Project

General

Profile

Feature #6270

Publish our Jenkins read-only on the web

Added by intrigeri almost 6 years ago. Updated 9 months ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
Continuous Integration
Target version:
-
Start date:
09/10/2013
Due date:
% Done:

0%

Feature Branch:
Type of work:
Sysadmin
Blueprint:
Starter:
Yes
Affected tool:

Description

It would be great if non-core developers could see how things go on the Jenkins side, especially to read failed build logs.

Ubuntu and Debian have such a setup working.

It seems that we could simply:

  1. Replace our current simple HTTP authentication with Jenkins' own authentication system.
  2. Install Jenkins Read-only configurations plugin

Related issues

Related to Tails - Bug #10068: Upgrade to Jenkins 2.x, using upstream packages In Progress 01/08/2018

History

#1 Updated by intrigeri over 5 years ago

  • Starter changed from No to Yes

Flagging as "Easy" for now, since the initial research does not require a special setup nor any privileges.

#2 Updated by bertagaz almost 4 years ago

So, I've talked a bot with weasel about that too. At Torproject, they're using the plain Jenkins authentication abilities and the matrix based ACL to secure access to their instance access.

Maybe if we choose to use the upstream LTS Debian package as they do, which has better security support than the one from Debian (well, because it's upgraded more often at least), we could consider doing the same and rely on Jenkins rather than researching something than no one else seems to do.

#3 Updated by intrigeri almost 4 years ago

At Torproject, they're using the plain Jenkins authentication abilities and the matrix based ACL to secure access to their instance access.

https://wiki.jenkins-ci.org/display/JENKINS/Matrix-based+security or https://wiki.jenkins-ci.org/display/JENKINS/Matrix%20Authorization%20Strategy%20Plugin ?

Maybe if we choose to use the upstream LTS Debian package as they do, which has better security support than the one from Debian (well, because it's upgraded more often at least), we could consider doing the same and rely on Jenkins rather than researching something than no one else seems to do.

I've quickly looked at this again and I agree.

#5 Updated by intrigeri over 3 years ago

  • Related to Bug #10068: Upgrade to Jenkins 2.x, using upstream packages added

Also available in: Atom PDF