What are the Slack Archives?
Itβs a history of our time together in the Slack Community! Thereβs a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.
Because this space is not active, you wonβt be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..
```$ vendor/bin/console scheduler:resume Code bucket: EN | Store: EN | Environment: demooutlet Sched
$ vendor/bin/console scheduler:resume Code bucket: EN | Store: EN | Environment: demooutlet Scheduler Name: jenkins Scheduler Status: ERROR Client error: `POST http://<URL>:8080/job/EN__check-product-validity/enable` resulted in a `403 Forbidden` response: <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 403 No valid crumb was in (truncated...)
New scheduler 1.1.0 release didn't fix the crumb issue, what I should be looking at? is there a doc how to set up the jenkins for this to work?
Comments
-
Hi Jan, please check that you have
SchedulerJenkinsConfig::SCHEDULER_JENKINS_CSRF_ENABLED => true
in your config.$config[SchedulerJenkinsConstants::JENKINS_CONFIGURATION] = [ SchedulerConfig::SCHEDULER_JENKINS => [ SchedulerJenkinsConfig::SCHEDULER_JENKINS_BASE_URL => '<http://some.jenkins.url/>', SchedulerJenkinsConfig::SCHEDULER_JENKINS_CSRF_ENABLED => true, ], ];
0 -
I do have, except I use credentials here
0 -
$config[SchedulerJenkinsConstants::JENKINS_CONFIGURATION] = [ SchedulerConfig::SCHEDULER_JENKINS => [ SchedulerJenkinsConfig::SCHEDULER_JENKINS_BASE_URL => 'http://<HOST>:8080/', SchedulerJenkinsConfig::SCHEDULER_JENKINS_CREDENTIALS => ['<USER>', '<PWD>'], SchedulerJenkinsConfig::SCHEDULER_JENKINS_CSRF_ENABLED => true ], ];
0 -
What Crumb Algorithm is in use?
This one was in use for the developer who was fixing the issue.0 -
mine is latest Jenkins ver. 2.222.3 (LTS), is yours latest?
0 -
This image has been used for local development - https://hub.docker.com/layers/jenkinsci/blueocean/latest/images/sha256-51c4b7ce0f9c64d76a28cfc37ac9af5e27a5087c9ff4f7f0514005a4fd678215?context=explore
According to the info, it's
2.222.3
.0 -
but that's not what's on your screen, since CSRF disable checkbox has been removed in 2.222
0 -
Well, the screenshot he just made is from his current local setup with default jenkins image that is used in
spryker/docker-sdk
.0 -
Feel free to re-open the ticket in case it won't work for you. Unfortunately I can't check myself as I have some stuff in my queue.
0 -
Iβm experiencing the same issue, seems like there was a change in how the crumb is validated and it will not work without keeping the session after receiving the crumb: https://www.jenkins.io/security/advisory/2019-07-17/#SECURITY-626
CSRF tokens will now also check the web session ID to confirm they were created in the same session. Once that's invalidated or expired, corresponding CSRF tokens will become invalid as well.
0 -
You can either use an API token or disable that security feature like its explained here: https://www.jenkins.io/doc/upgrade-guide/2.176/#upgrading-to-jenkins-lts-2-176-2
0 -
Hi Jan, sorry that it takes so much time from our side.
I'm checking provided fix once again with your input regarding Jenkins credentials.So I'm using v2.222.4.
I created a user.
I modified config to use user\password likeSchedulerJenkinsConfig::SCHEDULER_JENKINS_CREDENTIALS => ['valerii', 'change123'],
and everything works in Jenkins.Maybe I'm doing something wrong?
0 -
Do I need to disable an access for everyone except my user somewhere?
0 -
- is CSRF enabled on both jenkins admin and spryker?
- is scheduler:setup working ok?
- can you clone spryker-shop/suite, do a composer update and check if it still works?
0 -
Ok, disabled Jenkins for anyone except registered users.
My settings are as follows.0 -
With commented out credentials I get an error.
With not commented out I get no errors.0 -
can you clone spryker-shop/suite, do a composer update and check if it still works?
Composer update brought only two updates. Afterwards scheduler commands were still working.
0 -
@UK5DS29L2 Can I somehow help you here? Do I do something wrong? I was checking using docker. Should I check in Vagrant?
I have no choice but to close the support ticket.0 -
@valerii.trots no, I didn't have time to check those yet, sorry. Will do this week and let you know.
0 -
Ok, thanks, will wait for your feedback! π
0 -
@valerii.trots set up new environment today, same issue.
APPLICATION_STORE=AT vendor/bin/console scheduler:setup Code bucket: AT | Store: AT | Environment: livebrand Scheduler Name: jenkins Scheduler Status: ERROR Client error: `POST http://<URL>:8080/createItem?name=AT__check-product-validity` resulted in a `403 Forbidden` response: <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 403 No valid crumb was in (truncated...)
0 -
when credentials are incorrect, I'm getting
Spryker\Zed\SchedulerJenkins\Business\Api\Exception\InvalidJenkinsConfiguration - Exception: Cannot generate CSRF token. Please check that CSRF protection is enabled on Jenkins server.
so the above (
No valid crumb was in
) in only happening when credentials are correct0 -
this is on
"name": "spryker/scheduler", "version": "1.1.0",
0 -
Can we have a call somewhere to check what I'm doing wrong? In this slack it's impossible to share the screen, so I would prefer something like google meet or zoom, or microsoft teams even. π
0 -
sure, feel free to let me know when it fits you starting tomorrow and I'll book some time for you π
0 -
My schedule is free tomorrow and the day after tomorrow, so any time that fits you. π
0 -
<mailto:valerii.trots@spryker.com|valerii.trots@spryker.com>
0
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 75 Spryker News
- 924 Developer Corner
- 783 Spryker Development
- 88 Spryker Dev Environment
- 362 Spryker Releases
- 3 Oryx frontend framework
- 35 Propel ORM
- 68 Community Projects
- 3 Community Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 25 Job Opportunities
- 3.2K π Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 32 Product & Business Questions
- 70 Spryker Safari Questions
- 50 Random