How to disable CJOC authorization in PSE?

Issue

  • Changes to Identity Management Provider have locked out access to CJOC
  • No access to CJOC

Environment

  • CloudBees Jenkins Enterprise (CJE)

Resolution

Authentication for CJOC can be removed, if needed, by editing the config.xml file. However, in PSE additional steps are needed to ensure that changes are saved and restart is handled correctly.

1) Connect to CJOC

PSE 1.2.0 and later

Run cje run ssh-into-tenant TENANT_ID to get a shell into the CJOC or master container.

PSE <1.2.0

First, run cje run list-applications to find out in which worker host the container is running. In the following example it would be worker-2 for CJOC:

$ cje run list-applications
castle.jce : worker-2
elasticsearch.jce : worker-2
castle.jce : worker-3
cjoc.jce : worker-2
castle.jce : worker-1

Then ssh into the worker with

dna connect worker-2

2) Disable Security

  • Go to /mnt/cjoc/<containerid> in the file system and find config.xml file.
  • Open this file in the editor.
  • Look for the <useSecurity>true</useSecurity> element in this file.
  • Replace true with false
  • Remove the elements authorizationStrategy and securityRealm

4) Restart CJOC

  • Restart the CJOC worker in Marathon
Have more questions? Submit a request

1 Comments

  • 0
    Avatar
    Eric Long

    How do you find the TENANT_ID ?

     

Please sign in to leave a comment.