[Jenkins] Fixing work v2 with LDAP plugin

* Install LDAP plugin * Update config.xml * More accurate search in get_api_token.sh Change-Id: I27f4e99a69e492d303e1f5a6653abcdb473ef7ee
2016-07-07 15:48:40 +03:00 · 2016-07-07 15:48:40 +03:00 · f7ce50c309
commit f7ce50c309
parent 07059c9d22
3 changed files with 25 additions and 9 deletions
--- a/murano-apps/Jenkins/package/Classes/Jenkins.yaml
+++ b/murano-apps/Jenkins/package/Classes/Jenkins.yaml
@ -132,7 +132,11 @@ Methods:
      - $this.instance.putHieraData($data)

      - $resources: new(sys:Resources)
-      - $._environment.reporter.report($this, 'Connecting Jenkins to OpenLDAP server')
+      - $._environment.reporter.report($this, 'Installing jenkins LDAP plugin...')
+      - $template: $resources.yaml('InstallPlugins.template').bind({plugins => ldap})
+      - $.instance.agent.call($template, $resources)
+      - $._environment.reporter.report($this, 'LDAP plugin is installed.')
+      - $._environment.reporter.report($this, 'Connecting Jenkins to OpenLDAP server...')
      - $template: $resources.yaml('ConnectLDAP.template')
      - $.instance.agent.call($template, $resources)
      - $._environment.reporter.report($this, 'Jenkins is connected to OpenLDAP server!')
--- a/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
+++ b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
@ -5,20 +5,30 @@
  <numExecutors>2</numExecutors>
  <mode>NORMAL</mode>
  <useSecurity>true</useSecurity>
-  <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
+  <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
+    <denyAnonymousReadAccess>false</denyAnonymousReadAccess>
+  </authorizationStrategy>
+  <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.12">
    <server>ldap://<%= openldap_ip %>:389</server>
    <rootDN>dc=<%= domain.split(".")[0] %>,dc=<%= domain.split(".")[1] %></rootDN>
    <inhibitInferRootDN>false</inhibitInferRootDN>
    <userSearchBase></userSearchBase>
    <userSearch>uid={0}</userSearch>
+    <groupMembershipStrategy class="jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy">
+      <filter></filter>
+    </groupMembershipStrategy>
    <managerDN>cn=<%= admin_name %>,dc=<%= domain.split(".")[0] %>,dc=<%= domain.split(".")[1] %></managerDN>
    <!-- NOTE: need to store managerPassword in base64 encoded, otherwise Jenkins can't correctly parse it -->
    <% require 'base64' %>
-    <managerPassword><%= Base64.encode64(admin_password) %></managerPassword>
+    <managerPassword><%= Base64.encode64(admin_password) -%></managerPassword>
    <disableMailAddressResolver>false</disableMailAddressResolver>
+    <displayNameAttributeName>displayname</displayNameAttributeName>
+    <mailAddressAttributeName>mail</mailAddressAttributeName>
+    <userIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
+    <groupIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
  </securityRealm>
  <disableRememberMe>false</disableRememberMe>
-  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy\$DefaultProjectNamingStrategy"/>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
  <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
  <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
@ -33,12 +43,14 @@
      <name>All</name>
      <filterExecutors>false</filterExecutors>
      <filterQueue>false</filterQueue>
-      <properties class="hudson.model.View\$PropertyList"/>
    </hudson.model.AllView>
  </views>
  <primaryView>All</primaryView>
-  <slaveAgentPort>0</slaveAgentPort>
+  <slaveAgentPort>-1</slaveAgentPort>
  <label></label>
+  <crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
+    <excludeClientIPFromCrumb>false</excludeClientIPFromCrumb>
+  </crumbIssuer>
  <nodeProperties/>
  <globalNodeProperties/>
-</hudson>
+</hudson>
--- a/murano-apps/Nodepool/package/Resources/get_api_token.sh
+++ b/murano-apps/Nodepool/package/Resources/get_api_token.sh
@ -3,14 +3,14 @@
 username="%USERNAME%"
 password="%PASSWORD%"
 jenkins_host="%JENKINS_HOST%"
-cmd="curl --user '$username:$password' http://${jenkins_host}:8080/me/configure | grep -o '\"[0-9a-f]\{32\}\"' | cut -d '\"' -f 2"
+cmd="curl --user '$username:$password' http://${jenkins_host}:8080/me/configure | grep apiToken | grep -o '\"[0-9a-f]\{32\}\"' | cut -d '\"' -f 2"

 # Jenkins might not be ready at this point.
 # Retry logic is used here.
 token=$(eval $cmd)
 tries=10

-while [ -z $token ]; do
+while [ -z "$token" ]; do
  sleep 20
  token=$(eval $cmd)