Merge lp:~fginther/charms/trusty/jenkaas/add-default-user into lp:~canonical-ci-engineering/charms/trusty/jenkaas/trunk

Proposed by Francis Ginther
Status: Merged
Approved by: Para Siva
Approved revision: 6
Merged at revision: 6
Proposed branch: lp:~fginther/charms/trusty/jenkaas/add-default-user
Merge into: lp:~canonical-ci-engineering/charms/trusty/jenkaas/trunk
Diff against target: 174 lines (+87/-6)
5 files modified
config.yaml (+10/-0)
files/templates/config.xml (+10/-0)
files/templates/user/config.xml (+25/-0)
hooks/actions.py (+38/-4)
hooks/services.py (+4/-2)
To merge this branch: bzr merge lp:~fginther/charms/trusty/jenkaas/add-default-user
Reviewer Review Type Date Requested Status
Para Siva (community) Approve
Joe Talbott (community) Approve
Review via email: mp+262405@code.launchpad.net

Commit message

Add support for default security and a default jenkins user.

Description of the change

Add support for default security and a default jenkins user.

This adds a jenkins config.xml and a user config.xml borrowed from the jenkins charm. This enables basic security and an initial user. I'd like to follow this MP up later and improve the template handling (which can probably be done better via render_template in services.py).

This also fixes the port defined for the jenkins service, which should be 8080.

To post a comment you must log in.
Revision history for this message
Joe Talbott (joetalbott) wrote :

Looks good to me. It's funny I had just created a card for this. :)

review: Approve
Revision history for this message
Para Siva (psivaa) wrote :

Looks more than enough to use username/ password for now. Thanks for doing this.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'config.yaml'
--- config.yaml 2015-06-12 17:16:11 +0000
+++ config.yaml 2015-06-19 03:02:33 +0000
@@ -4,6 +4,16 @@
4 type: string4 type: string
5 description: |5 description: |
6 Environment (devel, staging, production, etc.) that we're running.6 Environment (devel, staging, production, etc.) that we're running.
7 username:
8 default: "admin"
9 type: string
10 description: |
11 Default jenkins account username.
12 password:
13 default: "admin"
14 type: string
15 description: |
16 Default jenkins account password.
7 config-file:17 config-file:
8 type: string18 type: string
9 description: |19 description: |
1020
=== added directory 'files/templates'
=== added file 'files/templates/config.xml'
--- files/templates/config.xml 1970-01-01 00:00:00 +0000
+++ files/templates/config.xml 2015-06-19 03:02:33 +0000
@@ -0,0 +1,10 @@
1<?xml version='1.0' encoding='UTF-8'?>
2<hudson>
3 <useSecurity>true</useSecurity>
4 <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy"/>
5 <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
6 <disableSignup>true</disableSignup>
7 </securityRealm>
8</hudson>
9
10
011
=== added directory 'files/templates/user'
=== added file 'files/templates/user/config.xml'
--- files/templates/user/config.xml 1970-01-01 00:00:00 +0000
+++ files/templates/user/config.xml 2015-06-19 03:02:33 +0000
@@ -0,0 +1,25 @@
1<?xml version='1.0' encoding='UTF-8'?>
2<user>
3 <fullName>__USERNAME__</fullName>
4 <properties>
5 <hudson.model.MyViewsProperty>
6 <primaryViewName>All</primaryViewName>
7 <views>
8 <hudson.model.AllView>
9 <owner class="hudson.model.MyViewsProperty" reference="../../.."/>
10 <name>All</name>
11 <filterExecutors>false</filterExecutors>
12 <filterQueue>false</filterQueue>
13 <properties class="hudson.model.View$PropertyList"/>
14 </hudson.model.AllView>
15 </views>
16 </hudson.model.MyViewsProperty>
17 <hudson.security.HudsonPrivateSecurityRealm_-Details>
18 <passwordHash>__PASSWORD__</passwordHash>
19 </hudson.security.HudsonPrivateSecurityRealm_-Details>
20 <hudson.tasks.Mailer_-UserProperty>
21 <emailAddress>changeme@changeme.com</emailAddress>
22 </hudson.tasks.Mailer_-UserProperty>
23 </properties>
24</user>
25
026
=== modified file 'hooks/actions.py'
--- hooks/actions.py 2015-06-17 13:48:48 +0000
+++ hooks/actions.py 2015-06-19 03:02:33 +0000
@@ -1,18 +1,18 @@
1import glob1import glob
2import grp2import grp
3import hashlib
3import os4import os
4import pwd5import pwd
5import shutil6import shutil
6import subprocess7import subprocess
78
8from charmhelpers import fetch9from charmhelpers import fetch
9from charmhelpers.core import hookenv10from charmhelpers.core import (hookenv, host)
10from charmhelpers.core.host import mkdir
11from charmhelpers.payload import execd11from charmhelpers.payload import execd
1212
13SERVICE_NAME = 'jenkaas'13SERVICE_NAME = 'jenkaas'
14SERVICE_CONFIGNAME = 'jenkaas.conf'14SERVICE_CONFIGNAME = 'jenkaas.conf'
15DEPS_PKGES = ["daemon", "adduser", "psmisc", "default-jre"]15DEPS_PKGES = ["daemon", "adduser", "psmisc", "default-jre", "pwgen"]
1616
17config = hookenv.config()17config = hookenv.config()
1818
@@ -41,7 +41,7 @@
41 plugins = glob.glob(os.path.join(charm_plugins_dir, '*.hpi'))41 plugins = glob.glob(os.path.join(charm_plugins_dir, '*.hpi'))
42 service_plugin_dir = os.path.join(_service_dir(), 'plugins')42 service_plugin_dir = os.path.join(_service_dir(), 'plugins')
43 if not os.path.exists(service_plugin_dir):43 if not os.path.exists(service_plugin_dir):
44 mkdir(service_plugin_dir, 'jenkins', 'jenkins', 0o755)44 host.mkdir(service_plugin_dir, 'jenkins', 'jenkins', 0o755)
45 uid = pwd.getpwnam("jenkins").pw_uid45 uid = pwd.getpwnam("jenkins").pw_uid
46 gid = grp.getgrnam("jenkins").gr_gid46 gid = grp.getgrnam("jenkins").gr_gid
47 for plugin in plugins:47 for plugin in plugins:
@@ -56,6 +56,40 @@
56 fetch.apt_install(DEPS_PKGES, options=['--fix-broken', ], fatal=True)56 fetch.apt_install(DEPS_PKGES, options=['--fix-broken', ], fatal=True)
5757
5858
59def install_jenkins_config(service_name):
60 hookenv.log('Installing jenkins config')
61 in_config = os.path.join(hookenv.charm_dir(),
62 'files/templates/config.xml')
63 shutil.copy(in_config, _service_dir())
64
65
66def configure_default_user(service_name):
67 hookenv.log('Configuring default user')
68 username = config['username']
69 password = config['password']
70 salt = subprocess.check_output(['pwgen', '-N1', '6']).strip()
71 csum = hashlib.sha256('{}{{{}}}'.format(password, salt)).hexdigest()
72 salty_password = '{}:{}'.format(salt, csum)
73
74 users_path = os.path.join(_service_dir(), 'users', username)
75 if not os.path.exists(users_path):
76 host.mkdir(users_path, 'jenkins', 'jenkins', 0o755)
77
78 in_config = os.path.join(hookenv.charm_dir(),
79 'files/templates/user/config.xml')
80 out_config = os.path.join(users_path, 'config.xml')
81 with open(in_config) as in_file, open(out_config, 'w') as out_file:
82 for line in in_file:
83 if '<fullName>' in line:
84 line = ' <fullName>{}</fullName>\n'.format(username)
85 if '<passwordHash>' in line:
86 line = ' <passwordHash>{}</passwordHash>\n'.format(
87 salty_password)
88 out_file.write(line)
89 host.chownr(out_config, 'jenkins', 'jenkins')
90 os.chmod(out_config, 0o644)
91
92
59def install_slaves(service_name):93def install_slaves(service_name):
60 hookenv.log('Installing slaves')94 hookenv.log('Installing slaves')
61 hookenv.log(hookenv.relations())95 hookenv.log(hookenv.relations())
6296
=== modified file 'hooks/services.py'
--- hooks/services.py 2015-06-17 13:48:48 +0000
+++ hooks/services.py 2015-06-19 03:02:33 +0000
@@ -16,7 +16,7 @@
16 def provide_data(self):16 def provide_data(self):
17 return {17 return {
18 'master-address': hookenv.unit_get('private-address'),18 'master-address': hookenv.unit_get('private-address'),
19 'port': 48484,19 'port': 8080,
20 }20 }
2121
2222
@@ -33,14 +33,16 @@
33 actions.basenode,33 actions.basenode,
34 actions.install_jenkins_dep_pkges,34 actions.install_jenkins_dep_pkges,
35 actions.install_jenkins,35 actions.install_jenkins,
36 actions.install_jenkins_config,
36 actions.install_plugins,37 actions.install_plugins,
38 actions.configure_default_user,
37 render_template(39 render_template(
38 source='upstart.conf',40 source='upstart.conf',
39 target='/etc/init/jenkaas.conf'),41 target='/etc/init/jenkaas.conf'),
40 actions.install_slaves,42 actions.install_slaves,
41 actions.log_start,43 actions.log_start,
42 ],44 ],
43 'ports': [48484],45 'ports': [8080],
44 },46 },
45 ])47 ])
46 manager.manage()48 manager.manage()

Subscribers

People subscribed via source and target branches