commit 2dded631390fc2cf2bb2323ac66c6f0e893af949
author Oleksii Molchanov <omolchanov@mirantis.com> Tue Jul 28 23:34:03 2020 +0300
committer Oleksii Molchanov <omolchanov@mirantis.com> Thu Aug 20 13:55:12 2020 +0300
tree 20297028e5ad66d6a07525043b82a34c3146e81e
parent 7d9ab171e79e731130ee0a61bae1a7803605eb8f

Pass secrets to containers as files instead of env variables

Related-Prod: PROD-34268
Change-Id: I8269e2c3f0402980df13430de213764a7e2f8949

docker/swarm/stack/jenkins/jnlp_slave_multi.yml

diff --git a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
index 3606bad..e7bf056 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
@@ -15,7 +15,7 @@
                 JENKINS_AGENT_NAME: slave02
                 JENKINS_UPDATE_SLAVE: 'true'
                 JENKINS_LOGIN: ${_param:jenkins_client_user}
-                JENKINS_PASSWORD: ${_param:jenkins_client_password}
+                JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
                 JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
                 https_proxy: ${_param:docker_https_proxy}
                 http_proxy: ${_param:docker_http_proxy}
@@ -35,13 +35,15 @@
                 - /var/run/docker.sock:/var/run/docker.sock
                 - /usr/bin/docker:/usr/bin/docker:ro
                 - /var/lib/jenkins:/var/lib/jenkins
+              secrets:
+                - jenkins-admin
             slave03:
               environment:
                 JENKINS_URL: ${_param:jenkins_master_url}
                 JENKINS_AGENT_NAME: slave03
                 JENKINS_UPDATE_SLAVE: 'true'
                 JENKINS_LOGIN: ${_param:jenkins_client_user}
-                JENKINS_PASSWORD: ${_param:jenkins_client_password}
+                JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
                 JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
                 https_proxy: ${_param:docker_https_proxy}
                 http_proxy: ${_param:docker_http_proxy}
@@ -61,3 +63,9 @@
               - /var/run/docker.sock:/var/run/docker.sock
               - /usr/bin/docker:/usr/bin/docker:ro
               - /var/lib/jenkins:/var/lib/jenkins
+              secrets:
+                - jenkins-admin
+          secrets:
+            jenkins-admin:
+              external: true
+              value: ${_param:jenkins_client_password}

docker/swarm/stack/jenkins/jnlp_slave_single.yml

diff --git a/docker/swarm/stack/jenkins/jnlp_slave_single.yml b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
index 956f918..6f9bff0 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_single.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
@@ -12,6 +12,7 @@
         - ${_param:docker_image_jenkins_jnlp_slave}
       stack:
         jenkins:
+          version: '3.7'
           service:
             slave01:
               environment:
@@ -19,7 +20,7 @@
                 JENKINS_AGENT_NAME: slave01
                 JENKINS_UPDATE_SLAVE: 'true'
                 JENKINS_LOGIN: ${_param:jenkins_client_user}
-                JENKINS_PASSWORD: ${_param:jenkins_client_password}
+                JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
                 JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
                 https_proxy: ${_param:docker_https_proxy}
                 http_proxy: ${_param:docker_http_proxy}
@@ -39,3 +40,9 @@
                 - /var/run/docker.sock:/var/run/docker.sock
                 - /usr/bin/docker:/usr/bin/docker:ro
                 - /var/lib/jenkins:/var/lib/jenkins
+              secrets:
+                - jenkins-admin
+          secrets:
+            jenkins-admin:
+              external: true
+              value: ${_param:jenkins_client_password}