The DriveTrain Jenkins enabled on the Salt Master node is configured to allow anonymous users to access the Jenkins web UI including the listing of the Jenkins jobs and builds in the web UI.
For security reasons, starting from the MCP 2019.2.4 maintenance update, by default, only authorized users have access to Jenkins on the Salt Master node. For the MCP versions earlier than 2019.2.4, Mirantis recommends configuring Jenkins as described below.
Note
If Jenkins is disabled on the Salt Master node (for details, refer to MCP Deployment Guide: Deploy CI/CD), you can skip the steps below or simply update your cluster configuration without applying the Salt states.
To remove anonymous access to Jenkins on the Salt Master node:
Log in to the Salt Master node.
In
./classes/cluster/<cluster_name>/infra/config/jenkins.yml, replace
anonymous with authenticated for jenkins_security_matrix_read:
parameters:
_param:
jenkins_security_matrix_read:
- authenticated
Refresh pillars:
salt -C 'I@salt:master' saltutil.refresh_pillar
Apply the changes:
salt -C 'I@salt:master' state.apply jenkins.client