Removing users from group using JCLI

Hi,

As part of CLI evaluation, would like to remove few users from groups using a CSV file.

Tried with JIRA CLI 3.8 and JIRA 5.2.9, unfortunately, the script doesn't work and gives the below error;

=====================

sh jira.sh

Unable to log in to server: https://sts-integ.app.my-domain.com/rpc/soap/jirasoapservice-v2with user: username.

Cause: ; nested exception is:

java.net.ConnectException: Connection refused

=====================

You may find the action which I used in the jira.sh script below;

/opt/jira/current/jre/bin/java -jar `dirname $0`/lib/jira-cli-3.8.0.jar --server https://sts-integ.app.my-domain.com/--user username --password ****** --action removeUserFromGroupWithFile --file removeUserToGroupWithFile.csv "$@"

Could you please trace what could be the issue here ?

Thanks, Vishnu.

3 answers

1 accepted

1 vote
Accepted answer

Right, well, there's your answer - your certificate is not being found, or it's not valid. So you either haven't "imported the SSL to java cacerts" or it's requiring more certificates, or you aren't enabling it to read the certificate store.

Thanks a lot Nic. It's fixed now.

Check the following:

  1. Make sure you can ping or access from a brower the address: https://sts-integ.app.my-domain.com
  2. Make sure you can go to https://sts-integ.app.my-domain.com/rpc/soap/jirasoapservice-v2 from a browser.

Do this from the same system you are trying to run the CLI command from.

Do you use proxy at your side? (as this also might require additional settings)

Hi Boris

I can access the site. Infact, I am running the CLI from the JIRA server itself.

For second point, I got the below page. Hope its fine.

"

jirasoapservice-v2

Hi there, this is an AXIS service!

Perhaps there will be a form for invoking the service here... "

We do use a proxy to access JIRA from outside. Do you think we need to add proxy settings in the CLI even if I run from JIRA server ?

Thanks, Vishnu.

You should try configuring java proxy settings as java would not pick the system proxy settings which might lead to issues even when run on the same server.

Pass proxy params to JAVA either directly on the command line or through JAVA_OPTS like these (modified with your proxy settings of course):

-Dhttps.proxyHost=proxy.example.org
-Dhttps.proxyPort=8080
-Dhttps.nonProxyHosts=*.foo.com|localhost

Hi Boris

Even that didn't help.

Seems like SSL issue. Do we need to download the certificate ?

Thanks, Vishnu.

I'm not sure here.

@Nic Broughcan you help with that ?

Mmm, ssl fun...

The last system I used with SSL certificates needed both the server CA and a client certificate to be used, which might not be the case here. You may need some or all of these lines:

-Djavax.net.ssl.keyStoreType=pkcs12
-Djavax.net.ssl.keyStore=clientcertificate.p12
-Djavax.net.ssl.trustStore=myservers.keystore
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStorePassword=xxxxx
-Djavax.net.ssl.keyStorePassword=xxxxx

You might also want to try this (actually, try this first - without the lines above - it will tell you a LOT about what java is trying to do with ssl)

-Djavax.net.debug=ssl

Hi Nic,

I tried with "-Djavax.net.debug=ssl" as you suggested.

Got the same error;

main, SEND TLSv1 ALERT: fatal, description = certificate_unknown

main, WRITE: TLSv1 Alert, length = 2

main, called closeSocket()

main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

FYI, I have imported the SSL to java cacerts already.

Thanks, Vishnu.


Could you elaborate this "you aren't enabling it to read the certificate store." ?

How to enable this in CLI ?

The first part of my comment - you need to provide the CLI access to the keystores with the -Djavax stuff.

0 votes

Also check that "remote access" is enabled on the Jira server (in general config)

Hi Nic,

Remote API is turned on.

Regards, Vishnu.

Ok, then it's the network settings and Boris is on the case there :-)

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 29, 2018 in Jira

How to set up an incident workflow from the VP of Engineering at Sentry

Hey Atlassian community, I help lead engineering at Sentry, an open-source error-tracking and monitoring tool that integrates with Jira. We started using Jira Software Cloud internally last year, a...

1,084 views 0 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you