管理密码重置
If you forgot Jenkins Admin password how to trouble shoot? DEVOPS Interview Question
Quick HOWTO: Reset Jenkins Admin Password
WIP 待完善:过程并不是十分的清晰
# vi /var/lib/jenkins/config.xml file
# service jenkins restart
Manage Jenkins > Configure Global Security > Enable security -> Jenkins’ own user database
授权用户可访问的页面
用户需要登录,才能查看及访问某些页面。在内网中,用户需要不登录就查看某些页面。
访问 Configure Global Security 页面,赋予匿名用户(或特定用户)赋予 Read(读取)权限。
注意事项,不建议这么做,因为有些 Jenkins 部署在公网,赋予匿名用户权限后,公网可以直接访问。
认证 | Authentication
LDAP
安装 LDAP https://plugins.jenkins.io/ldap/ 插件
Manage Jenkins / Security / Authentication
接入 LLDAP 认证 | https://github.com/lldap/lldap/blob/main/example_configs/jenkins.md
授权 | Authorization
Access Control | https://www.jenkins.io/doc/book/security/access-control/
Anyone can do anything
Legacy mode
Logged-in users can do anything
Matrix-based security
Matrix Authorization Strategy | https://plugins.jenkins.io/matrix-auth/
Matrix-based security | 通过该方式,我们能够在全局控制用户能够进行的操作。
Project-based Matrix Authorization Strategy | 通过该方式,在特定的 Job 中,我们能够进行特定用户的权限控制。
案例:Metrix-Based, Role-Based and Project-based Matrix Authentication in Jenkins | https://medium.com/@maheshparade/metrix-based-role-based-and-project-based-matrix-authentication-in-jenkins-ab984314b1d8
Role-based Strategy
Jenkins restrict view of jobs per user