I am trying to deploy a WAR on the remote Tomcat (Remote Machine) using Jenkins deploy to container Plugin. I have done the following configuration in tomcat-users.xml
<user username="deployer" password="deployer" roles="manager-gui,manager-script,admin" />
I have setup the proper username password and port in Jenkins deployer container plugin. The setup is working fine for the local Tomcat. But for remote Tomcat I keep getting the following error:
Caused by: org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:555)
at org.codehaus.cargo.container.tomcat.internal.TomcatManager.list(TomcatManager.java:686) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.getStatus(TomcatManager.java:699) at org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:174)
... 16 more Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: http://1.203.190.5:8080/manager/text/list at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:544) ... 19 more
Please Help.
This seems to be a Jenkins bug but I got around the problem by setting up following configuration in Tomcat:
Edit the file /webapps/manager/META-INF/context.xml:
Previous:
<Context antiResourceLocking="false" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>
Change this file to comment the Value:
<Context antiResourceLocking="false" privileged="true">
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
This resolved the issue. Hope this helps someone :)
There isn't a bug with Jenkins. By default Tomcat does not allow access to the manager from external machines, i.e. other than localhost. This just disables that restriction. Thanks for the help.
I get jenkins-host> curl tomcat-host:8090/manager/text/list -u deployer Enter host password for user 'deployer': thepassword OK - Listed applications for virtual host [localhost] /:running:0:ROOT /manager:running:0:manager but "The username you provided is not allowed to use the text-based Tomcat Manager (error 403)" using just the same username through jenkins deploy plugin. What can be done to get 200 OK through jenkins? Checked: when password or username is bad, i get 401 not 403 from curl.
In my case the issue was that I did not provide the port number in the Tomcat URL field. Instead of hostname I have put hostname:8080 and it worked well.