| ===== |
| Usage |
| ===== |
| |
| Jenkins CI is an open source automation server written in Java. Jenkins |
| helps to automate the non-human part of software development process, |
| with continuous integration and facilitating technical aspects of |
| continuous delivery. |
| |
| More information can be found at `<https://jenkins.io/>`_ |
| |
| Setup jenkins client, works with Salt 2016.3+, supports pipeline |
| workflow projects only for now. |
| |
| Dependencies |
| ============ |
| |
| To install on Ubuntu, you will need to add the jenkins debian repository |
| to the target server. You can do this with the |
| `salt-formula-linux formula <https://gerrit.mcp.mirantis.com/salt-formulas/linux>`_ , |
| with the following pillar data: |
| |
| .. code-block:: yaml |
| |
| linux: |
| system: |
| enabled: true |
| repo: |
| jenkins: |
| enabled: true |
| source: "deb http://pkg.jenkins.io/debian-stable binary/" |
| key_url: "https://pkg.jenkins.io/debian/jenkins-ci.org.key" |
| |
| This state will need to be applied *before* the jenkins state. |
| |
| Using this formula |
| ================== |
| |
| To use this formula, you must install the formula to your Salt |
| Master as documented in |
| `saltstack formula docs <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#installation>`_ |
| |
| This formula is driven by pillar data, and can be used to |
| install either a Jenkins Master or Client. See pillar data |
| below for examples. |
| |
| Sample pillars |
| ============== |
| |
| Master role |
| ----------- |
| |
| Simple master with reverse proxy: |
| |
| .. code-block:: yaml |
| |
| nginx: |
| server: |
| site: |
| jenkins: |
| enabled: true |
| type: nginx_proxy |
| name: jenkins |
| proxy: |
| host: 127.0.0.1 |
| port: 8080 |
| protocol: http |
| host: |
| name: jenkins.example.com |
| port: 80 |
| jenkins: |
| master: |
| mode: EXCLUSIVE |
| java_args: -Xms256m -Xmx1g |
| # Do not manage any xml config files via Salt, use UI instead |
| # Including config.xml and any plugin xml's. |
| no_config: true |
| slaves: |
| - name: slave01 |
| label: pbuilder |
| executors: 2 |
| - name: slave02 |
| label: image_builder |
| mode: EXCLUSIVE |
| executors: 2 |
| views: |
| - name: "Package builds" |
| regex: "debian-build-.*" |
| - name: "Contrail builds" |
| regex: "contrail-build-.*" |
| - name: "Aptly" |
| regex: "aptly-.*" |
| plugins: |
| - name: slack |
| - name: extended-choice-parameter |
| - name: rebuild |
| - name: test-stability |
| |
| Jenkins master with experimental plugin source support: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| master: |
| enabled: true |
| update_site_url: 'http://updates.jenkins-ci.org/experimental/update-center.json' |
| |
| SMTP server settings: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| master: |
| email: |
| engine: "smtp" |
| host: "smtp.domain.com" |
| user: "user@domain.cz" |
| password: "smtp-password" |
| port: 25 |
| |
| Script approvals from client: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| approved_scripts: |
| - method groovy.json.JsonSlurperClassic parseText java.lang.String |
| |
| Script approvals: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| master: |
| approved_scripts: |
| - method groovy.json.JsonSlurperClassic parseText java.lang.String |
| |
| User enforcement: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| master: |
| user: |
| admin: |
| api_token: xxxxxxxxxx |
| password: admin_password |
| email: admin@domain.com |
| user01: |
| api_token: xxxxxxxxxx |
| password: user_password |
| email: user01@domain.com |
| |
| Agent (slave) role |
| ------------------ |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| slave: |
| master: |
| host: jenkins.example.com |
| port: 80 |
| protocol: http |
| user: |
| name: jenkins_slave |
| password: dexiech6AepohthaiHook2iesh7ol5ook4Ov3leid3yek6daid2ooNg3Ee2oKeYo |
| gpg: |
| keypair_id: A76882D3 |
| public_key: | |
| -----BEGIN PGP PUBLIC KEY BLOCK----- |
| ... |
| private_key: | |
| -----BEGIN PGP PRIVATE KEY BLOCK----- |
| ... |
| |
| Client role |
| ----------- |
| |
| Simple client with workflow job definition: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| master: |
| host: jenkins.example.com |
| port: 80 |
| protocol: http |
| location: |
| url: http://jenkins.example.com:80 |
| job: |
| jobname: |
| type: workflow |
| param: |
| bool_param: |
| type: boolean |
| description: true/false |
| default: true |
| string_param: |
| type: string |
| description: 1 liner |
| default: default_string |
| text_param: |
| type: text |
| description: multi-liner |
| default: default_text |
| jobname_scm: |
| type: workflow-scm |
| concurrent: false |
| scm: |
| type: git |
| url: https://github.com/jenkinsci/docker.git |
| branch: master |
| script: Jenkinsfile |
| github: |
| url: https://github.com/jenkinsci/docker |
| name: "Jenkins Docker Image" |
| trigger: |
| timer: |
| dependency_job_names: |
| - job1 |
| - job2 |
| spec: "H H * * *" |
| github: |
| pollscm: |
| spec: "H/15 * * * *" |
| reverse: |
| projects: |
| - test1 |
| - test2 |
| state: SUCCESS |
| param: |
| bool_param: |
| type: boolean |
| description: true/false |
| default: true |
| string_param: |
| type: string |
| description: 1 liner |
| default: default_string |
| text_param: |
| type: text |
| description: multi-liner |
| default: default_text |
| |
| Inline Groovy scripts: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| job: |
| test_workflow_jenkins_simple: |
| type: workflow |
| display_name: Test jenkins simple workflow |
| script: |
| content: | |
| node { |
| stage 'Stage 1' |
| echo 'Hello World 1' |
| stage 'Stage 2' |
| echo 'Hello World 2' |
| } |
| test_workflow_jenkins_input: |
| type: workflow |
| display_name: Test jenkins workflow inputs |
| script: |
| content: | |
| node { |
| stage 'Enter string' |
| input message: 'Enter job parameters', ok: 'OK', parameters: [ |
| string(defaultValue: 'default', description: 'Enter a string.', name: 'string'), |
| ] |
| stage 'Enter boolean' |
| input message: 'Enter job parameters', ok: 'OK', parameters: [ |
| booleanParam(defaultValue: false, description: 'Select boolean.', name: 'Bool'), |
| ] |
| stage 'Enter text' |
| input message: 'Enter job parameters', ok: 'OK', parameters: [ |
| text(defaultValue: '', description: 'Enter multiline', name: 'Multiline') |
| ] |
| } |
| |
| GIT controlled groovy scripts: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| source: |
| base: |
| engine: git |
| address: repo_url |
| branch: branch |
| domain: |
| engine: git |
| address: domain_url |
| branch: branch |
| job: |
| test_workflow_jenkins_simple: |
| type: workflow |
| display_name: Test jenkins simple workflow |
| param: |
| bool_param: |
| type: boolean |
| description: true/false |
| default: true |
| script: |
| repository: base |
| file: workflows/test_workflow_jenkins_simple.groovy |
| test_workflow_jenkins_input: |
| type: workflow |
| display_name: Test jenkins workflow inputs |
| script: |
| repository: domain |
| file: workflows/test_workflow_jenkins_input.groovy |
| test_workflow_jenkins_input_jenkinsfile: |
| type: workflow |
| display_name: Test jenkins workflow inputs (jenknisfile) |
| script: |
| repository: domain |
| file: workflows/test_workflow_jenkins_input/Jenkinsfile |
| |
| GIT controlled groovy script with shared libraries: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| source: |
| base: |
| engine: git |
| address: repo_url |
| branch: branch |
| domain: |
| engine: git |
| address: domain_url |
| branch: branch |
| job: |
| test_workflow_jenkins_simple: |
| type: workflow |
| display_name: Test jenkins simple workflow |
| param: |
| bool_param: |
| type: boolean |
| description: true/false |
| default: true |
| script: |
| repository: base |
| file: workflows/test_workflow_jenkins_simple.groovy |
| libs: |
| - repository: base |
| file: macros/cookiecutter.groovy |
| - repository: base |
| file: macros/git.groovy |
| |
| Setting job max builds to keep (amount of last builds stored on Jenkins master) |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| job: |
| my-amazing-job: |
| type: workflow |
| discard: |
| build: |
| keep_num: 5 |
| keep_days: 5 |
| artifact: |
| keep_num: 6 |
| keep_days: 6 |
| |
| Using job templates in similar way as in jjb. For now just |
| 1 defined param is supported: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| job_template: |
| test_workflow_template: |
| name: test-{{formula}}-workflow |
| template: |
| type: workflow |
| display_name: Test jenkins {{name}} workflow |
| param: |
| repo_param: |
| type: string |
| default: repo/{{formula}} |
| script: |
| repository: base |
| file: workflows/test_formula_workflow.groovy |
| param: |
| formula: |
| - aodh |
| - linux |
| - openssh |
| |
| Interpolating parameters for job templates: |
| |
| .. code-block:: yaml |
| |
| _param: |
| salt_formulas: |
| - aodh |
| - git |
| - nova |
| - xorg |
| jenkins: |
| client: |
| job_template: |
| test_workflow_template: |
| name: test-{{formula}}-workflow |
| template: |
| ... |
| param: |
| formula: ${_param:salt_formulas} |
| |
| Or simply define multiple jobs and it's parameters to |
| replace from template: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| job_template: |
| test_workflow_template: |
| name: test-{{name}}-{{myparam}} |
| template: |
| ... |
| jobs: |
| - name: firstjob |
| myparam: dummy |
| - name: secondjob |
| myparam: dummyaswell |
| |
| Purging undefined jobs from Jenkins: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| purge_jobs: true |
| job: |
| my-amazing-job: |
| type: workflow |
| |
| Plugins management from client: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| plugin_remove_unwanted: false |
| plugin_force_remove: false |
| plugin: |
| plugin1: 1.2.3 |
| plugin2: |
| plugin3: {} |
| plugin4: |
| version: 3.2.1 |
| enabled: false |
| plugin5: absent |
| |
| Alternative plugin management using version pins (baseline plugin management could not work with some |
| modern version labels like "1.12+build.201809061734"). |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| plugin: |
| alt_update: |
| enabled: True |
| base_url: https://archives.jenkins-ci.org/plugins/ |
| jenkins_home_volume_dir: /srv/volumes/jenkins/ |
| plugins: |
| ace-editor: |
| source_hash: abc97028893c8a71581a5f559ea48e8e1f1a65164faee96dabfed9e95e9abad2 |
| version: '1.1' |
| ant: |
| source_hash: f04961a8a42f1e2ccdf5001d33ae93fdc2b3a5af96f13bddc1d721f1d11a8b4b |
| version: '1.8' |
| apache-httpcomponents-client-4-api: |
| enabled: False |
| |
| |
| Adding plugin params to job: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| job: |
| my_plugin_parametrized_job: |
| plugin_properties: |
| throttleconcurrents: |
| enabled: True |
| max_concurrent_per_node: 3 |
| max_concurrent_total: 1 |
| throttle_option: category #one of project (default or category) |
| categories: |
| - my_throuttle_category |
| plugin: |
| throttle-concurrents: |
| |
| LDAP configuration (depends on LDAP plugin): |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| security: |
| ldap: |
| server: 1.2.3.4 |
| root_dn: dc=foo,dc=com |
| user_search_base: cn=users,cn=accounts |
| manager_dn: "" |
| manager_password: password |
| user_search: "" |
| group_search_base: "" |
| inhibit_infer_root_dn: false |
| |
| Matrix configuration (depends on auth-matrix plugin): |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| security: |
| matrix: |
| # set true for use ProjectMatrixAuthStrategy instead of GlobalMatrixAuthStrategy |
| project_based: false |
| permissions: |
| Jenkins: |
| # administrator access |
| ADMINISTER: |
| - admin |
| # read access (anonymous too) |
| READ: |
| - anonymous |
| - user1 |
| - user2 |
| # agents permissions |
| MasterComputer: |
| BUILD: |
| - user3 |
| # jobs permissions |
| hudson: |
| model: |
| Item: |
| BUILD: |
| - user4 |
| |
| `Common matrix strategies <https://github.com/arbabnazar/configuration/blob/c08a5eaf4e04a68d2481375502a926517097b253/playbooks/roles/tools_jenkins/templates/projectBasedMatrixSecurity.groovy.j2>`_ |
| |
| Views enforcing from client: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| view: |
| my-list-view: |
| enabled: true |
| type: ListView |
| include_regex: ".*" |
| my-view: |
| # set false to disable |
| enabled: true |
| type: MyView |
| |
| View specific params: |
| |
| - ``include_regex`` for ``ListView`` and ``CategorizedJobsView`` |
| - categories for ``CategorizedJobsView`` |
| |
| Categorized views: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| view: |
| my-categorized-view: |
| enabled: true |
| type: CategorizedJobsView |
| include_regex: ".*" |
| categories: |
| - group_regex: "aptly-.*-nightly-testing" |
| naming_rule: "Nightly -> Testing" |
| - group_regex: "aptly-.*-nightly-production" |
| naming_rule: "Nightly -> Production" |
| |
| Credentials enforcing from client: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| credential: |
| cred_first: |
| username: admin |
| password: password |
| cred_second: |
| username: salt |
| password: password |
| cred_with_key: |
| username: admin |
| key: SOMESSHKEY |
| cred_with_text_secret: |
| secret: SOMETEXTSECRET |
| cred_with_secret_file: |
| filename: somefile.json |
| content: | |
| { "Hello": "world!" } |
| |
| Users enforcing from client: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| user: |
| admin: |
| password: admin_password |
| admin: true |
| user01: |
| password: user_password |
| |
| Node enforcing from client using JNLP launcher: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| node: |
| node01: |
| remote_home: /remote/home/path |
| desc: node-description |
| num_executors: 1 |
| node_mode: Normal |
| ret_strategy: Always |
| labels: |
| - example |
| - label |
| launcher: |
| type: jnlp |
| |
| Node enforcing from client using SSH launcher: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| node: |
| node01: |
| remote_home: /remote/home/path |
| desc: node-description |
| num_executors: 1 |
| node_mode: Normal |
| ret_strategy: Always |
| labels: |
| - example |
| - label |
| launcher: |
| type: ssh |
| host: test-launcher |
| port: 22 |
| username: launcher-user |
| password: launcher-pass |
| |
| Configure Jenkins master: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| node: |
| master: |
| num_executors: 1 |
| node_mode: Normal # or Exclusive |
| labels: |
| - example |
| - label |
| |
| Setting node labels: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| label: |
| node-name: |
| lbl_text: label-offline |
| append: false # set true for label append instead of replace |
| |
| SMTP server settings from client: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| smtp: |
| host: "smtp.domain.com" |
| username: "user@domain.cz" |
| password: "smtp-password" |
| port: 25 |
| ssl: false |
| reply_to: reply_to@address.com |
| |
| Jenkins admin user email enforcement from client: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| smtp: |
| admin_email: "My Jenkins <jenkins@myserver.com>" |
| |
| Slack plugin configuration: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| slack: |
| team_domain: example.com |
| token: slack-token |
| room: slack-room |
| token_credential_id: cred_id |
| send_as: Some slack user |
| |
| Pipeline global libraries setup: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| lib: |
| my-pipeline-library: |
| enabled: true |
| url: https://path-to-my-library |
| credential_id: github |
| branch: master # optional, default master |
| implicit: true # optional default true |
| |
| Artifactory server enforcing: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| artifactory: |
| my-artifactory-server: |
| enabled: true |
| url: https://path-to-my-library |
| credential_id: github |
| |
| Jenkins Global env properties enforcing: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| globalenvprop: |
| OFFLINE_DEPLOYMENT: |
| enabled: true |
| name: "OFFLINE_DEPLOYMENT" # optional, default using dict key |
| value: "true" |
| |
| Throttle categories management from client (requires |
| `Throttle Concurrent Builds <https://plugins.jenkins.io/throttle-concurrents>`_ |
| plugin): |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| throttle_category: |
| 'My First Category': |
| max_total: 2 |
| max_per_node: 1 |
| 'My Second Category': |
| max_total: 5 |
| max_per_node: 2 |
| max_per_label: |
| 'node_label_1': 1 |
| 'node_label_2': 2 |
| 'My Category To Remove: |
| enabled: false |
| |
| Jira sites management from client (requires |
| `JIRA <https://plugins.jenkins.io/jira>`_ plugin): |
| |
| .. code-block:: yaml |
| |
| # Remove all sites |
| jenkins: |
| client: |
| jira: |
| enabled: False |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| jira: |
| sites: |
| 'http://my.jira.site/': |
| link_url: 'http://alternative.link/' |
| http_auth: false |
| use_wiki_notation: false |
| record_scm: false |
| disable_changelog: false |
| issue_pattern: '' |
| any_build_result: false |
| user: 'username' |
| password: 'passwd' |
| conn_timeout: 10 |
| visible_for_group: '' |
| visible_for_project: '' |
| timestamps: false |
| timestamp_format: '' |
| |
| Gerrit trigger plugin configuration: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| gerrit: |
| server1: |
| host: "gerrit.domain.local" |
| port: 29418 |
| username: "jenkins" |
| email: "jenkins@domain.local" |
| auth_key_file: "/var/jenkins_home/.ssh/id_rsa" |
| frontendURL: "https://gerrit.domain.local" |
| build_current_patches_only: true |
| abort_new_patchsets: false |
| abort_manual_patchsets: false |
| abort_same_topic: false |
| authkey: | |
| SOMESSHKEY |
| server2: |
| host: "gerrit2.domain.local" |
| port: 29418 |
| username: "jenkins" |
| email: "jenkins@domain.local" |
| auth_key_file: "/var/jenkins_home/.ssh/id_rsa" |
| frontendURL: "https://gerrit2.domain.local" |
| build_current_patches_only: true |
| abort_new_patchsets: false |
| abort_manual_patchsets: false |
| abort_same_topic: false |
| authkey: | |
| SOMESSHKEY |
| |
| CSRF Protection configuration: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| security: |
| csrf: |
| enabled: true |
| proxy_compat: false |
| |
| Agent to Master Access Control: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| security: |
| agent2master: |
| enabled: true |
| whitelisted: '' |
| file_path_rules: '' |
| |
| Content Security Policy configuration: |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| security: |
| csp: "sandbox; default-src 'none'; img-src 'self'; style-src 'self';" |
| |
| Git-client plugin's ssh host key verification strategy: |
| |
| Allowed settings: |
| |
| .. code-block:: yaml |
| - noHostKeyVerificationStrategy |
| - knownHostsFileVerificationStrategy |
| - acceptFirstConnectionStrategy |
| |
| .. code-block:: yaml |
| |
| jenkins: |
| client: |
| security: |
| git_ssh_host_key_strategy: "acceptFirstConnectionStrategy" |
| |
| Usage |
| ===== |
| |
| #. Generate password hash: |
| |
| .. code-block:: bash |
| |
| echo -n "salt{plainpassword}" | openssl dgst -sha256 |
| |
| #. Place in the configuration ``salt:hashpassword``. |
| |
| |
| Read more |
| ========= |
| |
| * https://wiki.jenkins-ci.org/display/JENKINS/Use+Jenkins |