Commit a02ab98f authored by intrigeri's avatar intrigeri
Browse files

Have Jenkins node enable itself on startup, using authentication

This reverts commit 8f58ff06.
parent 0d8621e0
...@@ -14,9 +14,18 @@ def main(): ...@@ -14,9 +14,18 @@ def main():
action="store", action="store",
required=True) required=True)
parser.add_argument("--node-name", type=str, action="store", required=True) parser.add_argument("--node-name", type=str, action="store", required=True)
parser.add_argument("--api-user", type=str, action="store", required=True)
parser.add_argument("--api-token-file",
type=str,
action="store",
required=True)
args = parser.parse_args() args = parser.parse_args()
server = jenkins.Jenkins(args.orchestrator_url) with open(args.api_token_file) as api_token_file:
api_token = api_token_file.read().rstrip()
server = jenkins.Jenkins(args.orchestrator_url,
username=args.api_user,
password=api_token)
if server.get_node_info(args.node_name)["temporarilyOffline"]: if server.get_node_info(args.node_name)["temporarilyOffline"]:
print("Node is marked as temporarily offline, enabling it.") print("Node is marked as temporarily offline, enabling it.")
server.enable_node(args.node_name) server.enable_node(args.node_name)
......
# Manage resources that are common to all Tails Jenkins slaves # Manage resources that are common to all Tails Jenkins slaves
class tails::jenkins::slave ( class tails::jenkins::slave (
String $api_token,
String $api_user = 'admin',
String $master_url = "http://jenkins.${::domain}:8080", String $master_url = "http://jenkins.${::domain}:8080",
Stdlib::Fqdn $node_name = $::hostname, Stdlib::Fqdn $node_name = $::hostname,
) { ) {
...@@ -49,6 +51,22 @@ class tails::jenkins::slave ( ...@@ -49,6 +51,22 @@ class tails::jenkins::slave (
require => Package['python3-jenkins'], require => Package['python3-jenkins'],
} }
file { '/etc/jenkins':
ensure => directory,
mode => '0750',
owner => 'root',
group => 'jenkins',
require => User['jenkins'],
}
file { '/etc/jenkins/jenkins_apikey':
ensure => present,
content => $api_token,
mode => '0640',
owner => 'root',
group => 'jenkins',
}
file { '/etc/tmpfiles.d/tails-jenkins-slave.conf': file { '/etc/tmpfiles.d/tails-jenkins-slave.conf':
ensure => file, ensure => file,
owner => root, owner => root,
...@@ -84,6 +102,7 @@ class tails::jenkins::slave ( ...@@ -84,6 +102,7 @@ class tails::jenkins::slave (
require => [ require => [
File['/usr/local/share/jenkins-enable-node'], File['/usr/local/share/jenkins-enable-node'],
File['/usr/local/share/jenkins-slave-download'], File['/usr/local/share/jenkins-slave-download'],
File['/etc/jenkins/jenkins_apikey'],
], ],
} }
......
...@@ -78,14 +78,6 @@ class tails::jenkins::slave::iso_builder () { ...@@ -78,14 +78,6 @@ class tails::jenkins::slave::iso_builder () {
], ],
} }
file { '/etc/jenkins':
ensure => directory,
mode => '0750',
owner => 'root',
group => 'jenkins',
require => User['jenkins'],
}
# TODO: remove once deployed # TODO: remove once deployed
file { '/etc/jenkins/redmine_apikey': file { '/etc/jenkins/redmine_apikey':
ensure => absent, ensure => absent,
......
...@@ -4,10 +4,11 @@ Description=Jenkins slave node ...@@ -4,10 +4,11 @@ Description=Jenkins slave node
[Service] [Service]
Type=simple Type=simple
ExecStartPre=/usr/local/share/jenkins-slave-download <%= @master_url %> ExecStartPre=/usr/local/share/jenkins-slave-download <%= @master_url %>
# XXX: yields 403 once #16955 ExecStartPre=/usr/local/share/jenkins-enable-node \
# ExecStartPre=/usr/local/share/jenkins-enable-node \ --orchestrator-url <%= @master_url %> \
# --orchestrator-url <%= @master_url %> \ --api-user <%= @api_user %> \
# --node-name <%= @domain == "lizard" ? @hostname : @fqdn %> --api-token-file /etc/jenkins/jenkins_apikey \
--node-name <%= @domain == "lizard" ? @hostname : @fqdn %>
ExecStart=/usr/bin/java -jar /run/jenkins/slave.jar -jnlpUrl <%= @master_url %>/computer/<%= @node_name %>/slave-agent.jnlp ExecStart=/usr/bin/java -jar /run/jenkins/slave.jar -jnlpUrl <%= @master_url %>/computer/<%= @node_name %>/slave-agent.jnlp
User=jenkins User=jenkins
LimitNOFILE=8192 LimitNOFILE=8192
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment