[CICD] JENKIS RESET PASSWORD - fourslickz/notes GitHub Wiki
Reset Password Jenkins (Docker)
Environment
- Jenkins Version:
2.555.3 - Deployment: Docker
- Authentication: Jenkins Own User Database
- User:
devops
Problem
Lupa password Jenkins dan tidak dapat login ke dashboard.
Langkah 1 - Masuk ke Container sebagai Root
Masuk ke container Jenkins menggunakan user root.
docker ps
docker exec -u 0 -it <container_name> bash
Contoh:
docker exec -u 0 -it jenkins bash
Langkah 2 - Nonaktifkan Security Sementara
Edit file konfigurasi:
sed -i 's#<useSecurity>true</useSecurity>#<useSecurity>false</useSecurity>#g' /var/jenkins_home/config.xml
Restart container:
docker restart jenkins
Setelah restart, Jenkins dapat diakses tanpa login.
Langkah 3 - Identifikasi User Jenkins
Lihat daftar user:
ls -R /var/jenkins_home/users
Contoh hasil:
/var/jenkins_home/users:
devops_078a8067b356f98963a6fc2dfe679fd3a7d38b939f44c4803f63fb11504b66e3
Langkah 4 - Verifikasi Password Hash
Cek password hash user:
grep -A5 -B5 passwordHash \
/var/jenkins_home/users/devops_*/config.xml
Contoh:
<passwordHash>#jbcrypt:$2a$10$9V3FnhwIN41Smea.KedVbeq...</passwordHash>
Artinya Jenkins menggunakan HudsonPrivateSecurityRealm.
Langkah 5 - Reset Password
Masuk ke:
Manage Jenkins
→ Script Console
atau
http://<jenkins-url>/script
Jalankan script berikut:
import jenkins.model.*
import hudson.security.*
def user = hudson.model.User.getById("devops", true)
def password = "PasswordBaru123!"
def details = HudsonPrivateSecurityRealm.Details.fromPlainPassword(password)
user.addProperty(details)
user.save()
println("Password berhasil diubah.")
Langkah 6 - Aktifkan Kembali Security
Ubah kembali:
<useSecurity>false</useSecurity>
menjadi
<useSecurity>true</useSecurity>
Namun hanya mengubah useSecurity tidak cukup.
Konfigurasi berikut juga harus diperbaiki.
Sebelum
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
<securityRealm class="hudson.security.SecurityRealm$None"/>
Sesudah
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
<securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
<disableSignup>true</disableSignup>
<enableCaptcha>false</enableCaptcha>
</securityRealm>
Restart Jenkins:
docker restart jenkins
Login
Username:
devops
Password:
<password baru>
Struktur File Penting Jenkins
/var/jenkins_home/
├── config.xml
├── credentials.xml
├── users/
├── jobs/
├── plugins/
├── secrets/
└── workspace/
Backup Jenkins
Backup seluruh data Jenkins:
tar czf jenkins-backup-$(date +%F).tar.gz /var/jenkins_home
Restore:
tar xzf jenkins-backup-YYYY-MM-DD.tar.gz -C /
Restart:
docker restart jenkins
Catatan
- Jangan biarkan Jenkins berjalan dengan:
<useSecurity>false</useSecurity>
- Jangan gunakan:
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
- Jangan gunakan:
<securityRealm class="hudson.security.SecurityRealm$None"/>
karena Jenkins akan dapat diakses tanpa autentikasi.
Best Practice
- Gunakan Jenkins Own User Database.
- Aktifkan Full Control Once Logged In atau Matrix Authorization.
- Backup
/var/jenkins_homesecara berkala. - Buat minimal dua akun administrator.
- Simpan credential menggunakan Manage Credentials, bukan di Jenkinsfile.
- Jangan menjalankan Jenkins tanpa autentikasi di lingkungan production.