows MSI installer

How to install Jenkins on Windows

Refer to the Windows section of the Downloading Jenkins page to download either an LTS release or a weekly release of the Windows installer. After the download completes, open the Windows installer and follow the steps below to install Jenkins.

Step 1: Setup wizard

On opening the Windows Installer, an Installation Setup Wizard appears, Click Next on the Setup Wizard to start your installation.

Windows Installation Setup Wizard

Step 2: Select destination folder

Select the destination folder to store your Jenkins Installation and click Next to continue.

Jenkins Installation Destination

Step 3: Service logon credentials

When Installing Jenkins, it is recommended to install and run Jenkins as an independent windows service using a local or domain user as it is much safer than running Jenkins using LocalSystem(Windows equivalent of root) which will grant Jenkins full access to your machine and services.

To run Jenkins service using a local or domain user , specify the domain user name and password with which you want to run Jenkins, click on Test Credentials to test your domain credentials and click on Next .

Jenkins Service Logon Credentials

If you get Invalid Logon Error pop-up while trying to test your credentials, follow the steps explained here to resolve it.
Step 4: Port selection

Specify the port on which Jenkins will be running, Test Port button to validate whether the specified port if free on your machine or not. Consequently, if the port is free, it will show a green tick mark as shown below, then click on Next .

Jenkins Select Port

Step 5: Select Java home directory

The installation process checks for Java on your machine and prefills the dialog with the Java home directory. If the needed Java version is not installed on your machine, you will be prompted to install it.

Once your Java home directory has been selected, click on Next to continue.

Select Java Home Directory

Step 6: Custom setup

Select other services that need to be installed with Jenkins and click on Next .

Jenkins Custom Setup

Step 7: Install Jenkins

Click on the Install button to start the installation of Jenkins.

Windows Install Jenkins

Additionally, clicking on the Install button will show the progress bar of installation, as shown below:

Windows Installation Progress

Step 8: Finish Jenkins installation

Once the installation completes, click on Finish to complete the installation.

Jenkins will be installed as a Windows Service . You can validate this by browsing the services section, as shown below:

Windows Jenkins Service

See the upgrade steps when you upgrade to a new release.

Silent Install with the MSI installers

MSI installers can be installed via a silent method, which can show basic UI (/qb) or no UI at all (/qn). The silent method does not prompt for user input so there are properties that you can pass to the installer to set the specific values. A very basic command line is shown below for a silent install. 

msiexec.exe /i "path\to\jenkins.msi" /qn /norestart
This will use all of the default values for things that would normally be a prompt such as:

  • Installation directory

  • Service account username/password

  • Java installation directory

  • The port for Jenkins to listen on

Each of these things can be overridden by passing a NAME=VALUE property pair for what you want to override:

Property Name Description

INSTALLDIR

Path to the directory to install Jenkins. (Default: C:\Program Files\Jenkins)

PORT

The port Jenkins will listen on. (Default: 8080)

JAVA_HOME

The directory where java.exe can be found. (Default: The first Java runtime found in the registry with Java 11 being higher priority than Java 17)

SERVICE_USERNAME

The username that the service should run as. The account must have LogonAsService permissions. (Default: In silent mode, the LOCALSYSTEM account)

SERVICE_PASSWORD

The password for the SERVICE_USERNAME account. This should only be provided if SERVICE_USERNAME is provided. (Default: In silent mode, none for LOCALSYSTEM)

A more complex example, including the creation of a log file for the installation process is shown below: 

msiexec.exe /i "path\to\jenkins.msi" /qn /norestart INSTALLDIR="D:\Jenkins" JAVA_HOME="C:\Program Files\SomeJava" PORT=80 /L*v "path\to\logfile.txt"

This would install Jenkins into D:\Jenkins, use the Java runtime from C:\Program Files\SomeJava and Jenkins would be listening on port 80.

Post-installation setup wizard

After downloading, installing and running Jenkins, the post-installation setup wizard begins.

This setup wizard takes you through a few quick "one-off" steps to unlock Jenkins, customize it with plugins and create the first administrator user through which you can continue accessing Jenkins.

Unlocking Jenkins

When you first access a new Jenkins instance, you are asked to unlock it using an automatically-generated password.

Step 1

Browse to http://localhost:8080 (or whichever port you configured for Jenkins when installing it) and wait until the Unlock Jenkins page appears.

Unlock Jenkins page

Step 2

The initial Administrator password should be found under the Jenkins installation path (set at Step 2 in Jenkins Installation).

For default installation location to C:\Program Files\Jenkins, a file called initialAdminPassword can be found under C:\Program Files\Jenkins\secrets.

However, If a custom path for Jenkins installation was selected, then you should check that location for initialAdminPassword file.

Jenkins Initial Password Location

Step 3

Open the highlighted file and copy the content of the initialAdminPassword file.

Jenkins Initial Password File

Step 4

On the Unlock Jenkins page, paste this password into the Administrator password field and click Continue .
Notes:

  • You can also access Jenkins logs in the jenkins.err.log file in your Jenkins directory specified during the installation.

  • The Jenkins log file is another location (in the Jenkins home directory) where the initial password can also be obtained. Windows Jenkins Log File This password must be entered in the setup wizard on new Jenkins installations before you can access Jenkins’s main UI. This password also serves as the default administrator account’s password (with username "admin") if you happen to skip the subsequent user-creation step in the setup wizard.

Customizing Jenkins with plugins

After unlocking Jenkins, the Customize Jenkins page appears. Here you can install any number of useful plugins as part of your initial setup.

Click one of the two options shown:

  • Install suggested plugins - to install the recommended set of plugins, which are based on most common use cases.

  • Select plugins to install - to choose which set of plugins to initially install. When you first access the plugin selection page, the suggested plugins are selected by default.

If you are not sure what plugins you need, choose Install suggested plugins . You can install (or remove) additional Jenkins plugins at a later point in time via the Manage Jenkins > Manage Plugins page in Jenkins.

The setup wizard shows the progression of Jenkins being configured and your chosen set of Jenkins plugins being installed. This process may take a few minutes.

Creating the first administrator user

Finally, after customizing Jenkins with plugins , Jenkins asks you to create your first administrator user.

  1. When the Create First Admin User page appears, specify the details for your administrator user in the respective fields and click Save and Finish .

  2. When the Jenkins is ready page appears, click Start using Jenkins .
    Notes:

    • This page may indicate Jenkins is almost ready! instead and if so, click Restart .

    • If the page does not automatically refresh after a minute, use your web browser to refresh the page manually.

  3. If required, log in to Jenkins with the credentials of the user you just created and you are ready to start using Jenkins!

Troubleshooting Windows installation

Invalid service logon credentials

Invalid Service Logon Credentials

When installing a service to run under a domain user account, the account must have the right to logon as a service. This logon permission applies strictly to the local computer and must be granted in the Local Security Policy.

Perform the following steps below to edit the Local Security Policy of the computer you want to define the ‘logon as a service’ permission:

  1. Logon to the computer with administrative privileges.

  2. Open the Administrative Tools and open the Local Security Policy

  3. If the Local Security Policy is missing in your system, refer to the answer in the Where to download GPEdit.msc for Windows 10 Home? question on Microsoft Community to troubleshoot

  4. Expand Local Policy and click on User Rights Assignment

  5. In the right pane, right-click Log on as a service and select properties.

  6. Click on the Add User or Group… button to add the new user.

  7. In the Select Users or Groups dialogue, find the user you wish to enter and click OK

  8. Click OK in the Log on as a service Properties to save changes.

After completing the steps above, try logging in again with the added user.

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?


See existing feedback here.

About Jenkins

About Jenkins

The Manage Jenkins >> About Jenkins page shows the current release of Jenkins on your system plus information about licenses for all components. The top of the display shows the release and version of Jenkins that is running.

The following information about your Jenkins cluster is also provided:

  • List of all third-party libraries used for this release of Jenkins, with links to licensing details about each library.

  • List of static resources that are installed.

  • List of installed plugins, each of which includes a link to the page that shows all third-party dependencies for each plugin with a link to licensing details about each library.

This video shares different methods to check the version of Jenkins being used.

What is the latest version of Jenkins?

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?


See existing feedback here.

Read article

Built-In Node Name and Label Migration

Built-In Node Name and Label Migration

As part of the terminology cleanup effort, the built-in node was renamed from "master node" to "built-in node" in Jenkins 2.307 and in Jenkins 2.319.1. This is not just a change affecting the UI and documentation: The node name affects the implicitly assigned label of the node (and consequently the NODE_LABELS environment variable), as well as the NODE_NAME environment variable.

The NODE_NAME environment variable in Pipelines is set by the Pipeline: Nodes and Processes plugin. In plugin version 2.39 and earlier, this value is always master . Update to version 2.40 or newer to get consistent behavior between job types.

Affected Features

Jenkins features using node labels are therefore potentially impacted by any such changes. These features include:

  • Label assignments of various project types, both on the top level (e.g. Freestyle jobs) and within jobs (e.g. node statements in Scripted Pipeline, label parameters to agent sections in Declarative Pipeline, or Matrix Project axes).

  • Label assignments of features like custom tool auto-installers, typically used to distinguish OS platforms.

  • Any custom build scripts whose behavior is different based on the NODE_NAME or NODE_LABELS environment variables (or their env global variable equivalent in Pipeline).

  • Any similar features in plugins.

Migration

Due to the potential impact to build behavior, instances upgrading Jenkins to version 2.307 or newer do not automatically get these behavior changes applied. Instead, an administrative monitor informs administrators about this change and allows them to apply it.

Before applying the built-in node name and label migration, administrators are advised to review their configuration and build scripts to assess the impact to their instance and jobs.

Most problems with label assignments can likely be worked around by manually assigning the label master to the built-in node and then migrating affected configuration incrementally to not need this workaround.

Plugin Compatibility

Known Incompatible Plugins

  • Pipeline: Nodes and Processes always sets the NODE_NAME to master in Pipelines before version 2.40.

  • Node and Label Parameter plugin displays the controller node as master in releases before version 1.10.0.

Use this Jira query to find compatibility issues tracked in the Jenkins Jira.

Use this GitHub query to find compatibility issues tracked on GitHub.

Reporting Incompatible Plugins

Please report problems in the respective plugin’s issue tracker.

If the affected plugin uses the Jenkins Jira to track issues, please add the label built-in-node-migration-regression .

If the affected plugin tracks issues on GitHub, please make sure to mention the Jenkins pull request that implemented the change in your issue.

Read article

Configuration as Code

Configuration as Code

The Jenkins Configuration as Code (JCasC) feature defines Jenkins configuration parameters in a human-readable YAML file that can be stored as source code. This essentially captures the configuration parameters and values that are used when configuring Jenkins from the web UI. The configuration can then be modified by editing this file and then applying it.

Traditionally, experienced Jenkins administrators created Apache Groovy init scripts to automate the configuration for their Jenkins instances. This works but requires in-depth understanding of Jenkins APIs and the ability to write Groovy scripts. Such scripts are powerful and can do almost anything, but they also provide few protections against configuration errors.

JCasC provides the convenience and flexibility of configuring controllers without using the UI. It does not require more understanding of the configuration parameters than is required to configure Jenkins through the UI and it provides some checks on the values that are provided.

The JCasC configuration file can be checked into an SCM, which enables you to determine who made what modifications to the configuration and to roll back to a previous configuration if necessary.

The Configuration as Code plugin must be installed on the Jenkins controller that you will use to build out your JCasC configuration. If you do not see the Configuration as Code tile in the System Configuration section of the Manage Jenkins page on your dashboard, you need to install the plugin.

Viewing the JCasC file

When the Configuration as Code plugin is installed, you will see Configuration as Code in the System Configuration section of the Manage Jenkins page on your dashboard. Click on this link, then click on View Configuration to view the YAML file.

This file is an export of the current configuration on this controller. In most cases, it is ready to use without modification although you usually want to customize it before deploying it. You may want to push the unmodified version to SCM so you have it as part of your history.

The Configuration as Code UI page shows the full pathname of the YAML file being used and gives a box where you can specify a different file to use. See the information below about how to modify the location used for JCasC YAML files.

The default JCasC YAML file has four sections:

  • jenkins section defines the root Jenkins object, with configurations that can be set with the Manage Jenkins >> Configure System and Manage Jenkins >> Configure Nodes and Clouds screens.

  • tool section defines build tools that can be set on the Manage Jenkins >> Global Tool Configuration screen.

  • unclassified section defines all other configurations, including configuration for installed plugins.

  • credentials section defines credentials that can be set on the Manage Jenkins >> Manage Credentials screen. You may want to delete this section from your YAML file; this is discussed in How to Install Jenkins on CentOS 7 Using Ansible and JCasC.

YAML file syntax

JCasC defines the controller configuration in a YAML file. YAML is a popular serialization language for configuration information, with a syntax that is straight-forward and easy to read but precise.

Some key points about YAML syntax:

  • YAML files are case sensitive.

  • Indentation is very significant and specific.

  • Each item is a key/value pair.

    • The key is followed by a colon ( : ) and a space.

    • YAML converts certain strings into other types unless they are in quotes.

      • Values such as true , false , Yes , and No are converted to Boolean values.

      • Values such as 2 and 3.0 are converted to floating point values.

  • A value can be a list:

    • Each list item is on a separate line starting with a dash ( - ).

    • Each list item in the file must start at the same indentation.

      • Use spaces, never tabs, for indentation.

    • Never leave a blank line in a YAML file — things will break!

See the YAML Reference Card for more details about YAML file syntax.

Checking the YAML files into SCM

To get the maximum benefit of JCasC, the YAML files should be stored in SCM. This gives you a history that you can use to trace changes that are made and allow you to easily roll back to an earlier version of the file if necessary.

JCasC does not require that the file be stored in SCM and so does not enforce any rules about how you do this. The most common practice is to create one SCM repository in which you store all of your JCasC files.

If you are storing your JCasC YAML files in SCM, you should commit the first default file that is generated, before you make any modifications to the file.

Modifying the JCasC file

To modify the JCasC YAML file, use the text editor of your choice to edit the file that is listed on the Manage Jenkins >> Configuration as Code UI page. By default, this is $JENKINS_HOME/jenkins.yaml .

For a simple exercise to work through the process, you can modify the value of the "System Message" that is displayed on the Jenkins dashboard.

  1. Open the JCasC YAML file with the text editor of your choice.

  2. Find the systemMessage line near the top of the file: 

    jenkins:
  systemMessage: "Jenkins configured automatically by Jenkins Configuration as Code plugin\n\n"

  3. Modify the text between the quotation marks to contain your new text

  4. Write/save the file

  5. Click the Reload existing configuration button to apply the changes

  6. View the modified "System Message" on your dashboard

It is not necessary to restart Jenkins to apply the JCasC changes, although you should try to restart Jenkins with the modifications before you check the modified YAML file into SCM, especially when making more substantive configuration changes.

When you have made and tested your desired changes, push the modified JCasC YAML file to your SCM.

Configuring a plugin with JCasC

To configure a plugin with JCasC:

  1. Use the UI of the current system to install and configure the plugin

  2. Click Apply >> Save to save the configuration

  3. Use Manage Jenkins >> Configuration as Code >> View Configuration to view the JCasC file with the plugin configured

  4. Click on Download Configuration to save the modified configuration file locally

  5. Edit the JCasC YAML file to modify the configuration, if necessary

  6. Save the file

  7. Click Reload existing configuration to load the local changes onto the Jenkins server

  8. Verify the changes on the UI

  9. When you have thoroughly tested the plugin configuration, push the modified YAML file to your SCM

See the Configure Plugins with JCasC blog for detailed instructions and an embedded video demonstration of this process.

YAML file location

By default, the YAML file for the CasC configuration is located in $JENKINS_HOME/jenkins.yaml . The location and name of the file being used is displayed on the Configuration as Code UI page. You can specify a different file to view by typing the full pathname into the Path or URL field.

You can specify a different location or a different file name for the creation of the JCasC YAML file by doing either of the following:

  • Populate the CASC_JENKINS_CONFIG environment variable to point to a comma-separated list that defines where configuration files are located.

  • Use the casc.jenkins.config Java property to control the file name and location. This is useful when installing Jenkins via a package management tool. Most package management systems support configuration files that are retained across upgrades. It is best to not modify a file installed by a package manager because it could be overwritten by an update.

    On Linux systems, you can run systemctl edit jenkins and add the following: 

    [Service]
Environment="JAVA_OPTS=-Dcasc.jenkins.config=/jenkins/casc_configs"

The file location and name can be specified as any of the following:

  • Path to a folder containing a set of config files such as /var/jenkins_home/casc_configs .

  • A full path to a single file such as /var/jenkins_home/casc_configs/jenkins.yaml .

  • A URL pointing to a file served on the web such as https://acme.org/jenkins.yaml .

The value of the CASC_JENKINS_CONFIG variable is unpacked according to the following rules:

  • If an element of CASC_JENKINS_CONFIG points to a folder, the plugin recursively traverses the folder to find file(s) with the .yml, .yaml, .YAML, or .YML suffix.

  • It excludes hidden files or files that contain a hidden folder (such as/ jenkins/casc_configs/.dir1/config.yaml ) in any part of the full path.

  • It follows symbolic links for both files and directories.

  • The order of traversal does not matter to the final outcome because all configuration files that are discovered MUST be supplementary. If a file attempts to overwrite configuration values from another file, it creates a conflict and raises a ConfiguratorException .

CasC configuration and UI modifications

Configuration for a Jenkins controller should be implemented either with CasC or with the UI, but not by both. The system allows administrators to modify configuration options on the UI even when they were configured by CasC, but these modifications are overwritten the next time the controller restarts.

You can install the Extended Read Permission Plugin, which allows you to grant read-only access to configuration parameters to users. See JEP-224: Readonly system configuration for more details.

A small group of administrators may have write access to the UI configuration fields. They should understand that JCasC will overwrite changes they make on the UI.

For more information

General information

  • Look Ma! No Hands! — Manage Jenkins Configuration as Code is a video of the 2018 DevOps World presentation that introduced the JCasC feature.

  • Configure Plugins with JCasC is a blog post with video that demonstrates how to configure a plugin with JCasC.

  • How to Install Jenkins on CentOS 7 Using Ansible and JCasC is a video presentation with details about using JCasc.

Implementation details

Much of the detailed JCasC documentation is provided in the Github repository.

  • Implementation details

    • The demos directory contains sample *.yaml files for configuring specific Jenkins components and plugins, with a README file in each directory that describes the configurations for that component.

    • How to create the initial "seed" job with Job DSL

    • Usage scenarios

    • Triggering Configuration Reload

    • Exporting configurations

Information for plugin developers and maintainers

  • Developer documentation for JCasC

  • JCasC Requirements - guide for plugin maintainers

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?


See existing feedback here.

Read article

Change System Time Zone

Change System Time Zone

Table of Contents
  • User Defined Time Zone
  • System Time Zone properties

The system time zone configuration is the default time zone displayed by Jenkins. The "Manage Jenkins" ⇒ "System Information" page shows the value of the system properties that define the time zone for the Jenkins controller.

Refer to the following video for tips on changing the time zone

Changing the time zone in Jenkins

User Defined Time Zone

A user defined time zone for the account can be set from the configure option in the user settings.

Configure option in the dropdown
Changing user defined timezone setting

System Time Zone properties

If you cannot change the time zone of your server, you can force jelly to use a given time zone for formatting time stamps.

You need to start your Jenkins with the following java system property: 

java -Dorg.apache.commons.jelly.tags.fmt.timeZone=TZ ...

where TZ is a java.util.TimeZone ID ("Europe/Paris" for example).

Note that user.timezone=Europe/Paris will work as well, but it can interfere with other contexts.

If running Jenkins via a Linux package, this can be accomplished by running systemctl edit jenkins and adding the following: 

[Service]
Environment="JAVA_OPTS=-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/New_York"

or, if that doesn’t work: 

[Service]
Environment="JAVA_OPTS=-Duser.timezone=America/New_York"

On FreeBSD, the file to edit is /etc/rc.conf, and the option to use is: 

jenkins_java_opts="-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/Denver"

On windows, edit %INSTALL_PATH%/jenkins/jenkins.xml . Put -Dargs before -jar : 

<arguments>-Duser.timezone="Europe/Minsk" -jar "%BASE%\jenkins.war"</arguments>

You can also set it from the Jenkins Script Console on a live system without the need for a restart. This can also be included in a Post-initialization script to make it permanent. 

System.setProperty('org.apache.commons.jelly.tags.fmt.timeZone', 'America/New_York')

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?


See existing feedback here.

Read article

Jenkins CLI

Jenkins CLI

Table of Contents
  • Using the CLI over SSH
    • Authentication
    • Common Commands
  • Using the CLI client
    • Comparing SSH and CLI client
    • Downloading the client
    • Using the client
    • Client connection modes
    • Common Problems with the CLI client

Jenkins has a built-in command line interface that allows users and administrators to access Jenkins from a script or shell environment. This can be convenient for scripting of routine tasks, bulk updates, troubleshooting, and more.

The command line interface can be accessed over SSH or with the Jenkins CLI client, a .jar file distributed with Jenkins.

This document assumes Jenkins 2.54 or newer. Older versions of the CLI client are considered insecure and should not be used.

WebSocket support is available when using both server and client 2.217 or newer.

Using the CLI over SSH

In a new Jenkins installation, the SSH service is disabled by default. Administrators may choose to set a specific port or ask Jenkins to pick a random port in the Configure Global Security page. In order to determine the randomly assigned SSH port, inspect the headers returned on a Jenkins URL, for example: 

% curl -Lv https://JENKINS_URL/login 2>&1 | grep -i 'x-ssh-endpoint'
< X-SSH-Endpoint: localhost:53801
%

With the random SSH port ( 53801 in this example), and Authentication configured, any modern SSH client may securely execute CLI commands.

Authentication

Whichever user used for authentication with the Jenkins controller must have the Overall/Read permission in order to access the CLI. The user may require additional permissions depending on the commands executed.

Authentication in SSH mode relies on SSH-based public/private key authentication. In order to add an SSH public key for the appropriate user, navigate to JENKINS_URL/me/configure and paste an SSH public key into the appropriate text area.

Adding public SSH keys for a user

Common Commands

Jenkins has a number of built-in CLI commands which can be found in every Jenkins environment, such as build or list-jobs . Plugins may also provide CLI commands; in order to determine the full list of commands available in a given Jenkins environment, execute the CLI help command: 

% ssh -l kohsuke -p 53801 localhost help

The following list of commands is not comprehensive, but it is a useful starting point for Jenkins CLI usage.

build

One of the most common and useful CLI commands is build , which allows the user to trigger any job or Pipeline for which they have permission.

The most basic invocation will simply trigger the job or Pipeline and exit, but with the additional options a user may also pass parameters, poll SCM, or even follow the console output of the triggered build or Pipeline run. 

% ssh -l kohsuke -p 53801 localhost help build

java -jar jenkins-cli.jar build JOB [-c] [-f] [-p] [-r N] [-s] [-v] [-w]
Starts a build, and optionally waits for a completion.  Aside from general
scripting use, this command can be used to invoke another job from within a
build of one job.  With the -s option, this command changes the exit code based
on the outcome of the build (exit code 0 indicates a success) and interrupting
the command will interrupt the job.  With the -f option, this command changes
the exit code based on the outcome of the build (exit code 0 indicates a
success) however, unlike -s, interrupting the command will not interrupt the
job (exit code 125 indicates the command was interrupted).  With the -c option,
a build will only run if there has been an SCM change.
 JOB : Name of the job to build
 -c  : Check for SCM changes before starting the build, and if there's no
       change, exit without doing a build
 -f  : Follow the build progress. Like -s only interrupts are not passed
       through to the build.
 -p  : Specify the build parameters in the key=value format.
 -s  : Wait until the completion/abortion of the command. Interrupts are passed
       through to the build.
 -v  : Prints out the console output of the build. Use with -s
 -w  : Wait until the start of the command
% ssh -l kohsuke -p 53801 localhost build build-all-software -f -v
Started build-all-software #1
Started from command line by admin
Building in workspace /tmp/jenkins/workspace/build-all-software
[build-all-software] $ /bin/sh -xe /tmp/hudson1100603797526301795.sh
+ echo hello world
hello world
Finished: SUCCESS
Completed build-all-software #1 : SUCCESS
%

console

Similarly useful is the console command, which retrieves the console output for the specified build or Pipeline run. When no build number is provided, the console command will output the last completed build’s console output. 

% ssh -l kohsuke -p 53801 localhost help console

java -jar jenkins-cli.jar console JOB [BUILD] [-f] [-n N]
Produces the console output of a specific build to stdout, as if you are doing 'cat build.log'
 JOB   : Name of the job
 BUILD : Build number or permalink to point to the build. Defaults to the last
         build
 -f    : If the build is in progress, stay around and append console output as
         it comes, like 'tail -f'
 -n N  : Display the last N lines
% ssh -l kohsuke -p 53801 localhost console build-all-software
Started from command line by kohsuke
Building in workspace /tmp/jenkins/workspace/build-all-software
[build-all-software] $ /bin/sh -xe /tmp/hudson1100603797526301795.sh
+ echo hello world
yes
Finished: SUCCESS
%

who-am-i

The who-am-i command is helpful for listing the current user’s credentials and permissions available to the user. This can be useful when debugging the absence of CLI commands due to the lack of certain permissions. 

% ssh -l kohsuke -p 53801 localhost help who-am-i

java -jar jenkins-cli.jar who-am-i
Reports your credential and permissions.
% ssh -l kohsuke -p 53801 localhost who-am-i
Authenticated as: kohsuke
Authorities:
  authenticated
%

Using the CLI client

While the SSH-based CLI is fast and covers most needs, there may be situations where the CLI client distributed with Jenkins is a better fit. For example, the default transport for the CLI client is HTTP which means no additional ports need to be opened in a firewall for its use.

Comparing SSH and CLI client

Both SSH and jenkins-cli.jar provide access to a set of commands that lets you interact with Jenkins from a command line, but they have a few differences:

  • Jenkins SSH does not require any custom jar file on the client side, making it easier to access Jenkins from a variety of sources

  • SSH client was build to be a generic tool to serve several purposes. It doesn’t offer an easy way to do basic things that are common and specific to Jenkins environments. Using the jenkins-cli.jar instead of the ssh client may increase productivity and improve the development experience

Downloading the client

The CLI client can be downloaded directly from a Jenkins controller at the URL /jnlpJars/jenkins-cli.jar , in effect JENKINS_URL/jnlpJars/jenkins-cli.jar

While a CLI .jar can be used against different versions of Jenkins, should any compatibility issues arise during use, please re-download the latest .jar file from the Jenkins controller.

Using the client

The general syntax for invoking the client is as follows: 

java -jar jenkins-cli.jar [-s JENKINS_URL] [global options...] command [command options...] [arguments...]

The JENKINS_URL can be specified via the environment variable $JENKINS_URL . Summaries of other general options can be displayed by running the client with no arguments at all.

Client connection modes

There are three basic modes in which the client may be used, selectable by global option: -http , -webSocket , and -ssh .

HTTP connection mode

This is the default mode, though you may pass the -http option explicitly for clarity.

Authentication is preferably with an -auth option, which takes a username:apitoken argument. Get your API token from /me/configure : 

java -jar jenkins-cli.jar [-s JENKINS_URL] -auth kohsuke:abc1234ffe4a command ...

(Actual passwords are also accepted, but this is discouraged.)

You can also precede the argument with @ to load the same content from a file: 

java -jar jenkins-cli.jar [-s JENKINS_URL] -auth @/home/kohsuke/.jenkins-cli command ...

For security reasons the use of a file to load the authentication credentials is the recommended authentication way.

An alternative authentication method is to configure environment variables in a similar way as the $JENKINS_URL is used. The username can be specified via the environment variable $JENKINS_USER_ID while the apitoken can be specified via the variable $JENKINS_API_TOKEN . Both variables have to be set all at once. 

export JENKINS_USER_ID=kohsuke
export JENKINS_API_TOKEN=abc1234ffe4a
java -jar jenkins-cli.jar [-s JENKINS_URL] command ...

In case these environment variables are configured you could still override the authentication method using different credentials with the -auth option, which takes preference over them.

Generally no special system configuration need be done to enable HTTP-based CLI connections. If you are running Jenkins behind an HTTP(S) reverse proxy, ensure it does not buffer request or response bodies.

This mode is known to not work reliably or at all when using certain reverse proxies. Prefer WebSocket mode.

WebSocket connection mode

In Jenkins 2.217 and above, the -webSocket mode may be used as an alternative to -http . The advantage is that a more standard transport is used, avoiding problems with many reverse proxies or the need for special proxy configuration.

SSH connection mode

Authentication is via SSH keypair. You must select the Jenkins user ID as well: 

java -jar jenkins-cli.jar [-s JENKINS_URL] -ssh -user kohsuke command ...

In this mode, the client acts essentially like a native ssh command.

By default the client will try to connect to an SSH port on the same host as is used in the JENKINS_URL . If Jenkins is behind an HTTP reverse proxy, this will not generally work, so run Jenkins with the system property -Dorg.jenkinsci.main.modules.sshd.SSHD.hostName=ACTUALHOST to define a hostname or IP address for the SSH endpoint.

Common Problems with the CLI client

There are a number of common problems that may be experienced when running the CLI client.

Server key did not validate

You may get the error below and find a log entry just below that concerning mismatched keys : 

org.apache.sshd.common.SshException: Server key did not validate
    at org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:523)
    at org.apache.sshd.common.session.helpers.AbstractSession.handleKexMessage(AbstractSession.java:616)
    ...

This means your SSH configuration does not recognize the public key presented by the server. It’s often the case when you run Jenkins in dev mode and multiple instances of the application are run under the same SSH port over time.

In a development context, access your ~/.ssh/known_hosts (or in C:/Users/<your_name>/.ssh/known_hosts for Windows) and remove the line corresponding to your current SSH port (e.g. [localhost]:3485 ). In a production context, check with the Jenkins administrator if the public key of the server changed recently. If so, ask the administrator to do the the steps described above.

UsernameNotFoundException

If your client displays a stacktrace that looks like: 

org.acegisecurity.userdetails.UsernameNotFoundException: <name_you_used>
    ...

This means your SSH keys were recognized and validated against the stored users but the username is not valid for the security realm your application is using at the moment. This could occur when you were using the Jenkins database initially, configured your users, and then switched to another security realm (like LDAP, etc.) where the defined users do not exist yet.

To solve the problem, ensure your users exist in your configured security realm.

Troubleshooting logs

To get more information about the authentication process:

  1. Go into Manage Jenkins > System Log > Add new log recorder .

  2. Enter any name you want and click on Ok .

  3. Click on Add

  4. Type org.jenkinsci.main.modules.sshd.PublicKeyAuthenticatorImpl (or type PublicKeyAuth and then select the full name)

  5. Set the level to ALL .

  6. Repeat the previous three steps for hudson.model.User

  7. Click on Save

When you try to authenticate, you can then refresh the page and see what happen internally.

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?


See existing feedback here.

Read article