Have Jenkins node enable itself on startup, using authentication

This reverts commit 8f58ff06.

Have Jenkins node enable itself on startup, using authentication
This reverts commit 8f58ff06.
a02ab98f · intrigeri · 0d8621e0 · a02ab98f · a02ab98f · a02ab98f
Commit a02ab98f authored Jul 03, 2020 by intrigeri
4 changed files
--- a/files/jenkins/slaves/jenkins-enable-node
+++ b/files/jenkins/slaves/jenkins-enable-node
@@ -14,9 +14,18 @@ def main():
                        action="store",
                        required=True)
    parser.add_argument("--node-name", type=str, action="store", required=True)
+    parser.add_argument("--api-user", type=str, action="store", required=True)
+    parser.add_argument("--api-token-file",
+                        type=str,
+                        action="store",
+                        required=True)
    args = parser.parse_args()

-    server = jenkins.Jenkins(args.orchestrator_url)
+    with open(args.api_token_file) as api_token_file:
+        api_token = api_token_file.read().rstrip()
+    server = jenkins.Jenkins(args.orchestrator_url,
+                             username=args.api_user,
+                             password=api_token)
    if server.get_node_info(args.node_name)["temporarilyOffline"]:
        print("Node is marked as temporarily offline, enabling it.")
        server.enable_node(args.node_name)

--- a/manifests/jenkins/slave.pp
+++ b/manifests/jenkins/slave.pp
 # Manage resources that are common to all Tails Jenkins slaves
 class tails::jenkins::slave (
+  String $api_token,
+  String $api_user        = 'admin',
  String $master_url      = "http://jenkins.${::domain}:8080",
  Stdlib::Fqdn $node_name = $::hostname,
 ) {
@@ -49,6 +51,22 @@ class tails::jenkins::slave (
    require => Package['python3-jenkins'],
  }

+  file { '/etc/jenkins':
+    ensure  => directory,
+    mode    => '0750',
+    owner   => 'root',
+    group   => 'jenkins',
+    require => User['jenkins'],
+  }
+
+  file { '/etc/jenkins/jenkins_apikey':
+    ensure  => present,
+    content => $api_token,
+    mode    => '0640',
+    owner   => 'root',
+    group   => 'jenkins',
+  }
+
  file { '/etc/tmpfiles.d/tails-jenkins-slave.conf':
    ensure  => file,
    owner   => root,
@@ -84,6 +102,7 @@ class tails::jenkins::slave (
    require => [
      File['/usr/local/share/jenkins-enable-node'],
      File['/usr/local/share/jenkins-slave-download'],
+      File['/etc/jenkins/jenkins_apikey'],
    ],
  }


--- a/manifests/jenkins/slave/iso_builder.pp
+++ b/manifests/jenkins/slave/iso_builder.pp
@@ -78,14 +78,6 @@ class tails::jenkins::slave::iso_builder () {
    ],
  }

-  file { '/etc/jenkins':
-    ensure  => directory,
-    mode    => '0750',
-    owner   => 'root',
-    group   => 'jenkins',
-    require => User['jenkins'],
-  }
-
  # TODO: remove once deployed
  file { '/etc/jenkins/redmine_apikey':
    ensure  => absent,

--- a/templates/jenkins/jenkins-slave.service.erb
+++ b/templates/jenkins/jenkins-slave.service.erb
@@ -4,10 +4,11 @@ Description=Jenkins slave node
 [Service]
 Type=simple
 ExecStartPre=/usr/local/share/jenkins-slave-download <%= @master_url %>
-# XXX: yields 403 once #16955
-# ExecStartPre=/usr/local/share/jenkins-enable-node \
-#     --orchestrator-url <%= @master_url %> \
-#     --node-name <%= @domain == "lizard" ? @hostname : @fqdn %>
+ExecStartPre=/usr/local/share/jenkins-enable-node \
+    --orchestrator-url <%= @master_url %> \
+    --api-user <%= @api_user %> \
+    --api-token-file /etc/jenkins/jenkins_apikey \
+    --node-name <%= @domain == "lizard" ? @hostname : @fqdn %>
 ExecStart=/usr/bin/java -jar /run/jenkins/slave.jar -jnlpUrl <%= @master_url %>/computer/<%= @node_name %>/slave-agent.jnlp
 User=jenkins
 LimitNOFILE=8192