Alternative approach to create and build Jenkins jobs in remote server

I have successfully started Jenkins in a remote server with the use of Jenkins war file. And also, I can see that on the URL http://server IP:8080/. But, when I tried to get existing jobs using python-jenkins module, there was an error saying “requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://localhost:8080/crumbIssuer/api/json”. Is there any way to get this done without requesting administrative permission?

>>> import jenkins
>>> ts=jenkins.Jenkins('http://localhost:8080')
>>> jobs=ts.get_jobs()
Traceback (most recent call last):
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 579, in jenkins_request
    self._request(req))
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 539, in _response_handler
    response.raise_for_status()
  File "/usr/local/python-3.6.0/lib/python3.6/site-packages/requests/models.py", line 935, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://localhost:8080/crumbIssuer/api/json

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 1034, in get_jobs
    folder_depth_per_request=folder_depth_per_request)
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 1074, in get_all_jobs
    jobs = [(0, [], self.get_info(query=jobs_query)['jobs'])]
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 823, in get_info
    requests.Request('GET', self._build_url(url))
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 560, in jenkins_open
    return self.jenkins_request(req, add_crumb, resolve_auth).text
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 576, in jenkins_request
    self.maybe_add_crumb(req)
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 374, in maybe_add_crumb
    'GET', self._build_url(CRUMB_URL)), add_crumb=False)
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 560, in jenkins_open
    return self.jenkins_request(req, add_crumb, resolve_auth).text
  File "/x01/exch/.local/lib/python3.6/site-packages/jenkins/__init__.py", line 590, in jenkins_request
    raise JenkinsException(msg)
jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
 /*
 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 Stylesheet for Squid Error pages
 Adapted from design by Free CSS Templates
 http://www.freecsstemplates.org
 Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
	font-family: verdana, sans-serif;
}

html body {
	margin: 0;
	padding: 0;
	background: #efefef;
	font-size: 12px;
	color: #1e1e1e;
}

/* Page displayed title area */
#titles {
	margin-left: 15px;
	padding: 10px;
	padding-left: 100px;
	background: url('/squid-internal-static/icons/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
	color: #000000;
}
#titles h2 {
	color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
	background-color:#00ff00;
	width:100%;
}

/* Page displayed body content area */
#content {
	padding: 10px;
	background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
    font-family: courier, monospace;
    color: black;
    font-size: 10pt;
}
#dirlisting {
    margin-left: 2%;
    margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
    border-bottom: groove;
}
#dirlisting td.size {
    width: 50px;
    text-align: right;
    padding-right: 5px;
}

/* horizontal lines */
hr {
	margin: 0;
}

/* page displayed footer area */
#footer {
	font-size: 9px;
	padding-left: 10px;
}


body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
 --></style>
</head><body id=ERR_ACCESS_DENIED>
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="http://localhost:8080/crumbIssuer/api/json">http://localhost:8080/crumbIssuer/api/json</a></p>

<blockquote id="error">
<p><b>Access Denied.</b></p>
</blockquote>

<p>Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.</p>

<p>Your cache administrator is <a href="mailto:root?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIED&amp;body=CacheHost%3A%20ip-10-97-129-183.902784830519.ase1.aws.dev.r53%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Mon,%2007%20Feb%202022%2012%3A09%3A47%20GMT%0D%0A%0D%0AClientIP%3A%2010.97.190.250%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2FcrumbIssuer%2Fapi%2Fjson%20HTTP%2F1.1%0AUser-Agent%3A%20python-requests%2F2.18.4%0D%0AAccept-Encoding%3A%20gzip,%20deflate%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20keep-alive%0D%0AHost%3A%20localhost%3A8080%0D%0A%0D%0A%0D%0A">root</a>.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Mon, 07 Feb 2022 12:09:47 GMT by ip-IP_ADDRESS.ase1.aws.dev.r53 (squid/4.11)</p>
<!-- ERR_ACCESS_DENIED -->
</div>
</body></html>

crumb issuer should be accessbile by any user that has access to the system. If you don’t allow anonymous users at all (ex without DISCOVER permission) then you probably need to provide some sort of credentials.

as for the topic, alternative approach to create jobs -
jobdsl is pretty standard these days
configuration as code triggering job dsl is pretty common these days

alternative ways to build
webhooks is a pretty standard tool, build on commit
I’m guessing if you manually need to trigger a build, you’ll need the token stuff your working on. I will say if your using a users API token, you don’t need to request a crumb.

1 Like