├── .dockerignore ├── Dockerfile ├── LICENSE ├── README.md ├── entrypoint.sh ├── generate_key.sh └── init.groovy.d ├── general_credentials.groovy ├── general_maven.groovy ├── general_url.groovy ├── gerrit.groovy ├── jnlp-agent-protocols.groovy ├── kubernetes.groovy └── ldap.groovy /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM jenkins/jenkins:lts 2 | MAINTAINER zsx 3 | 4 | # Install docker binary 5 | USER root 6 | 7 | ENV DOCKER_BUCKET download.docker.com 8 | ENV DOCKER_VERSION 17.09.0-ce 9 | 10 | RUN curl -fSL "https://${DOCKER_BUCKET}/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz" -o /tmp/docker-ce.tgz \ 11 | && tar -xvzf /tmp/docker-ce.tgz --directory="/usr/local/bin" --strip-components=1 docker/docker \ 12 | && rm /tmp/docker-ce.tgz 13 | 14 | USER jenkins 15 | 16 | # Install plugins 17 | RUN /usr/local/bin/install-plugins.sh \ 18 | ansible \ 19 | copyartifact \ 20 | config-file-provider \ 21 | docker-build-publish \ 22 | docker-plugin \ 23 | docker-workflow \ 24 | gerrit-trigger \ 25 | git \ 26 | git-parameter \ 27 | gitlab-plugin \ 28 | kubernetes \ 29 | ldap \ 30 | matrix-auth \ 31 | maven-plugin \ 32 | parameterized-trigger \ 33 | pipeline-maven \ 34 | script-security \ 35 | swarm \ 36 | terraform \ 37 | workflow-aggregator 38 | 39 | # Add groovy setup config 40 | COPY init.groovy.d/ /usr/share/jenkins/ref/init.groovy.d/ 41 | 42 | # Generate jenkins ssh key. 43 | COPY generate_key.sh /usr/local/bin/generate_key.sh 44 | 45 | COPY entrypoint.sh /entrypoint.sh 46 | ENTRYPOINT ["/entrypoint.sh"] 47 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Jenkins Docker Image 2 | 3 | Official Jenkins docker plus some plugins and scripts in order to integrating with the Gerrit. 4 | Additional plugins include: 5 | 6 | * ansible 7 | * copyartifact 8 | * config-file-provider 9 | * docker-build-publish 10 | * docker-plugin 11 | * docker-workflow 12 | * gerrit-trigger 13 | * git 14 | * git-parameter 15 | * gitlab-plugin 16 | * kubernetes 17 | * ldap 18 | * matrix-auth 19 | * maven-plugin 20 | * parameterized-trigger 21 | * pipeline-maven 22 | * script-security 23 | * swarm 24 | * terraform 25 | * workflow-aggregator 26 | 27 | ## Features 28 | 29 | * Demonstrate how to integrate Jenkins with Gerrit OpenLDAP. 30 | * Auto-configuring credentials and Maven settings file in Jenkins. 31 | * There's a [Jenkins slave/agent image](https://hub.docker.com/r/openfrontier/jenkins-swarm-slave/) which demonstrate how to build a jenkins-slave image for the Jenkins swarm plugin. 32 | 33 | ## Run Jenkins container 34 | 35 | ```shell 36 | docker volume create jenkins-home 37 | docker run \ 38 | -e JAVA_OPTS="t-Duser.timezone=Asia/Shanghai -Djenkins.install.runSetupWizard=false -Xms2048m -Xmx3584" \ 39 | -e JENKINS_OPTS=--prefix=/jenkins \ 40 | -e ROOT_URL=http://your.jenkins.example.com/jenkins/ \ 41 | -v jenkins-home:/var/jenkins_home \ 42 | -p 8080:8080 \ 43 | -p 50000:50000 \ 44 | -d openfrontier/jenkins 45 | ``` 46 | 47 | ## Environment variables for integrating Jenkins with Gerrit 48 | 49 | GERRIT_HOST_NAME Gerrit server's hostname 50 | GERRIT_FRONT_END_URL The url used to redirect to Gerrit in Browsers. 51 | GERRIT_SSH_PORT (optional) Gerrit server's ssh port. Default: 29418. 52 | GERRIT_USERNAME (optional) User name for ssh to Gerrit. Default: jenkins. 53 | GERRIT_EMAIL (optional) Gerrit user's email. Default: empty. 54 | GERRIT_SSH_KEY_FILE (optional) Location of the rsa key for ssh to Gerrit. Default: /var/jenkins_home/.ssh/id_rsa. 55 | GERRIT_SSH_KEY_PASSWORD (optional) Passphrase of the ssh key. Default: null. 56 | 57 | ## Environment variables for integrating with Openldap 58 | 59 | LDAP_SERVER (required), the LDPA URI, i.e. ldap-host:389 60 | LDAP_ROOTDN (required), the LDAP BASE_DN 61 | LDAP_INHIBIT_INFER_ROOTDN (required if LDAP_ROOTDN is empty), flag indicating if ROOT_DN should be infered 62 | LDAP_USER_SEARCH_BASE (optional), base organization unit to use to search for users 63 | LDAP_USER_SEARCH (optional), LDAP object field to use for the search query 64 | LDAP_GROUP_SEARCH_BASE (optional), base organization unit to use to search for groups 65 | LDAP_GROUP_SEARCH_FILTER (optional), filter to use querying for groups 66 | LDAP_GROUP_MEMBERSHIP_STRATEGY (required), the strategy to determine a user's groups, FromGroupSearchLDAPGroupMembershipStrategy or FromUserRecordLDAPGroupMembershipStrategy 67 | LDAP_GROUP_MEMBERSHIP_SEARCH_FILTER (optional), filter to use when writing queries to verify if a user is member of a group, used when LDAP_GROUP_MEMBERSHIP_STRATEGY is FromGroupSearchLDAPGroupMembershipStrategy 68 | LDAP_USER_RECORD_ATTRIBUTE_NAME (optional), the attribute name that is used to determine the groups to which a user belongs, used when LDAP_GROUP_MEMBERSHIP_STRATEGY is FromUserRecordLDAPGroupMembershipStrategy 69 | LDAP_MANAGER_DN (optional), LDAP adim user 70 | LDAP_MANAGER_PASSWORD (optional), LDAP admin password 71 | LDAP_INHIBIT_INFER_ROOTDN (required), flag indicating if ROOT_DN should be infered 72 | LDAP_DISPLAY_NAME_ATTRIBUTE_NAME (optional), LDAP object field used as a display name 73 | LDAP_DISABLE_MAIL_ADDRESS_RESOLVER (required), flag indicating if the email address resolver should be disabled 74 | LDAP_MAIL_ADDRESS_ATTRIBUTE_NAME (optional), LDAP object field used as a email address 75 | LDAP_GROUP_NAME_ADMIN (optional), LDAP admin group. Default to administrators. 76 | 77 | ## Environment variables for maven and nexus integration 78 | 79 | NEXUS_REPO (optional) Nexus repository url. This will create a maven settings config file in Jenkins for you and mirror all maven site to this url. 80 | NEXUS_USER (optional) Username for push artifacts to Nexus repository. This will create a username password credential for you in Jenkins. 81 | NEXUS_PASS (optional) Password for push artifacts to Nexus repository. 82 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | echo "Genarate JENKINS SSH KEY" 5 | source /usr/local/bin/generate_key.sh 6 | echo "start JENKINS" 7 | # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments 8 | if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then 9 | exec tini -- /usr/local/bin/jenkins.sh "$@" 10 | fi 11 | exec "$@" 12 | -------------------------------------------------------------------------------- /generate_key.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Constants 5 | JENKINS_HOME="/var/jenkins_home" 6 | JENKINS_SSH_DIR="${JENKINS_HOME}/.ssh" 7 | JENKINS_USER_CONTENT_DIR="${JENKINS_HOME}/userContent/" 8 | 9 | if [ ! -d "${JENKINS_SSH_DIR}" ]; then mkdir -p "${JENKINS_SSH_DIR}"; fi 10 | 11 | if [ ! -f ${JENKINS_SSH_DIR}/"id_rsa" ]; then 12 | echo "Generating Jenkins Key Pair" 13 | rm -f ${JENKINS_SSH_DIR}/id_rsa.pub 14 | ssh-keygen -t rsa -f ${JENKINS_SSH_DIR}/'id_rsa' -b 4096 -N ''; 15 | echo "Copy key to userContent folder" 16 | mkdir -p ${JENKINS_USER_CONTENT_DIR} 17 | rm -f ${JENKINS_USER_CONTENT_DIR}/id_rsa.pub 18 | cp ${JENKINS_SSH_DIR}/id_rsa.pub ${JENKINS_USER_CONTENT_DIR}/id_rsa.pub 19 | fi 20 | -------------------------------------------------------------------------------- /init.groovy.d/general_credentials.groovy: -------------------------------------------------------------------------------- 1 | import hudson.model.*; 2 | import jenkins.model.*; 3 | import com.cloudbees.plugins.credentials.SystemCredentialsProvider; 4 | import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey; 5 | import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl; 6 | import com.cloudbees.plugins.credentials.CredentialsScope; 7 | import com.cloudbees.plugins.credentials.domains.Domain; 8 | 9 | // Constants 10 | def instance = Jenkins.getInstance() 11 | 12 | Thread.start { 13 | // Jenkins SSH and Maven artifacts deployment Credentials 14 | println "--> Registering Credentials" 15 | def system_credentials_provider = SystemCredentialsProvider.getInstance() 16 | 17 | def ssh_key_description = "Jenkins Master" 18 | def nexus_credentials_description = "Nexus Server" 19 | 20 | ssh_credentials_exist = false 21 | nexus_credentials_exist = false 22 | system_credentials_provider.getCredentials().each { 23 | credentials = (com.cloudbees.plugins.credentials.Credentials) it 24 | if ( credentials.getDescription() == ssh_key_description) { 25 | ssh_credentials_exist = true 26 | println("Found existing credentials: " + ssh_key_description) 27 | } 28 | if ( credentials.getDescription() == nexus_credentials_description) { 29 | nexus_credentials_exist = true 30 | println("Found existing credentials: " + nexus_credentials_description) 31 | } 32 | } 33 | 34 | if(!ssh_credentials_exist) { 35 | println("Adding credentials: " + ssh_key_description) 36 | def ssh_key_scope = CredentialsScope.GLOBAL 37 | def ssh_key_id = "jenkins-master" 38 | def ssh_key_username = "jenkins" 39 | def ssh_key_private_key_source = new BasicSSHUserPrivateKey.UsersPrivateKeySource() 40 | def ssh_key_passphrase = null 41 | 42 | def ssh_key_domain = Domain.global() 43 | def ssh_key_creds = new BasicSSHUserPrivateKey(ssh_key_scope,ssh_key_id,ssh_key_username,ssh_key_private_key_source,ssh_key_passphrase,ssh_key_description) 44 | 45 | system_credentials_provider.getStore().addCredentials(ssh_key_domain,ssh_key_creds) 46 | } 47 | 48 | // Add credentials for deploying artifacts to Nexus 49 | def credentials_username = System.getenv("NEXUS_USER") 50 | def credentials_password = System.getenv("NEXUS_PASS") 51 | if(credentials_username && credentials_password && !nexus_credentials_exist) { 52 | println("Adding credentials: " + nexus_credentials_description) 53 | def credentials_scope = CredentialsScope.GLOBAL 54 | def redentials_id = 'nexus-server' 55 | 56 | def credentials_domain = Domain.global() 57 | def user_pass_creds = new UsernamePasswordCredentialsImpl(credentials_scope,redentials_id,nexus_credentials_description,credentials_username,credentials_password) 58 | 59 | system_credentials_provider.getStore().addCredentials(credentials_domain,user_pass_creds) 60 | } 61 | // Save the state 62 | instance.save() 63 | } 64 | -------------------------------------------------------------------------------- /init.groovy.d/general_maven.groovy: -------------------------------------------------------------------------------- 1 | import hudson.model.*; 2 | import jenkins.model.*; 3 | import hudson.tools.*; 4 | import hudson.tasks.Maven.MavenInstaller; 5 | import hudson.tasks.Maven.MavenInstallation; 6 | import org.jenkinsci.plugins.configfiles.GlobalConfigFiles; 7 | import org.jenkinsci.plugins.configfiles.maven.*; 8 | import org.jenkinsci.plugins.configfiles.maven.security.*; 9 | 10 | // Constants 11 | def instance = Jenkins.getInstance() 12 | 13 | Thread.start { 14 | sleep 10000 15 | 16 | // Maven 17 | println "--> Configuring Maven" 18 | def desc_MavenTool = instance.getDescriptor("hudson.tasks.Maven") 19 | def maven_installations = desc_MavenTool.getInstallations() 20 | 21 | def name="Maven" 22 | def maven_inst = new MavenInstallation( 23 | name, // Name 24 | "/usr/share/maven", // Home 25 | ) 26 | 27 | def maven_inst_exists = false 28 | maven_installations.each { 29 | installation = (MavenInstallation) it 30 | if ( maven_inst.getName() == installation.getName() ) { 31 | maven_inst_exists = true 32 | println("Found existing installation: " + installation.getName()) 33 | } 34 | } 35 | 36 | if (!maven_inst_exists) { 37 | println("Adding Maven installation: " + maven_inst.getName()) 38 | maven_installations += maven_inst 39 | desc_MavenTool.setInstallations((MavenInstallation[]) maven_installations) 40 | desc_MavenTool.save() 41 | } 42 | 43 | // Configuring global maven settings 44 | def mirrorUrl = System.getenv("NEXUS_REPO") 45 | if (mirrorUrl) { 46 | println("--> Configuring global maven settings") 47 | def configId = 'global-maven-settings' 48 | def configName = 'global-maven-settings' 49 | def configComment = 'Maven Mirror Settings' 50 | def configContent = """ 51 | 53 | 54 | 55 | nexus 56 | Local Maven Repository Manager 57 | ${mirrorUrl} 58 | * 59 | 60 | 61 | 62 | """ 63 | def globalConfigFiles = GlobalConfigFiles.get() 64 | if (globalConfigFiles.getById(configId) == null) { 65 | println("Adding maven settings: " + configName) 66 | def serverCreds = new ArrayList() 67 | def serverId = 'deployment' 68 | def credentialId = 'nexus-server' 69 | def serverCredentialMappings = new ServerCredentialMapping(serverId, credentialId) 70 | serverCreds.add(serverCredentialMappings) 71 | def globalConfig = new GlobalMavenSettingsConfig(configId, configName, configComment, configContent, true, serverCreds) 72 | globalConfigFiles.save(globalConfig) 73 | } else{ 74 | println("Found existing maven settings: " + configName) 75 | } 76 | } 77 | 78 | // Save the state 79 | instance.save() 80 | } 81 | -------------------------------------------------------------------------------- /init.groovy.d/general_url.groovy: -------------------------------------------------------------------------------- 1 | import hudson.model.*; 2 | import jenkins.model.*; 3 | 4 | // Variables 5 | def env = System.getenv() 6 | def root_Url = env['ROOT_URL'] 7 | 8 | // Constants 9 | def instance = Jenkins.getInstance() 10 | 11 | Thread.start { 12 | println "--> Configuring General URL Settings" 13 | 14 | if(root_Url) { 15 | // Base URL 16 | println "--> Setting Base URL" 17 | jlc = JenkinsLocationConfiguration.get() 18 | jlc.setUrl(root_Url) 19 | jlc.save() 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /init.groovy.d/gerrit.groovy: -------------------------------------------------------------------------------- 1 | import hudson.model.*; 2 | import jenkins.model.*; 3 | import com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl; 4 | import com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer; 5 | import com.sonyericsson.hudson.plugins.gerrit.trigger.config.Config; 6 | 7 | def env = System.getenv() 8 | // Variables 9 | def gerrit_host_name = env['GERRIT_HOST_NAME'] 10 | def gerrit_front_end_url = env['GERRIT_FRONT_END_URL'] 11 | def gerrit_ssh_port = env['GERRIT_SSH_PORT'] ?: "29418" 12 | gerrit_ssh_port = gerrit_ssh_port.toInteger() 13 | def gerrit_username = env['GERRIT_USERNAME'] ?: "jenkins" 14 | def gerrit_email = env['GERRIT_EMAIL'] ?: "" 15 | def gerrit_ssh_key_file = env['GERRIT_SSH_KEY_FILE'] ?: "/var/jenkins_home/.ssh/id_rsa" 16 | def gerrit_ssh_key_password = env['GERRIT_SSH_KEY_PASSWORD'] ?: null 17 | 18 | // Constants 19 | def instance = Jenkins.getInstance() 20 | 21 | Thread.start { 22 | sleep 10000 23 | 24 | // Gerrit 25 | println "--> Configuring Gerrit" 26 | 27 | def gerrit_trigger_plugin = PluginImpl.getInstance() 28 | 29 | def gerrit_server = new GerritServer("Gerrit") 30 | 31 | def gerrit_servers = gerrit_trigger_plugin.getServerNames() 32 | def gerrit_server_exists = false 33 | gerrit_servers.each { 34 | server_name = (String) it 35 | if ( server_name == gerrit_server.getName() ) { 36 | gerrit_server_exists = true 37 | println("Found existing installation: " + server_name) 38 | } 39 | } 40 | 41 | if (!gerrit_server_exists) { 42 | def gerrit_server_config = new Config() 43 | 44 | gerrit_server_config.setGerritHostName(gerrit_host_name) 45 | gerrit_server_config.setGerritFrontEndURL(gerrit_front_end_url) 46 | gerrit_server_config.setGerritSshPort(gerrit_ssh_port) 47 | gerrit_server_config.setGerritUserName(gerrit_username) 48 | gerrit_server_config.setGerritEMail(gerrit_email) 49 | gerrit_server_config.setGerritAuthKeyFile(new File(gerrit_ssh_key_file)) 50 | gerrit_server_config.setGerritAuthKeyFilePassword(gerrit_ssh_key_password) 51 | 52 | gerrit_server.setConfig(gerrit_server_config) 53 | gerrit_trigger_plugin.addServer(gerrit_server) 54 | gerrit_trigger_plugin.save() 55 | // Don't start server by default. Server can be started manually on Gerrit Trigger config page. 56 | // gerrit_server.start() 57 | // gerrit_server.startConnection() 58 | } 59 | 60 | // Save the state 61 | instance.save() 62 | } 63 | -------------------------------------------------------------------------------- /init.groovy.d/jnlp-agent-protocols.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2015-2018 Sam Gleske - https://github.com/samrocketman/jenkins-bootstrap-shared 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | /* 17 | Disable all JNLP protocols except for JNLP4. JNLP4 is the most secure agent 18 | protocol because it is using standard TLS. 19 | */ 20 | import jenkins.model.Jenkins 21 | 22 | Jenkins j = Jenkins.instance 23 | 24 | if(!j.isQuietingDown()) { 25 | Set agentProtocolsList = ['JNLP4-connect', 'Ping'] 26 | if(!j.getAgentProtocols().equals(agentProtocolsList)) { 27 | j.setAgentProtocols(agentProtocolsList) 28 | println "Agent Protocols have changed. Setting: ${agentProtocolsList}" 29 | j.save() 30 | } 31 | else { 32 | println "Nothing changed. Agent Protocols already configured: ${j.getAgentProtocols()}" 33 | } 34 | } 35 | else { 36 | println 'Shutdown mode enabled. Configure Agent Protocols SKIPPED.' 37 | } 38 | -------------------------------------------------------------------------------- /init.groovy.d/kubernetes.groovy: -------------------------------------------------------------------------------- 1 | import org.csanchez.jenkins.plugins.kubernetes.* 2 | import jenkins.model.* 3 | 4 | def instance = Jenkins.getInstance() 5 | 6 | Thread.start { 7 | sleep 10000 8 | 9 | println("--> Configuring kubernetes plugin") 10 | 11 | cloud_exist = false 12 | if (instance.clouds) { 13 | instance.clouds.each { 14 | if (it.getDisplayName() == 'kubernetes') { 15 | println("Found existing cloud: ${it.getDisplayName()}") 16 | cloud_exist = true 17 | } 18 | } 19 | } 20 | if (!cloud_exist) { 21 | kc = new KubernetesCloud('kubernetes') 22 | kc.setSkipTlsVerify(true) 23 | kc.setContainerCapStr('5') 24 | jenkinsUrl = System.getenv("JENKINS_URL") 25 | jenkinsUrl && kc.setJenkinsUrl(jenkinsUrl) 26 | println "Adding k8s cloud: ${kc.getDisplayName()}" 27 | instance.clouds.add(kc) 28 | } 29 | instance.save() 30 | } 31 | -------------------------------------------------------------------------------- /init.groovy.d/ldap.groovy: -------------------------------------------------------------------------------- 1 | import hudson.model.*; 2 | import jenkins.model.*; 3 | import hudson.security.*; 4 | import jenkins.security.plugins.ldap.*; 5 | import hudson.util.Secret; 6 | import com.cloudbees.plugins.credentials.SystemCredentialsProvider; 7 | import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl; 8 | import com.cloudbees.plugins.credentials.CredentialsScope; 9 | 10 | def env = System.getenv() 11 | 12 | // Variables 13 | def ldap_server = env['LDAP_SERVER'] 14 | def ldap_rootDN = env['LDAP_ROOTDN'] 15 | def ldap_inhibitInferRootDN = env['LDAP_INHIBIT_INFER_ROOTDN'] 16 | def configXmlFile = "/var/jenkins_home/config.xml" 17 | 18 | // Constants 19 | def instance = Jenkins.getInstance() 20 | 21 | Thread.start { 22 | sleep 10000 23 | 24 | if (ldap_server && (ldap_rootDN || ldap_inhibitInferRootDN)) { 25 | init_ldap_parameter = true 26 | def configXmlString = new File(configXmlFile).getText('UTF-8') 27 | def rootNode = new XmlSlurper().parseText(configXmlString) 28 | rootNode.securityRealm.each { 29 | if(it.@class == "hudson.security.LDAPSecurityRealm") { 30 | init_ldap_parameter = false 31 | } 32 | } 33 | if (init_ldap_parameter) { 34 | def ldap_userSearchBase = env['LDAP_USER_SEARCH_BASE'] 35 | def ldap_userSearch = env['LDAP_USER_SEARCH'] 36 | def ldap_groupSearchBase = env['LDAP_GROUP_SEARCH_BASE'] 37 | def ldap_groupSearchFilter = env['LDAP_GROUP_SEARCH_FILTER'] 38 | def ldap_groupMembershipStrategy = env['LDAP_GROUP_MEMBERSHIP_STRATEGY'] 39 | def ldap_groupMembershipSearchFilter = env['LDAP_GROUP_MEMBERSHIP_SEARCH_FILTER'] 40 | def ldap_userRecordAttributeName = env['LDAP_USER_RECORD_ATTRIBUTE_NAME'] 41 | def ldap_managerDN = env['LDAP_MANAGER_DN'] 42 | def ldap_managerPassword = env['LDAP_MANAGER_PASSWORD'] 43 | def ldap_disableMailAddressResolver = env['LDAP_DISABLE_MAIL_ADDRESS_RESOLVER'].toBoolean() 44 | def ldap_displayNameAttributeName = env['LDAP_DISPLAY_NAME_ATTRIBUTE_NAME'] 45 | def ldap_mailAddressAttributeName = env['LDAP_MAIL_ADDRESS_ATTRIBUTE_NAME'] 46 | 47 | // Add Global credentials for LDAP 48 | println "--> Registering LDAP Credentials" 49 | def system_credentials_provider = SystemCredentialsProvider.getInstance() 50 | 51 | def credential_description = "LDAP Admin" 52 | 53 | ldap_credentials_exist = false 54 | system_credentials_provider.getCredentials().each { 55 | credentials = (com.cloudbees.plugins.credentials.Credentials) it 56 | if (credentials.getDescription() == credential_description) { 57 | ldap_credentials_exist = true 58 | println("Found existing credentials: " + credential_description) 59 | } 60 | } 61 | 62 | if (!ldap_credentials_exist) { 63 | def credential_scope = CredentialsScope.GLOBAL 64 | def credential_id = "ldap-admin" 65 | def credential_username = ldap_managerDN 66 | def credential_password = ldap_managerPassword 67 | 68 | def credential_domain = com.cloudbees.plugins.credentials.domains.Domain.global() 69 | def credential_creds = new UsernamePasswordCredentialsImpl(credential_scope,credential_id,credential_description,credential_username,credential_password) 70 | 71 | system_credentials_provider.getStore().addCredentials(credential_domain,credential_creds) 72 | } 73 | 74 | // LDAP 75 | println "--> Configuring LDAP" 76 | 77 | // Decide the strategy we use to determine a user's groups. 78 | def strategy = null 79 | if (ldap_groupMembershipStrategy =="FromGroupSearchLDAPGroupMembershipStrategy") 80 | strategy = new FromGroupSearchLDAPGroupMembershipStrategy(ldap_groupMembershipSearchFilter) 81 | else if (ldap_groupMembershipStrategy == "FromUserRecordLDAPGroupMembershipStrategy") 82 | strategy = new FromUserRecordLDAPGroupMembershipStrategy(ldap_userRecordAttributeName) 83 | else 84 | println("Unsupported group membership strategy: " + ldap_groupMembershipStrategy) 85 | 86 | def ldapRealm = new LDAPSecurityRealm( 87 | ldap_server, //String server 88 | ldap_rootDN, //String rootDN 89 | ldap_userSearchBase, //String userSearchBase 90 | ldap_userSearch, //String userSearch 91 | ldap_groupSearchBase, //String groupSearchBase 92 | ldap_groupSearchFilter, //String groupSearchFilter 93 | strategy, //LDAPGroupMembershipStrategy groupMembershipStrategy 94 | ldap_managerDN, //String managerDN 95 | Secret.fromString(ldap_managerPassword), //Secret managerPasswordSecret 96 | ldap_inhibitInferRootDN.toBoolean(), //boolean inhibitInferRootDN 97 | ldap_disableMailAddressResolver, //boolean disableMailAddressResolver 98 | null, //CacheConfiguration cache 99 | null, //EnvironmentProperty[] environmentProperties 100 | ldap_displayNameAttributeName, //String displayNameAttributeName 101 | ldap_mailAddressAttributeName, //String mailAddressAttributeName 102 | IdStrategy.CASE_INSENSITIVE, //IdStrategy userIdStrategy 103 | IdStrategy.CASE_INSENSITIVE //IdStrategy groupIdStrategy >> defaults 104 | ) 105 | 106 | instance.setSecurityRealm(ldapRealm) 107 | 108 | // If no authorisation strategy is in place, default to "Authenticated users can do anything" 109 | def authStrategy = Hudson.instance.getAuthorizationStrategy() 110 | 111 | if (authStrategy instanceof AuthorizationStrategy.Unsecured) { 112 | println "Defaulting to 'Authenticated users can do anything' rather than 'unsecure'." 113 | instance.setAuthorizationStrategy(new FullControlOnceLoggedInAuthorizationStrategy()) 114 | } 115 | 116 | // Save the state 117 | instance.save() 118 | } 119 | } 120 | } 121 | --------------------------------------------------------------------------------