Support Admin Tool

Log out users Forcefully from Travis
Re-access Travis CI
Contact Enterprise Support

The tool is only visible to Platform maintainers from TCIE 3.x as Admin-v2. The tool must be configured with a list of GitHub handles that allow admin access.

The tool is only accessible via a web browser.

Log out users Forcefully from Travis #

To increase security and prevent unauthorized access, Travis CI introduces the new “Log out user and revoke all tokens” option, which allows admin users to manually log out of any unwanted user.

Log out Users #

Travis CI admin users can now click the “Logout” button next to the “Log out user and revoke all tokens” option in the User view to log out specific users manually.

By clicking the “Logout” button, Travis CI invalidates all Travis authentication tokens and logs out the selected user from all Travis CI platforms. This prevents access via web browser, public API, and Travis Cli.

Logged-out users cannot access Travis CI via the web browser or travis-cli tool without re-accessing the system. Any build automation based on an API token associated with such a user will cease to work.

Why must I log out of my user and revoke all tokens? #

Consider the following: The user gets suspended, e.g., in the GHE server (3rd-party app), and Travis CI is not notified of the action; therefore, no action is taken on Travis CI’s side. At the same time, such users may still have a valid Travis Web UI browser, travis-cli access tokens, and a working Travis API authentication token.

Such a situation may be valid and desired. However, there are cases, like a person leaving a company or team, when it is simply a security matter to revoke all accesses for such users. Travis CI cannot react automatically since no automated notification has been sent out, e.g., the GHE server account is suspended. If you are considering a less drastic approach, consider manually suspending a user instead of logging out and revoking all tokens.

Suspended users still have access to Travis CI via browser or travis-cli (assuming they have valid Travis access tokens present in these tools) but cannot trigger builds.

Auth tokens #

The following environment variables are used to manage the token’s life.

WEB_TOKEN_EXPIRES_IN_HOURS
AUTH_TOKEN_EXPIRES_IN_DAYS
AUTH_CLI_TOKEN_EXPIRES_IN_DAYS

These tokens can be set using the admin console kubectl kots admin-console -n tci-enterprise-kots under the “Advanced Setting” menu.

Re-access Travis CI #

To re-access Travis CI, users must log in using a 3rd-party authenticator such as GitHub (browser, travis-cli), GitLab, or BitBucket (browser). Only with access can users see the private repositories, build history, build job logs, and obtain new Travis API tokens.

Please note: if such users (logged out and tokens revoked) are, e.g., suspended in the GHE server, they will be unable to successfully use their GHE server account to log into Travis CI UI or travis-cli.

Contact Enterprise Support #

To get in touch with us, please write a message to enterprise@travis-ci.com. If possible, please include as much of the following as you can:

Description of the problem - what are you observing?
Which steps did you try already?
A support bundle (see table below on how to obtain it)
Log files from all workers (They can be found at /var/log/upstart/travis-worker.log - please include as many as you can retrieve).
If a build failed or errored, a text file of the build log

TCI Enterprise version Support bundle

3.x Run kubectl kots admin-console -n [namespace] to access admin console on http://localhost:8800
Support bundle generation instruction is available in ‘troubleshoot’ menu or directly at: http://localhost:8800/app/tci-enterprise-kots/troubleshoot

A command for generating support bundle will appear after selecting:
If you'd prefer, [click here]() to get a command to manually generate a support bundle.

2.x+ You can get it from https://<your-travis-ci-enterprise-domain>:8800/support

TCI Enterprise version	Support bundle
3.x	Run `kubectl kots admin-console -n [namespace]` to access admin console on `http://localhost:8800` Support bundle generation instruction is available in ‘troubleshoot’ menu or directly at: `http://localhost:8800/app/tci-enterprise-kots/troubleshoot` A command for generating support bundle will appear after selecting: `If you'd prefer, [click here]() to get a command to manually generate a support bundle.`
2.x+	You can get it from `https://<your-travis-ci-enterprise-domain>:8800/support`

Since the announcement in Q3 2020, the most up to date version of Travis CI Enterprise is 3.x line. There are not any new releases for version 2.2 and the support patches has been limited since March 2021 as well. For existing users of Travis CI 2.x we strongly recommend upgrading to the latest Travis CI Enterprise 3.x.

Have you made any customizations to your setup? While we may be able to see some information (such as hostname, IaaS provider, and license expiration), there are many other things we cannot see which could lead to something not working. Therefore, we would like to ask you to also answer the questions below in your support request (if applicable):

How many machines are you using / what is your Kubernetes cluster setup?
Do you use configuration management tools (Chef, Puppet)?
Which other services do interface with Travis CI Enterprise?
Which Version Control system (VCS) do you use together with Travis CI Enterprise (e.g. github.com, GitHub Enterprise, or BitBucket Cloud)?
If you are using GitHub Enterprise, which version of it?

We are looking forward to helping!