Jenkins job auto-triggering when code commit on SVN repo using POST COMMIT hook
I am trying to implement CI/CD pipeline using Jenkins , docker and Ansible. I am using SVN code repository for my version control system. For deployment and SVN code repo, I am using AWS EC2. Deployment and code repo is in separate VM.
My Requirement
When I am committing my code into SVN repository , I need to trigger one Jenkins Job. That job will call a ansible playbook.Later it will build project, build Docker image and deploy into EC2. So for any change to my SVN code repository, I need to build Jenkins job.
My Current Attempt
I added the following script in post-commit.tmpl file under $repo/hooks folder.
REPOS="$1"
REV="$2"
UUID=`svnlook uuid $REPOS`
/usr/bin/wget
--header "Content-Type:text/plain;charset=UTF-8"
--post-data "`svnlook changed --revision $REV $REPOS`"
--output-document "-"
--timeout=2
http://server/subversion/${UUID}/notifyCommit?rev=$REV
The following is the screenshot
And checked the "Poll SCM option in Jenkins Job":
NB: I am not looking minute/hours/week schedule to pull from repo. Instead of that, I am looking when there is a code change, then I need to build Jenkins project. So I did not add any schedule.
But still I am not getting the latest code in Jenkins. How can I find out the issue related with my configuration?
Updated post-commit.tmpl file
jenkins svn
asked Nov 7 '18 at 11:02
JacobJacob
251825
|
show 7 more comments
I am trying to implement CI/CD pipeline using Jenkins , docker and Ansible. I am using SVN code repository for my version control system. For deployment and SVN code repo, I am using AWS EC2. Deployment and code repo is in separate VM.
My Requirement
When I am committing my code into SVN repository , I need to trigger one Jenkins Job. That job will call a ansible playbook.Later it will build project, build Docker image and deploy into EC2. So for any change to my SVN code repository, I need to build Jenkins job.
My Current Attempt
I added the following script in post-commit.tmpl file under $repo/hooks folder.
REPOS="$1"
REV="$2"
UUID=`svnlook uuid $REPOS`
/usr/bin/wget
--header "Content-Type:text/plain;charset=UTF-8"
--post-data "`svnlook changed --revision $REV $REPOS`"
--output-document "-"
--timeout=2
http://server/subversion/${UUID}/notifyCommit?rev=$REV
The following is the screenshot
And checked the "Poll SCM option in Jenkins Job":
NB: I am not looking minute/hours/week schedule to pull from repo. Instead of that, I am looking when there is a code change, then I need to build Jenkins project. So I did not add any schedule.
But still I am not getting the latest code in Jenkins. How can I find out the issue related with my configuration?
Updated post-commit.tmpl file
jenkins svn
asked Nov 7 '18 at 11:02
JacobJacob
251825
Do you have "Prevent Cross Site Request Forgery exploits" security option enabled? And also have you checked Jenkins log if there is maybe an error logged?
– Raoslaw Szamszur
Nov 11 '18 at 11:56
You can check it under ManageJenkins - > ConfigureGlobalSecurity and look for Prevent Cross Site Request Forgery exploits checkbox. I think from Jenkins 2.x this option is enabled by default.
– Raoslaw Szamszur
Nov 11 '18 at 12:06
This should help stackoverflow.com/questions/42487563/…
– rohit thomas
Nov 12 '18 at 2:53
@RaoslawSzamszur - Yes , its already checked that option in configure global security.
– Jacob
Nov 12 '18 at 6:04
@rohitthomas - thank you for response. I will check and read about this link that you given here.
– Jacob
Nov 12 '18 at 6:05
|
show 7 more comments
I am trying to implement CI/CD pipeline using Jenkins , docker and Ansible. I am using SVN code repository for my version control system. For deployment and SVN code repo, I am using AWS EC2. Deployment and code repo is in separate VM.
My Requirement
When I am committing my code into SVN repository , I need to trigger one Jenkins Job. That job will call a ansible playbook.Later it will build project, build Docker image and deploy into EC2. So for any change to my SVN code repository, I need to build Jenkins job.
My Current Attempt
I added the following script in post-commit.tmpl file under $repo/hooks folder.
REPOS="$1"
REV="$2"
UUID=`svnlook uuid $REPOS`
/usr/bin/wget
--header "Content-Type:text/plain;charset=UTF-8"
--post-data "`svnlook changed --revision $REV $REPOS`"
--output-document "-"
--timeout=2
http://server/subversion/${UUID}/notifyCommit?rev=$REV
The following is the screenshot
And checked the "Poll SCM option in Jenkins Job":
NB: I am not looking minute/hours/week schedule to pull from repo. Instead of that, I am looking when there is a code change, then I need to build Jenkins project. So I did not add any schedule.
But still I am not getting the latest code in Jenkins. How can I find out the issue related with my configuration?
Updated post-commit.tmpl file
jenkins svn
asked Nov 7 '18 at 11:02
JacobJacob
251825
I am trying to implement CI/CD pipeline using Jenkins , docker and Ansible. I am using SVN code repository for my version control system. For deployment and SVN code repo, I am using AWS EC2. Deployment and code repo is in separate VM.
My Requirement
When I am committing my code into SVN repository , I need to trigger one Jenkins Job. That job will call a ansible playbook.Later it will build project, build Docker image and deploy into EC2. So for any change to my SVN code repository, I need to build Jenkins job.
My Current Attempt
I added the following script in post-commit.tmpl file under $repo/hooks folder.
REPOS="$1"
REV="$2"
UUID=`svnlook uuid $REPOS`
/usr/bin/wget
--header "Content-Type:text/plain;charset=UTF-8"
--post-data "`svnlook changed --revision $REV $REPOS`"
--output-document "-"
--timeout=2
http://server/subversion/${UUID}/notifyCommit?rev=$REV
The following is the screenshot
And checked the "Poll SCM option in Jenkins Job":
NB: I am not looking minute/hours/week schedule to pull from repo. Instead of that, I am looking when there is a code change, then I need to build Jenkins project. So I did not add any schedule.
But still I am not getting the latest code in Jenkins. How can I find out the issue related with my configuration?
Updated post-commit.tmpl file
jenkins svn
jenkins svn
asked Nov 7 '18 at 11:02
JacobJacob
251825
asked Nov 7 '18 at 11:02
JacobJacob
251825
edited Nov 26 '18 at 9:14
Jacob
asked Nov 7 '18 at 11:02
JacobJacob
251825
asked Nov 7 '18 at 11:02
JacobJacob
251825
asked Nov 7 '18 at 11:02
JacobJacob
251825
251825
Do you have "Prevent Cross Site Request Forgery exploits" security option enabled? And also have you checked Jenkins log if there is maybe an error logged?
– Raoslaw Szamszur
Nov 11 '18 at 11:56
You can check it under ManageJenkins - > ConfigureGlobalSecurity and look for Prevent Cross Site Request Forgery exploits checkbox. I think from Jenkins 2.x this option is enabled by default.
– Raoslaw Szamszur
Nov 11 '18 at 12:06
This should help stackoverflow.com/questions/42487563/…
– rohit thomas
Nov 12 '18 at 2:53
@RaoslawSzamszur - Yes , its already checked that option in configure global security.
– Jacob
Nov 12 '18 at 6:04
@rohitthomas - thank you for response. I will check and read about this link that you given here.
– Jacob
Nov 12 '18 at 6:05
|
show 7 more comments
Do you have "Prevent Cross Site Request Forgery exploits" security option enabled? And also have you checked Jenkins log if there is maybe an error logged?
– Raoslaw Szamszur
Nov 11 '18 at 11:56
You can check it under ManageJenkins - > ConfigureGlobalSecurity and look for Prevent Cross Site Request Forgery exploits checkbox. I think from Jenkins 2.x this option is enabled by default.
– Raoslaw Szamszur
Nov 11 '18 at 12:06
This should help stackoverflow.com/questions/42487563/…
– rohit thomas
Nov 12 '18 at 2:53
@RaoslawSzamszur - Yes , its already checked that option in configure global security.
– Jacob
Nov 12 '18 at 6:04
@rohitthomas - thank you for response. I will check and read about this link that you given here.
– Jacob
Nov 12 '18 at 6:05
Do you have "Prevent Cross Site Request Forgery exploits" security option enabled? And also have you checked Jenkins log if there is maybe an error logged?
– Raoslaw Szamszur
Nov 11 '18 at 11:56
Do you have "Prevent Cross Site Request Forgery exploits" security option enabled? And also have you checked Jenkins log if there is maybe an error logged?
– Raoslaw Szamszur
Nov 11 '18 at 11:56
You can check it under ManageJenkins - > ConfigureGlobalSecurity and look for Prevent Cross Site Request Forgery exploits checkbox. I think from Jenkins 2.x this option is enabled by default.
– Raoslaw Szamszur
Nov 11 '18 at 12:06
You can check it under ManageJenkins - > ConfigureGlobalSecurity and look for Prevent Cross Site Request Forgery exploits checkbox. I think from Jenkins 2.x this option is enabled by default.
– Raoslaw Szamszur
Nov 11 '18 at 12:06
This should help stackoverflow.com/questions/42487563/…
– rohit thomas
Nov 12 '18 at 2:53
This should help stackoverflow.com/questions/42487563/…
– rohit thomas
Nov 12 '18 at 2:53
@RaoslawSzamszur - Yes , its already checked that option in configure global security.
– Jacob
Nov 12 '18 at 6:04
@RaoslawSzamszur - Yes , its already checked that option in configure global security.
– Jacob
Nov 12 '18 at 6:04
@rohitthomas - thank you for response. I will check and read about this link that you given here.
– Jacob
Nov 12 '18 at 6:05
@rohitthomas - thank you for response. I will check and read about this link that you given here.
– Jacob
Nov 12 '18 at 6:05
|
show 7 more comments
4 Answers
4
active
oldest
votes
Like @bahrep said its hard to troubleshoot issues like this, but my guess is that your post-commit hook doesn't work because of "Prevent Cross Site Request Forgery exploits" Jenkins security option (You've confirmed it's enabled).
From Jenkins Wiki:
If your Jenkins uses the "Prevent Cross Site Request Forgery exploits"
security option, the above request will be rejected with 403 errors
("No valid crumb was included"). The crumb needed in this request can
be obtained from the URL http://server/crumbIssuer/api/xml (or
/api/json). This can be included in the wget call above with something
like this:
--header `wget -q --output-document -
'http://server/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'`
The easiest way to confirm if this security option causes the problem to would be to disable it and try if post-commit hook will work. If yes enable again and try to configure hook with crumb. (In the end, you want to have things secure :) )
And also make sure that Jenkins has enabled anonymous read access:
For this to work, your Jenkins has to allow anonymous read access
(specifically, "Job > Read" access) to the system. If access control
to your Jenkins is more restrictive, you may need to specify the
username and password, depending on how your authentication is
configured.
Edit
I think the problems occur because you haven't provided Jenkins instance address. In your webhook example you have:
http://server/subversion/${UUID}/notifyCommit?rev=$REV
You should change server to your Jenkins instance address (Ip, domain or ip and port. It depends on your configuration.).
http://yourjenkins.com/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>:<Port>/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>/subversion/${UUID}/notifyCommit?rev=$REV
Or if you run everything locally (including svn repo):
http://localhost:8080/subversion/${UUID}/notifyCommit?rev=$REV
But remember to have:
- "Prevent Cross Site Request Forgery exploits" security option disabled (You will create webhook to work with this option later, now we want to find the root cause)
- "allow anonymous read access" security option enabled
I think the hook script works just fine but it's being sent to nowhere. This can be easily checked by logging your hook script. Just add at the end of hook:
echo "`$REPOS` change to revision `$REV` triggered @ `date`" >> ${REPOS}/post-commit-hook.log
and look if after commit log file was created. If yes it means the wget request is being sent incorrectly.
answered Nov 12 '18 at 9:56
Raoslaw SzamszurRaoslaw Szamszur
945515
Thank you for your response. I disabled the "Prevent Cross Site Request Forgery exploits" option and checked. Then also its not working. I think this is not the proper reason (Security related).
– Jacob
Nov 12 '18 at 14:48
@Jacob probably issue occurs before communicating with Jenkins, but still, this security option would stop your post hook. Now back to debugging, can your Jenkins job poll SCM at all (try entering any schedule value ex.:H/5 * * * *) This will tell if the problem is with communication or your post-hook. Also you've mentioned that code is in separate VM, can your EC2 instance talk with this VM at all? (Maybe you forgot to set ALC for this AWS instance)
– Raoslaw Szamszur
Nov 12 '18 at 17:18
Yes sir. I already tried and confirmed this. H/2 * * * * working. And also tried with every minute also. That also working. I am able to see my modified code in jenkins workspace. For every minute and every 2 minute , its working. Problem is related with post-hook.
– Jacob
Nov 13 '18 at 5:04
@Jacob do you have enabled "Allow anonymous read access" option (I've added a screenshot in edit)? This was also mentioned in Wiki that is necessary in order to post-commit hook to work.
– Raoslaw Szamszur
Nov 13 '18 at 13:27
I checked the option "Allow anonymous read access " that you given like in screenshot. But that also not working.
– Jacob
Nov 13 '18 at 13:52
|
show 3 more comments
I made lot attempt to resolve this problem by using guidance from answers. Finally I got the actual issue that I was facing. I added the post-commit script in the file "post-commit.tmpl". This file defaulty I got when I created my SVN repository. Instead of adding the "post-commit.tmpl" need to create file just "post-commit". It resolved my problem.
answered Dec 12 '18 at 8:20
JacobJacob
251825
add a comment |
It's hard to troubleshoot this problem without seeing actual errors and the log. However, one of the possible reasons is that your SVN server requires authentication. You should specify a correct username and password and make sure that this user account has Read permissions to the SVN repository.
answered Nov 10 '18 at 13:47
bahrepbahrep
22.3k1075109
Thank you for your response. Yes. I already checked the user permission. When I am manually running ansible playbook its checkouting (I added maven module using ansible playbook for checkouting). Also In my local editor also its checkouting. After I added the configuration in hooks, When I am commiting , my jenkins job not building. Within Jenkins I am calling the playbook for CI/CD pipeline inclusing the svn checkout stage. Manually its checkout is working. Only problem is related with Hooks.
– Jacob
Nov 11 '18 at 9:17
add a comment |
there is an easier way ...by simply defining the schedule for the trigger:
or use trigger builds remotely, if wanting a push instead of a pull solution, which requires posting to https://username:api-token@JENKINS_URL/job/Example/build, with a predefined API token; authenticating scripted clients explains it. building only on changes suggested, because everything else would unnecessarily cost processing power (which equals money).
answered Nov 23 '18 at 23:22
Martin ZeitlerMartin Zeitler
17.6k34169
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53188210%2fjenkins-job-auto-triggering-when-code-commit-on-svn-repo-using-post-commit-hook%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Like @bahrep said its hard to troubleshoot issues like this, but my guess is that your post-commit hook doesn't work because of "Prevent Cross Site Request Forgery exploits" Jenkins security option (You've confirmed it's enabled).
From Jenkins Wiki:
If your Jenkins uses the "Prevent Cross Site Request Forgery exploits"
security option, the above request will be rejected with 403 errors
("No valid crumb was included"). The crumb needed in this request can
be obtained from the URL http://server/crumbIssuer/api/xml (or
/api/json). This can be included in the wget call above with something
like this:
--header `wget -q --output-document -
'http://server/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'`
The easiest way to confirm if this security option causes the problem to would be to disable it and try if post-commit hook will work. If yes enable again and try to configure hook with crumb. (In the end, you want to have things secure :) )
And also make sure that Jenkins has enabled anonymous read access:
For this to work, your Jenkins has to allow anonymous read access
(specifically, "Job > Read" access) to the system. If access control
to your Jenkins is more restrictive, you may need to specify the
username and password, depending on how your authentication is
configured.
Edit
I think the problems occur because you haven't provided Jenkins instance address. In your webhook example you have:
http://server/subversion/${UUID}/notifyCommit?rev=$REV
You should change server to your Jenkins instance address (Ip, domain or ip and port. It depends on your configuration.).
http://yourjenkins.com/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>:<Port>/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>/subversion/${UUID}/notifyCommit?rev=$REV
Or if you run everything locally (including svn repo):
http://localhost:8080/subversion/${UUID}/notifyCommit?rev=$REV
But remember to have:
- "Prevent Cross Site Request Forgery exploits" security option disabled (You will create webhook to work with this option later, now we want to find the root cause)
- "allow anonymous read access" security option enabled
I think the hook script works just fine but it's being sent to nowhere. This can be easily checked by logging your hook script. Just add at the end of hook:
echo "`$REPOS` change to revision `$REV` triggered @ `date`" >> ${REPOS}/post-commit-hook.log
and look if after commit log file was created. If yes it means the wget request is being sent incorrectly.
answered Nov 12 '18 at 9:56
Raoslaw SzamszurRaoslaw Szamszur
945515
Thank you for your response. I disabled the "Prevent Cross Site Request Forgery exploits" option and checked. Then also its not working. I think this is not the proper reason (Security related).
– Jacob
Nov 12 '18 at 14:48
@Jacob probably issue occurs before communicating with Jenkins, but still, this security option would stop your post hook. Now back to debugging, can your Jenkins job poll SCM at all (try entering any schedule value ex.:H/5 * * * *) This will tell if the problem is with communication or your post-hook. Also you've mentioned that code is in separate VM, can your EC2 instance talk with this VM at all? (Maybe you forgot to set ALC for this AWS instance)
– Raoslaw Szamszur
Nov 12 '18 at 17:18
Yes sir. I already tried and confirmed this. H/2 * * * * working. And also tried with every minute also. That also working. I am able to see my modified code in jenkins workspace. For every minute and every 2 minute , its working. Problem is related with post-hook.
– Jacob
Nov 13 '18 at 5:04
@Jacob do you have enabled "Allow anonymous read access" option (I've added a screenshot in edit)? This was also mentioned in Wiki that is necessary in order to post-commit hook to work.
– Raoslaw Szamszur
Nov 13 '18 at 13:27
I checked the option "Allow anonymous read access " that you given like in screenshot. But that also not working.
– Jacob
Nov 13 '18 at 13:52
|
show 3 more comments
Like @bahrep said its hard to troubleshoot issues like this, but my guess is that your post-commit hook doesn't work because of "Prevent Cross Site Request Forgery exploits" Jenkins security option (You've confirmed it's enabled).
From Jenkins Wiki:
If your Jenkins uses the "Prevent Cross Site Request Forgery exploits"
security option, the above request will be rejected with 403 errors
("No valid crumb was included"). The crumb needed in this request can
be obtained from the URL http://server/crumbIssuer/api/xml (or
/api/json). This can be included in the wget call above with something
like this:
--header `wget -q --output-document -
'http://server/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'`
The easiest way to confirm if this security option causes the problem to would be to disable it and try if post-commit hook will work. If yes enable again and try to configure hook with crumb. (In the end, you want to have things secure :) )
And also make sure that Jenkins has enabled anonymous read access:
For this to work, your Jenkins has to allow anonymous read access
(specifically, "Job > Read" access) to the system. If access control
to your Jenkins is more restrictive, you may need to specify the
username and password, depending on how your authentication is
configured.
Edit
I think the problems occur because you haven't provided Jenkins instance address. In your webhook example you have:
http://server/subversion/${UUID}/notifyCommit?rev=$REV
You should change server to your Jenkins instance address (Ip, domain or ip and port. It depends on your configuration.).
http://yourjenkins.com/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>:<Port>/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>/subversion/${UUID}/notifyCommit?rev=$REV
Or if you run everything locally (including svn repo):
http://localhost:8080/subversion/${UUID}/notifyCommit?rev=$REV
But remember to have:
- "Prevent Cross Site Request Forgery exploits" security option disabled (You will create webhook to work with this option later, now we want to find the root cause)
- "allow anonymous read access" security option enabled
I think the hook script works just fine but it's being sent to nowhere. This can be easily checked by logging your hook script. Just add at the end of hook:
echo "`$REPOS` change to revision `$REV` triggered @ `date`" >> ${REPOS}/post-commit-hook.log
and look if after commit log file was created. If yes it means the wget request is being sent incorrectly.
answered Nov 12 '18 at 9:56
Raoslaw SzamszurRaoslaw Szamszur
945515
Thank you for your response. I disabled the "Prevent Cross Site Request Forgery exploits" option and checked. Then also its not working. I think this is not the proper reason (Security related).
– Jacob
Nov 12 '18 at 14:48
@Jacob probably issue occurs before communicating with Jenkins, but still, this security option would stop your post hook. Now back to debugging, can your Jenkins job poll SCM at all (try entering any schedule value ex.:H/5 * * * *) This will tell if the problem is with communication or your post-hook. Also you've mentioned that code is in separate VM, can your EC2 instance talk with this VM at all? (Maybe you forgot to set ALC for this AWS instance)
– Raoslaw Szamszur
Nov 12 '18 at 17:18
Yes sir. I already tried and confirmed this. H/2 * * * * working. And also tried with every minute also. That also working. I am able to see my modified code in jenkins workspace. For every minute and every 2 minute , its working. Problem is related with post-hook.
– Jacob
Nov 13 '18 at 5:04
@Jacob do you have enabled "Allow anonymous read access" option (I've added a screenshot in edit)? This was also mentioned in Wiki that is necessary in order to post-commit hook to work.
– Raoslaw Szamszur
Nov 13 '18 at 13:27
I checked the option "Allow anonymous read access " that you given like in screenshot. But that also not working.
– Jacob
Nov 13 '18 at 13:52
|
show 3 more comments
Like @bahrep said its hard to troubleshoot issues like this, but my guess is that your post-commit hook doesn't work because of "Prevent Cross Site Request Forgery exploits" Jenkins security option (You've confirmed it's enabled).
From Jenkins Wiki:
If your Jenkins uses the "Prevent Cross Site Request Forgery exploits"
security option, the above request will be rejected with 403 errors
("No valid crumb was included"). The crumb needed in this request can
be obtained from the URL http://server/crumbIssuer/api/xml (or
/api/json). This can be included in the wget call above with something
like this:
--header `wget -q --output-document -
'http://server/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'`
The easiest way to confirm if this security option causes the problem to would be to disable it and try if post-commit hook will work. If yes enable again and try to configure hook with crumb. (In the end, you want to have things secure :) )
And also make sure that Jenkins has enabled anonymous read access:
For this to work, your Jenkins has to allow anonymous read access
(specifically, "Job > Read" access) to the system. If access control
to your Jenkins is more restrictive, you may need to specify the
username and password, depending on how your authentication is
configured.
Edit
I think the problems occur because you haven't provided Jenkins instance address. In your webhook example you have:
http://server/subversion/${UUID}/notifyCommit?rev=$REV
You should change server to your Jenkins instance address (Ip, domain or ip and port. It depends on your configuration.).
http://yourjenkins.com/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>:<Port>/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>/subversion/${UUID}/notifyCommit?rev=$REV
Or if you run everything locally (including svn repo):
http://localhost:8080/subversion/${UUID}/notifyCommit?rev=$REV
But remember to have:
- "Prevent Cross Site Request Forgery exploits" security option disabled (You will create webhook to work with this option later, now we want to find the root cause)
- "allow anonymous read access" security option enabled
I think the hook script works just fine but it's being sent to nowhere. This can be easily checked by logging your hook script. Just add at the end of hook:
echo "`$REPOS` change to revision `$REV` triggered @ `date`" >> ${REPOS}/post-commit-hook.log
and look if after commit log file was created. If yes it means the wget request is being sent incorrectly.
answered Nov 12 '18 at 9:56
Raoslaw SzamszurRaoslaw Szamszur
945515
Like @bahrep said its hard to troubleshoot issues like this, but my guess is that your post-commit hook doesn't work because of "Prevent Cross Site Request Forgery exploits" Jenkins security option (You've confirmed it's enabled).
From Jenkins Wiki:
If your Jenkins uses the "Prevent Cross Site Request Forgery exploits"
security option, the above request will be rejected with 403 errors
("No valid crumb was included"). The crumb needed in this request can
be obtained from the URL http://server/crumbIssuer/api/xml (or
/api/json). This can be included in the wget call above with something
like this:
--header `wget -q --output-document -
'http://server/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'`
The easiest way to confirm if this security option causes the problem to would be to disable it and try if post-commit hook will work. If yes enable again and try to configure hook with crumb. (In the end, you want to have things secure :) )
And also make sure that Jenkins has enabled anonymous read access:
For this to work, your Jenkins has to allow anonymous read access
(specifically, "Job > Read" access) to the system. If access control
to your Jenkins is more restrictive, you may need to specify the
username and password, depending on how your authentication is
configured.
Edit
I think the problems occur because you haven't provided Jenkins instance address. In your webhook example you have:
http://server/subversion/${UUID}/notifyCommit?rev=$REV
You should change server to your Jenkins instance address (Ip, domain or ip and port. It depends on your configuration.).
http://yourjenkins.com/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>:<Port>/subversion/${UUID}/notifyCommit?rev=$REV
http://<IP>/subversion/${UUID}/notifyCommit?rev=$REV
Or if you run everything locally (including svn repo):
http://localhost:8080/subversion/${UUID}/notifyCommit?rev=$REV
But remember to have:
- "Prevent Cross Site Request Forgery exploits" security option disabled (You will create webhook to work with this option later, now we want to find the root cause)
- "allow anonymous read access" security option enabled
I think the hook script works just fine but it's being sent to nowhere. This can be easily checked by logging your hook script. Just add at the end of hook:
echo "`$REPOS` change to revision `$REV` triggered @ `date`" >> ${REPOS}/post-commit-hook.log
and look if after commit log file was created. If yes it means the wget request is being sent incorrectly.
answered Nov 12 '18 at 9:56
Raoslaw SzamszurRaoslaw Szamszur
945515
edited Nov 15 '18 at 14:28
answered Nov 12 '18 at 9:56
Raoslaw SzamszurRaoslaw Szamszur
945515
answered Nov 12 '18 at 9:56
Raoslaw SzamszurRaoslaw Szamszur
945515
answered Nov 12 '18 at 9:56
Raoslaw SzamszurRaoslaw Szamszur
945515
945515
Thank you for your response. I disabled the "Prevent Cross Site Request Forgery exploits" option and checked. Then also its not working. I think this is not the proper reason (Security related).
– Jacob
Nov 12 '18 at 14:48
@Jacob probably issue occurs before communicating with Jenkins, but still, this security option would stop your post hook. Now back to debugging, can your Jenkins job poll SCM at all (try entering any schedule value ex.:H/5 * * * *) This will tell if the problem is with communication or your post-hook. Also you've mentioned that code is in separate VM, can your EC2 instance talk with this VM at all? (Maybe you forgot to set ALC for this AWS instance)
– Raoslaw Szamszur
Nov 12 '18 at 17:18
Yes sir. I already tried and confirmed this. H/2 * * * * working. And also tried with every minute also. That also working. I am able to see my modified code in jenkins workspace. For every minute and every 2 minute , its working. Problem is related with post-hook.
– Jacob
Nov 13 '18 at 5:04
@Jacob do you have enabled "Allow anonymous read access" option (I've added a screenshot in edit)? This was also mentioned in Wiki that is necessary in order to post-commit hook to work.
– Raoslaw Szamszur
Nov 13 '18 at 13:27
I checked the option "Allow anonymous read access " that you given like in screenshot. But that also not working.
– Jacob
Nov 13 '18 at 13:52
|
show 3 more comments
Thank you for your response. I disabled the "Prevent Cross Site Request Forgery exploits" option and checked. Then also its not working. I think this is not the proper reason (Security related).
– Jacob
Nov 12 '18 at 14:48
@Jacob probably issue occurs before communicating with Jenkins, but still, this security option would stop your post hook. Now back to debugging, can your Jenkins job poll SCM at all (try entering any schedule value ex.:H/5 * * * *) This will tell if the problem is with communication or your post-hook. Also you've mentioned that code is in separate VM, can your EC2 instance talk with this VM at all? (Maybe you forgot to set ALC for this AWS instance)
– Raoslaw Szamszur
Nov 12 '18 at 17:18
Yes sir. I already tried and confirmed this. H/2 * * * * working. And also tried with every minute also. That also working. I am able to see my modified code in jenkins workspace. For every minute and every 2 minute , its working. Problem is related with post-hook.
– Jacob
Nov 13 '18 at 5:04
@Jacob do you have enabled "Allow anonymous read access" option (I've added a screenshot in edit)? This was also mentioned in Wiki that is necessary in order to post-commit hook to work.
– Raoslaw Szamszur
Nov 13 '18 at 13:27
I checked the option "Allow anonymous read access " that you given like in screenshot. But that also not working.
– Jacob
Nov 13 '18 at 13:52
Thank you for your response. I disabled the "Prevent Cross Site Request Forgery exploits" option and checked. Then also its not working. I think this is not the proper reason (Security related).
– Jacob
Nov 12 '18 at 14:48
Thank you for your response. I disabled the "Prevent Cross Site Request Forgery exploits" option and checked. Then also its not working. I think this is not the proper reason (Security related).
– Jacob
Nov 12 '18 at 14:48
@Jacob probably issue occurs before communicating with Jenkins, but still, this security option would stop your post hook. Now back to debugging, can your Jenkins job poll SCM at all (try entering any schedule value ex.:
H/5 * * * *) This will tell if the problem is with communication or your post-hook. Also you've mentioned that code is in separate VM, can your EC2 instance talk with this VM at all? (Maybe you forgot to set ALC for this AWS instance)– Raoslaw Szamszur
Nov 12 '18 at 17:18
@Jacob probably issue occurs before communicating with Jenkins, but still, this security option would stop your post hook. Now back to debugging, can your Jenkins job poll SCM at all (try entering any schedule value ex.:
H/5 * * * *) This will tell if the problem is with communication or your post-hook. Also you've mentioned that code is in separate VM, can your EC2 instance talk with this VM at all? (Maybe you forgot to set ALC for this AWS instance)– Raoslaw Szamszur
Nov 12 '18 at 17:18
Yes sir. I already tried and confirmed this. H/2 * * * * working. And also tried with every minute also. That also working. I am able to see my modified code in jenkins workspace. For every minute and every 2 minute , its working. Problem is related with post-hook.
– Jacob
Nov 13 '18 at 5:04
Yes sir. I already tried and confirmed this. H/2 * * * * working. And also tried with every minute also. That also working. I am able to see my modified code in jenkins workspace. For every minute and every 2 minute , its working. Problem is related with post-hook.
– Jacob
Nov 13 '18 at 5:04
@Jacob do you have enabled "Allow anonymous read access" option (I've added a screenshot in edit)? This was also mentioned in Wiki that is necessary in order to post-commit hook to work.
– Raoslaw Szamszur
Nov 13 '18 at 13:27
@Jacob do you have enabled "Allow anonymous read access" option (I've added a screenshot in edit)? This was also mentioned in Wiki that is necessary in order to post-commit hook to work.
– Raoslaw Szamszur
Nov 13 '18 at 13:27
I checked the option "Allow anonymous read access " that you given like in screenshot. But that also not working.
– Jacob
Nov 13 '18 at 13:52
I checked the option "Allow anonymous read access " that you given like in screenshot. But that also not working.
– Jacob
Nov 13 '18 at 13:52
|
show 3 more comments
I made lot attempt to resolve this problem by using guidance from answers. Finally I got the actual issue that I was facing. I added the post-commit script in the file "post-commit.tmpl". This file defaulty I got when I created my SVN repository. Instead of adding the "post-commit.tmpl" need to create file just "post-commit". It resolved my problem.
answered Dec 12 '18 at 8:20
JacobJacob
251825
add a comment |
I made lot attempt to resolve this problem by using guidance from answers. Finally I got the actual issue that I was facing. I added the post-commit script in the file "post-commit.tmpl". This file defaulty I got when I created my SVN repository. Instead of adding the "post-commit.tmpl" need to create file just "post-commit". It resolved my problem.
answered Dec 12 '18 at 8:20
JacobJacob
251825
add a comment |
I made lot attempt to resolve this problem by using guidance from answers. Finally I got the actual issue that I was facing. I added the post-commit script in the file "post-commit.tmpl". This file defaulty I got when I created my SVN repository. Instead of adding the "post-commit.tmpl" need to create file just "post-commit". It resolved my problem.
answered Dec 12 '18 at 8:20
JacobJacob
251825
I made lot attempt to resolve this problem by using guidance from answers. Finally I got the actual issue that I was facing. I added the post-commit script in the file "post-commit.tmpl". This file defaulty I got when I created my SVN repository. Instead of adding the "post-commit.tmpl" need to create file just "post-commit". It resolved my problem.
answered Dec 12 '18 at 8:20
JacobJacob
251825
answered Dec 12 '18 at 8:20
JacobJacob
251825
answered Dec 12 '18 at 8:20
JacobJacob
251825
answered Dec 12 '18 at 8:20
JacobJacob
251825
251825
add a comment |
add a comment |
It's hard to troubleshoot this problem without seeing actual errors and the log. However, one of the possible reasons is that your SVN server requires authentication. You should specify a correct username and password and make sure that this user account has Read permissions to the SVN repository.
answered Nov 10 '18 at 13:47
bahrepbahrep
22.3k1075109
Thank you for your response. Yes. I already checked the user permission. When I am manually running ansible playbook its checkouting (I added maven module using ansible playbook for checkouting). Also In my local editor also its checkouting. After I added the configuration in hooks, When I am commiting , my jenkins job not building. Within Jenkins I am calling the playbook for CI/CD pipeline inclusing the svn checkout stage. Manually its checkout is working. Only problem is related with Hooks.
– Jacob
Nov 11 '18 at 9:17
add a comment |
It's hard to troubleshoot this problem without seeing actual errors and the log. However, one of the possible reasons is that your SVN server requires authentication. You should specify a correct username and password and make sure that this user account has Read permissions to the SVN repository.
answered Nov 10 '18 at 13:47
bahrepbahrep
22.3k1075109
Thank you for your response. Yes. I already checked the user permission. When I am manually running ansible playbook its checkouting (I added maven module using ansible playbook for checkouting). Also In my local editor also its checkouting. After I added the configuration in hooks, When I am commiting , my jenkins job not building. Within Jenkins I am calling the playbook for CI/CD pipeline inclusing the svn checkout stage. Manually its checkout is working. Only problem is related with Hooks.
– Jacob
Nov 11 '18 at 9:17
add a comment |
It's hard to troubleshoot this problem without seeing actual errors and the log. However, one of the possible reasons is that your SVN server requires authentication. You should specify a correct username and password and make sure that this user account has Read permissions to the SVN repository.
answered Nov 10 '18 at 13:47
bahrepbahrep
22.3k1075109
It's hard to troubleshoot this problem without seeing actual errors and the log. However, one of the possible reasons is that your SVN server requires authentication. You should specify a correct username and password and make sure that this user account has Read permissions to the SVN repository.
answered Nov 10 '18 at 13:47
bahrepbahrep
22.3k1075109
answered Nov 10 '18 at 13:47
bahrepbahrep
22.3k1075109
answered Nov 10 '18 at 13:47
bahrepbahrep
22.3k1075109
answered Nov 10 '18 at 13:47
bahrepbahrep
22.3k1075109
22.3k1075109
Thank you for your response. Yes. I already checked the user permission. When I am manually running ansible playbook its checkouting (I added maven module using ansible playbook for checkouting). Also In my local editor also its checkouting. After I added the configuration in hooks, When I am commiting , my jenkins job not building. Within Jenkins I am calling the playbook for CI/CD pipeline inclusing the svn checkout stage. Manually its checkout is working. Only problem is related with Hooks.
– Jacob
Nov 11 '18 at 9:17
add a comment |
Thank you for your response. Yes. I already checked the user permission. When I am manually running ansible playbook its checkouting (I added maven module using ansible playbook for checkouting). Also In my local editor also its checkouting. After I added the configuration in hooks, When I am commiting , my jenkins job not building. Within Jenkins I am calling the playbook for CI/CD pipeline inclusing the svn checkout stage. Manually its checkout is working. Only problem is related with Hooks.
– Jacob
Nov 11 '18 at 9:17
Thank you for your response. Yes. I already checked the user permission. When I am manually running ansible playbook its checkouting (I added maven module using ansible playbook for checkouting). Also In my local editor also its checkouting. After I added the configuration in hooks, When I am commiting , my jenkins job not building. Within Jenkins I am calling the playbook for CI/CD pipeline inclusing the svn checkout stage. Manually its checkout is working. Only problem is related with Hooks.
– Jacob
Nov 11 '18 at 9:17
Thank you for your response. Yes. I already checked the user permission. When I am manually running ansible playbook its checkouting (I added maven module using ansible playbook for checkouting). Also In my local editor also its checkouting. After I added the configuration in hooks, When I am commiting , my jenkins job not building. Within Jenkins I am calling the playbook for CI/CD pipeline inclusing the svn checkout stage. Manually its checkout is working. Only problem is related with Hooks.
– Jacob
Nov 11 '18 at 9:17
add a comment |
there is an easier way ...by simply defining the schedule for the trigger:
or use trigger builds remotely, if wanting a push instead of a pull solution, which requires posting to https://username:api-token@JENKINS_URL/job/Example/build, with a predefined API token; authenticating scripted clients explains it. building only on changes suggested, because everything else would unnecessarily cost processing power (which equals money).
answered Nov 23 '18 at 23:22
Martin ZeitlerMartin Zeitler
17.6k34169
add a comment |
there is an easier way ...by simply defining the schedule for the trigger:
or use trigger builds remotely, if wanting a push instead of a pull solution, which requires posting to https://username:api-token@JENKINS_URL/job/Example/build, with a predefined API token; authenticating scripted clients explains it. building only on changes suggested, because everything else would unnecessarily cost processing power (which equals money).
answered Nov 23 '18 at 23:22
Martin ZeitlerMartin Zeitler
17.6k34169
add a comment |
there is an easier way ...by simply defining the schedule for the trigger:
or use trigger builds remotely, if wanting a push instead of a pull solution, which requires posting to https://username:api-token@JENKINS_URL/job/Example/build, with a predefined API token; authenticating scripted clients explains it. building only on changes suggested, because everything else would unnecessarily cost processing power (which equals money).
answered Nov 23 '18 at 23:22
Martin ZeitlerMartin Zeitler
17.6k34169
there is an easier way ...by simply defining the schedule for the trigger:
or use trigger builds remotely, if wanting a push instead of a pull solution, which requires posting to https://username:api-token@JENKINS_URL/job/Example/build, with a predefined API token; authenticating scripted clients explains it. building only on changes suggested, because everything else would unnecessarily cost processing power (which equals money).
answered Nov 23 '18 at 23:22
Martin ZeitlerMartin Zeitler
17.6k34169
edited Nov 23 '18 at 23:31
answered Nov 23 '18 at 23:22
Martin ZeitlerMartin Zeitler
17.6k34169
answered Nov 23 '18 at 23:22
Martin ZeitlerMartin Zeitler
17.6k34169
answered Nov 23 '18 at 23:22
Martin ZeitlerMartin Zeitler
17.6k34169
17.6k34169
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53188210%2fjenkins-job-auto-triggering-when-code-commit-on-svn-repo-using-post-commit-hook%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Do you have "Prevent Cross Site Request Forgery exploits" security option enabled? And also have you checked Jenkins log if there is maybe an error logged?
– Raoslaw Szamszur
Nov 11 '18 at 11:56
You can check it under ManageJenkins - > ConfigureGlobalSecurity and look for Prevent Cross Site Request Forgery exploits checkbox. I think from Jenkins 2.x this option is enabled by default.
– Raoslaw Szamszur
Nov 11 '18 at 12:06
This should help stackoverflow.com/questions/42487563/…
– rohit thomas
Nov 12 '18 at 2:53
@RaoslawSzamszur - Yes , its already checked that option in configure global security.
– Jacob
Nov 12 '18 at 6:04
@rohitthomas - thank you for response. I will check and read about this link that you given here.
– Jacob
Nov 12 '18 at 6:05