Jenkins debugging

Ran Xing DevOps, IAM, Uncategorized, , ,

I had some issues with Jenkins login using LDAP authentication plugin. Here is some ideas on how to debug the Jenkins as I take the LDAP plugin for example.

Resolution

1: Logic troubleshooting

The first choice we can go would be directly checking the LDAP group and User by using the methods that LDAP plugin supplies. Jenkins provides a way to run groovy script during initialization: Post-initialization script.

Take the example as following:

import jenkins.*
import hudson.model.*
import hudson.util.Secret
import jenkins.model.*
import hudson.security.*
def instance = Jenkins.getInstance()
String[] names = ["<LDAP Group>","<User ID>","xxxx"];
for (name in names) {
 println("Checking the name '" + name + "'...")
  try {
    println("  It is a USER: " + instance.securityRealm.loadUserByUsername(name))
    println("  Has groups/authorities: " + instance.securityRealm.loadUserByUsername(name).getAuthorities())
  } catch (Exception e) {
      try {
        println("  It is a GROUP: " + instance.securityRealm.loadGroupByGroupname(name))
        println("")
        continue
      } catch (Exception e1) {
        println("  It is NOT a group, reason: " + e1.getMessage())
      }
    println("  It is NOT a user, reason: " + e.getMessage())
  }
  println("");
}

 

2: Setup logger

  • Init groovy

Since Jenkins is a JAVA application, it supplies standard java.util.logging.Logger. We can use the same post init script to create a script that set the logger appropriately.

$JENKINS_HOME/init.groovy.d/logging.groovy

import java.util.logging.Level
import java.util.logging.Logger
Logger.getLogger("hudson.security.LDAPSecurityRealm").setLevel(Level.SEVERE)
Logger.getLogger("hudson.security.SecurityRealm").setLevel(Level.SEVERE)
Logger.getLogger("hudson.util.Secret").setLevel(Level.SEVERE)
  • Logging properties

Also, you can create a file logging.properties in which you define the logging levels and a ConsoleHandler. Then pass this file to the JVM by adding the system property -Djava.util.logging.config.file=/logging.properties. A file like the following would apply the same configuration as in Solution 1:

.level = INFO
handlers= java.util.logging.ConsoleHandler

java.util.logging.ConsoleHandler.level=INFO
java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter

hudson.security.LDAPSecurityRealm.level = SEVERE
hudson.security.SecurityRealm.level = SEVERE
hudson.util.Secret.level = SEVERE
  • Jenkins UI

Solution 3: From the Jenkins UI

You can set the the Loggers under Manage Jenkins > System Logs > Log Levels. Simply copy and paste the logger or package you want to adjust the level for, select the logging Level and click on Submit.

Leave a comment