search

wcm-io-devops / ansible-jenkins-pipeline-library

Ansible role for setting up a Jenkins instance for the jenkins-pipeline-library
Apache License 2.0
2 stars 2 forks source link

Add role vars to specify Jenkins and Java args #31

Closed timblaktu closed 3 years ago

timblaktu commented 3 years ago

These are needed for a LOT of reasons when working with Jenkins. In my case, I'm customizing the Jenkins args to enable https:

# Jenkins args documented here: https://wiki.jenkins.io/display/JENKINS//Starting+and+Accessing+Jenkins
jenkins_pipeline_library_jenkins_args: "--httpsPort=8443 --httpsKeyStore=/etc/jenkins/host.jks --httpsKeyStorePassword={{ jenkins_java_keystore_password }} --httpsListenAddress=0.0.0.0"

and Java args to customize logging, sanitize workspace paths, and put the JVM in alignment with Cloudbees Best Practices:

        # Notes about java options:
        # 1. Cloudbees JVM Best Practices:
        #   https://www.jenkins.io/blog/2016/11/21/gc-tuning/
        #   https://docs.cloudbees.com/docs/admin-resources/latest/jvm-troubleshooting/#suggested-specifications
        #   https://support.cloudbees.com/hc/en-us/articles/222446987-Prepare-Jenkins-for-Support
        #   https://support.cloudbees.com/hc/en-us/articles/204859670-Java-Heap-settings-best-practice
        # 2. yaml folded style string format (>) replaces newlines and leading indentation with a single space
        #   Trailing dash (>-) means newline is eliminated at the end of resulting string.
        # 3. -Dhudson.slaves.WorkspaceList=- is there bc poky build cannot handle @ in paths.
        jenkins_java_options_list:
          - "-Djenkins.install.runSetupWizard=false"
          - "-Dhudson.slaves.WorkspaceList=-"
          - "-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/Vancouver"
          - "-Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true"
          - "-Dcom.cloudbees.workflow.rest.external.JobExt.maxRunsPerJob=16"
          # Change Content Security Policy to enable embedding html in job/build pages via htmlpublisher
          # Details:
          # * https://support.cloudbees.com/hc/en-us/articles/360034545912-What-is-Content-Security-Policy-and-how-does-it-impact-Jenkins-
          # * https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy
          # * Must include literal \" in string, which is copied into a double-quoted string as JAVA_ARGS in /etc/default/jenkins
          - "-Dhudson.model.DirectoryBrowserSupport.CSP=\\\"sandbox allow-same-origin allow-scripts allow-forms; default-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline';\\\""
          # Extend default docker daemon timeout (from 180sec)
          # https://issues.jenkins-ci.org/browse/JENKINS-42322?focusedCommentId=303679&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-303679
          - "-Dorg.jenkinsci.plugins.docker.workflow.client.DockerClient.CLIENT_TIMEOUT=300"
          - "-Djenkins.model.Jenkins.logStartupPerformance=true"
          - "-Xmx{{ (ansible_memtotal_mb / 4 if ansible_memtotal_mb / 4 <= 16384 else 16384) | round | int }}m"
          - "-Xms{{ (ansible_memtotal_mb / 4 if ansible_memtotal_mb / 4 <= 16384 else 16384) | round | int }}m"
          - "-XX:+AlwaysPreTouch"
          - "-XX:+HeapDumpOnOutOfMemoryError"
          - "-XX:HeapDumpPath={{ jenkins_path_to_gc_and_heap_dump }}"
          - "-XX:+UseG1GC"
          - "-XX:+UseStringDeduplication"
          - "-XX:+ParallelRefProcEnabled"
          - "-XX:+DisableExplicitGC"
          - "-XX:+UnlockDiagnosticVMOptions"
          - "-XX:+UnlockExperimentalVMOptions"
          - "-verbose:gc"
          # See here for details: https://c-guntur.github.io/java-gc/#/8/2
          # - "-Xloggc:{{ jenkins_path_to_gc_and_heap_dump }}/gc-%t.log"  # unrecognized VM option
          - "-Xlog:gc:{{ jenkins_path_to_gc_and_heap_dump }}/gc-%t.log"
          # - "-XX:NumberOfGCLogFiles=2"  # deprecated
          # - "-XX:+UseGCLogFileRotation"  # deprecated
          # - "-XX:GCLogFileSize=100m"  # deprecated
          - "-XX:+PrintGC"
          # - "-XX:+PrintGCDateStamps"  # deprecated
          - "-XX:+PrintGCDetails"
          # - "-XX:+PrintHeapAtGC"  # unrecognized VM option
          # - "-XX:+PrintGCCause"  # unrecognized VM option
          # - "-XX:+PrintTenuringDistribution"  # unrecognized VM option
          # - "-XX:+PrintReferenceGC"  # unrecognized VM option
          # - "-XX:+PrintAdaptiveSizePolicy"  # unrecognized VM option
          - "-XX:ErrorFile=/hs_err_%p.log"
          - "-XX:+LogVMOutput"
          - "-XX:LogFile={{ jenkins_path_to_gc_and_heap_dump }}/jvm.log"
          # https://www.jenkins.io/doc/book/system-administration/viewing-logs/#debug-logging-in-jenkins
          - "-Djava.util.logging.config.file={{ jenkins_path_to_logging_properties_file }}"
        jenkins_pipeline_library_jenkins_java_options: "{{ jenkins_java_options_list | join(' ') }}"