Bootstrap jenkins from scratch -- the oy vey! edition (oh, and move to our own artifactory) #50
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Next step: artifactory & a new EC2 instance to actually run all this on, now that I've convinced myself it will bootstrap from scratch. |
This functionality had bitrotted because we've never really re-installed jenkins from scratch With this PR, I'm able to bootstrap and fully configure Jenkins ver. 1.611 on a ubuntu utopic vagrant box. The provision has three phases: init, config, jenkins. The config phase is needed when bootstrapping on EC2, where chef vault is not yet available. After the instance is up and authorized with chef-server for vault access, we can go to the config phase. Once Jenkins has the github oauth plugin and is restarted, we can run the master-jenkins recipe. NOTES: - switch to chef_vault_item for development in vagrant - Pass `hudson.model.User.allowNonExistentUserToLogin` to JVM to open jenkins up a bit for provisioning - Also need `org.eclipse.jetty.server.Request.maxFormContentSize=1000000` to allow plugin installs (??)
Only relevant when bringing it up from scratch, so this went undetected until we tried that again...
|
I've confirmed this successfully brings up jenkins-master and workers. |
FWIW, after an upgrade to aws v2 I ran into ``` Seahorse::Client::Http::Error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ``` During a chef-client run on amazon linux and ubuntu, where I managed to make chef-client (and seahorse) happy again as follows: - `SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt chef-client` (ubuntu) - `SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt chef-client` (amazon linux) See https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/, https://github.com/opscode-cookbooks/chef-client#attributes for more info.
fix NameError on Aws by installing aws-sdk ebs for master needs to come first (so we can access the /var/lib/jenkins that will actually be used)
Add worker to Vagrantfile
note that chef-client needs to run on every node to update its attributes based on current recipe impl
Since private-repo is going away tomorrow...
|
Piggybacking move to the new artifactory on this PR. Last commit being validated by https://scala-ci.typesafe.com/job/scala-2.11.x-validate-publish-core/1125/console |
adriaanm
changed the title
TODO: do this consistently... Don't tell anyone, but the password wasn't xml-safe.
Don't want to encode in ~/.credentials, but do in any xml file. Should do it wholesale... TODO: wrap `xmlSafe` around everything that's spliced into xml
chef_vault_item is pretty expensive --> hoist out of loop simplify templates while we're at it
|
Looks like release publishing is working: https://scala-ci.typesafe.com/job/scala-2.11.x-integrate-bootstrap/136/artifact/logs/builds/*view*/ |
|
Merging so I can base the next PR on this. We'll review live in AMS. |
adriaanm
added a commit
that referenced
this pull request
May 13, 2015
Bootstrap jenkins from scratch -- the oy vey! edition (oh, and move to our own artifactory)
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This functionality had bitrotted because we've never
really re-installed jenkins from scratch
With this PR, I'm able to bootstrap and fully configure
Jenkins ver. 1.611 on a ubuntu utopic vagrant box.
The provision has three phases: init, config, jenkins.
The config phase is needed when bootstrapping on EC2,
where chef vault is not yet available. After the instance
is up and authorized with chef-server for vault access,
we can go to the config phase.
Once Jenkins has the github oauth plugin and is restarted, we
can run the master-jenkins recipe.
NOTES:
hudson.model.User.allowNonExistentUserToLoginto JVMto open jenkins up a bit for provisioning
org.eclipse.jetty.server.Request.maxFormContentSize=1000000to allow plugin installs (??)
PS: when rerouting scala-ci.typesafe.com in your /etc/hosts to the ip of the bridged vagrant box,
don't be surprised when it's not the actual scala-ci that you were expecting...