jenkins-cli usage confusion

[Ed Young]

I'm trying to figure out how to use the jenkins-cli, but am having no success.

I'm running jenkins version 1.435 and referring to https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI

I've tried many different permutations of the parameters, but keep getting '"--username" is not a valid option' despite the usage messages and the wiki page documentation.

$ java -jar jenkins-cli.jar -s http://xxx.137.91.68:8080/jenkins help
You must authenticate to access this Jenkins.
Use --username/--password/--password-file parameters or login command.
$ java -jar jenkins-cli.jar -s http://xxx.137.91.68:8080/jenkins help --username myusername --password secret
"--username" is not a valid option
java -jar jenkins-cli.jar help args...
Lists all the available commands.

Can someone provide me with a simple example that will get me started?

[Ragesh Nair]

Hi,
 May be https://issues.jenkins-ci.org/browse/JENKINS-8188 is what causing issue to you.
We have same issue and unable to upgrade AD plugin from 1.20 since 1.21 and 1.22 has defects that affects our work. Now waiting for https://issues.jenkins-ci.org/browse/JENKINS-11668 to be fixed.

-Ragesh Nair

[Gareth Bowles]

You got the parameters out of order - use:

java -jar jenkins-cli.jar -s http://xxx.137.91.68:8080/jenkins --username myusername --password secret help
Sent from my Kindle Fire

---

From: Ed Young <e...@summitbid.com>
Sent: Sun Nov 20 20:44:09 PST 2011
To: jenkins...@googlegroups.com
Subject: jenkins-cli usage confusion

[Ed Young]

No, that ordering of params makes no difference:
$ java -jar jenkins-cli.jar -s http://xxx.137.91.68:8080/jenkins --username myusername --password secret help
No such command: --username

You must authenticate to access this Jenkins.
Use --username/--password/--password-file parameters or login command.

--
- Ed

[Terry....@csiro.au]

Is  “:” in the url making your shell do something silly?

 

Can you put the url in quotes?

 

Just incase...

 

Terry Rankine

[Ed Young]

No, it's probably not AD related because for authentication I'm using:

"Delegate to servlet container"

In the Manage Jenkins section.

--
- Ed

[Ed Young]

No, I tried quotes around the URL as you suggested and get exactly the same result.

This using Mac terminal.

--
- Ed

[Jan Seidel]

I have exactly the same issue which is a showstopper some automation
features.
I receive either the same message as Ed does or the CLI throws an
exception:

Exception in thread "main" java.io.IOException: http://b00012:8080/help/cli
doesn't look like Jenkins

which also is total non-sense as the jenkins-cli.jar is pulled freshly
from the build server.

I had to realize that the authentication is causing problems. I would
have taken curl/wget to create a workaround by accessing the URL with
the appropriate parameters. Unfortunately is the server integrated
into CollabNet's TeamForge which makes it even harder to authenticate
as there is a handshake going on between TF and Jenkins which is not
passed to the CLI. In this case is there some solution in view but it
requires java programming skills -.-

Only thing I would recommend atm is to use the onboard auth if you
intened to blow the configuration up to full scale. Everything else
will cause trouble at a certain point ... that's my experience so far.

Jan

[Ed Young]

For me it's not a showstopper, but it's a big disappointment since seemed like the CLI is the deal solution for some simple automation I'm working on as well.

What I don't understand is how it seems like the comand line authentication of the CLI completely broken, but if people are using the CLI somehow..How are they authenticating?

1. Are those people authenticating via the

_{/.ssh/identity}, /.ssh/id_dsa, ~/.ssh/id_rsa and use those to authenticate itself against the server
 
mechanism?

2. Or are they using the --password-file options to specify the credentials?

3. Or is it just simply broken and we're just now noticing?

I'll probably try those routes next but I was hoping I could use the --username and --password as a quick and easy start to do some up front exploration of the CLI.

--
- Ed

[Gareth Bowles]

I've been using the SSH key method where the user stores their public key in Jenkins; that's been working fine, although we are a few versions behind the latest (1.428) so something may have broken since then.

[z_rduser]

Ed,
Did you finally figured out how to do the authentication via --
username --password-file? I just started exploring the jenkins-cli
and seems like it's completely broken. I did every possible
combination of specifying the login credentials but always ended up
with exception:

java -jar jenkins-cli.jar -s https://localhost/jenkins login --
username <myname> --password-file <myfile>
Exception in thread "main" java.io.IOException: Failed to connect to
https://localhost/jenkins/
at hudson.cli.CLI.getCliTcpPort(CLI.java:117)
at hudson.cli.CLI.<init>(CLI.java:73)
at hudson.cli.CLI.<init>(CLI.java:63)
at hudson.cli.CLI.main(CLI.java:182)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target ....

Anyone else running into this issue?

Thanks,
Lisa

On Nov 22, 12:34 pm, Gareth Bowles <gbow...@gmail.com> wrote:
> I've been using the SSH key method where the user stores their public key in Jenkins; that's been working fine, although we are a few versions behind the latest (1.428) so something may have broken since then.
>
> On Nov 22, 2011, at 12:08 PM, Ed Young wrote:
>
>
>
>
>
>
>
> > For me it's not a showstopper, but it's a big disappointment since seemed like the CLI is the deal solution for some simple automation I'm working on as well.
>
> > What I don't understand is how it seems like the comand line authentication of the CLI completely broken, but if people are using the CLI somehow..How are they authenticating?
>
> > 1. Are those people authenticating via the
>
> > /.ssh/identity, /.ssh/id_dsa, ~/.ssh/id_rsa and use those to authenticate itself against the server
>
> > mechanism?
>
> > 2. Or are they using the --password-file options to specify the credentials?
>
> > 3. Or is it just simply broken and we're just now noticing?
>
> > I'll probably try those routes next but I was hoping I could use the --username and --password as a quick and easy start to do some up front exploration of the CLI.
>

[Ed Young]

Lisa,

It seemed completely broken to me as well. While I'd like to get it working It's not a very high priority for me so when I have time to revisit it, I'll probably use the SSH Key method suggested by another user.

I'll try it and let you know how that goes.

Ed

--
- Ed

[z_rduser]

Thanks for the update Ed. I was also opting for the SSH Key option
now. However that will require me to upgrade my Jenkins version.
Probably won't be able to do that until Friday. I'll also update if I
get it to work.

thanks,
Lisa

On Dec 7, 5:55 pm, Ed Young <e...@summitbid.com> wrote:
> Lisa,
>
> It seemed completely broken to me as well. While I'd like to get it working
> It's not a very high priority for me so when I have time to revisit it,
> I'll probably use the SSH Key method suggested by another user.
>
> I'll try it and let you know how that goes.
>
> Ed
>
>
>
>
>
>
>
>
>
> On Wed, Dec 7, 2011 at 5:51 PM, z_rduser <lisazh...@gmail.com> wrote:
> > Ed,
> >   Did you finally figured out how to do the authentication via --
> > username --password-file?   I just started exploring the jenkins-cli
> > and seems like it's completely broken.  I did every possible
> > combination of specifying the login credentials but always ended up
> > with exception:
>

> > java -jar jenkins-cli.jar -shttps://localhost/jenkinslogin --

[Ferenc Kovacs]

It seems that your problem is related to your untrusted cert,  at least this is what the exception says.

On 2011.12.08. 1:51, "z_rduser" <lisa...@gmail.com> wrote:

Ed,
  Did you finally figured out how to do the authentication via --
username --password-file?   I just started exploring the jenkins-cli
and seems like it's completely broken.  I did every possible
combination of specifying the login credentials but always ended up
with exception:

java -jar jenkins-cli.jar -s https://localhost/jenkins login --
username <myname> --password-file <myfile>
Exception in thread "main" java.io.IOException: Failed to connect to
https://localhost/jenkins/
       at hudson.cli.CLI.getCliTcpPort(CLI.java:117)
       at hudson.cli.CLI.<init>(CLI.java:73)
       at hudson.cli.CLI.<init>(CLI.java:63)
       at hudson.cli.CLI.main(CLI.java:182)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target ....


Anyone else running into this issue?


Thanks,
Lisa

On Nov 22, 12:34 pm, Gareth Bowles <gbow...@gmail.com> wrote:

> I've been using the SSH key method...

> > On Mon, Nov 21, 2011 at 6:33 AM, Jan Seidel <wakkal...@gmail.com> wrote:

> > I have exactly the ...

[Ferenc Kovacs]

I used the password file method in the past, and managed to set it up,  but it was a bumpy ride.
see https://issues.jenkins-ci.org/browse/JENKINS-8815
Apart from that issue,  I remember something about not every authetication method supporting the cli auth (afair the ldap plugin added that support after a bugreport)

On 2011.11.22. 21:08, "Ed Young" <e...@summitbid.com> wrote:

For me it's not a showstopper, but it's a big disappointment since seemed like the CLI is the deal solution for some simple automation I'm working on as well.

What I don't understand is how it seems like the comand line authentication of the CLI completely broken, but if people are using the CLI somehow..How are they authenticating?

1. Are those people authenticating via the

_{/.ssh/identity}, /.ssh/id_dsa, ~/.ssh/id_rsa and use those to authenticate itself against the server
 
mechanism?

2. Or are they using the --password-file options to specify the credentials?

3. Or is it just simply broken and we're just now noticing?

I'll probably try those routes next but I was hoping I could use the --username and --password as a quick and easy start to do some up front exploration of the CLI.

On Mon, Nov 21, 2011 at 6:33 AM, Jan Seidel <wakk...@gmail.com> wrote:
>

> I have exactly the...

--
- Ed

[z_rduser]

I think I have a self signed cert. Do you think this is the problem?
If that is the case, even the SSH Key option may not work. Is there a
way to get around this or do I simply have to obtain a real cert?

Thanks,
Lisa

On Dec 7, 10:59 pm, Ferenc Kovacs <tyr...@gmail.com> wrote:
> It seems that your problem is related to your untrusted cert,  at least
> this is what the exception says.
>

> On 2011.12.08. 1:51, "z_rduser" <lisazh...@gmail.com> wrote:
>
> Ed,
>   Did you finally figured out how to do the authentication via --
> username --password-file?   I just started exploring the jenkins-cli
> and seems like it's completely broken.  I did every possible
> combination of specifying the login credentials but always ended up
> with exception:
>

> java -jar jenkins-cli.jar -shttps://localhost/jenkinslogin --
> username <myname> --password-file <myfile>
> Exception in thread "main" java.io.IOException: Failed to connect tohttps://localhost/jenkins/

[Ferenc Kovacs]

you should import your cert using keytool, and you should be fine.

--
Ferenc Kovács
@Tyr43l - http://tyrael.hu