Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52504

Deploy to container Plugin (1.13) doesnt give manager username & password under Post Build Actions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Not A Defect
    • Component/s: deploy-plugin
    • Labels:
      None
    • Environment:
      DEV
    • Similar Issues:

      Description

      Hello Jenkins Support,

      Kindly help me with this issue due to which I'm not able to deploy war files on Tomcat 7 via Jenkins. I've installed the Deploy to container Plugin (1.13) in Jenkins.

      However, when I created a job to deploy war file, on selecting Tomcat 7.x as the container through Post Build Action step, I'm not getting the manager username & password fields. I'm just getting the Jenkins Credentials Provider option which doesn't work for container manager login.

      Attached is the screenshot of the Post Build Action section for my Jenkins job.

       

        Attachments

        1. Expected_Container_Box.png
          Expected_Container_Box.png
          72 kB
        2. Jenkins_Job_Screenshot.png
          Jenkins_Job_Screenshot.png
          15 kB
        3. tomcat-users.png
          tomcat-users.png
          24 kB
        4. tomcat-users.png
          tomcat-users.png
          24 kB

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          > I'm just getting the Jenkins Credentials Provider option 

          As designed, Jenkins credentials API is an engine to store credentials. Plugins are recommended to migrate to it.

          > which doesn't work for container manager login.

          Needs more information to be diagnosed. If you have configured proper credentials, then it may be an issue in the plugin

           

           

           

          Show
          oleg_nenashev Oleg Nenashev added a comment - > I'm just getting the Jenkins Credentials Provider option  As designed, Jenkins credentials API is an engine to store credentials. Plugins are recommended to migrate to it. > which doesn't work for container manager login. Needs more information to be diagnosed. If you have configured proper credentials, then it may be an issue in the plugin      
          Hide
          shommo Soumyadeep Mishra added a comment -

          Thanks Oleg for your quick response to my query!
          I agree with your point that Jenkins Credentials Provider is the ideal way to store the credentials for any connectivity usages.
          However, it doesn't seem to work for Container managed systems where we need to provide the Manager username/ password.
          To be precise, I'm expecting something of a credential entry box like in the screenshot: Expected_Container_Box.png
          However, instead of installing Tomcat 7 and installing the 'Deploy to Container' plugin, I'm not getting this container credentials box and just getting the default Jenkins Credentials Provider box (in which I tried providing manager username/ password but it doesn't work).
          Also attached is my tomcat-user.xml file for your reference: tomcat-users.png
          Kindly help me in how do I get the Manager credentials box provided by the Container.

           

          Attachments:

          -------------

          Show
          shommo Soumyadeep Mishra added a comment - Thanks Oleg for your quick response to my query! I agree with your point that Jenkins Credentials Provider is the ideal way to store the credentials for any connectivity usages. However, it doesn't seem to work for Container managed systems where we need to provide the Manager username/ password. To be precise, I'm expecting something of a credential entry box like in the screenshot: Expected_Container_Box.png However, instead of installing Tomcat 7 and installing the 'Deploy to Container' plugin, I'm not getting this container credentials box and just getting the default Jenkins Credentials Provider box (in which I tried providing manager username/ password but it doesn't work). Also attached is my tomcat-user.xml file for your reference: tomcat-users.png Kindly help me in how do I get the Manager credentials box provided by the Container.   Attachments: -------------
          Hide
          daniel_c_686 Daniel Carrington added a comment -

          Hi Soumyadeep,

          Looking at the differences between your "Jenkins Screenshot" image and the "Expected container box" image, that looks like a known change in the 1.13 version of the deploy plugin. This change in user interface implements the security fix mentioned in the change log. https://plugins.jenkins.io/deploy

          Using the Credentials plugin to input the username and password instead of providing the username & password fields directly provides enhanced security and functionality.

          1. Credentials plugin stores the password encrypted. The direct password input field stored the password in plain text in config.xml. See the security advisory here: https://jenkins.io/security/advisory/2017-08-07/#deploy-to-container-plugin-stored-plain-text-passwords-in-job-configuration
          2. If you configure the username and password in multiple jobs, you can update the username and password in one place through the credentials plugin and all jobs will be updated.

          As Oleg said, use the new interface through the credentials plugin. There is a "Add Credentials" button next to it to do that, and it seems like you have added credentials.
          There are several other things that could be going wrong. What have you done to diagnose the issue?

           

          Show
          daniel_c_686 Daniel Carrington added a comment - Hi Soumyadeep, Looking at the differences between your "Jenkins Screenshot" image and the "Expected container box" image, that looks like a known change in the 1.13 version of the deploy plugin. This change in user interface implements the security fix mentioned in the change log.  https://plugins.jenkins.io/deploy Using the Credentials plugin to input the username and password instead of providing the username & password fields directly provides enhanced security and functionality. Credentials plugin stores the password encrypted. The direct password input field stored the password in plain text in config.xml. See the security advisory here:  https://jenkins.io/security/advisory/2017-08-07/#deploy-to-container-plugin-stored-plain-text-passwords-in-job-configuration If you configure the username and password in multiple jobs, you can update the username and password in one place through the credentials plugin and all jobs will be updated. As Oleg said, use the new interface through the credentials plugin. There is a "Add Credentials" button next to it to do that, and it seems like you have added credentials. There are several other things that could be going wrong. What have you done to diagnose the issue?  
          Hide
          shommo Soumyadeep Mishra added a comment -

          Hi Daniel,

          While using the Jenkins Credentials Provider to connect to Tomcat 7.x container for war file deployment, I'm always getting the below exception (The username you provided is not allowed to use the text-based Tomcat Manager (error 403)) instead of using correct username/ password and tomcat-users.xml entry. The snapshot of my tomcat-users.xml file is already provided along with the Container deployment plugin window snapshot for Jenkins.

          Kindly help to shed some light on this issue as to how to troubleshoot this:

          ERROR: Build step failed with exception
          org.codehaus.cargo.container.ContainerException: Failed to redeploy [E:\Somu\Practice\workspace\SampleWebApp\dist\SampleWebApp.war]
          at org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:188)
          at hudson.plugins.deploy.CargoContainerAdapter.deploy(CargoContainerAdapter.java:77)
          at hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:147)
          at hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:117)
          at hudson.FilePath.act(FilePath.java:1047)
          at hudson.FilePath.act(FilePath.java:1025)
          at hudson.plugins.deploy.CargoContainerAdapter.redeploy(CargoContainerAdapter.java:114)
          at hudson.plugins.deploy.PasswordProtectedAdapterCargo.redeploy(PasswordProtectedAdapterCargo.java:93)
          at hudson.plugins.deploy.DeployPublisher.perform(DeployPublisher.java:64)
          at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
          at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744)
          at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690)
          at hudson.model.Build$BuildExecution.post2(Build.java:186)
          at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635)
          at hudson.model.Run.execute(Run.java:1819)
          at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
          at hudson.model.ResourceController.execute(ResourceController.java:97)
          at hudson.model.Executor.run(Executor.java:429)
          Caused by: org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403)
          at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:704)
          at org.codehaus.cargo.container.tomcat.internal.TomcatManager.list(TomcatManager.java:876)
          at org.codehaus.cargo.container.tomcat.internal.TomcatManager.getStatus(TomcatManager.java:889)
          at org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:173)
          ... 17 more
          Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL:
          http://localhost:8090/manager/text/list
          at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
          at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
          at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:571)
          ... 20 more
          org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403)
          at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:704)
          at org.codehaus.cargo.container.tomcat.internal.TomcatManager.list(TomcatManager.java:876)
          at org.codehaus.cargo.container.tomcat.internal.TomcatManager.getStatus(TomcatManager.java:889)
          at org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:173)
          at hudson.plugins.deploy.CargoContainerAdapter.deploy(CargoContainerAdapter.java:77)
          at hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:147)
          at hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:117)
          at hudson.FilePath.act(FilePath.java:1047)
          at hudson.FilePath.act(FilePath.java:1025)
          at hudson.plugins.deploy.CargoContainerAdapter.redeploy(CargoContainerAdapter.java:114)
          at hudson.plugins.deploy.PasswordProtectedAdapterCargo.redeploy(PasswordProtectedAdapterCargo.java:93)
          at hudson.plugins.deploy.DeployPublisher.perform(DeployPublisher.java:64)
          at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
          at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744)
          at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690)
          at hudson.model.Build$BuildExecution.post2(Build.java:186)
          at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635)
          at hudson.model.Run.execute(Run.java:1819)
          at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
          at hudson.model.ResourceController.execute(ResourceController.java:97)
          at hudson.model.Executor.run(Executor.java:429)
          Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL:
          [http://localhost:8090/manager/text/list]
          at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
          at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
          at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:571)
          ... 20 more
          Build step 'Deploy war/ear to a container' marked build as failure
          Finished: FAILURE

          Show
          shommo Soumyadeep Mishra added a comment - Hi Daniel, While using the Jenkins Credentials Provider to connect to Tomcat 7.x container for war file deployment, I'm always getting the below exception ( The username you provided is not allowed to use the text-based Tomcat Manager (error 403)) instead of using correct username/ password and tomcat-users.xml entry. The snapshot of my tomcat-users.xml file is already provided along with the Container deployment plugin window snapshot for Jenkins. Kindly help to shed some light on this issue as to how to troubleshoot this: ERROR: Build step failed with exception org.codehaus.cargo.container.ContainerException: Failed to redeploy [E:\Somu\Practice\workspace\SampleWebApp\dist\SampleWebApp.war] at org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:188) at hudson.plugins.deploy.CargoContainerAdapter.deploy(CargoContainerAdapter.java:77) at hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:147) at hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:117) at hudson.FilePath.act(FilePath.java:1047) at hudson.FilePath.act(FilePath.java:1025) at hudson.plugins.deploy.CargoContainerAdapter.redeploy(CargoContainerAdapter.java:114) at hudson.plugins.deploy.PasswordProtectedAdapterCargo.redeploy(PasswordProtectedAdapterCargo.java:93) at hudson.plugins.deploy.DeployPublisher.perform(DeployPublisher.java:64) at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744) at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690) at hudson.model.Build$BuildExecution.post2(Build.java:186) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635) at hudson.model.Run.execute(Run.java:1819) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:429) Caused by: org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:704) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.list(TomcatManager.java:876) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.getStatus(TomcatManager.java:889) at org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:173) ... 17 more Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: http://localhost:8090/manager/text/list at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:571) ... 20 more org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:704) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.list(TomcatManager.java:876) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.getStatus(TomcatManager.java:889) at org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:173) at hudson.plugins.deploy.CargoContainerAdapter.deploy(CargoContainerAdapter.java:77) at hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:147) at hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:117) at hudson.FilePath.act(FilePath.java:1047) at hudson.FilePath.act(FilePath.java:1025) at hudson.plugins.deploy.CargoContainerAdapter.redeploy(CargoContainerAdapter.java:114) at hudson.plugins.deploy.PasswordProtectedAdapterCargo.redeploy(PasswordProtectedAdapterCargo.java:93) at hudson.plugins.deploy.DeployPublisher.perform(DeployPublisher.java:64) at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744) at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690) at hudson.model.Build$BuildExecution.post2(Build.java:186) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635) at hudson.model.Run.execute(Run.java:1819) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:429) Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: [http://localhost:8090/manager/text/list] at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:571) ... 20 more Build step 'Deploy war/ear to a container' marked build as failure Finished: FAILURE
          Hide
          daniel_c_686 Daniel Carrington added a comment -

          Note the first intermediate cause for the exception:
          Caused by: org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403)
          at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:704)

          Have you restarted tomcat since editing tomcat-users.xml? While your screenshots of tomcat-users.xml show the manager-script role that the manager app needs, (according to http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html

          that doesn't mean that those changes are in effect, because you need to restart Tomcat for a UserDatabaseRealm to pick up the changes to the file.
          http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#UserDatabaseRealm

          Furthermore, you can enable logging for the deploy-plugin by using the Jenkins logging feature. Enabling logs for the org.codehaus.cargo.container.tomcat.internal.TomcatManager component would let you check if the plugin is accessing the expected URL etc.

          Note that the deploy-plugin, Jenkins, and Tomcat itself are open-source. If all else fails, you can go read the source code.

          Show
          daniel_c_686 Daniel Carrington added a comment - Note the first intermediate cause for the exception: Caused by: org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:704) Have you restarted tomcat since editing tomcat-users.xml? While your screenshots of tomcat-users.xml show the manager-script role that the manager app needs, (according to http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html that doesn't mean that those changes are in effect, because you need to restart Tomcat for a UserDatabaseRealm to pick up the changes to the file. http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#UserDatabaseRealm Furthermore, you can enable logging for the deploy-plugin by using the Jenkins logging feature. Enabling logs for the org.codehaus.cargo.container.tomcat.internal.TomcatManager component would let you check if the plugin is accessing the expected URL etc. Note that the deploy-plugin, Jenkins, and Tomcat itself are open-source. If all else fails, you can go read the source code.
          Hide
          jansohn Robin Jansohn added a comment -

          I'm closing this as this appears to be a misconfigured Tomcat instance. The deploy-plugin works as expected.

          Show
          jansohn Robin Jansohn added a comment - I'm closing this as this appears to be a misconfigured Tomcat instance. The deploy-plugin works as expected.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            shommo Soumyadeep Mishra
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: