Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Joseph Petersen
@casz
@move-z I haven't used the active directory plugin. Have you considered using the ldap plugin instead?
jenkins:
  securityRealm:
    ldap:
      cache:
        size: 100
        ttl: 30
      configurations:
      - groupSearchBase: "OU=Jenkins,OU=Security Groups,OU=DevOps"
        groupSearchFilter: "(&(cn={0})(objectclass=group))"
        ignoreIfUnavailable: true
        inhibitInferRootDN: false
        managerDN: "jenkinsldap"
        managerPasswordSecret: "${LDAP_PASSWORD}"
        rootDN: "dc=company,dc=io"
        server: "ldaps://ldap.company.io:3269"
        userSearch: "sAMAccountName={0}"
      disableMailAddressResolver: false
      groupIdStrategy: "caseInsensitive"
      userIdStrategy: "caseInsensitive"
Tim Jacomb
@timja
DevOps is a culture not a team :wink:
Joseph Petersen
@casz
@timja legacy :sob: The team is called BAT nowadays and we still try to spread DevOps :laughing:
Tim Jacomb
@timja
business acceptance testers? :wink:
batman?
Joseph Petersen
@casz
batman :laughing:
We have a whole Marvel vs DC Comics for all of our team names. And those who have adopted DevOps are called Batmen :)
The acronym for bat is Build Automate and Test :sweat_smile:
Karol Lassak
@ingwarsw
Hello guys.. din not looked at plugin development for some time.. maybe in meantime pipeline support was added?
Tim Jacomb
@timja
nope, but a webhook was added for reloading
without needing to auth
just pass a token in the url which is configured on startup
nguyenhugh
@nguyenhugh
Hello All, is it possible to have secrets lives outside of Jenkins.yaml file and a separate yaml which can have configurations for like Role Base Strategy and such?
Oleg Nenashev
@oleg-nenashev
@nguyenhugh yes to both. For secrets see https://github.com/jenkinsci/configuration-as-code-plugin#secret-sources . Regarding a separate YAML file, you can point JCasC to a directory which contains multiple YAML files. In such case all YAML files will be applied
030
@030
I would like to ask two questions: 1) How to set git-lfs using jcac? https://devops.stackexchange.com/q/9225/210 and 2) How to implement shallow clone https://devops.stackexchange.com/q/9229/210
Joseph Petersen
@casz
@030 Your seem to be using a old version of git :sweat: It should be available as traits under git.
030
@030
@casz The git-lfs command is included on the system. The issue is that GitLFSPull seems to be omitted in the Jenkins job dsl: https://jenkinsci.github.io/job-dsl-plugin/#path/job-scm-git-extensions
Joseph Petersen
@casz
what version of git do you have installed @030
Ignacio Tolstoy
@naxhh

Hi everyone! we are using casc for our new jenkins. We have a very old dated jenkins in our company and we are moving as much as we can to have things in code.
For this we use casc with a dockerfile and job-dsl with pipelines for job configurations

Now we are facing how we will deploy this system. The main idea was to start a fresh docker on each deploy since each docker version will have different configurations.
We face 2 "problems" here:

  • Build history and logs
    we loose all of this, this can be workaround with some metrics (datadog in our case) since regarding history we care more about when something started failling and not the logs per se.

  • API keys
    We switch from one docker to another during deploy. For the user this is a weird experience.
    So we want to notify the user X given time before the change. For this, we tell Jenkins A to stop running new jobs. When there are no jobs running anymore we switch to the other version.

In order to do this, we use the API and a user token. The problem is that we use LDAP plugin to make auth. This means we need a way to generate the user token in the first place. We tried different approaches but all of them look really weird...
How would you approach this last point?

Also interested in how other people is deploying CASC

Tim Jacomb
@timja
Can you log in as the user once and then create the api token via API?
there's a PR to hopefully make the second bit easier:
jenkinsci/jenkins#4027
RE: 1
We keep the build history via a docker volume and just upgrade on top of it, if there's every any issues we can just delete the volume and start from scratch
Ignacio Tolstoy
@naxhh
I don't think you can login to the api using user/pass when using ldap, but i'll ask my team mate since he is doing it.
Regarding the second, what is the path of the volume? that may work for us, but I thought config and logs where under the same path (my knowledge of jenkins is not that strong)
Tim Jacomb
@timja
/var/jenkins_home I believe
config is under the same path as well, but casc will just override it
Ignacio Tolstoy
@naxhh

ok! that last part is the one that i didn't know! thanks @timja!

Regarding the API, no, we can't use user:password for auth with ldap. That's why we need the api token, but there's no way to generate it unless we manually create it or a job does it for us (if it's possible)
That last approach is the one we are testing, but feels very hacky

Regarding jenkinsci/jenkins#4027 it looks that will be what we are looking for, so I'll keep an eye on it.
nguyenhugh
@nguyenhugh
@oleg-nenashev | Thank you, I will have a look!
Oleg Nenashev
@oleg-nenashev
Hi all. Looks like I forgot to send a message here. I am traveling this week, and I am unable to run the recording
Tim Jacomb
@timja
Can you set the meeting so we can start it without you?
Oleg Nenashev
@oleg-nenashev
If somebody records the video (e.g. using a free Zoom account), I will get the video posted on YouTube later
Sladyn
@sladyn98
I wont be able to attend too, Getting late for class :P
Tim Jacomb
@timja
:thumbsup:
Tim Jacomb
@timja
@casz you joining?
Tim Jacomb
@timja
Oleg Nenashev
@oleg-nenashev
Thanks!
And sorry for the late notice
Tim Jacomb
@timja
no worries, was fine
030
@030
@casz git version 2.17.1 and git lfs returns the help menu of git lfs. I found a workaround to enable git-lfs in the UI and updated the Q&A on devops SE that was mentioned earlier.
Joseph Petersen
@casz
@030 i was referring to the version of git plugin :)
Oleg Nenashev
@oleg-nenashev
Got the recording published for the today;s session: https://youtu.be/WBrT6xYbhm0
Jake Burns
@burnsjake
Is there a good howto on how to bootstrap a brand new jenkins installation (without docker) with the configuration as code plugin?
@burnsjake just follow getting started, install the configuration-as-code plugin.
Export your desired configuration to a yaml file, then store it
Mark Waite
@MarkEWaite
@burnsjake that information is also available from https://plugins.jenkins.io/configuration-as-code, though not yet as convenient to hyperlink as the github.com page.
Jake Burns
@burnsjake
@MarkEWaite @timja , I'm confused as to how I'd install the CasC plugin without manually going through the first-use. I'm looking to do this without docker.
Mark Waite
@MarkEWaite
@burnsjake There probably is a way to initiate a Jenkins installation that also installs the configuration as code plugin, but most efforts to automate at that level of installation are done with Docker. If you're using one of the operating system packages (rpm, deb, msi), then after the installation and selecting the recommended plugins, you would use the plugin manager page to install the configuration as code plugin.
Jake Burns
@burnsjake
Yup, using aptitude to install on ubuntu. But there are no apt packages to install separate plugins. I'm fairly surprised this hasn't been sussed out yet.
Mark Waite
@MarkEWaite
Already complicated enough to maintain 3 different installer packages for the main package (deb, rpm, msi) with no solid consensus for techniques to manage add-ons between the various Linux distros and Windows. Should we style after python pip or ruby gems or golang or ...