-
Bug
-
Resolution: Incomplete
-
Major
-
None
-
Vagrant->Ansible->CentOS->Jenkins
This is part of an automated deploy process. Vagrant fires off a VM, Ansible takes over, install Jenkins, plug-ins, copies over secrets folder, credentials.xml, all keys. These are from a blank instance where the credentials were added then all files copied to Ansible.
However, the plug-in will see the passwords as not being encrypted, and will re-encrypt them on any credentials plug-in action. This is encrypting the encrypted passwords, which of course means no credentials work, sans the one modified or added.
After the double encryption has happened, I've compared a file-by-file diff between the original Jenkins folder, and the one with double encrypted passwords. The only difference between the two is the credentials.xml file.
If the keys, entire secrets folder remain the same, why is the plug-in re-encrypting encrypted passwords?
- diff jenkins jenkins2
diff jenkins/credentials.xml jenkins2/credentials.xml
2c2
< <com.cloudbees.plugins.credentials.SystemCredentialsProvider plugin="credentials@1.22">
—
> <com.cloudbees.plugins.credentials.SystemCredentialsProvider plugin="credentials@1.9.4">
9c9
< <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
—
> <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.6.1">
14c14
< <passphrase>+Duk05r+llYpdKqlfHps7qD+sDeaTOnYYkRLv7WF84VpmJw8x+qInKcR6yUZLzke</passphrase>
—
> <passphrase>r/0KAmjSs1wS2HZUDvOCQA==</passphrase>
30c30
< <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
—
> <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.6.1">
35c35
< <passphrase>+Duk05r+llYpdKqlfHps7qD+sDeaTOnYYkRLv7WF84VpmJw8x+qInKcR6yUZLzke</passphrase>
—
> <passphrase>r/0KAmjSs1wS2HZUDvOCQA==</passphrase>
51c51
< <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
—
> <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.6.1">
56c56
< <passphrase>+Duk05r+llYpdKqlfHps7qD+sDeaTOnYYkRLv7WF84VpmJw8x+qInKcR6yUZLzke</passphrase>
—
> <passphrase>r/0KAmjSs1wS2HZUDvOCQA==</passphrase>
77c77
< <password>uoE/l9OHkPW0RybWyi2s+IdzBETX1qc93Xo2C17aPais8pKitvUl4stxhSll7bgGVSIqj2G4jOwAUoKuMiQKRA==</password>
—
> <password>Z2X9lpGTWZgDLL8Cg6hh6bftXHVznYrlOw5CCMrhljo=</password>
79c79
< <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
—
> <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.6.1">
84c84
< <passphrase>+Duk05r+llYpdKqlfHps7qD+sDeaTOnYYkRLv7WF84VpmJw8x+qInKcR6yUZLzke</passphrase>
—
> <passphrase>r/0KAmjSs1wS2HZUDvOCQA==</passphrase>
100c100
< <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
—
> <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.6.1">
105c105
< <passphrase>+Duk05r+llYpdKqlfHps7qD+sDeaTOnYYkRLv7WF84VpmJw8x+qInKcR6yUZLzke</passphrase>
—
> <passphrase>r/0KAmjSs1wS2HZUDvOCQA==</passphrase>
108c108
< <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
—
> <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.6.1">
113c113
< <passphrase>+Duk05r+llYpdKqlfHps7qD+sDeaTOnYYkRLv7WF84VpmJw8x+qInKcR6yUZLzke</passphrase>
—
> <passphrase>r/0KAmjSs1wS2HZUDvOCQA==</passphrase>
116c116
< <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
—
> <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.6.1">
121c121
< <passphrase>+Duk05r+llYpdKqlfHps7qD+sDeaTOnYYkRLv7WF84VpmJw8x+qInKcR6yUZLzke</passphrase>
—
> <passphrase>r/0KAmjSs1wS2HZUDvOCQA==</passphrase>
124c124
< <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
—
> <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.6.1">
129c129
< <passphrase>+Duk05r+llYpdKqlfHps7qD+sDeaTOnYYkRLv7WF84VpmJw8x+qInKcR6yUZLzke</passphrase>
—
> <passphrase>r/0KAmjSs1wS2HZUDvOCQA==</passphrase>
137c137
< <password>00VxA93D/wXqzh09t7PqOsmZnTDeTGl3YDEl1s8UJ84jY9bOaL0GqOLiXZjjJstrVSIqj2G4jOwAUoKuMiQKRA==</password>
—
> <password>NwirBRVYNXBfSR2GsMPTkpAaMR6s9Ha9V8oQN0OSDa0=</password>
144c144
< <password>xWnBRp4mnKOxO04gjXqSr8+5q+1cMDZP06in/twkmu4=</password>
—
> <password>fLG0B67edIFdufD5c9xZY14sK9H9IQzao8aJ59jj88c=</password>
Common subdirectories: jenkins/.java and jenkins2/.java
Common subdirectories: jenkins/jb_jobs and jenkins2/jb_jobs
Common subdirectories: jenkins/jobs and jenkins2/jobs
Common subdirectories: jenkins/nodes and jenkins2/nodes
Common subdirectories: jenkins/plugins and jenkins2/plugins
Common subdirectories: jenkins/secrets and jenkins2/secrets
Common subdirectories: jenkins/.ssh and jenkins2/.ssh
Common subdirectories: jenkins/updates and jenkins2/updates
Common subdirectories: jenkins/userContent and jenkins2/userContent
