Sunday, April 30, 2017

Jenkins Install-Plugin Remoting Deprecated

Installing and setting up Jenkins through an automated process can be tricky. The new, safer CLI (Command Line Interface) that was implemented for Jenkins 2.54 adds another twist to the process. That twist is the "remoting" mechanism for using the CLI has been deprecated, and turned off by default — but it's still the only way to install plugins via the CLI.

So now, to install plugins through automation, you first have to turn remoting back on. You can do that by changing the enabled element in the jenkins.CLI.xml config file (located in the root of your Jenkins home directory) to true, like so:

<?xml version='1.0' encoding='UTF-8'?>
<jenkins.CLI>
  <enabled>true</enabled>
</jenkins.CLI>

And then restart Jenkins. Now you can use the remoting protocol with the CLI — but it's no longer the default protocol, so you have to specify it explicitly via the -remoting flag, like so (for example to install the ant plugin):

java -jar jenkins-cli.jar -remoting -s http://localhost:8080 \
    install-plugin ant \
    --username admin \
    --password-file secrets/initialAdminPassword

If you don't enable remoting and/or specify the -remoting flag, you'll get an error like this from the CLI:

ERROR: Bad Credentials. Search the server log for 18058afb-86ed-4cc8-856f-b128918cbe8b for more details.

And you'll see this in the Jenkins server log:

INFO: CLI login attempt failed: 18058afb-86ed-4cc8-856f-b128918cbe8b
org.acegisecurity.BadCredentialsException: Failed to read secrets/initialAdminPassword; nested exception is hudson.AbortException: This command is requesting the deprecated -remoting mode. See https://jenkins.io/redirect/cli-command-requires-channel
        at hudson.security.AbstractPasswordBasedSecurityRealm$1.authenticate(AbstractPasswordBasedSecurityRealm.java:74)
        at hudson.cli.CLICommand.main(CLICommand.java:268)
        at hudson.cli.CLIAction$PlainCliEndpointResponse$1.run(CLIAction.java:221)

Once you've got all your plugins installed, you probably will want to go back and disable remoting (by changing the enabled element in the jenkins.CLI.xml config file back to false and restarting Jenkins; or manually via the "Enable CLI over Remoting" checkbox on Jenkins' "Manage Jenkins > Configure Global Security" page).