「Jenkins」- 权限与安全

管理密码重置

If you forgot Jenkins Admin password how to trouble shoot? DEVOPS Interview Question
Quick HOWTO: Reset Jenkins Admin Password

WIP 待完善:过程并不是十分的清晰

# vi /var/lib/jenkins/config.xml file

<useSecurity>false</useSecurity>

# service jenkins restart

Manage Jenkins > Configure Global Security > Enable security -> Jenkins’ own user database

授权用户可访问的页面

accessing Jenkins HTML report

用户需要登录,才能查看及访问某些页面。在内网中,用户需要不登录就查看某些页面。

访问 Configure Global Security 页面,赋予匿名用户(或特定用户)赋予 Read(读取)权限。

注意事项,不建议这么做,因为有些 Jenkins 部署在公网,赋予匿名用户权限后,公网可以直接访问。

认证 | Authentication

LDAP

安装 LDAP https://plugins.jenkins.io/ldap/ 插件

Manage Jenkins / Security / Authentication

接入 LLDAP 认证 | https://github.com/lldap/lldap/blob/main/example_configs/jenkins.md

授权 | Authorization

Access Control | https://www.jenkins.io/doc/book/security/access-control/

Anyone can do anything
Legacy mode
Logged-in users can do anything

Matrix-based security

Matrix Authorization Strategy | https://plugins.jenkins.io/matrix-auth/

Matrix-based security | 通过该方式,我们能够在全局控制用户能够进行的操作。

Project-based Matrix Authorization Strategy | 通过该方式,在特定的 Job 中,我们能够进行特定用户的权限控制。

案例:Metrix-Based, Role-Based and Project-based Matrix Authentication in Jenkins | https://medium.com/@maheshparade/metrix-based-role-based-and-project-based-matrix-authentication-in-jenkins-ab984314b1d8

Role-based Strategy

Jenkins restrict view of jobs per user