Configure Jenkins and LDAP integration

Change-Id: I450f3521f29e5f09a1748eed4718618c6b891ce2
2016-03-25 16:51:52 +03:00 · 2016-03-25 16:51:52 +03:00 · 38eec3f070
commit 38eec3f070
parent c668552045
8 changed files with 135 additions and 0 deletions
--- a/murano-apps/Jenkins/package/Classes/Jenkins.yaml
+++ b/murano-apps/Jenkins/package/Classes/Jenkins.yaml
@ -13,6 +13,8 @@ Extends: std:Application
 Properties:
  name:
    Contract: $.string().notNull()
+  ldap:
+    Contract: $.class(OpenLDAP)
  instance:
    Contract: $.class(puppet:PuppetInstance).notNull()

@ -46,6 +48,12 @@ Methods:
          - $._environment.reporter.report($this, 'Jenkins deploying')
          - $.instance.agent.call($template, $resources)

+          - If: $.ldap != null
+            Then:
+              - $._environment.reporter.report($this, 'Jenkins waits OpenLDAP to be deployed...')
+              - $.ldap.deploy()
+              - $.connectLDAP()
+
          - If: $.instance.assignFloatingIp
            Then:
              - $host: $.instance.floatingIpAddress
@ -54,6 +62,26 @@ Methods:
          - $._environment.reporter.report($this, 'Jenkins is available at {0}:8080'.format($host))
          - $.setAttr(deployed, true)

+  connectLDAP:
+    Body:
+      - $ldapInstance: $.ldap.instance
+      - If: $ldapInstance.assignFloatingIp
+        Then:
+          - $ldapHost: $ldapInstance.floatingIpAddress
+        Else:
+          - $ldapHost: $ldapInstance.ipAddresses[0]
+
+      - $.instance.setHieraValue('ldap_ip', $ldapHost)
+      - $.instance.setHieraValue('ldap_domain', $.ldap.domain)
+      - $.instance.setHieraValue('ldap_root_user', $.ldap.ldapRootUser)
+      - $.instance.setHieraValue('ldap_root_password', $.ldap.ldapRootPass)
+
+      - $resources: new(sys:Resources)
+      - $._environment.reporter.report($this, 'Connecting Jenkins to OpenLDAP server')
+      - $template: $resources.yaml('ConnectLDAP.template')
+      - $.instance.agent.call($template, $resources)
+      - $._environment.reporter.report($this, 'Jenkins is connected to OpenLDAP server!')
+

  destroy:
    Body:
--- a/murano-apps/Jenkins/package/Resources/ConnectLDAP.template
+++ b/murano-apps/Jenkins/package/Resources/ConnectLDAP.template
@ -0,0 +1,19 @@
+FormatVersion: 2.1.0
+Version: 1.0.0
+Name: Connect LDAP
+
+Body: |
+  return deploy(args).stdout
+
+Scripts:
+  deploy:
+    Type: Application
+    Version: 1.0.0
+    EntryPoint: configure_ldap.sh
+    Files:
+      - 'configure_ldap/templates/config.erb'
+      - 'configure_ldap/manifests/init.pp'
+      - 'ldap_init.pp'
+    Options:
+      captureStdout: true
+      captureStderr: true
--- a/murano-apps/Jenkins/package/Resources/scripts/configure_ldap.sh
+++ b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+
+mkdir /etc/puppet/modules/configure_ldap
+mkdir /etc/puppet/modules/configure_ldap/manifests/
+mkdir /etc/puppet/modules/configure_ldap/templates/
+
+cp configure_ldap/manifests/init.pp /etc/puppet/modules/configure_ldap/manifests/
+cp configure_ldap/templates/config.erb /etc/puppet/modules/configure_ldap/templates/
+
+puppet apply ldap_init.pp
--- a/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/manifests/init.pp
+++ b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/manifests/init.pp
@ -0,0 +1,19 @@
+class configure_ldap (
+  $openldap_ip    = undef,
+  $admin_name     = undef,
+  $admin_password = undef,
+  $domain         = undef,
+) {
+  service { 'jenkins':
+    ensure => running,
+    enable => true,
+  }
+  file { '/var/lib/jenkins/config.xml':
+      notify  => Service['jenkins'],
+      ensure  => present,
+      owner   => 'jenkins',
+      group   => 'jenkins',
+      mode    => '0644',
+      content => template('configure_ldap/config.erb'),
+    }
+}
--- a/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
+++ b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
@ -0,0 +1,44 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson>
+  <disabledAdministrativeMonitors/>
+  <version>1.0</version>
+  <numExecutors>2</numExecutors>
+  <mode>NORMAL</mode>
+  <useSecurity>true</useSecurity>
+  <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
+    <server>ldap://<%= openldap_ip %>:389</server>
+    <rootDN>dc=<%= domain.split(".")[0] %>,dc=<%= domain.split(".")[1] %></rootDN>
+    <inhibitInferRootDN>false</inhibitInferRootDN>
+    <userSearchBase></userSearchBase>
+    <userSearch>uid={0}</userSearch>
+    <managerDN>cn=<%= admin_name %>,dc=<%= domain.split(".")[0] %>,dc=<%= domain.split(".")[1] %></managerDN>
+    <!-- NOTE: need to store managerPassword in base64 encoded, otherwise Jenkins can't correctly parse it -->
+    <% require 'base64' %>
+    <managerPassword><%= Base64.encode64(admin_password) %></managerPassword>
+    <disableMailAddressResolver>false</disableMailAddressResolver>
+  </securityRealm>
+  <disableRememberMe>false</disableRememberMe>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy\$DefaultProjectNamingStrategy"/>
+  <workspaceDir>\${JENKINS_HOME}/workspace/\${ITEM_FULLNAME}</workspaceDir>
+  <buildsDir>\${ITEM_ROOTDIR}/builds</buildsDir>
+  <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
+  <jdks/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
+  <clouds/>
+  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+  <views>
+    <hudson.model.AllView>
+      <owner class="hudson" reference="../../.."/>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View\$PropertyList"/>
+    </hudson.model.AllView>
+  </views>
+  <primaryView>All</primaryView>
+  <slaveAgentPort>0</slaveAgentPort>
+  <label></label>
+  <nodeProperties/>
+  <globalNodeProperties/>
+</hudson>
--- a/murano-apps/Jenkins/package/Resources/scripts/ldap_init.pp
+++ b/murano-apps/Jenkins/package/Resources/scripts/ldap_init.pp
@ -0,0 +1,8 @@
+node default {
+  class { 'configure_ldap':
+    openldap_ip    => hiera('ldap_ip'),
+    admin_name     => hiera('ldap_root_user'),
+    admin_password => hiera('ldap_root_password'),
+    domain         => hiera('ldap_domain')
+  }
+}
--- a/murano-apps/Jenkins/package/UI/ui.yaml
+++ b/murano-apps/Jenkins/package/UI/ui.yaml
@ -4,6 +4,7 @@ Application:
  ?:
    type: io.murano.opaas.Jenkins
  name: $.appConfiguration.name
+  ldap: $.appConfiguration.OpenLDAP
  instance:
    ?:
      type: io.murano.opaas.puppet.PuppetInstance
@ -31,6 +32,11 @@ Forms:
             Select to true to assign floating IP automatically
          initial: true
          required: false
+        - name: OpenLDAP
+          type: io.murano.opaas.OpenLDAP
+          required: false
+          description: >-
+            Specify OpenLDAP domain for authentication
  - instanceConfiguration:
      fields:
        - name: title
--- a/murano-apps/Jenkins/package/manifest.yaml
+++ b/murano-apps/Jenkins/package/manifest.yaml
@ -13,3 +13,4 @@ Logo: logo.png
 Require:
  io.murano.opaas.puppet.ProjectConfig:
  io.murano.opaas.puppet.Puppet:
+  io.murano.opaas.OpenLDAP: