Remove anonymous access to Jenkins on the Salt Master node

Remove anonymous access to Jenkins on the Salt Master node

The DriveTrain Jenkins enabled on the Salt Master node is configured to allow anonymous users to access the Jenkins web UI including the listing of the Jenkins jobs and builds in the web UI.

For security reasons, starting from the MCP 2019.2.4 maintenance update, by default, only authorized users have access to Jenkins on the Salt Master node. For the MCP versions earlier than 2019.2.4, Mirantis recommends configuring Jenkins as described below.

Note

If Jenkins is disabled on the Salt Master node (for details, refer to MCP Deployment Guide: Deploy CI/CD), you can skip the steps below or simply update your cluster configuration without applying the Salt states.

To remove anonymous access to Jenkins on the Salt Master node:

  1. Log in to the Salt Master node.

  2. In ./classes/cluster/<cluster_name>/infra/config/jenkins.yml, replace anonymous with authenticated for jenkins_security_matrix_read:

    parameters:
      _param:
        jenkins_security_matrix_read:
        - authenticated
    
  3. Refresh pillars:

    salt -C 'I@salt:master' saltutil.refresh_pillar
    
  4. Apply the changes:

    salt -C 'I@salt:master' state.apply jenkins.client