search

voxpupuli / puppet-jenkins

Puppet module for Jenkins
http://forge.puppetlabs.com/puppet/jenkins
Apache License 2.0
275 stars 565 forks source link

Jenkins restart service doesn't support safe restart #368

Open v1v opened 9 years ago

v1v commented 9 years ago

Use case: if any changes then restart jenkins but bear in mind if you restart it might stop/abort those builds which are still running.

Current configuration:

File: manifests/services.pp

  service { 'jenkins':
    ensure     => $jenkins::service_ensure,
    enable     => $jenkins::service_enable,
    hasstatus  => true,
    hasrestart => true,
  }
Suggested configuration:

File: manifests/services.pp

  file { '/var/lib/jenkins/jenkins-safe-restart.sh':
    ensure  => 'file',
    mode    => '0750',
    owner   => 'jenkins',
    group   => 'jenkins',
    content => template("${module_name}/jenkins-safe-restart.erb"),
  }

  service { 'jenkins':
    ensure     => $jenkins::service_ensure,
    enable     => $jenkins::service_enable,
    restart    => '/var/lib/jenkins/jenkins-safe-restart.sh',
    hasstatus  => true,
    hasrestart => true,
    require    => [
      File['/var/lib/jenkins/jenkins-safe-restart.sh'],
      # Package['wget'], #might need this package in order to avoid issues when running jenkins-safe-restart.sh
    ],
  }

File: templates//jenkins-safe-restart.erb

#!/bin/bash
cd /var/lib/jenkins
if [ ! -e jenkins-cli.jar ] ; then
  wget http://localhost:<%= @port %>/jnlpJars/jenkins-cli.jar
fi

java -jar jenkins-cli.jar -s http://localhost:<%= @port %> safe-restart 2> jenkins-safe-restart.stderr
Downsides:

It works as long your Administration security is not in place or you already configured with some granted privileges... or added some cli login setup via -i flag "-i ~jenkins/.ssh/jenkins_id_rsa" or so

In fact: jenkins::cli::safe-restart command might not work if those security layouts are in place AFAIK

Further details: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI (Working with Credentials section).

Let me know your thoughts

Cheers

rtyler commented 9 years ago

@v1v for the record, I use the feedback-needed label when I need feedback from the original submitter of an issue. This got overlooked because I assumed it was waiting for somebody to add more details in :)

Anyways, I think the idea is a reasonable one but the number of ways a process might be configured to prevent CLI access concerns me. We'll need to make the script much more bullet-proof I think to where if it cannot access the Jenkins service for whatever reason it falls back to the raw process kill/restart semantics

jhoblitt commented 9 years ago

It shouldn't be to difficult to implement a service provider that uses the cli to invoke safe-restart.