Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Removing users from group using JCLI

Vishnukumar Vasudevan
Vishnukumar Vasudevan
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 16, 2014

Hi,

As part of CLI evaluation, would like to remove few users from groups using a CSV file.

Tried with JIRA CLI 3.8 and JIRA 5.2.9, unfortunately, the script doesn't work and gives the below error;

=====================

sh jira.sh

Unable to log in to server: https://sts-integ.app.my-domain.com/rpc/soap/jirasoapservice-v2with user: username.

Cause: ; nested exception is:

java.net.ConnectException: Connection refused

=====================

You may find the action which I used in the jira.sh script below;

/opt/jira/current/jre/bin/java -jar `dirname $0`/lib/jira-cli-3.8.0.jar --server https://sts-integ.app.my-domain.com/--user username --password ****** --action removeUserFromGroupWithFile --file removeUserToGroupWithFile.csv "$@"

Could you please trace what could be the issue here ?

Thanks, Vishnu.

Answer
Watch
Like Be the first to like this
1285 views

3 answers

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 17, 2014

Right, well, there's your answer - your certificate is not being found, or it's not valid. So you either haven't "imported the SSL to java cacerts" or it's requiring more certificates, or you aren't enabling it to read the certificate store.

View More Comments
Vishnukumar Vasudevan
Vishnukumar Vasudevan
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 18, 2014

Thanks a lot Nic. It's fixed now.

Like
Reply
1 vote
Boris Georgiev _Appfire_
Boris Georgiev _Appfire_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 16, 2014

Check the following:

  1. Make sure you can ping or access from a brower the address: https://sts-integ.app.my-domain.com
  2. Make sure you can go to https://sts-integ.app.my-domain.com/rpc/soap/jirasoapservice-v2 from a browser.

Do this from the same system you are trying to run the CLI command from.

Do you use proxy at your side? (as this also might require additional settings)

View More Comments
Vishnukumar Vasudevan
Vishnukumar Vasudevan
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 16, 2014

Hi Boris

I can access the site. Infact, I am running the CLI from the JIRA server itself.

For second point, I got the below page. Hope its fine.

"

jirasoapservice-v2

Hi there, this is an AXIS service!

Perhaps there will be a form for invoking the service here... "

We do use a proxy to access JIRA from outside. Do you think we need to add proxy settings in the CLI even if I run from JIRA server ?

Thanks, Vishnu.

Like
Boris Georgiev _Appfire_
Boris Georgiev _Appfire_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 16, 2014

You should try configuring java proxy settings as java would not pick the system proxy settings which might lead to issues even when run on the same server.

Pass proxy params to JAVA either directly on the command line or through JAVA_OPTS like these (modified with your proxy settings of course):

-Dhttps.proxyHost=proxy.example.org
-Dhttps.proxyPort=8080
-Dhttps.nonProxyHosts=*.foo.com|localhost
Like
Vishnukumar Vasudevan
Vishnukumar Vasudevan
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 16, 2014

Hi Boris

Even that didn't help.

Seems like SSL issue. Do we need to download the certificate ?

Thanks, Vishnu.

Like
Boris Georgiev _Appfire_
Boris Georgiev _Appfire_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 16, 2014

I'm not sure here.

@Nic Broughcan you help with that ?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 16, 2014

Mmm, ssl fun...

The last system I used with SSL certificates needed both the server CA and a client certificate to be used, which might not be the case here. You may need some or all of these lines:

-Djavax.net.ssl.keyStoreType=pkcs12
-Djavax.net.ssl.keyStore=clientcertificate.p12
-Djavax.net.ssl.trustStore=myservers.keystore
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStorePassword=xxxxx
-Djavax.net.ssl.keyStorePassword=xxxxx

You might also want to try this (actually, try this first - without the lines above - it will tell you a LOT about what java is trying to do with ssl)

-Djavax.net.debug=ssl

Like
Vishnukumar Vasudevan
Vishnukumar Vasudevan
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 17, 2014

Hi Nic,

I tried with "-Djavax.net.debug=ssl" as you suggested.

Got the same error;

main, SEND TLSv1 ALERT: fatal, description = certificate_unknown

main, WRITE: TLSv1 Alert, length = 2

main, called closeSocket()

main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

FYI, I have imported the SSL to java cacerts already.

Thanks, Vishnu.


Like
Vishnukumar Vasudevan
Vishnukumar Vasudevan
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 17, 2014

Could you elaborate this "you aren't enabling it to read the certificate store." ?

How to enable this in CLI ?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 17, 2014

The first part of my comment - you need to provide the CLI access to the keystores with the -Djavax stuff.

Like
Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 16, 2014

Also check that "remote access" is enabled on the Jira server (in general config)

View More Comments
Vishnukumar Vasudevan
Vishnukumar Vasudevan
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 16, 2014

Hi Nic,

Remote API is turned on.

Regards, Vishnu.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 16, 2014

Ok, then it's the network settings and Boris is on the case there :-)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events