As part of building a Jenkins agent AMI in Amazon Web Services, the last plays strip any private keys or authentication tokens off the image. Once it is saved and at rest, no secrets are stored on the image. At boot I have extensive scripting that pulls in the secrets and places them, verifies and…
Continue ReadingPulling in Ansible Variables Explicitly
…, or Templating GitHub Branch Source Org config.xml I created a yaml file ghe_config.yml to provide the values for a jinja template which created the GitHub Branch Source Organization config.xml for a Github organization on Jenkins. These were brought together by an ansible play that explicitly pulled in the ghe_config.yml values and then pushes those…
Continue Reading…Rethinking git submodule
I constructed five of our jenkins agent AMI builds into an ansible_role-jenkins-[function]-agent piece, and then an aggregation jenkins pipeline build repo. The idea is – code from the role(s) are layered in the jenkins pipeline build repo. For example the base agent build (all the basic stuff we want on all of our agent AMIs)…
Continue Readinggit submodule…
ADD SUBMODULE in the directory in which you want the repo to be linked into, run git submodule add to remove or update at present using these commands you will get the default branch HEAD commit —- RESET OR DELETE edit .gitmudules and remove the entry edit .git/config and remove the submodule entry run git…
Continue ReadingFinding AWS AMIs for Jenkins Agents
I created an automagically configured Jenkins controller. It spun up in Amazon Web Services, it grabbed and installed its private keys for access, and it was stateless. But… But the Jenkins AMI came with a Jenkins config.xml configured with agent AMI ids when it was built. As development moved forward (CICD, after all), the config.xml…
Continue ReadingDeleting the Hashicorp Whitelist Entry…
In working with Hashicorp vault I used an AWS role to automagically enable an instance to communicate with vault. That worked really well. But in developing and testing sometimes I needed that AWS instance to be reverted in vault – to no longer be registered. That required tracing down where and how that auth happens…
Continue ReadingCreating a duplicate GitHub org (script)
I had an existing GitHub organization. It had working code on it, but I needed to duplicate the repos on a separate organization, not through forking off or any connection to the first organization. bash it is… #! /bin/bash # arg is list file # directory to work in DIR=”/Users/dsm/construct” # GitHub server address…
Continue ReadingTroubleshoot Hashicorp packer AWS Instance Directly
I use GitHub to send a notifyCommit to Jenkins to kick off a pipeline job that spins up packer, calling ansible as a provisioner (along with some preliminary shell) to configure and install, which then tests (ansible properly formatted cover unit testing) integration using a temporary cloud formation using Hashicorp consul service discovery and a…
Continue ReadingJenkins | Seems Like You Really Need SCM Polling
I tested notifyCommit messages sent to the git plugin in Jenkins – what happens when you commit several different branches in the same repo and rely on the git plugin to catch and schedule. The results were – odd. Some branches committed never made it. The limit for certainty seems to be the first commit,…
Continue ReadingnotifyCommit messages to Same Repo
I started off from scratch with our CicdDiscover Jenkins plugin. I created and kicked off a job in Jenkins by committing to branch “test-cicddiscover-branch”. This as expected created the job. It then started building – not the test-cicddiscover-branch change, but an earlier change to origin/rc. I went ahead and committed another two changes, to branch…
Continue Reading