Spinnaker: 403 Not a single crumb was included in the request
I have configured jenkins in spinnaker as follows and installed spinnaker piping.
jenkins:
# If you are integrating Jenkins, set its location here using the baseUrl
# field and provide the username/password credentials.
# You must also enable the "igor" service listed separately.
#
# If you have multiple jenkins servers, you will need to list
# them in an igor-local.yml. See jenkins.masters in config/igor.yml.
#
# Note that jenkins is not installed with Spinnaker so you must obtain this
# on your own if you are interested.
enabled: ${services.igor.enabled:false}
defaultMaster:
name: default
baseUrl: http://server:8080
username: spinnaker
password: password
But when trying to start the spinnaker conveyor, I see the following error.
Exception ( Start Jenkins Job )
403 No valid crumb was included in the request
source to share
Finally, this post helped me get rid of the crumb problem, but still made Jenkins safe from CSRF attack.
Invalid crumb solution included in the grant request
Basically, we need to first request crumb with authentication and then POST api calls again with crumb as header along with authentication.
This is how I did it,
curl -v -X GET http://jenkins-url:8080/crumbIssuer/api/json --user <username>:<password>
The answer was,
{
"_class":"hudson.security.csrf.DefaultCrumbIssuer",
"crumb":"0db38413bd7ec9e98974f5213f7ead8b",
"crumbRequestField":"Jenkins-Crumb"
}
Then the POST API with the above crumb info.
curl -X POST http://jenkins-url:8080/job/<job-name>/build --user <username>:<password> -H 'Jenkins-Crumb: 0db38413bd7ec9e98974f5213f7ead8b'
source to share
Tiny is nothing more than an access token. Below API to get the crumb
https://jenkins.xxx.xxx.xxx/crumbIssuer/api/json
// replace it with your jenkins url and make a GET call in your postman or caller rest-api.
This will generate output as:
{
"_class": "hudson.security.csrf.DefaultCrumbIssuer",
"crumb": "ba4742b9d92606f4236456568a",
"crumbRequestField": "Jenkins-Crumb"
}
Below is more details and a link related to the same: How to request Crumb for jenkins Jenkins publisher on wiki page: https://wiki.jenkins-ci.org/display/jenkins/remote+access+api
If you are calling the rest-api call as well, see the link below for how to call rest rest using jenkins-crumb
https://blog.dahanne.net/2016/05/17/how-to-update-a-jenkins-job-posting-config-xml/
Example:
curl -X POST http://anthony:anthony@localhost:8080/jenkins/job/pof/config.xml --data-binary "@config.xml" -data ".crumb=6bbabc426436b72ec35e5ad4a4344687"
source to share
I had this problem with my Jenkins installed on an AWS EC2 instance. This problem went away as soon as I opened up to the world (of course I mean "Security Groups"), ports: 80, 8080 (the default jenkins port) and 443. I know this might be sensitive to someone, but it is not me, I did it and the problem went away!
... of course it could be the same for GCP, Azure and other cloud services
source to share