We have Jenkins stage which is calling a "GetVMPassword" function from library. The function returns credential and it will be used to login remote server. We dont want to print the "ssh command" and "calling a funtion command" and its reponse on console logs. So we used ‘#!/bin/sh -e \n’
before every command. Because if we print, this could reveal the remote server credentials in the console log. This was working when we dont use "parallel execution" block.
When we include "ssh command" and "calling a function command" inside "parallel execution" block, passwords are printed in console.
How can we avoid printing the library command and its response when we use "parallel execution" block ?
This is snippet of my stage and parallel execution block.
Jenkins Version: 2.235.3
@Library ('MyLib_API') _
pipeline{
agent {
label 'master'
}
stages{
stage('BuildAll'){
steps{
script{
def executions = APPSERVERS.split(',').collectEntries {APPS ->
["Execution ${APPS}": {
stage(APPS) {
APP_USERNAME = "ubuntu"
response = getPassword("${APPS}","${APP_USERNAME}")
sh '#!/bin/sh -e \n' "sshpass -p '${response}' ssh -o StrictHostKeyChecking=no ${APP_USERNAME}@${APPS} 'ls'"
sleep 2
}
}]
}
parallel executions
}
}
}
}
}
"getPassword" is the function in library used to get the vm password dynamically. "APPSERVERS" values we are getting from Active choice parameters option.This has list of IP's of servers.
Please help me to hide those library commands and responses from stage logs.
We have tried below options.
- Used
set x
and it is not worked for us. - Password masking plugin will not work. Since response from the command will get print for our case.
- We tried routing all the execution of commands to file and tried fetching it from there. In this option, also while parsing the file logs are printed in console.
CodePudding user response:
Try starting your script with set x, if not use password masking plugins as mentioned here - https://issues.jenkins.io/browse/JENKINS-36007
CodePudding user response:
You can use input to pass the credential and mask it in log. Here is a detailed answer stackoverflow credentials masking