From dd9356a5746ea8e4b0ad15591581c0d86c4e9eb4 Mon Sep 17 00:00:00 2001 From: Cristina Pauna Date: Thu, 14 Mar 2019 20:29:37 +0200 Subject: [PATCH] Add script for connecting static jenkins slaves Script from [1] adapted for akraino, both for production and for sandbox. It configures monit and connects the slave to the LF master Usage for production: sudo akraino/repos/ci-management/utils/jenkins-jnlp-connect.sh \ -j /home/jenkins -u jenkins -n -s Usage for sandbox: sudo akraino/repos/ci-management/utils/jenkins-jnlp-connect.sh \ -j /home/jenkins -u jenkins -n -s -b [1] https://github.com/opnfv/releng/blob/master/utils/jenkins-jnlp-connect.sh Change-Id: I7289a06a13deb3626a4c37147d6fb8b5fdd0e5ff Signed-off-by: Cristina Pauna --- utils/jenkins-jnlp-connect.sh | 233 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100755 utils/jenkins-jnlp-connect.sh diff --git a/utils/jenkins-jnlp-connect.sh b/utils/jenkins-jnlp-connect.sh new file mode 100755 index 0000000..979388b --- /dev/null +++ b/utils/jenkins-jnlp-connect.sh @@ -0,0 +1,233 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 Linux Foundation and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +#Monit setup script for akraino jnlp agent connections + +test_firewall() { +jenkins_hostname="${jenkins_hostname:-jenkins.akraino.org}" + + + echo "testing that the firewall is open for us at $jenkins_hostname" + test=$(echo "blah"| nc -w 4 "$jenkins_hostname" 57387 > /dev/null 2>&1; echo $?) + if [[ $test == 0 ]]; then + echo "Firewall is open for us at $jenkins_hostname" + exit 0 + else + cat << EOF +LF firewall not open, please send a report to helpdesk with your gpg key attached, or better yet upload it to the key servers. (I should be able to find it with gpg --search-keys your@company.email.com +akrino-helpdesk@rt.linuxfoundation.org +Jenkins Home: $jenkinshome +Jenkins User: $jenkinsuser +Slave Name: $agent_name +IP Address: $(curl -s http://icanhazip.com) +EOF + exit 1 + fi +} + +main () { + #tests + if [[ -z $jenkinsuser || -z $jenkinshome ]]; then + echo "jenkinsuser or home not defined, please edit this file to define it" + exit 1 + fi + + if [[ $(pwd) != "$jenkinshome" ]]; then + echo "This script needs to be run from the jenkins users home dir" + echo "You are at $(pwd); jenkins home is set at $jenkinshome" + exit 1 + fi + + if [[ -z $agent_name || -z $agent_secret ]]; then + echo "agent name or secret not defined, please edit this file to define it" + exit 1 + fi + + if [[ $(whoami) != "root" && $(whoami) != "$jenkinsuser" ]]; then + echo "This script must be run as user root or jenkins user" + exit 1 + fi + + if [[ $(whoami) != "root" ]]; then + if sudo -l | grep "requiretty" | grep -v "\!requiretty"; then + echo "please comment out Defaults requiretty from /etc/sudoers" + exit 1 + fi + fi + + #make pid dir + if [[ ${SANDBOX} == true ]]; then + monit_service="sandbox" + else + monit_service="jenkins" + fi + + pidfile="/var/run/$monit_service/${monit_service}_jnlp_pid" + if ! [ -d /var/run/"${monit_service}"/ ]; then + sudo mkdir /var/run/"$monit_service"/ + sudo chown "$jenkinsuser":"$jenkinsuser" /var/run/"$monit_service"/ + fi + + if [[ $skip_monit != true ]]; then + #check for monit + if [ -n "$(command which monit)" ]; then + echo "monit installed" + else + if [ -n "$(command -v yum)" ]; then + echo "please install monit; eg: yum -y install monit" + exit 1 + elif [ -n "$(command -v apt-get)" ]; then + echo "please install monit; eg: apt-get install -y monit" + exit 1 + else + echo "system not supported plese contact help desk" + exit 1 + fi + fi + + if [ -d /etc/monit/conf.d ]; then + monitconfdir="/etc/monit/conf.d/" + monitconfig="/etc/monit/monitrc" + #add start delay + sed -i '/^#.* delay /s/^#//' "$monitconfig" + elif [ -d /etc/monit.d ]; then + monitconfdir="/etc/monit.d" + monitconfig="/etc/monitrc" + #add start delay + sed -i '/^#.* delay /s/^#//' "$monitconfig" + else + echo "Could not determine the location of the monit configuration file." + echo "Make sure monit is installed." + exit 1 + fi + + chown=$(type -p chown) + mkdir=$(type -p mkdir) + + makemonit () { + echo "Writing the following as monit config:" + + cat << EOF | tee $monitconfdir/$monit_service +check directory ${monit_service}_piddir path /var/run/$monit_service +if does not exist then exec "$mkdir -p /var/run/$monit_service" +if failed uid $jenkinsuser then exec "$chown $jenkinsuser /var/run/$monit_service" +if failed gid $jenkinsuser then exec "$chown :$jenkinsuser /var/run/$monit_service" +check process $monit_service with pidfile $pidfile +start program = "/usr/bin/sudo -u $jenkinsuser /bin/bash -c 'cd $jenkinshome; export started_monit=true; $0 $@' with timeout 60 seconds" +stop program = "/bin/bash -c '/bin/kill \$(/bin/cat $pidfile)'" +depends on ${monit_service}_piddir +EOF + } + + if [[ -f "$monitconfdir/$monit_service" ]]; then + #test for diff + if [[ -n "$(diff $monitconfdir/$monit_service <(echo "\ +check directory ${monit_service}_piddir path /var/run/$monit_service +if does not exist then exec \"$mkdir -p /var/run/$monit_service\" +if failed uid $jenkinsuser then exec \"$chown $jenkinsuser /var/run/$monit_service\" +if failed gid $jenkinsuser then exec \"$chown :$jenkinsuser /var/run/$monit_service\" +check process jenkins with pidfile $pidfile +start program = \"/usr/bin/sudo -u $jenkinsuser /bin/bash -c 'cd $jenkinshome; export started_monit=true; $0 $@' with timeout 60 seconds\" +stop program = \"/bin/bash -c '/bin/kill \$(/bin/cat $pidfile)'\" +depends on ${monit_service}_piddir\ +") )" ]]; then + echo "Updating monit config..." + makemonit "$@" + fi + else + makemonit "$@" + fi + fi + + if [[ $started_monit == "true" ]]; then + wget --timestamping https://"$jenkins_hostname"/jnlpJars/agent.jar && true + chown "$jenkinsuser":"$jenkinsuser" agent.jar + + if [[ -f $pidfile ]]; then + echo "pid file found" + if ! kill -0 "$(/bin/cat "$pidfile")"; then + echo "no java process running cleaning up pid file" + rm -f "$pidfile"; + else + echo "java connection process found and running already running quitting." + exit 1 + fi + fi + + if [[ $run_in_foreground == true ]]; then + $connectionstring + else + exec ${connectionstring} & + echo $! > $pidfile + fi + else + echo "you are ready to start monit" + echo "eg: service monit start" + echo "example debug mode if you are having problems: /usr/bin/monit -Ivv -c /etc/monit.conf " + exit 0 + fi +} + +usage() { + cat << EOF +**this file must be copied to the jenkins home directory to work** +jenkins-jnlp-connect.sh configures monit to keep agent connection up +Checks for new versions of agent.jar +run as root to create pid directory and create monit config. +can be run as root additional times if you change variables and need to update monit config. +after running as root you should see "you are ready to start monit" +usage: $0 [OPTIONS] + -h show this message + -j set jenkins home + -u set jenkins user + -n set agent name + -s set secret key + -l set host, default is jenkins.akraino.org + -b set flag that this connection is for sandbox; default is jenkins.akraino.org/sandbox + -t test the connection string by connecting without monit + -f test firewall +Example: $0 -j /home/jenkins -u jenkins -n lab1 -s 727fdefoofoofoofoofoofoofof800 +note: a trailing slash on -j /home/jenkins will break the script +EOF + + exit 1 +} + +if [[ -z "$@" ]]; then + usage +fi + +while getopts "j:u:n:s:l:bhtf" OPTION +do + case $OPTION in + j ) jenkinshome="$OPTARG" ;; + u ) jenkinsuser="$OPTARG" ;; + n ) agent_name="$OPTARG" ;; + s ) agent_secret="$OPTARG";; + l ) jenkins_hostname="$OPTARG" ;; + b ) SANDBOX=true ;; + h ) usage ;; + t ) started_monit=true + skip_monit=true + run_in_foreground=true ;; + f ) test_firewall ;; + \? ) echo "Unknown option: -$OPTARG" >&2; exit 1;; + esac +done + +if [[ ${SANDBOX} == true ]]; then + jenkins_hostname="${jenkins_hostname:-jenkins.akraino.org/sandbox}" +else + jenkins_hostname="${jenkins_hostname:-jenkins.akraino.org}" +fi +echo "hostname is ${jenkins_hostname}" + +connectionstring="java -jar agent.jar -jnlpUrl https://$jenkins_hostname/computer/$agent_name/slave-agent.jnlp -secret $agent_secret -noCertificateCheck " +main "$@" -- 2.16.6