Puppet Class: jenkins

Inherits:
jenkins::params
Defined in:
manifests/init.pp

Overview

This class manages the [Jenkins CI/CD service](jenkins.io/index.html).

Note that if different jenkins listening port(s) are configured via “jenkins::port“ and “jenkins::config_hash“ resource, “bad things” are likely to happen. This is a known implementation problem with this module that can not be fixed without breaking backwards compatibility.

Examples:

Bulk sysconf

class{ 'jenkins':
  config_hash => {
    'JENKINS_PORT' => { 'value' => '9090' },
  }
}

Bulk plugin installation (code)

class{ 'jenkins::plugins':
  plugin_hash => {
    'git' => { version => '1.1.1' },
    'parameterized-trigger' => {},
    'multiple-scms' => {},
    'git-client' => {},
    'token-macro' => {},
  }
}

Bulk plugin installation (hiera)

jenkins::plugin_hash:
   git:
      version: '1.1.1'
   parameterized-trigger: {}
   multiple-scms: {}
   git-client: {}
   token-macro: {}

Bulk user creation (code)

class{ 'jenkins':
  user_hash => {
    'user1' => {
      'password' => 'pass1',
       'email'   => 'user1@example.com',
    }
  }
}

Bulk user creation (hiera)

jenkins::user_hash:
  user:
    password: 'pass1'
    email: 'user1@example.com'

Manage version of “credentials“ plugin (hiera)

jenkins::default_plugins: []
jenkins::plugin_hash:
  credentials:
    version: 2.1.5
    digest_string: 7db002e7b053f863e2ce96fb58abb98a9c01b09c
    digest_type: sha1

Explicitly manage all plugins (hiera)

jenkins::default_plugins: []
jenkins::purge_plugins: true
jenkins::plugin_hash:
  credentials:
    version: '2.1.10'
  support-core:
    version: '2.38'
  # support-core deps
  metrics:
    version: '3.1.2.9'
  jackson2-api:
    version: '2.7.3'
  bouncycastle-api:
    version: '2.16.0'
  # /support-core deps

Parameters:

  • version (String) (defaults to: 'installed')

    package to install

    • “installed“ (Default) do NOT update jenkins to the most recent version.

    • “latest“

    automatically update the version of jenkins to the current version
available via your package manager.
  • lts (Boolean) (defaults to: true)

    use the upstream jenkins “Long Term Support” repos

    • “false“ Use the most up to date version of jenkins

    • “true“ (Default) Use LTS version of jenkins

  • repo (Boolean) (defaults to: $jenkins::params::repo)

    configure upstream jenkins package repos

    “false“ means do NOT configure the upstream jenkins package repo. This means you’ll manage a repo manually outside this module. This can also be your distribution’s repo.

  • package_name (String) (defaults to: 'jenkins')

    Optionally override the package name

  • direct_download (Optional[String]) (defaults to: undef)

    URL to jenkins package

    Ignore repository based package installation and download the package directly. Leave as ‘undef` (the default) to download using your OS package manager

  • package_cache_dir (Stdlib::Absolutepath) (defaults to: '/var/cache/jenkins_pkgs')

    Directory in which to store a “direct_download“ package

  • package_provider (Optional[String]) (defaults to: $jenkins::params::package_provider)

    Override the “package“ resource provider

    This *only has effect* when using “direct_download“.

  • manage_service (Boolean) (defaults to: true)

    Enable management of “Service“ resource

    When setting to “false“ please ensure something else defines “Service“ in order for some module functionality (e.g. “jenkins::cli“) to work properly

  • service_enable (Boolean) (defaults to: true)

    Enable (or not) the jenkins service

  • service_ensure (Enum['running', 'stopped']) (defaults to: 'running')

    Status of the jenkins service

    • “running“ (default)

    • “stopped“

  • service_override (Hash[String[1], String]) (defaults to: {})

    Override the jenkins service configuration

  • service_provider (Optional[String]) (defaults to: undef)

    Override “Service“ resource provider

    Setting this to “undef“ on platforms with “systemd“ will force the usage of package provider sysv init scripts.

  • config_hash (Hash) (defaults to: {})

    options to set in sysconfig/jenkins defaults/jenkins

    (see jenkins::sysconf)

  • plugin_hash (Hash) (defaults to: {})

    plugins to install

    (see jenkins::plugin)

  • job_hash (Hash) (defaults to: {})

    jobs to install

    (see jenkins::job)

  • user_hash (Hash) (defaults to: {})

    jenkins users to create

  • configure_firewall (Boolean) (defaults to: false)

    For folks that want to manage the puppetlabs firewall module.

    * If it's not present in the catalog, nothing happens.
* If it is, you need to explicitly set this true / false.
   * We didn't want you to have a service opened automatically, or
   unreachable inexplicably.
* This default changed in v1.0 to be undef.
  • install_java (Boolean) (defaults to: true)

    use the “puppetlabs-java“ module to install a JDK

    Jenkins requires a JRE. Setting this to “false“ means that you are response for managing a JDK outside of this module.

  • repo_proxy (Optional[String]) (defaults to: undef)

    proxy to download packages

    This parameter is only relevant for “yum“ repos managed by this module.

  • proxy_host (Optional[String]) (defaults to: undef)

    proxy hostname for plugin installation via this module and the UpdateCenter

  • proxy_port (Optional[Integer]) (defaults to: undef)

    proxy port for plugin installation via this module and the UpdateCenter

  • no_proxy_list (Optional[Array]) (defaults to: undef)

    List of hostname patterns to skip using the proxy.

    • Only effective if “proxy_host” and “proxy_port” are set.

    • Only applies to plugins installed via the UpdateCenter

  • cli (Boolean) (defaults to: true)

    install “jenkins-cli.jar“ CLI utility

    • force installation of the jenkins CLI jar to

    “$libdir/jenkins-cli.jar“

    • the cli is automatically installed when needed by components that use it, such as the user and credentials types, and the security class

  • cli_ssh_keyfile (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Provides the location of an ssh private key file to make authenticated connections to the Jenkins CLI.

  • cli_username (Optional[String]) (defaults to: undef)

    Provides the username for authenticating to Jenkins via username and password.

  • cli_password (Optional[String]) (defaults to: undef)

    Provides the password for authenticating to Jenkins via username and password. Needed if cli_username is specified.

  • cli_password_file (Optional[String]) (defaults to: undef)

    Provides the password file for authenticating to Jenkins via username and password. Needed if cli_username is specified and cli_password is undefined.

  • cli_tries (Integer) (defaults to: 10)

    Retries until giving up talking to jenkins API

  • cli_try_sleep (Integer) (defaults to: 10)

    Seconds between tries to contact jenkins API

  • port (Integer) (defaults to: 8080)

    Jenkins listening HTTP port

    Note that this value is used for CLI communication and firewall configuration. It does not configure the port on which the jenkins service listens. (see config_hash)

  • libdir (Stdlib::Absolutepath) (defaults to: '/usr/share/java')

    Path to jenkins core files

  • manage_datadirs (Boolean) (defaults to: true)

    manage the local state dir, plugins dir and jobs dir

  • localstatedir (Stdlib::Absolutepath) (defaults to: '/var/lib/jenkins')

    base path, in the “autoconf“ sense, for jenkins local data including jobs and plugins

  • executors (Optional[Integer]) (defaults to: undef)

    number of executors on the Jenkins master

  • slaveagentport (Optional[Integer]) (defaults to: undef)

    jenkins slave agent

  • manage_user (Boolean) (defaults to: true)

    manage the system jenkins user

  • user (String) (defaults to: 'jenkins')

    system user that owns the jenkins master’s files

  • manage_group (Boolean) (defaults to: true)

    manage the system jenkins group

  • group (String) (defaults to: 'jenkins')

    system group that owns the jenkins master’s files

  • default_plugins (Array) (defaults to: $jenkins::params::default_plugins)

    List of default plugins installed by this module

    The the “credentials“ plugin is required for this module to properly function. No version is specified. Set to “[]“ if you want to explicitly manage all plugins version

  • default_plugins_host (String) (defaults to: 'https://updates.jenkins.io')

    Provide a way to override plugins host for all plugins

  • purge_plugins (Boolean) (defaults to: false)

    Purge all plugins not explicitly managed by this module

    This will result in plugins manually installed via the UpdateCenter being removed. Only enable this option if you want to manage all plugins (and plugin dependencies) explicitly.



276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
 
# File 'manifests/init.pp', line 276

class jenkins (
  String $version                                 = 'installed',
  Boolean $lts                                    = true,
  Boolean $repo                                   = $jenkins::params::repo,
  String $package_name                            = 'jenkins',
  Optional[String] $direct_download               = undef,
  Stdlib::Absolutepath $package_cache_dir         = '/var/cache/jenkins_pkgs',
  Optional[String] $package_provider              = $jenkins::params::package_provider,
  Boolean $manage_service                         = true,
  Boolean $service_enable                         = true,
  Enum['running', 'stopped'] $service_ensure      = 'running',
  Hash[String[1], String] $service_override       = {},
  Optional[String] $service_provider              = undef,
  Hash $config_hash                               = {},
  Hash $plugin_hash                               = {},
  Hash $job_hash                                  = {},
  Hash $user_hash                                 = {},
  Boolean $configure_firewall                     = false,
  Boolean $install_java                           = true,
  Optional[String] $repo_proxy                    = undef,
  Optional[String] $proxy_host                    = undef,
  Optional[Integer] $proxy_port                   = undef,
  Optional[Array] $no_proxy_list                  = undef,
  Boolean $cli                                    = true,
  Optional[Stdlib::Absolutepath] $cli_ssh_keyfile = undef,
  Optional[String] $cli_username                  = undef,
  Optional[String] $cli_password                  = undef,
  Optional[String] $cli_password_file             = undef,
  Integer $cli_tries                              = 10,
  Integer $cli_try_sleep                          = 10,
  Integer $port                                   = 8080,
  Stdlib::Absolutepath $libdir                    = '/usr/share/java',
  Boolean $manage_datadirs                        = true,
  Stdlib::Absolutepath $localstatedir             = '/var/lib/jenkins',
  Optional[Integer] $executors                    = undef,
  Optional[Integer] $slaveagentport               = undef,
  Boolean $manage_user                            = true,
  String $user                                    = 'jenkins',
  Boolean $manage_group                           = true,
  String $group                                   = 'jenkins',
  Array $default_plugins                          = $jenkins::params::default_plugins,
  String $default_plugins_host                    = 'https://updates.jenkins.io',
  Boolean $purge_plugins                          = false,
) inherits jenkins::params {
  if $purge_plugins and ! $manage_datadirs {
    warning('jenkins::purge_plugins has no effect unless jenkins::manage_datadirs is true')
  }

  # Construct the cli auth argument used in cli and cli_helper
  if $cli_ssh_keyfile {
    # SSH key auth
    if empty($cli_username) {
      fail('ERROR: Latest remoting free CLI (see https://issues.jenkins-ci.org/browse/JENKINS-41745) needs username for SSH Access (\$jenkins::cli_username)')
    }
    $_cli_auth_arg = "-i '${cli_ssh_keyfile}' -ssh -user '${cli_username}'"
  } elsif !empty($cli_username) {
    # Username / Password auth (needed for AD and other Auth Realms)
    if !empty($cli_password) {
      $_cli_auth_arg = "-auth '${cli_username}:${cli_password}'"
    } elsif !empty($cli_password_file) {
      $_cli_auth_arg = "-auth '@${cli_password_file}'"
    } else {
      fail('ERROR: Need cli_password or cli_password_file if cli_username is specified')
    }
  } else {
    # default = no auth
    $_cli_auth_arg = undef
  }

  $plugin_dir = "${localstatedir}/plugins"
  $job_dir = "${localstatedir}/jobs"

  # lint:ignore:anchor_resource
  anchor { 'jenkins::begin': }
  anchor { 'jenkins::end': }
  # lint:endignore

  if $install_java {
    include java
  }

  if $direct_download {
    $repo_ = false
    $jenkins_package_class = 'jenkins::direct_download'
  } else {
    $jenkins_package_class = 'jenkins::package'
    if $repo {
      $repo_ = true
      include jenkins::repo
    } else {
      $repo_ = false
    }
  }
  include $jenkins_package_class

  include jenkins::user_setup
  include jenkins::config
  include jenkins::plugins
  include jenkins::jobs
  include jenkins::users
  include jenkins::proxy

  if $manage_service {
    include jenkins::service
    if empty($default_plugins) {
      notice(sprintf('INFO: make sure you install the following plugins with your code using this module: %s',join($jenkins::params::default_plugins,','))) # lint:ignore:140chars
    }

    # puppet/jenkins used to implement systemd but Jenkins 2.332 moved to
    # systemd and implements this natively. Clean up the old implementation.
    $old_libdir = $facts['os']['family'] ? {
      'Archlinux' => '/usr/share/java/jenkins/',
      'Debian'    => '/usr/share/jenkins',
      default     => '/usr/lib/jenkins',
    }
    file { "${old_libdir}/jenkins-run":
      ensure  => absent,
    }

    file { '/etc/systemd/system/jenkins.service':
      ensure => absent,
      notify => Service['jenkins'],
    }
  }

  if defined('::firewall') and $configure_firewall {
    include jenkins::firewall
  }

  if $cli {
    include jenkins::cli
    include jenkins::cli_helper
  }

  if $executors {
    jenkins::cli::exec { 'set_num_executors':
      command => ['set_num_executors', $executors],
      unless  => "[ \$(\$HELPER_CMD get_num_executors) -eq ${executors} ]",
    }

    Class['jenkins::cli']
    -> Jenkins::Cli::Exec['set_num_executors']
    -> Class['jenkins::jobs']
  }

  if ($slaveagentport != undef) {
    jenkins::cli::exec { 'set_slaveagent_port':
      command => ['set_slaveagent_port', $slaveagentport],
      unless  => "[ \$(\$HELPER_CMD get_slaveagent_port) -eq ${slaveagentport} ]",
    }

    Class['jenkins::cli']
    -> Jenkins::Cli::Exec['set_slaveagent_port']
    -> Class['jenkins::jobs']
  }

  if $manage_service {
    Anchor['jenkins::begin']
    -> Class['jenkins::user_setup']
    -> Class[$jenkins_package_class]
    -> Class['jenkins::config']
    -> Class['jenkins::plugins']
    ~> Class['jenkins::service']
    -> Class['jenkins::jobs']
    -> Anchor['jenkins::end']
  }

  if $install_java {
    Anchor['jenkins::begin']
    -> Class['java']
    -> Class[$jenkins_package_class]
    -> Anchor['jenkins::end']
  }

  if $repo_ {
    Anchor['jenkins::begin']
    -> Class['jenkins::repo']
    -> Class['jenkins::package']
    -> Anchor['jenkins::end']
  }

  if ($configure_firewall and $manage_service) {
    Class['jenkins::service']
    -> Class['jenkins::firewall']
    -> Anchor['jenkins::end']
  }
}