installing the software for the jenkins certification exam

Posted on by
Reply

I didn’t have Jenkins on my home machine. While I do use it at CodeRanch and at work, I can’t just make changes because I feel like experimenting so installed locally. So I installed Jenkins on my home computer so I could practice for the Jenkins certification exam. The first thing I did was download the version in the study guide.

Also, see my main blog post about the Jenkins certification exam

Note: this is an old version with known security issues but it is what the PDF says questions were created against so using it anyway.

Installing Jenkins Enterprise

Since it was local and just for playing, I don’t need a servlet container and could just kick it off. Nice and easy:

  1. Download war from http://mirrors.jenkins-ci.org/war/1.625/
  2. java -jar jenkins.war
  3. Launch at http://localhost:8080

Note: <home>/.jenkins has all data from this test install

Then I installed the Jenkins Enterprise edition using the evaluation license. I choose “Install license only” as described on the wiki. It would have been better to choose the full enterprise option to get all the plugins so I circled back and did that.

Note the license is only valid for two weeks so plan carefully!

Installing plugins

A few plugin names differed between the JDF and what was available:

  • Disk-usage-plugin vs Disk usage plugin
  • Jabber notifier plugin vs jabber plugin
  • Node and Label Parameter Plugin vs Nodelabel parameter plugin
  • Pipeline: Multi-Branch vs Multi-Branch pipeline

I also added the literate plugin which is referenced in objectives, but not in the plugin list in the PDF. Finally, I installed the File System SCM plugin so I didn’t have to put everything I build in local git to test things.

 

There were some plugins I wasn’t sure if I had based on the PDF names:

  • Analytics
  • Client Masters
  • Cluster Operations
  • Shared cloud
  • Shared slaves
  • Pipeline Checkpoints Plugin (formerly known as Pipeline Checkpoints Plugin)

Installing Cloudbees Jenkins Operations Center

I had never used Cloudbees Jenkins Operations Center (CJOC) before. I downloaded the war and set my JENKINS_HOME variable. Then I started the CJOC:

java –jar jenkins-oc.war –httpPort=8081 –prefix=/operations-center

And accessed it at http://localhost:8081/operations-center/registration

Note: I realized 3 days before the test that anyone can get an account to edit the Jenkins wiki and fix typos (fixed one at that point). I wish I had realized this earlier as I saw a few others.

15 vs 30 day trial licenses for Jenkins Enterprise

Posted on by
Reply

On February 24th, I’m taking the beta for the Jenkins Certification. This beta is different than beta exams from Oracle. In particular, it is only being offered on one day. The only choices you have are:

  • whether you want the morning or afternoon offering. It’s also only being offered in 12 cities (8 in the US and 4 in Europe). I chose the afternoon because I’ll probably be up late the night before. (yeah, I know. not ideal for taking an exam)
  • whether you want the Open Source or Enterprise version of the exam. I chose Enterprise because we use it at work and I like some of the features like templates.

This isn’t a great time for me to study for or take an exam. The exam is being held, literally the day after the robot is due for robotics team on which I mentor the programmers. This means I have little spare time. Especially for the week before the exam.  It’s worth a shot though. I know a lot about Jenkins without studying. And studying for the exam has filled in a lot of what I don’t know nicely.

I started studying two weeks ago (when I registered.)  I wanted to use a trial license for the enterprise edition so I could play with those features at home. I checked the evaluation agreement and it said that trial licenses default to 30 days. I checked again today and it says 15 days so either they fixed it or I misread it. It’s possible they fixed it because I did inform them of the discrepancy.

I filled out the trial form which gave me a 15 day license. I used the contact us form on Cloudbees site to ask about the 15 vs 30 days. They don’t allow gmail as an email provider so I used my javaranch address. (I get that they only want to talk to companies but what if someone is running a business our of gmail?)

A two week trial is also a big annoying because you get the green bar that resists being hidden reminding you that license is about to expire. This left me with a problem because I wanted to review some features a few days before the exam. I’d have installed the enterprise trial license if I had know that it was only good for 15 days.

I checked the license again and it doesn’t say that you can’t use two trials back to back. That would solve my problem. You can’t get another trial for the same instance id. You can for the same email.

Note: Check the trial agreement before attempting this to make sure it isn’t banned in the future.

Approach 1 – Clean install

First, I renamed my working directory so Jenkins thinks it is clean install. I’m not attached to any of my configuration or jobs. So a clean install is fine. I did backup my old install in case I wanted to check on my settings:

mv $HOME/.jenkins $HOME/.jenkins-bkp

Then I started Jenkins:

java -jar jenkins.war

This gives a clean install with no plugins. I then followed the instructions to convert to Enterprise including getting a trial license successfully.

I did want the exact same plugins along with build tools, so rather than redoing that all manually, I ran:

cp -r $HOME/.jenkins-bkp/plugins/* $HOME/.jenkins/plugins
cp $HOME/.jenkins-bkp/config.xml $HOME/.jenkins/config.xml

I then hand edited the config.xml to set <useSecurity>false</useSecurity> instead of true.

Approach 2 – Delete the license files

The technique described here to delete a few files also might work.

 

 

 

 

Handling two factor when on an international vacation

Posted on by
3

I got Australian government tells citizens to turn off two-factor authentication forwarded to me because of my two factor posts on this blog. The theory is that they will not have access to texts while abroad. I was surprised to see such a thing, but lo and behold, their twitter account does in fact say that including:

Going out of mobile range? Turn off myGov Security Codes so you can still sign in! Go to ‘settings’ in your account

and

If you turn off security codes, you’ll still need to securely sign in with secret questions & answers.

My gut reaction

This sounds like a horrible idea. While traveling, make your access LESS secure? I find it hard to believe their “secret” questions are actually secure. Most places use things that lots of people know. Or that you have no way of remembering yourself.

How Australia could fix this without compromising security

Australia could update their website. They could add support for any or all of the following:

  1. Email a secondary auth code for verification. It you have access to the website, you presumably have access to email.
  2. Google Authenticator support. This app doesn’t even require internet access.
  3. Predefined codes. Gmail has a number of codes you can type in that are generated in advance to be used if other methods fail.
  4. Support a temporary alternate number. This one is less convenient, but the site could provide a way to enter a secondary phone number to use during a pre-defined window. That way SMS could still be used.

All of these are still two factor solutions.

What users could do if a website doesn’t have an option other than SMS

This part isn’t specific to Australia. It applies to any site that uses only SMS for two factor.

  1. First, decide whether you will actually need the site while traveling. If not, problem solved.
  2. Check if the site remembers your device. If so, sign on using the temporary smart phone device while you still have access to your main phone/SIM so you won’t get two factor challenged while traveling.
  3. If there are predefined codes, bring them with you.
  4. If you must turn off two factor, do so. But also do the following:
    1. Complain to the website so they know this is a problem
    2. Leave a post it note on your home computer to turn back on two factor
    3. If the website shows “last login” check it was you.
    4. If the website emails when logging in from a different device, check for those.