- Changes to Identity Management Provider have locked out access to CJOC
- No access to CJOC
- CloudBees Private SaaS Edition (PSE)
Authentication for CJOC can be removed, if needed, by editing the config.xml file. However, in PSE additional steps are needed to ensure that changes are saved and restart is handled correctly.
1) Connect to CJOC
PSE 1.2.0 and later
bees-pse run ssh-into-tenant TENANT_ID to get a shell into the CJOC or master container.
bees-pse run list-applications to find out in which worker host the container is running. In the following example it would be
worker-2 for CJOC:
$ bees-pse run list-applications castle.jce : worker-2 elasticsearch.jce : worker-2 castle.jce : worker-3 cjoc.jce : worker-2 castle.jce : worker-1
Then ssh into the worker with
dna connect worker-2
At this point we can get a shell into the container.
sudo docker exec -ti $(sudo docker ps -f label=com.cloudbees.pse.tenant=TENANT_ID -q) bash
2) Disable Security
- stop Jenkins (the easiest way to do this is to kill the servlet container.)
- Go to $JENKINS_HOME in the file system and find config.xml file.
- Open this file in the editor.
- Look for the
<useSecurity>true</useSecurity>element in this file.
- Replace true with false
- Remove the elements authorizationStrategy and securityRealm
3) Force a snapshot
- Follow these steps to force a snapshot
4) Restart CJOC
- Access Marathon and verify that snapshot job has completed in storage
- Restart the CJOC worker in Marathon