Getting started with Jenkins & Docker: Part III: Reset Jenkins Admin Password (when you have a Jenkins Docker image)
If you forgot the password you set to your admin user in Jenkins, then it’s probable you find out is possible to changing it by modifying the config.xml (the file that stores the admin user definition)
* Jenkins following the traditional way:
When we configure Jenkins following the traditional way, the config.xml file is usually in this path: /var/lib/jenkins/config.xml
Jenkins being run via Docker
When our Jenkins is being run with docker, then, the path is a little bit different:
A: Obtain the container id and then get inside the container
- Getting the container id by executing:
docker ps -a
2. Execute:
docker exec -ti <container_id> /bin/bash
B. Looking for config.xml
There is a config.xml inside var/jenkins_home/, but this one is NOT the one to modify.
In the path var/jenkins_home/users/, you’ll see all the users configured for your Jenkins:
As you can see, my admin user is sdanerib and is being saved as a directory, so if you do go inside that directory, you can now see the config.xml to modify:
The config.xml looks like this:
<?xml version='1.1' encoding='UTF-8'?>
<user>
<version>10</version>
<id>sdanerib</id>
<fullName>Admin Fullname</fullName>
<properties>
<jenkins.security.ApiTokenProperty>
<tokenStore>
<tokenList/>
</tokenStore>
</jenkins.security.ApiTokenProperty>
<com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty plugin="credentials@2.1.18">
<domainCredentialsMap class="hudson.util.CopyOnWriteMap$Hash"/>
</com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty>
<hudson.plugins.emailext.watching.EmailExtWatchAction_-UserProperty plugin="email-ext@2.66">
<triggers/>
</hudson.plugins.emailext.watching.EmailExtWatchAction_-UserProperty>
<hudson.model.MyViewsProperty>
<views>
<hudson.model.AllView>
<owner class="hudson.model.MyViewsProperty" reference="../../.."/>
<name>all</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
</hudson.model.MyViewsProperty>
<org.jenkinsci.plugins.displayurlapi.user.PreferredProviderUserProperty plugin="display-url-api@2.3.1">
<providerId>default</providerId>
</org.jenkinsci.plugins.displayurlapi.user.PreferredProviderUserProperty>
<hudson.model.PaneStatusProperties>
<collapsed/>
</hudson.model.PaneStatusProperties>
<jenkins.security.seed.UserSeedProperty>
<seed>7f16b7b742e59a0d</seed>
</jenkins.security.seed.UserSeedProperty>
<hudson.search.UserSearchProperty>
<insensitiveSearch>true</insensitiveSearch>
</hudson.search.UserSearchProperty>
<hudson.security.HudsonPrivateSecurityRealm_-Details>
<passwordHash>#jbcrypt:$2a$10$ejdwhQXF17l4kNRpfrjffOe7stUGz.wXRpwDh3jlknabcdeghgd</passwordHash>
</hudson.security.HudsonPrivateSecurityRealm_-Details>
<hudson.tasks.Mailer_-UserProperty plugin="mailer@1.23">
<emailAddress>admin@email.com</emailAddress>
</hudson.tasks.Mailer_-UserProperty>
</properties>
</user>C. IMPORTANT: Password hashed by BCrypt
The passwordHash is where the password is defined. As you can see, the password has been hashed using BCrypt algorithm.
So, what you need to do is to replace the current password by the new one. You can obtain your password bcrypted using any online service (like: https://www.browserling.com/tools/bcrypt).
It’s important to know, you need to establish 10 rounds, otherwise, any password you set won’t work. See the next example:
D. Edit the config.xml
I recommend to copy the config.xml from below to a text editor and replace only the content passwordHash:
<passwordHash>#jbcrypt:content_to_replace</passwordHash>Copy the hole xml and edit the config.xml file by doing:
cat > config.xmlPaste all the content you copied, add a new line and close the editor by doing ctrl + ‘d’
E. Stop and restart your Jenkins
Do ctrl + ‘c’ in the terminal where Jenkins was running:
And now, restart your Jenkins (jenkins_home is the name of the volume that we configured on Part II):
docker run -p 8080:8080 -p 50000:50000 -v jenkins_home:/var/jenkins_home jenkins/jenkinsNow, you only need to login with the new established password:
Thank you for reading =)