Skip to content

fix(docker): Multi does not launch a second Jenkins controller anymore. #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Nov 23, 2024
Merged

fix(docker): Multi does not launch a second Jenkins controller anymore. #264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
6def213
fix(docker): Multi does not launch a second Jenkins controller anymore.
gounthar Nov 21, 2024
09d28e1
chore(jenkins): Update Jenkins plugins (#791)
gounthar Nov 22, 2024
2b92582
fix(docker): The single quotes prevent $JENKINS_CONTROLLER from being…
gounthar Nov 22, 2024
ffef29c
Merge branch 'main' into fix-multi
gounthar Nov 22, 2024
46a79e6
fix(docker): Improve the fallback mechanism implementation.
gounthar Nov 22, 2024
066d15e
Merge remote-tracking branch 'origin/fix-multi' into fix-multi
gounthar Nov 22, 2024
cdc5909
fix(docker): Adding error handling for when both controllers are unre…
gounthar Nov 22, 2024
ad558f7
fix(ga): Follows the official documentation for the action
gounthar Nov 22, 2024
e7d2a9e
fix(docker): Multi does not launch a second Jenkins controller anymor…
gounthar Nov 22, 2024
1bdf4a0
Update github-docker-registry-push.yml (#793)
gounthar Nov 22, 2024
871f96a
Update Dockerfile (#794)
gounthar Nov 22, 2024
a75cc24
fix(dependencies): debian version in agent-discovery was not tracked.…
gounthar Nov 22, 2024
093b96c
Merge remote-tracking branch 'upstream/main' into fix-multi
gounthar Nov 22, 2024
cb4b4c1
fix(docker): Wait for 60s before switching to another server.
gounthar Nov 22, 2024
cb44510
fix(ga): Remove trailing spaces.
gounthar Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ updates:
open-pull-requests-limit: 10
- package-ecosystem: docker
directory: "./dockerfiles/sidekick"
schedule:
interval: weekly
open-pull-requests-limit: 10
Copy link

@coderabbitai coderabbitai bot Nov 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Remove trailing spaces

There are trailing spaces at the end of lines 45 and 50 that should be removed for consistency.

Apply this diff to fix the trailing spaces:

-    open-pull-requests-limit: 10    
+    open-pull-requests-limit: 10

Also applies to: 50-50

🧰 Tools
🪛 yamllint (1.29.0-1)

[error] 45-45: trailing spaces

(trailing-spaces)

- package-ecosystem: docker
directory: "./dockerfiles/agent-discovery"
schedule:
interval: weekly
open-pull-requests-limit: 10
Expand All @@ -52,4 +57,4 @@ updates:
directory: "./dockerfiles/golang"
schedule:
interval: weekly
open-pull-requests-limit: 10
open-pull-requests-limit: 10
4 changes: 2 additions & 2 deletions .github/workflows/github-docker-registry-push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,8 @@ jobs:
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ env.GHCR_USERNAME }}
password: ${{ env.GHCR_TOKEN }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract branch name
# This step extracts the branch name
Expand Down
1 change: 0 additions & 1 deletion docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,6 @@ services:
- python
- node
- android
- multi
- golang
- default
# The CASC_RELOAD_TOKEN environment variable is used by the Jenkins controller to restart the Configuration as Code (JCasc) plugin configuration.
Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/agent-discovery/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# This Dockerfile is used to prepare a Debian-based Docker image with several utilities installed.

# We start from the Debian 'bookworm' image dated 2023-11-20.
FROM debian:bookworm-20240311-slim as prepare-stage
FROM debian:bookworm-20241111-slim as prepare-stage

# Copy all shell scripts from the current directory to /usr/local/bin/ in the image.
COPY *sh /usr/local/bin/
Expand Down
24 changes: 20 additions & 4 deletions dockerfiles/agent-discovery/find-name.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,15 +79,31 @@ while true; do
sleep 2 # Wait for 5 seconds before the next iteration of the loop.
done

## Check if jenkins_controller is reachable, otherwise fall back to multi_jenkins_controller
JENKINS_CONTROLLER="jenkins_controller"
if ! curl -s -f --max-time 60 "http://${JENKINS_CONTROLLER}:8080/login" > /dev/null; then
echo "Primary controller not reachable, falling back to multi controller..."
JENKINS_CONTROLLER="multi_jenkins_controller"
if ! curl -s -f --max-time 60 "http://${JENKINS_CONTROLLER}:8080/login" > /dev/null; then
echo "Error: Neither primary nor multi controller is reachable"
exit 1
fi
fi

# Check If Jenkins is running or not
# If the message is found, awk exits with a non-zero status (1), and the loop continues.
# If the message is not found, the loop exits, and the "Jenkins is running" message is displayed.
timeout 60 bash -c 'until curl -s -f http://jenkins_controller:8080/login > /dev/null; do sleep 5; done' && echo "Jenkins is running" || echo "Jenkins is not running"
timeout 60 bash -c "until curl -s -f http://${JENKINS_CONTROLLER}:8080/login > /dev/null; do sleep 5; done" && echo "Jenkins is running" || echo "Jenkins is not running"
# The colon (:) is a no-op command in Bash, which means it does nothing and always returns a true exit status. It is often used as a placeholder or to evaluate expressions without executing any commands.
# The ${JENKINS_STARTUP_TIMEOUT:=60} part is a parameter expansion. It checks if the JENKINS_STARTUP_TIMEOUT variable is set and not null. If it is not set, it assigns the value 60 to JENKINS_STARTUP_TIMEOUT
: "${JENKINS_STARTUP_TIMEOUT:=60}" # Default to 60 seconds if not set
timeout "${JENKINS_STARTUP_TIMEOUT}" bash -c "until curl -s -f http://${JENKINS_CONTROLLER}:8080/login > /dev/null; do sleep 5; done" && echo "Jenkins is running" || echo "Jenkins is not running"
Comment on lines +96 to +100
Copy link

@coderabbitai coderabbitai bot Nov 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Remove duplicate timeout command

There are two identical timeout commands checking Jenkins availability. The first one uses a hardcoded timeout while the second uses the configurable JENKINS_STARTUP_TIMEOUT. Remove the first command to avoid confusion.

-timeout 60 bash -c "until curl -s -f http://${JENKINS_CONTROLLER}:8080/login > /dev/null; do sleep 5; done" && echo "Jenkins is running" || echo "Jenkins is not running"
 # The colon (:) is a no-op command in Bash, which means it does nothing and always returns a true exit status. It is often used as a placeholder or to evaluate expressions without executing any commands.
 # The ${JENKINS_STARTUP_TIMEOUT:=60} part is a parameter expansion. It checks if the JENKINS_STARTUP_TIMEOUT variable is set and not null. If it is not set, it assigns the value 60 to JENKINS_STARTUP_TIMEOUT
 : "${JENKINS_STARTUP_TIMEOUT:=60}"  # Default to 60 seconds if not set
 timeout "${JENKINS_STARTUP_TIMEOUT}" bash -c "until curl -s -f http://${JENKINS_CONTROLLER}:8080/login > /dev/null; do sleep 5; done" && echo "Jenkins is running" || echo "Jenkins is not running"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
timeout 60 bash -c "until curl -s -f http://${JENKINS_CONTROLLER}:8080/login > /dev/null; do sleep 5; done" && echo "Jenkins is running" || echo "Jenkins is not running"
# The colon (:) is a no-op command in Bash, which means it does nothing and always returns a true exit status. It is often used as a placeholder or to evaluate expressions without executing any commands.
# The ${JENKINS_STARTUP_TIMEOUT:=60} part is a parameter expansion. It checks if the JENKINS_STARTUP_TIMEOUT variable is set and not null. If it is not set, it assigns the value 60 to JENKINS_STARTUP_TIMEOUT
: "${JENKINS_STARTUP_TIMEOUT:=60}" # Default to 60 seconds if not set
timeout "${JENKINS_STARTUP_TIMEOUT}" bash -c "until curl -s -f http://${JENKINS_CONTROLLER}:8080/login > /dev/null; do sleep 5; done" && echo "Jenkins is running" || echo "Jenkins is not running"
# The colon (:) is a no-op command in Bash, which means it does nothing and always returns a true exit status. It is often used as a placeholder or to evaluate expressions without executing any commands.
# The ${JENKINS_STARTUP_TIMEOUT:=60} part is a parameter expansion. It checks if the JENKINS_STARTUP_TIMEOUT variable is set and not null. If it is not set, it assigns the value 60 to JENKINS_STARTUP_TIMEOUT
: "${JENKINS_STARTUP_TIMEOUT:=60}" # Default to 60 seconds if not set
timeout "${JENKINS_STARTUP_TIMEOUT}" bash -c "until curl -s -f http://${JENKINS_CONTROLLER}:8080/login > /dev/null; do sleep 5; done" && echo "Jenkins is running" || echo "Jenkins is not running"


echo "Jenkins is ready"
# Get the Jenkins version
JENKINS_VERSION=$(curl -s -I -k http://admin:admin@jenkins_controller:8080 | grep -i '^X-Jenkins:' | awk '{print $2}')
JENKINS_VERSION=$(curl -s -I -k http://admin:admin@$JENKINS_CONTROLLER:8080 | grep -i '^X-Jenkins:' | awk '{print $2}')
Copy link

@coderabbitai coderabbitai bot Nov 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security Issue: Remove hardcoded credentials.

The Jenkins version check contains hardcoded admin credentials. This poses a security risk.

-JENKINS_VERSION=$(curl -s -I -k http://admin:admin@$JENKINS_CONTROLLER:8080 | grep -i '^X-Jenkins:' | awk '{print $2}')
+JENKINS_VERSION=$(curl -s -I -k "http://${JENKINS_USER}:${JENKINS_TOKEN}@${JENKINS_CONTROLLER}:8080" | grep -i '^X-Jenkins:' | awk '{print $2}')

Please add these environment variables to your configuration:

  • JENKINS_USER: Jenkins admin username
  • JENKINS_TOKEN: Jenkins API token or password

Committable suggestion skipped: line range outside the PR's diff.

echo "Jenkins version is: $JENKINS_VERSION"

# Use the token in the curl command to reload the configuration
# curl -X POST "http://admin:admin@jenkins_controller:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
curl -X POST "http://admin:admin@jenkins_controller:8080/reload-configuration-as-code/?casc-reload-token=thisisnotsecure"
# curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=thisisnotsecure"
Comment on lines +108 to +109
Copy link

@coderabbitai coderabbitai bot Nov 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Critical Security Regression: Hardcoded insecure token replaces secure token.

This change introduces a severe security vulnerability by:

  1. Commenting out the secure token implementation
  2. Replacing it with a hardcoded, predictable token

This makes the Jenkins configuration reload endpoint vulnerable to unauthorized access.

Revert to using the secure token:

-# curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
-curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=thisisnotsecure"
+curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"
curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=thisisnotsecure"
curl -X POST "http://admin:admin@$JENKINS_CONTROLLER:8080/reload-configuration-as-code/?casc-reload-token=$JCASC_TOKEN"

2 changes: 1 addition & 1 deletion dockerfiles/plugins.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,5 +78,5 @@ workflow-job:1468.vcf4f5ee92395
workflow-multibranch:795.ve0cb_1f45ca_9a_
workflow-scm-step:427.v4ca_6512e7df1
workflow-step-api:678.v3ee58b_469476
workflow-support:932.vb_555de1b_a_b_94
workflow-support:936.v9fa_77211ca_e1
ws-cleanup:0.48
Loading