[CICD] JENKIS RESET PASSWORD - fourslickz/notes GitHub Wiki

Reset Password Jenkins (Docker)

Environment

  • Jenkins Version: 2.555.3
  • Deployment: Docker
  • Authentication: Jenkins Own User Database
  • User: devops

Problem

Lupa password Jenkins dan tidak dapat login ke dashboard.


Langkah 1 - Masuk ke Container sebagai Root

Masuk ke container Jenkins menggunakan user root.

docker ps

docker exec -u 0 -it <container_name> bash

Contoh:

docker exec -u 0 -it jenkins bash

Langkah 2 - Nonaktifkan Security Sementara

Edit file konfigurasi:

sed -i 's#<useSecurity>true</useSecurity>#<useSecurity>false</useSecurity>#g' /var/jenkins_home/config.xml

Restart container:

docker restart jenkins

Setelah restart, Jenkins dapat diakses tanpa login.


Langkah 3 - Identifikasi User Jenkins

Lihat daftar user:

ls -R /var/jenkins_home/users

Contoh hasil:

/var/jenkins_home/users:
devops_078a8067b356f98963a6fc2dfe679fd3a7d38b939f44c4803f63fb11504b66e3

Langkah 4 - Verifikasi Password Hash

Cek password hash user:

grep -A5 -B5 passwordHash \
/var/jenkins_home/users/devops_*/config.xml

Contoh:

<passwordHash>#jbcrypt:$2a$10$9V3FnhwIN41Smea.KedVbeq...</passwordHash>

Artinya Jenkins menggunakan HudsonPrivateSecurityRealm.


Langkah 5 - Reset Password

Masuk ke:

Manage Jenkins
→ Script Console

atau

http://<jenkins-url>/script

Jalankan script berikut:

import jenkins.model.*
import hudson.security.*

def user = hudson.model.User.getById("devops", true)
def password = "PasswordBaru123!"

def details = HudsonPrivateSecurityRealm.Details.fromPlainPassword(password)
user.addProperty(details)
user.save()

println("Password berhasil diubah.")

Langkah 6 - Aktifkan Kembali Security

Ubah kembali:

<useSecurity>false</useSecurity>

menjadi

<useSecurity>true</useSecurity>

Namun hanya mengubah useSecurity tidak cukup.

Konfigurasi berikut juga harus diperbaiki.

Sebelum

<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
<securityRealm class="hudson.security.SecurityRealm$None"/>

Sesudah

<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
  <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>

<securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
  <disableSignup>true</disableSignup>
  <enableCaptcha>false</enableCaptcha>
</securityRealm>

Restart Jenkins:

docker restart jenkins

Login

Username:

devops

Password:

<password baru>

Struktur File Penting Jenkins

/var/jenkins_home/
├── config.xml
├── credentials.xml
├── users/
├── jobs/
├── plugins/
├── secrets/
└── workspace/

Backup Jenkins

Backup seluruh data Jenkins:

tar czf jenkins-backup-$(date +%F).tar.gz /var/jenkins_home

Restore:

tar xzf jenkins-backup-YYYY-MM-DD.tar.gz -C /

Restart:

docker restart jenkins

Catatan

  • Jangan biarkan Jenkins berjalan dengan:
<useSecurity>false</useSecurity>
  • Jangan gunakan:
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
  • Jangan gunakan:
<securityRealm class="hudson.security.SecurityRealm$None"/>

karena Jenkins akan dapat diakses tanpa autentikasi.


Best Practice

  • Gunakan Jenkins Own User Database.
  • Aktifkan Full Control Once Logged In atau Matrix Authorization.
  • Backup /var/jenkins_home secara berkala.
  • Buat minimal dua akun administrator.
  • Simpan credential menggunakan Manage Credentials, bukan di Jenkinsfile.
  • Jangan menjalankan Jenkins tanpa autentikasi di lingkungan production.