• Stars
    star
    276
  • Rank 149,319 (Top 3 %)
  • Language
    Ruby
  • License
    Apache License 2.0
  • Created over 11 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Puppet module for Jenkins

puppet-jenkins

Build Status

This is intended to be a re-usable Puppet module that you can include in your own tree.

Experimental Types and Providers

The experimental types/providers are not for the faint of heart. If you are starting out with this module you probably want to skip directly to Getting Started.

A family of experimental native types and providers has been added to this module, in parallel to the existing classes and defined types, with the goal of soliciting feedback. One of the primary benefits of these new types is not requiring manifest changes to manage jenkins with or without "security" enabled. The goal is to eventually replace the functionality of the existing classes/defines with the new types. Usage feedback (positive and negative), bug reports and/or PRs would be greatly welcomed.

The semantics and API of these types should be considered unstable and almost certainly will change based on feedback. It is currently unclear if these types will be considered part of the public API or treated as private to the module.

See NATIVE_TYPES_AND_PROVIDERS.md

Jenkins 2.54 and 2.46.2 remoting free CLI and username / password CLI auth

Jenkins refactored the CLI in 2.54 and 2.46.2 in response to several security incidents (See JENKINS-41745. This module has been adjusted to support the new CLI.

The CLI supports proper authentication with username and password. It's a requirement for supporting AD and OpenID authentications (there is no ssh key there). You can supply $::jenkins::cli_username and $::jenkins::cli_password to use username / password based authentication. Then the puppet automation user can also reside in A.D

Note: Jenkins requires a ssh username, so you must also provide $::jenkins::cli_username for ssh. If you specify both username/password and ssh key file, SSH authentication is preferred.

Using puppet-jenkins

Getting Started

puppet module install puppet/jenkins
    node 'hostname.example.com' {
        include jenkins
    }

Then the service should be running at http://hostname.example.com:8080/.

Jenkins' options

Master Executor Threads

class { 'jenkins':
  executors => 0,
}

Managing Jenkins jobs

Build jobs can be managed using the jenkins::job define

Creating or updating a build job

  jenkins::job { 'test-build-job':
    config => template("${templates}/test-build-job.xml.erb"),
  }

Removing an existing build job

  jenkins::job { 'test-build-job':
    ensure => 'absent',
  }

Installing Jenkins plugins

The Jenkins puppet module defines the jenkins::plugin resource which will download and install the plugin "by hand"

The names of the plugins can be found on the update site

Latest

By default, the resource will install the latest plugin, i.e.:

  jenkins::plugin { 'git': }

If you specify version => 'latest' in current releases of the module, the plugin will be downloaded and installed with every run of Puppet. This is a known issue and will be addressed in future releases.

By version

If you need to peg a specific version, simply specify that as a string, i.e.:

  jenkins::plugin { 'git':
    version => '1.1.11',
  }

Note that plugin will timeout if it takes longer than 120 seconds to download. You can increase this by specifying a timeout value, i.e: timeout => 240.

Verifying

This module will download the jenkins modules over HTTP, without SSL. In order to add some verification regarding the downloaded file, you can specify a checksum. You can also define a checksum type with 'digest_type' (default to sha1 if unspecified) ie.:

  jenkins::plugin { 'git':
    version       => '2.2.12',
    digest_string => '48141822e0eea1faa1a1a99b35372494e7352c2746ca3aa3a19a07f34b021848d2cd0bffc8959c1b809c5be231c1b49e9ffec0430dd68938197ac0f34588ee25',
    digest_type   => 'sha512',
  }

Direct URL

Direct URL from which to download plugin without modification. This is particularly useful for development and testing of plugins which may not be hosted in the typical Jenkins' plugin directory structure.

  jenkins::plugin { 'myplugin':
    source => 'https://example.org/myplugin.hpi',
  }

Note that that when source is specified, the version and plugin_url parameters will have no effect on the plugin retrieval URL.

Plugin dependencies

Dependencies are not automatically installed. You need to manually determine the plugin dependencies and include those as well. The Jenkins wiki is a good place to do this. For example: The Git plugin page is at https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin.

Slaves

You can automatically add slaves to jenkins, and have them auto register themselves. Most options are actually optional, as nodes will auto-discover the master, and connect.

Full documentation for the slave code is in jenkins::slave.

It requires the swarm plugin on the master & the class jenkins::slave on the slaves, as below:

    node /jenkins-slave.*/ {
      class { 'jenkins::slave':
        masterurl => 'http://jenkins-master1.domain.com:8080',
        ui_user => 'adminuser',
        ui_pass => 'adminpass',
      }
    }

    node /jenkins-master.*/ {
        include jenkins
        include jenkins::master
    }

Depending on Jenkins

If you have any resource in Puppet that depends on Jenkins being present, add the following require statement:

  exec { 'some-exec':
    require => Class['jenkins::package'],
    # ... etc
  }

Advanced features

  1. Plugin Hash - jenkins::plugins
  2. Config Hash - jenkins::config
  3. Configure Firewall - jenkins (init.pp)
  4. Outbound Jenkins Proxy Config - jenkins (init.pp)
  5. CLI Helper
  6. Jenkins Users
  7. Credentials
  8. Simple security model configuration

API-based Resources and Settings (Users, Credentials, security)

This module includes a groovy-based helper script that uses the Jenkins CLI to interact with the Jenkins API. Users, Credentials, and security model configuration are all driven through this script.

When an API-based resource is defined, the Jenkins' CLI is installed and run against the local system (127.0.0.1). Jenkins is assumed to be listening on port 8080, but the module is smart enough to notice if you've configured an alternate port using jenkins::config_hash['JENKINS_PORT'].

Users and credentials are Puppet-managed, meaning that changes made to them from outside Puppet will be reset at the next puppet run. In this way, you can ensure that certain accounts are present and have the appropriate login credentials.

CLI Helper

The CLI helper assumes unauthenticated access unless configured otherwise. You can configure jenkins::cli_helper to use an SSH key on the managed system by passing the keyfile path as a class parameter:

  class {'jenkins':
    cli_ssh_keyfile => '/path/to/id_rsa',
  }

... or via hiera:

jenkins::cli_ssh_keyfile: "/path/to/id_rsa"

Direct including of the jenkins::cli_helper class into the manifest is deprecated.

There's an open bug in Jenkins (JENKINS-22346) that causes authentication to fail when a key is used but authentication is disabled. Until the bug is fixed, you may need to bootstrap jenkins out-of-band to ensure that resources and security policy are configured in the correct order. For example:

# In puppet:
  anchor {'jenkins-bootstrap-start': } ->
    Class['jenkins::cli_helper'] ->
      Exec[$bootstrap_script] ->
        anchor {'jenkins-bootstrap-complete': }

# Code for $bootstrap_script
#!/bin/bash -e
# Generate an SSH key for the admin user
ADMIN_USER='<%= admin_user_name %>'
ADMIN_EMAIL='<%= admin_user_email %>'
ADMIN_PASSWORD='<%= admin_user_password %>'
ADMIN_FULLNAME='<%= admin_user_full_name %>'
ADMIN_SSH_KEY='<%= admin_ssh_keyfile %>'
JENKINS_CLI='<%= jenkins_libdir %>/jenkins-cli.jar'
PUPPET_HELPER='<%= jenkins_libdir %>/puppet_helper.groovy'
HELPER="java -jar $JENKINS_CLI -s http://127.0.0.1:8080 groovy $PUPPET_HELPER"
DONEFILE='<%= jenkins_libdir %>/jenkins-bootstrap.done'

ADMIN_PUBKEY="$(cat ${ADMIN_SSH_KEY}.pub)"

# Create the admin user, passing no credentials
$HELPER create_or_update_user "$ADMIN_USER" "$ADMIN_EMAIL" "$ADMIN_PASSWORD" "$ADMIN_FULLNAME" "$ADMIN_PUBKEY"
# Enable security. After this, credentials will be required.
$HELPER set_security full_control

touch $DONEFILE

jenkins::cli::exec

The defined type jenkins::cli::exec may be used to execute arbitrary CLI helper commands.

Arguments to the CLI helper script may be specified as the resource's title.

  jenkins::cli::exec { 'set_num_executors 0': }

Or passed as an array to the command parameter. This example is semantically equivalent to the first.

  jenkins::cli::exec { 'set_num_executors 0':
    command => ['set_num_executors', '0'],
  }

which is also equivalent to:

  jenkins::cli::exec { 'set_num_executors 0':
    command => 'set_num_executors 0',
  }

If the unless parameter is specified, an environment variable named $HELPER_CMD is declared which contains the complete string needed to execute the CLI helper script (minus arguments). This may be useful in constructing idempotent exec statements.

  $num_executors = 0
  jenkins::cli::exec { "set_num_executors ${num_executors}":
    unless => "[ \$(\$HELPER_CMD get_num_executors) -eq ${num_executors} ]"
  }

Users

Email and password are required.

Create a johndoe user account whose full name is "Managed by Puppet":

  jenkins::user { 'johndoe':
    email    => '[email protected]',
    password => 'changeme',
  }

Credentials

Password is required. For ssh credentials, password is the key passphrase (or '' if there is none). private_key_or_path is the text of key itself or an absolute path to a key file on the managed system.

Create ssh credentials named 'github-deploy-key', providing an unencrypted private key:

    jenkins::credentials { 'github-deploy-key':
      password            => '',
      private_key_or_path => hiera('::github_deploy_key'),
    }

Setting a UUID:

You can also specify a UUID to use with the credentials, which will be used to identify the credentials from within the job config. This is necessary when setting credentials for use with the git plugin, for example.

You can either manually generate a UUID from a site like UUIDTools.com, or use the UUID from an existing user, which is accessible within the URL of the Jenkins console when managing an existing user's credentials.

    jenkins::credentials { 'deploy-user':
      password            => '',
      private_key_or_path => hiera('::deploy_key'),
      uuid                => hiera('::deploy_credentials_uuid'),
    }

Configuring Security

The Jenkins security model can be set to one of two modes:

  • full_control - Users have full control after login. Authentication uses Jenkins' built-in user database.
  • unsecured - Authentication is not required.

Jenkins security is not managed by puppet unless jenkins::security is defined.

Using from Github / source

With librarian

If you use librarian-puppet, add the following to your Puppetfile:

mod "puppet/jenkins"

With the "puppet module" tool

This module is compatible with the puppet module tool. Appropriately this module has been released to the Puppet Forge, allowing you to easily install the released version of the module

To quickly try this module with the puppet module tool:

% sudo puppet module install puppet/jenkins
% sudo puppet apply -v -e 'include jenkins'
info: Loading facts in facter_dot_d
info: Loading facts in facter_dot_d
info: Applying configuration version '1323459431'
notice: /Stage[main]/Jenkins::Repo::El/Yumrepo[jenkins]/descr: descr changed '' to 'Jenkins'
notice: /Stage[main]/Jenkins::Repo::El/Yumrepo[jenkins]/baseurl: baseurl changed '' to 'http://pkg.jenkins-ci.org/redhat/'
notice: /Stage[main]/Jenkins::Repo::El/Yumrepo[jenkins]/gpgcheck: gpgcheck changed '' to '1'
notice: /Stage[main]/Jenkins::Repo::El/File[/etc/yum/jenkins-ci.org.key]/ensure: defined content as '{md5}9fa06089848262c5a6383ec27fdd2575'
notice: /Stage[main]/Jenkins::Repo::El/Exec[rpm --import /etc/yum/jenkins-ci.org.key]/returns: executed successfully
notice: /Stage[main]/Jenkins::Package/Package[jenkins]/ensure: created
notice: /Stage[main]/Jenkins::Service/Service[jenkins]/ensure: ensure changed 'stopped' to 'running'
notice: Finished catalog run in 27.46 seconds

Overriding the jenkins package name

It's possible to specify a different package name to the default jenkins if you wish:

class { 'jenkins':
  package_name => 'jenkins_custom',
}

Installing from a hosted RPM

Sometimes you don't have an RPM repository available and are not allowed to directly install from repositories on the Internet. In this case, you can still install Jenkins with this module by hosting the jenkins RPM file somewhere accessible (http server, S3 bucket, etc.) and tell

class { 'jenkins':
  direct_download => 'http://myserver/rpms/jenkins-x.xxx-1-1.rpm',
}

More Repositories

1

json-schema

Ruby JSON Schema Validator
Ruby
1,447
star
2

puppetboard

Web frontend for PuppetDB
Python
698
star
3

hiera-eyaml

A backend for Hiera that provides per-value asymmetric encryption of sensitive data
Ruby
528
star
4

puppet-nginx

Puppet Module to manage NGINX on various UNIXes
Ruby
468
star
5

puppet-elasticsearch

Elasticsearch Puppet module
Ruby
406
star
6

beaker

Puppet Acceptance Testing Harness
Ruby
368
star
7

puppet-python

Puppet module for installing and managing Python, pip, virtualenvs and Gunicorn virtual hosts.
Ruby
197
star
8

puppet-logstash

Puppet module to manage Logstash
Puppet
192
star
9

puppet-rabbitmq

RabbitMQ Puppet Module
Ruby
174
star
10

onceover

Your gateway drug to automated infrastructure testing with Puppet
Ruby
142
star
11

puppet-mcollective

MCollective Server and Client Puppet Module
Ruby
122
star
12

puppet-consul

A Puppet Module to Manage Consul
Ruby
120
star
13

puppet-openvpn

OpenVPN module for puppet including client config/cert creation
Ruby
113
star
14

puppet-nodejs

Puppet module to install nodejs and global npm packages
Ruby
112
star
15

modulesync

Synchronize common files across your Git repositories.
Ruby
101
star
16

vagrant-librarian-puppet

A Vagrant plugin to install Puppet modules using Librarian-Puppet.
Ruby
101
star
17

puppet-r10k

Setup and configure r10k for use with git based environments in puppet
Ruby
98
star
18

pypuppetdb

Python library for working with the PuppetDB API
Python
93
star
19

puppet-mongodb

mongodb installation
Ruby
92
star
20

puppet-ghostbuster

👻 Dead code detector for Puppet
Ruby
89
star
21

puppet-letsencrypt

A Puppet module to install the Letsencrypt client and request certificates.
Ruby
86
star
22

puppet-php

Generic Puppet module to manage PHP on many platforms
Puppet
85
star
23

puppet-mode

Edit Puppet manifests with GNU Emacs 24
Emacs Lisp
77
star
24

puppet-gitlab

Puppet module to manage Gitlab (Omnibus)
Puppet
74
star
25

puppet-postfix

Puppet postfix module
HTML
72
star
26

puppet-collectd

Collectd module for Puppet
Ruby
70
star
27

puppet-syntax

Syntax checks for Puppet manifests and templates
Ruby
68
star
28

puppet-blacksmith

Ruby Gem with Puppet Module utilities
Ruby
68
star
29

puppet-network

Types and providers to manage network interfaces
Ruby
68
star
30

puppet-augeasproviders

Alternative Augeas-based providers for Puppet
Ruby
65
star
31

puppet-system

Manage Linux system resources and services from hiera configuration
Puppet
64
star
32

puppet-jira

Atlassian JIRA Puppet Module
Ruby
61
star
33

puppet-prometheus

Puppet module for prometheus
Puppet
60
star
34

puppet-archive

Compressed archive file download and extraction with native types/providers for Windows and Unix
Ruby
59
star
35

beaker-rspec

beaker-rspec is a bridge between the puppet acceptance test harness
Ruby
58
star
36

rspec-puppet-facts

Simplify your unit tests by looping on every supported Operating System and populating facts.
Ruby
58
star
37

puppet-puppetboard

Puppet module to install and manage puppetboard
Puppet
53
star
38

puppet-staging

⛔️ Deprecated in favor of puppet-archive
Ruby
51
star
39

puppet-pxe

Puppet module for deploying a PXE boot server
Puppet
49
star
40

hiera-eyaml-gpg

GPG encryption backend for the hiera-eyaml module
Ruby
49
star
41

puppet-systemd

Puppet module to manage systemd
Ruby
49
star
42

puppet-selinux

Puppet Module to manage SELinux on RHEL machines
Ruby
49
star
43

puppet-keepalived

Puppet Module to manage Keepalived
Ruby
48
star
44

puppet-prometheus_reporter

A prometheus Puppet reports exporter for Puppet
Ruby
48
star
45

puppet-iis

Module to mange IIS with Puppet
Ruby
46
star
46

puppet-corosync

Sets up and manages Corosync.
Ruby
45
star
47

puppet-dhcp

Puppet module for deploying dhcp
Ruby
42
star
48

puppet-epel

Setup/configure EPEL (extra repository for enterprise linux) with Puppet
Ruby
41
star
49

puppet-redis

Puppet Module to manage Redis
Ruby
40
star
50

puppet-openssl

Puppet OpenSSL module
Ruby
39
star
51

puppet-pkgng

A Puppet package provider for FreeBSD's PkgNG package manager.
Ruby
39
star
52

puppet-firewalld

Puppet module for managing firewalld
Ruby
39
star
53

puppet-splunk

Manage Splunk servers and forwarders using Puppet
Ruby
39
star
54

puppet-rundeck

Module for managing the installatation and configuration of the rundeck orchestration tool
Ruby
38
star
55

puppet-openldap

Manage OpenLDAP with Puppet
Ruby
35
star
56

puppet-vmwaretools

Puppet module to manage VMware Operating System Specific Packages for VMware tools installation.
Puppet
35
star
57

puppet-snmp

Puppet module to manage Net-SNMP.
Ruby
34
star
58

puppet-unattended_upgrades

Unattended-upgrades for APT
Ruby
33
star
59

puppet-dnsquery

DNS query functions for Puppet
Ruby
32
star
60

puppet-hiera

Hiera hierarchy module for templating `hiera.yaml`
Ruby
32
star
61

puppet-kafka

The kafka module for managing the installation and configuration of Apache Kafka
Puppet
30
star
62

puppet-fail2ban

This module installs, configures and manages the Fail2ban service.
Ruby
30
star
63

ra10ke

Rake tasks related to R10K and Puppetfile
Ruby
29
star
64

puppet-wildfly

Puppet module to install, configure and manage Wildfly (8/9/10+), JBoss EAP (6.1+/7.0+) and some Wildfly based products like apiman, Keycloak and Infinispan.
Ruby
29
star
65

puppet-windowsfeature

Library that uses ServerAdministration api that comes with Windows Server 2008 and Windows Server 2012 to add / remove windows features
Ruby
29
star
66

puppet-catalog-diff-viewer

A viewer for the puppet-catalog-diff tool
JavaScript
28
star
67

puppet-unbound

Puppet module for deploying the swiss-army of DNS, Unbound
Ruby
28
star
68

metadata-json-lint

Tool to check the validity of Puppet metadata.json files
Ruby
27
star
69

hiera-file

File backend for Hiera
Ruby
26
star
70

puppet-vault_lookup

Ruby
25
star
71

puppetdb-ruby

Ruby client library for interacting with PuppetDB API
Ruby
24
star
72

puppet-alternatives

Manage Debian alternatives links
Ruby
24
star
73

puppet-telegraf

A Puppet module for installing and configuring InfluxData's Telegraf
Ruby
24
star
74

puppet-healthcheck

Puppet resources to evaluate the health and status of things.
Ruby
22
star
75

puppet-puppetserver

Puppet module for puppetserver
Ruby
21
star
76

puppet-confluence

A puppet module to install confluence
Ruby
20
star
77

puppet-drbd

Basic module for configuring active-passive drbd resources
Puppet
20
star
78

puppet-stash

A puppet module to install atlassian stash
Ruby
19
star
79

puppet-kmod

manage kernel module with puppet
Ruby
18
star
80

puppet-mrepo

Puppet module for creating and managing RPM based repository mirrors.
Puppet
17
star
81

puppet-ssh_keygen

Generation of ssh keys with ssh-keygen
Ruby
17
star
82

puppet-windows_firewall

puppet module for configuring the windows firewall
Ruby
17
star
83

puppet-nomad

Puppet module for managing Nomad
Ruby
16
star
84

puppet-gluster

Create and manage Gluster pools, volumes, and mounts
Ruby
16
star
85

puppet-kibana

Kibana Puppet module by Elastic.
Ruby
16
star
86

puppet-filemapper

Map files to puppet resources and back
Ruby
15
star
87

puppet-proxysql

Puppet module to configure ProxySQL
Ruby
15
star
88

puppet-cron

Puppet module to manage cron jobs via /etc/cron.d
Ruby
14
star
89

puppet-tea

Puppet 4.6 Types: Abstracted & Extracted
Ruby
14
star
90

puppet-ca_cert

A puppet module for managing (non-system) CA certificates.
Ruby
14
star
91

puppet-minecraft

Puppet - Minecraft: Separately maintained fork of brannan's puppet-module-minecraft
Ruby
14
star
92

puppet-chrony

Puppet module for Chrony with Systemd
Ruby
13
star
93

puppet-smokeping

Puppet module to install and configure smokeping. Including target and slave definition
Puppet
13
star
94

puppet-cassandra

Installs Cassandra & DataStax Agent on RHEL/Ubuntu/Debian.
Ruby
13
star
95

puppet-googleauthenticator

Google-authenticator module for Puppet
Puppet
13
star
96

puppet-bareos

Puppet Module to manage bareos
Puppet
13
star
97

puppet-misp

This module installs and configures MISP (Malware Information Sharing Platform)
HTML
13
star
98

puppet_webhook

Sinatra-based application that triggers puppet-related commands from VCS Webhook calls
Ruby
13
star
99

puppet-extlib

This module provides functions that are out of scope for stdlib.
Ruby
13
star
100

puppet-gitlab_ci_runner

Module to mange gitlab CI runners. Extracted from https://github.com/voxpupuli/puppet-gitlab
Ruby
13
star