随笔- 428 文章- 3 评论- 209 阅读- 222万

运维系列 | Jenkins错误com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy

卸载 Role-based Authorization Strategy这个插件导致的错误

问题

如果配置错了，可以登录到Jenkins那台机器，找到$JENKINS_HOME目录下的config.xml配置文件，因为我配置错误了，所以这里面我贴一下出错后的配置：

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

<?xml version='1.1' encoding='UTF-8'?>
<hudson>
  <disabledAdministrativeMonitors/>
  <version>2.121.1</version>
  <installStateName>RUNNING</installStateName>
  <numExecutors>3</numExecutors>
  <mode>NORMAL</mode>
  <useSecurity>true</useSecurity>
  <authorizationStrategy class="com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy">
    <roleMap type="projectRoles">
      <role name="op" pattern="op.*">
        <permissions>
          <permission>hudson.model.Item.Create</permission>
          <permission>hudson.model.Run.Delete</permission>
          <permission>hudson.model.Item.Workspace</permission>
          <permission>hudson.model.Run.Replay</permission>
          <permission>hudson.model.Item.Configure</permission>
          <permission>hudson.model.Item.Cancel</permission>
          <permission>hudson.model.Item.Delete</permission>
          <permission>hudson.model.Item.Read</permission>
          <permission>hudson.model.Item.Build</permission>
          <permission>hudson.scm.SCM.Tag</permission>
          <permission>hudson.model.Item.Move</permission>
          <permission>hudson.model.Item.Discover</permission>
          <permission>hudson.model.Run.Update</permission>
        </permissions>
        <assignedSIDs/>
      </role>
    </roleMap>
    <roleMap type="globalRoles">
      <role name="admin" pattern=".*">
        <permissions>
          <permission>hudson.model.View.Delete</permission>
          <permission>hudson.model.Computer.Connect</permission>
          <permission>hudson.model.Run.Delete</permission>
          <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains</permission>
          <permission>hudson.model.Computer.Create</permission>
          <permission>hudson.model.View.Configure</permission>
          <permission>hudson.model.Computer.Build</permission>
          <permission>hudson.model.Item.Configure</permission>
          <permission>hudson.model.Hudson.Administer</permission>
          <permission>hudson.model.Item.Cancel</permission>
          <permission>hudson.model.Item.Read</permission>
          <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View</permission>
          <permission>hudson.model.Computer.Delete</permission>
          <permission>hudson.model.Item.Build</permission>
          <permission>hudson.scm.SCM.Tag</permission>
          <permission>hudson.model.Item.Move</permission>
          <permission>hudson.model.Item.Discover</permission>
          <permission>hudson.model.Hudson.Read</permission>
          <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update</permission>
          <permission>hudson.model.Item.Create</permission>
          <permission>hudson.model.Item.Workspace</permission>
          <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete</permission>
          <permission>hudson.model.Computer.Provision</permission>
          <permission>hudson.model.Run.Replay</permission>
          <permission>hudson.model.View.Read</permission>
          <permission>hudson.model.View.Create</permission>
          <permission>hudson.model.Item.Delete</permission>
          <permission>hudson.model.Computer.Configure</permission>
          <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create</permission>
          <permission>hudson.model.Computer.Disconnect</permission>
          <permission>hudson.model.Run.Update</permission>
        </permissions>
        <assignedSIDs/>
      </role>
      <role name="op" pattern=".*">
        <permissions>
          <permission>hudson.model.Hudson.Read</permission>
          <permission>hudson.model.Item.Cancel</permission>
          <permission>hudson.model.Item.Read</permission>
          <permission>hudson.model.Item.Build</permission>
          <permission>hudson.scm.SCM.Tag</permission>
          <permission>hudson.model.View.Read</permission>
        </permissions>
        <assignedSIDs>
          <sid>chenmo</sid>
        </assignedSIDs>
      </role>
    </roleMap>
    <roleMap type="slaveRoles"/>
  </authorizationStrategy>
  <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
    <disableSignup>false</disableSignup>
    <enableCaptcha>false</enableCaptcha>
  </securityRealm>
  <disableRememberMe>false</disableRememberMe>
  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
  <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}</workspaceDir>
  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
  <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
  <jdks>
    <jdk>
      <name>java-1.8-openjdk</name>
      <home>/usr/lib/jvm/default-jvm</home>
      <properties/>
    </jdk>
  </jdks>
  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
  <clouds/>
  <quietPeriod>5</quietPeriod>
  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
  <views>
    <hudson.model.AllView>
      <owner class="hudson" reference="../../.."/>
      <name>all</name>
      <description>### 部署项目之前请在微信里通知</description>
      <filterExecutors>false</filterExecutors>
      <filterQueue>false</filterQueue>
      <properties class="hudson.model.View$PropertyList"/>
    </hudson.model.AllView>
  </views>
  <primaryView>all</primaryView>
  <slaveAgentPort>50000</slaveAgentPort>
  <disabledAgentProtocols>
    <string>JNLP-connect</string>
    <string>JNLP2-connect</string>
  </disabledAgentProtocols>
  <label></label>
  <crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
    <excludeClientIPFromCrumb>false</excludeClientIPFromCrumb>
  </crumbIssuer>
  <nodeProperties/>
  <globalNodeProperties/>
</hudson>

这里面有个节点，authorizationStrategy，这个节点作用就是配置权限的策略，这里我们由于使用了Role-based Authorization Strategy插件，因此就会是这个策略。

<authorizationStrategy class="com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy">
 
</authorizationStrategy>

解决

解决办法很简单，你只需要修改conifg.xml文件中的这个策略，将下面节点整个删除掉。

<authorizationStrategy class="com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy">
 
</authorizationStrategy>

替换成：

<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
    <denyAnonymousReadAccess>false</denyAnonymousReadAccess>
</authorizationStrategy>

这个权限对应”登录用“可以做任何事”。
此时重启Jenkins后会重新加载此配置文件，然后就一切正常了，如果出现了有些项目未成功加载的情况，不要慌张，去升级一下插件就好！　　