Jenkins has a built-in command line client that allows you to access Jenkins from a script or from your shell. This is convenient for automation of routine tasks, bulk updates, trouble diagnosis, and so on.
Jenkins CLI is distributed inside jenkins.war as a jar file. See http://yourserver.com/cli for where to download the CLI jar file. In theory, the CLI jar is dependent on the version of Jenkins, but in practice, we expect to be able to retain compatibility between different versions of Jenkins.
The general syntax is as follows (the design is similar to tools like svn/git):
JENKINS_URL can be specified via the environment variable $JENKINS_URL. This environment variable is automatically set when Jenkins fork a process during builds, which allows you to use Jenkins CLI from inside the build without explicitly configuring the URL.
The list of the available commands depends on the server you are talking to. Visit http://yourserver.com/cli or use 'help' command to list them all:
Detailed description can be obtained providing command name or visiting command page in Jenkins UI.
Plugins installed on Jenkins server can add custom CLI commands. See Writing CLI commands for more details.
Whenever the CLI tries to to connect to the Jenkins server, it offers the before mentioned SSH keys. When the user has those keys but don't want use them to authenticate, preventing being prompted by the key's password, it's possible to use the -noKeyAuth argument. This way the CLI will never try to use the SSH keys available.
If your Jenkins requires authentication, you should set up public key authentication. Login from the web UI and go to http://yourserver.com/me/configure, then set your public keys in the designated text area. When connecting to the server, the CLI will look for ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa and use those to authenticate itself against the server. Alternatively, the -i option can be used to explicitly specify the location of the private key.
See the middle of this guide for how to generate SSH key pair, if you don't have one yet.
If you have used PuttyGen to generate your keys, you will have to convert them to openssh format. Otherwise Jenkins might silently ignore your keys and you will be Authenticated as: anonymous.
To use the -i option the syntax is as follows:
If your Jenkins requires authentication, use --username and --password or --password-file options to specify the credentials. To avoid doing this for every command, you can also use the login CLI command once (with the same credentials parameters), and after that you may use other commands without specifying credentials.
Change History: Note that a security hole in CLI commands was fixed in version 1.371, and that CLI login did not work properly for many commands until 1.375.
Jenkins CLI clients and Jenkins server establishes the communication in the following fashion.
You have to configure global security in order to select the port (rather than system configuration). Using a fixed port allows you to configure your firewall more easily.
Check that the JNLP port is opened if you are using a firewall on your server. You can configure its value in Jenkins configuration. By default it is set to use a random port.
If on the server side you have such logs (perhaps with another security manager)
This issues was fixed in Jenkins 1.424
You may face this issue if the certificate is not trusted, e.g. self-signed certificate.
see https://issues.jenkins-ci.org/browse/JENKINS-12629 for a way to trust a self-signed certificate (rather than using -noCertificateCheck option)
Skip to end of metadata Go to start of metadata