There is a method in the GUI for Jenkins that tells the Jenkins java process to reload its config from disk. From outside the GUI, where devops and automation live, you can do the same thing through the jenkins-cli.jar. This needed a script to craft the other pieces needed, retrieving a key from vault in…
Continue Reading
I wrote a jenkins plugin while I was idle between Oath and my current gig. This plugin is a simplification of Oath’s (AOL’s) CICD Discover plugin. Re-written from scratch. Instead of crafting java code in the plugin, I walked it back to its origins, where it sends execution to an external executable. The impetus to…
Continue ReadingNebula-in-a-Box actually works now. The latest problems were in ssl certificates, vault, consul, DNS, internal addressing, tuning consul to run as basically a single master instance (not designed for that). The Nebula-in-a-Box orion instance comes up now with consul fully functioning as service discovery and DNS. It registers and interacts with the local vault. The…
Continue Reading…in other words, DevOps. Github sends a notifyCommit message to Jenkins. That message passes through the Jenkins git plugin, which triggers a job if (1) there is a job configured with a git url matching the notifyCommit git url, and (2) there is a change to the code. If the job does not already exist…
Continue ReadingI wanted modular code – edit in one place, use in many. I started trying out git submodules. They were cool, but static. Changing code bases would be a pain to keep track of and manipulate. But the separation of ansible role and builds. allows us to immediately reuse code. I’m building a single instance…
Continue ReadingAnsible’s system module restarts the jenkins service. If you call this to restart during the install process or during the boot process you cause Jenkins to be unavailable. At one point (because of errant Nessus scan configs) the instances at boot were so loaded that the restart could take 4+ minutes. This caused a cascading…
Continue ReadingGithub sends the full branch and committed information with the notifyCommit it sends to Jenkins. Jenkins passes just the repo url through to the git plugin. The plugin then does calculations to find the correct commit id to build. If Jenkins has state, and has built this job in the past, and there’s a commit…
Continue ReadingWhen you manage to make Jenkins stateless, it exposes internal assumptions throughout Jenkins, all assuming there is a past, a history, a state. In Jenkins pipeline jobs the basic checkout statement is “checkout scm”. This in my experience does the right thing consistently, on a Jenkins controller that has been up for awhile and has…
Continue ReadingAs part of building a Jenkins agent AMI in Amazon Web Services, the last plays strip any private keys or authentication tokens off the image. Once it is saved and at rest, no secrets are stored on the image. At boot I have extensive scripting that pulls in the secrets and places them, verifies and…
Continue Reading…, or Templating GitHub Branch Source Org config.xml I created a yaml file ghe_config.yml to provide the values for a jinja template which created the GitHub Branch Source Organization config.xml for a Github organization on Jenkins. These were brought together by an ansible play that explicitly pulled in the ghe_config.yml values and then pushes those…
Continue Reading