search

voxpupuli / puppet-jenkins

Puppet module for Jenkins
http://forge.puppetlabs.com/puppet/jenkins
Apache License 2.0
275 stars 565 forks source link

Idempotent Issues #560

Open cdenneen opened 8 years ago

cdenneen commented 8 years ago 
Notice: /Stage[main]/Profile::Jenkins/Jenkins::User[johndoe]/Jenkins::Cli::Exec[create-jenkins-user-johndoe]/Exec[create-jenkins-user-johndoe]/returns: executed successfully
Notice: /Stage[main]/Profile::Jenkins/Jenkins_num_executors[2]/ensure: created
Notice: /Stage[main]/Profile::Jenkins/Jenkins_security_realm[hudson.plugins.active_directory.ActiveDirectorySecurityRealm]/arguments: arguments changed ['domain.local', 'SITE', 'CN=svc.puppet,OU=Users,DC=domain,DC=local', {'encryptedValue' => 'ASASDJHAKSJDHASDASDAD=', 'legacyKey' => {'algorithm' => 'AES', 'destroyed' => 'false', 'encoded' => ['98', '-97', '9', '-1', '9', '-3', '3', '-52', '-60', '93', '31', '102', '41', '9', '-13', '26'], 'format' => 'RAW'}, 'plainText' => 'supersecret'}, 'AUTO'] to 'domain.local SITE CN=svc.puppet,OU=Users,DC=domain,DC=local supersecret dc01.domain.local,dc02.domain.local'

Oddly the xml already has the domain controllers in it... even though this shows the before as it's missing

==> jenkins: Notice: /Stage[main]/Profile::Jenkins/Jenkins_job[Keystone]/enable: enable changed 'false' to 'true'
==> jenkins: Notice: /Stage[main]/Profile::Jenkins/Jenkins_job[Keystone/InfraDev]/enable: enable changed 'false' to 'true'
==> jenkins: Info: /Stage[main]/Profile::Jenkins/Jenkins_job[Keystone/InfraDev]: Scheduling refresh of Exec[testing.yaml]
==> jenkins: Notice: /Stage[main]/Profile::Jenkins/Exec[testing.yaml]: Triggered 'refresh' from 1 events

In this example I have 2 jobs that are just cloudbees folders (created using the XML from an already created job. Then I have it kicking off an refreshonly Exec for jenkins_job_builder (since that supports macros and templates). What I haven't been able to figure out here is the reason the 2 folder jobs which are already existing keep changing enable from false -> true each run? I'm guessing because it's a folder it doesn't support enabling? Maybe this has something to do with the cloudbee folder support added to jenkins_job in #544?

cdenneen commented 8 years ago

For Jenkins_Security_Realm need some way to compare (please excuse this crude mock up);

$get_security_realm returns hash $get_security_realm[setSecurityRealm][0] == jenkins_security_realm['0'] AND $get_security_realm[setSecurityRealm][0][0] = jenkins_security_realm['0'][arguments][0] AND so on... $get_security_realm[setSecurityRealm][0][plainText] = jenkins_security_realm['0'][arguments][4]

else

set_security_realm

Basically if the individual parts match including the plainText password then the security realm doesn't require updating... This would probably work better than the current hash comparison since the legacyKey hash that returns in the middle of get_security_realm I don't believe is something that we can mock around as I'm not sure where those values are derived from.

cdenneen commented 8 years ago

jenkins_num_executors - not sure why this one isn't idempotent since get_num_executors returns the same value we are setting. Maybe some sort of comparison logic is missing, resulting in the constant change?