问题
I configured jenkins in spinnaker as follows and setup spinnaker pipeline.
jenkins:
# If you are integrating Jenkins, set its location here using the baseUrl
# field and provide the username/password credentials.
# You must also enable the "igor" service listed separately.
#
# If you have multiple jenkins servers, you will need to list
# them in an igor-local.yml. See jenkins.masters in config/igor.yml.
#
# Note that jenkins is not installed with Spinnaker so you must obtain this
# on your own if you are interested.
enabled: ${services.igor.enabled:false}
defaultMaster:
name: default
baseUrl: http://server:8080
username: spinnaker
password: password
But I am seeing following error when trying to run spinnaker pipeline.
Exception ( Start Jenkins Job )
403 No valid crumb was included in the request
回答1:
To resolve this issue I unchecked "Prevent Cross Site Request Forgery exploits" in jenkins.com/configureSecurity section and it started working.
回答2:
Finally, this post helped me to do away with the crumb problem but still securing Jenkins from CSRF attack.
Solution for no-valid crumb included in the request issue
Basically, we need to first request for crumb with authentication and then issue POST api calls with crumb as a header along with authentication again.
This is how I did it,
curl -v -X GET http://jenkins-url:8080/crumbIssuer/api/json --user <username>:<password>
Response was,
{
"_class":"hudson.security.csrf.DefaultCrumbIssuer",
"crumb":"0db38413bd7ec9e98974f5213f7ead8b",
"crumbRequestField":"Jenkins-Crumb"
}
Then the POST api with above crumb information in it.
curl -X POST http://jenkins-url:8080/job/<job-name>/build --user <username>:<password> -H 'Jenkins-Crumb: 0db38413bd7ec9e98974f5213f7ead8b'
回答3:
Crumb is nothing but access-token. Below is the api to get the crumb
https://jenkins.xxx.xxx.xxx/crumbIssuer/api/json
// replace it with your jenkins url and make a GET call in your postman or rest-api caller.
This will generate output like :
{
"_class": "hudson.security.csrf.DefaultCrumbIssuer",
"crumb": "ba4742b9d92606f4236456568a",
"crumbRequestField": "Jenkins-Crumb"
}
Below are more details and link related to same: How to request for Crumb issuer for jenkins Jenkins wiki page : https://wiki.jenkins-ci.org/display/jenkins/remote+access+api
If you are calling the same via rest-api call, checkout the below link where it is explained how to call rest call using jenkins-crumb
https://blog.dahanne.net/2016/05/17/how-to-update-a-jenkins-job-posting-config-xml/
Example :
curl -X POST http://anthony:anthony@localhost:8080/jenkins/job/pof/config.xml --data-binary "@config.xml" -data ".crumb=6bbabc426436b72ec35e5ad4a4344687"
回答4:
This solution is SAFE to use
came along this issue when we changed jenkins to be accessible via reverse proxy.
There is an option in the "Configure Global Security" that "Enable proxy compatibility" This helped with my issue.
回答5:
Head over to Manage Jenkins => Configure global security.
Then uncheck "Prevent Cross Site Request Forgery exploits"
来源:https://stackoverflow.com/questions/44711696/spinnaker-403-no-valid-crumb-was-included-in-the-request