Skip to content

fix(docker): Multi does not launch a second Jenkins controller anymore. #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Nov 23, 2024
Merged

fix(docker): Multi does not launch a second Jenkins controller anymore. #264

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
6def213
fix(docker): Multi does not launch a second Jenkins controller anymore.
gounthar Nov 21, 2024
09d28e1
chore(jenkins): Update Jenkins plugins (#791)
gounthar Nov 22, 2024
2b92582
fix(docker): The single quotes prevent $JENKINS_CONTROLLER from being…
gounthar Nov 22, 2024
ffef29c
Merge branch 'main' into fix-multi
gounthar Nov 22, 2024
46a79e6
fix(docker): Improve the fallback mechanism implementation.
gounthar Nov 22, 2024
066d15e
Merge remote-tracking branch 'origin/fix-multi' into fix-multi
gounthar Nov 22, 2024
cdc5909
fix(docker): Adding error handling for when both controllers are unre…
gounthar Nov 22, 2024
ad558f7
fix(ga): Follows the official documentation for the action
gounthar Nov 22, 2024
e7d2a9e
fix(docker): Multi does not launch a second Jenkins controller anymor…
gounthar Nov 22, 2024
1bdf4a0
Update github-docker-registry-push.yml (#793)
gounthar Nov 22, 2024
871f96a
Update Dockerfile (#794)
gounthar Nov 22, 2024
a75cc24
fix(dependencies): debian version in agent-discovery was not tracked.…
gounthar Nov 22, 2024
093b96c
Merge remote-tracking branch 'upstream/main' into fix-multi
gounthar Nov 22, 2024
cb4b4c1
fix(docker): Wait for 60s before switching to another server.
gounthar Nov 22, 2024
cb44510
fix(ga): Remove trailing spaces.
gounthar Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,6 @@ services:
- python
- node
- android
- multi
- golang
- default
# The CASC_RELOAD_TOKEN environment variable is used by the Jenkins controller to restart the Configuration as Code (JCasc) plugin configuration.
Expand Down
14 changes: 10 additions & 4 deletions dockerfiles/agent-discovery/find-name.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,15 +79,21 @@
sleep 2 # Wait for 5 seconds before the next iteration of the loop.
done

# Check if jenkins_controller is reachable, otherwise fall back to multi_jenkins_controller
JENKINS_CONTROLLER="jenkins_controller"
if ! curl -s -f http://jenkins_controller:8080/login > /dev/null; then
JENKINS_CONTROLLER="multi_jenkins_controller"
fi

# Check If Jenkins is running or not
# If the message is found, awk exits with a non-zero status (1), and the loop continues.
# If the message is not found, the loop exits, and the "Jenkins is running" message is displayed.
timeout 60 bash -c 'until curl -s -f http://jenkins_controller:8080/login > /dev/null; do sleep 5; done' && echo "Jenkins is running" || echo "Jenkins is not running"
timeout 60 bash -c 'until curl -s -f http://$JENKINS_CONTROLLER:8080/login > /dev/null; do sleep 5; done' && echo "Jenkins is running" || echo "Jenkins is not running"
echo "Jenkins is ready"
# Get the Jenkins version
JENKINS_VERSION=$(curl -s -I -k http://admin:admin@jenkins_controller:8080 | grep -i '^X-Jenkins:' | awk '{print $2}')
JENKINS_VERSION=$(curl -s -I -k http://admin:admin@$JENKINS_CONTROLLER:8080 | grep -i '^X-Jenkins:' | awk '{print $2}')
Copy link

@coderabbitai coderabbitai bot Nov 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security Issue: Remove hardcoded credentials.

The Jenkins version check contains hardcoded admin credentials. This poses a security risk.

-JENKINS_VERSION=$(curl -s -I -k http://admin:admin@$JENKINS_CONTROLLER:8080 | grep -i '^X-Jenkins:' | awk '{print $2}')
+JENKINS_VERSION=$(curl -s -I -k "http://${JENKINS_USER}:${JENKINS_TOKEN}@${JENKINS_CONTROLLER}:8080" | grep -i '^X-Jenkins:' | awk '{print $2}')

Please add these environment variables to your configuration:

  • JENKINS_USER: Jenkins admin username
  • JENKINS_TOKEN: Jenkins API token or password

Committable suggestion skipped: line range outside the PR's diff.

echo "Jenkins version is: $JENKINS_VERSION"

# Use the token in the curl command to reload the configuration
# curl -X POST "http://admin:admin@jenkins_controller:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
curl -X POST "http://admin:admin@jenkins_controller:8080/reload-configuration-as-code/?casc-reload-token=thisisnotsecure"
# curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=thisisnotsecure"
Comment on lines +108 to +109
Copy link

@coderabbitai coderabbitai bot Nov 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Critical Security Regression: Hardcoded insecure token replaces secure token.

This change introduces a severe security vulnerability by:

  1. Commenting out the secure token implementation
  2. Replacing it with a hardcoded, predictable token

This makes the Jenkins configuration reload endpoint vulnerable to unauthorized access.

Revert to using the secure token:

-# curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
-curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=thisisnotsecure"
+curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=thisisnotsecure"
curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"

Loading