Merge lp:~fginther/charms/trusty/jenkaas/add-default-user into lp:~canonical-ci-engineering/charms/trusty/jenkaas/trunk

Proposed by Francis Ginther on 2015-06-19
Status: Merged
Approved by: Para Siva on 2015-06-19
Approved revision: 6
Merged at revision: 6
Proposed branch: lp:~fginther/charms/trusty/jenkaas/add-default-user
Merge into: lp:~canonical-ci-engineering/charms/trusty/jenkaas/trunk
Diff against target: 174 lines (+87/-6)
5 files modified
config.yaml (+10/-0)
files/templates/config.xml (+10/-0)
files/templates/user/config.xml (+25/-0)
hooks/actions.py (+38/-4)
hooks/services.py (+4/-2)
To merge this branch: bzr merge lp:~fginther/charms/trusty/jenkaas/add-default-user
Reviewer Review Type Date Requested Status
Para Siva (community) Approve on 2015-06-19
Joe Talbott (community) 2015-06-19 Approve on 2015-06-19
Review via email: mp+262405@code.launchpad.net

Commit message

Add support for default security and a default jenkins user.

Description of the change

Add support for default security and a default jenkins user.

This adds a jenkins config.xml and a user config.xml borrowed from the jenkins charm. This enables basic security and an initial user. I'd like to follow this MP up later and improve the template handling (which can probably be done better via render_template in services.py).

This also fixes the port defined for the jenkins service, which should be 8080.

To post a comment you must log in.
Joe Talbott (joetalbott) wrote :

Looks good to me. It's funny I had just created a card for this. :)

review: Approve
Para Siva (psivaa) wrote :

Looks more than enough to use username/ password for now. Thanks for doing this.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2015-06-12 17:16:11 +0000
3+++ config.yaml 2015-06-19 03:02:33 +0000
4@@ -4,6 +4,16 @@
5 type: string
6 description: |
7 Environment (devel, staging, production, etc.) that we're running.
8+ username:
9+ default: "admin"
10+ type: string
11+ description: |
12+ Default jenkins account username.
13+ password:
14+ default: "admin"
15+ type: string
16+ description: |
17+ Default jenkins account password.
18 config-file:
19 type: string
20 description: |
21
22=== added directory 'files/templates'
23=== added file 'files/templates/config.xml'
24--- files/templates/config.xml 1970-01-01 00:00:00 +0000
25+++ files/templates/config.xml 2015-06-19 03:02:33 +0000
26@@ -0,0 +1,10 @@
27+<?xml version='1.0' encoding='UTF-8'?>
28+<hudson>
29+ <useSecurity>true</useSecurity>
30+ <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy"/>
31+ <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
32+ <disableSignup>true</disableSignup>
33+ </securityRealm>
34+</hudson>
35+
36+
37
38=== added directory 'files/templates/user'
39=== added file 'files/templates/user/config.xml'
40--- files/templates/user/config.xml 1970-01-01 00:00:00 +0000
41+++ files/templates/user/config.xml 2015-06-19 03:02:33 +0000
42@@ -0,0 +1,25 @@
43+<?xml version='1.0' encoding='UTF-8'?>
44+<user>
45+ <fullName>__USERNAME__</fullName>
46+ <properties>
47+ <hudson.model.MyViewsProperty>
48+ <primaryViewName>All</primaryViewName>
49+ <views>
50+ <hudson.model.AllView>
51+ <owner class="hudson.model.MyViewsProperty" reference="../../.."/>
52+ <name>All</name>
53+ <filterExecutors>false</filterExecutors>
54+ <filterQueue>false</filterQueue>
55+ <properties class="hudson.model.View$PropertyList"/>
56+ </hudson.model.AllView>
57+ </views>
58+ </hudson.model.MyViewsProperty>
59+ <hudson.security.HudsonPrivateSecurityRealm_-Details>
60+ <passwordHash>__PASSWORD__</passwordHash>
61+ </hudson.security.HudsonPrivateSecurityRealm_-Details>
62+ <hudson.tasks.Mailer_-UserProperty>
63+ <emailAddress>changeme@changeme.com</emailAddress>
64+ </hudson.tasks.Mailer_-UserProperty>
65+ </properties>
66+</user>
67+
68
69=== modified file 'hooks/actions.py'
70--- hooks/actions.py 2015-06-17 13:48:48 +0000
71+++ hooks/actions.py 2015-06-19 03:02:33 +0000
72@@ -1,18 +1,18 @@
73 import glob
74 import grp
75+import hashlib
76 import os
77 import pwd
78 import shutil
79 import subprocess
80
81 from charmhelpers import fetch
82-from charmhelpers.core import hookenv
83-from charmhelpers.core.host import mkdir
84+from charmhelpers.core import (hookenv, host)
85 from charmhelpers.payload import execd
86
87 SERVICE_NAME = 'jenkaas'
88 SERVICE_CONFIGNAME = 'jenkaas.conf'
89-DEPS_PKGES = ["daemon", "adduser", "psmisc", "default-jre"]
90+DEPS_PKGES = ["daemon", "adduser", "psmisc", "default-jre", "pwgen"]
91
92 config = hookenv.config()
93
94@@ -41,7 +41,7 @@
95 plugins = glob.glob(os.path.join(charm_plugins_dir, '*.hpi'))
96 service_plugin_dir = os.path.join(_service_dir(), 'plugins')
97 if not os.path.exists(service_plugin_dir):
98- mkdir(service_plugin_dir, 'jenkins', 'jenkins', 0o755)
99+ host.mkdir(service_plugin_dir, 'jenkins', 'jenkins', 0o755)
100 uid = pwd.getpwnam("jenkins").pw_uid
101 gid = grp.getgrnam("jenkins").gr_gid
102 for plugin in plugins:
103@@ -56,6 +56,40 @@
104 fetch.apt_install(DEPS_PKGES, options=['--fix-broken', ], fatal=True)
105
106
107+def install_jenkins_config(service_name):
108+ hookenv.log('Installing jenkins config')
109+ in_config = os.path.join(hookenv.charm_dir(),
110+ 'files/templates/config.xml')
111+ shutil.copy(in_config, _service_dir())
112+
113+
114+def configure_default_user(service_name):
115+ hookenv.log('Configuring default user')
116+ username = config['username']
117+ password = config['password']
118+ salt = subprocess.check_output(['pwgen', '-N1', '6']).strip()
119+ csum = hashlib.sha256('{}{{{}}}'.format(password, salt)).hexdigest()
120+ salty_password = '{}:{}'.format(salt, csum)
121+
122+ users_path = os.path.join(_service_dir(), 'users', username)
123+ if not os.path.exists(users_path):
124+ host.mkdir(users_path, 'jenkins', 'jenkins', 0o755)
125+
126+ in_config = os.path.join(hookenv.charm_dir(),
127+ 'files/templates/user/config.xml')
128+ out_config = os.path.join(users_path, 'config.xml')
129+ with open(in_config) as in_file, open(out_config, 'w') as out_file:
130+ for line in in_file:
131+ if '<fullName>' in line:
132+ line = ' <fullName>{}</fullName>\n'.format(username)
133+ if '<passwordHash>' in line:
134+ line = ' <passwordHash>{}</passwordHash>\n'.format(
135+ salty_password)
136+ out_file.write(line)
137+ host.chownr(out_config, 'jenkins', 'jenkins')
138+ os.chmod(out_config, 0o644)
139+
140+
141 def install_slaves(service_name):
142 hookenv.log('Installing slaves')
143 hookenv.log(hookenv.relations())
144
145=== modified file 'hooks/services.py'
146--- hooks/services.py 2015-06-17 13:48:48 +0000
147+++ hooks/services.py 2015-06-19 03:02:33 +0000
148@@ -16,7 +16,7 @@
149 def provide_data(self):
150 return {
151 'master-address': hookenv.unit_get('private-address'),
152- 'port': 48484,
153+ 'port': 8080,
154 }
155
156
157@@ -33,14 +33,16 @@
158 actions.basenode,
159 actions.install_jenkins_dep_pkges,
160 actions.install_jenkins,
161+ actions.install_jenkins_config,
162 actions.install_plugins,
163+ actions.configure_default_user,
164 render_template(
165 source='upstart.conf',
166 target='/etc/init/jenkaas.conf'),
167 actions.install_slaves,
168 actions.log_start,
169 ],
170- 'ports': [48484],
171+ 'ports': [8080],
172 },
173 ])
174 manager.manage()

Subscribers

People subscribed via source and target branches