initial commit

Author: pcarney8

.gitignore

@@ -0,0 +1,4 @@
+*.pyc
+.idea
+*.iml
+*.retry

README.md

@@ -0,0 +1,45 @@
+# Jenkins Master Configuration
+This repo is used to build a customized OpenShift Jenkins 2 image with [source to image (S2I)](https://github.com/openshift/source-to-image). The base OpenShift Jenkins S2I can be found at `registry.access.redhat.com/openshift3/jenkins-2-rhel7`. The resulting image is a Jenkins master, and should be used in a master / slaves architecture. This image is configured to provide slaves as k8s pods via the [k8s Jenkins plugin](https://docs.openshift.com/container-platform/3.5/using_images/other_images/jenkins.html#using-the-jenkins-kubernetes-plug-in-to-run-jobs). Thus, this repo doesn't define any build tools or the like, as they are the responsibility of the slaves.
+
+## Building and Testing Locally
+With `s2i` installed; you can run the following to build and test your changes to the S2I locally.
+```bash
+s2i build --loglevel 5 jenkins-master openshift/jenkins-2-centos7 jenkins-s2i:latest
+```
+
+## How This Repo Works
+
+The directory structure is dictated by [OpenShift Jenkins S2I image](https://docs.openshift.com/container-platform/3.5/using_images/other_images/jenkins.html#jenkins-as-s2i-builder). In particular:
+
+- [plugins.txt](plugins.txt) is used to install plugins during the S2I build. If you want the details, here is the [S2I assemble script](https://github.com/openshift/jenkins/blob/master/2/contrib/s2i/assemble), which calls the [install jenkins plugins script](https://github.com/openshift/jenkins/blob/master/2/contrib/jenkins/install-plugins.sh).
+- files in the [configuration](configuration) directory will have comments describing exactly what they do
+
+## Slack Integration
+
+To Integrate with slack follow the steps at https://github.com/jenkinsci/slack-plugin. Particularly, create a webhook at  https://customteamname.slack.com/services/new/jenkins-ci. After the webhook setup is complete at slack, record and add the below environmental variables. You can retrieve the values on your [slack dashboard](https://my.slack.com/services/new/jenkins-ci). Make sure you are logged into the correct team.
+1. The base url as `SLACK_BASE_URL`
+2. The slack token as `SLACK_TOKEN`
+3. The slack room you selected as the default slack channel as `SLACK_ROOM`
+4. optionally, a jenkins credential can be used for the token and referenced by a custom id at `SLACK_TOKEN_CREDENTIAL_ID`. This takes precedences over the `SLACK_TOKEN`
+
+## SonarQube Integration
+ 
+By default the deployment will attempt to connect to SonarQube and configure its setup including an authentication token. The default url is http://sonarqube:9000. This can be overriden adding an environment variable named `SONARQUBE_URL`. To disable SonarQube entirely set an environment variable named `DISABLE_SONAR` with any value.
+
+## Git Creds
+Inject the `git` credentials to Jenkins-s2i when it is being built by editing `configuration/init.groovy.d/configure-credentials.groovy` or by exposing a new environment Variable to the Jenkins deployment tempate.
+
+## Shared Library
+
+An optional shared global library can be used to add method calls to pipelines which can help to simplify and organize a pipeline. The global library will be implicitly available to all pipelines.
+
+To configure a library environment variables need to be made available to your image. In OCP, add environment variables to your deployment config. The following variables can be set
+1. SHARED_LIB_REPO - If this variable is set then the deployment will attempt to configure a shared global library. This value should reference a git repository. If this value is not set, no shared global library will be set.
+2. SHARED_LIB_REF - A value that that points to a git reference such as a branch or tag of a repository. The default value is `master`
+3. SHARED_LIB_NAME - A name for the library. It can be anything.
+4. SHARED_LIB_SECRET - If the git repo is private, this value should be a reference to a secret available to the project. If this value is not set, it is assumed that the git repo is publicly available. This value assumes a deployment on openshift so it prepends that value of the namespace to the secret. 
+
+## Contributing
+
+There are some [helpers](helpers/README.MD) to get configuration out of a running Jenkins. 
+

configuration/build-failure-analyzer.xml

@@ -0,0 +1,39 @@
+#!/usr/bin/env groovy
+import jenkins.model.*
+import com.cloudbees.plugins.credentials.*
+import com.cloudbees.plugins.credentials.common.*
+import com.cloudbees.plugins.credentials.domains.*
+import com.cloudbees.plugins.credentials.impl.*
+
+import jenkins.*
+import hudson.model.*
+import hudson.security.*
+
+import java.util.logging.Level
+import java.util.logging.Logger
+
+final def LOG = Logger.getLogger("LABS")
+
+LOG.log(Level.INFO,  'running configure-credentials.groovy' )
+
+// create jenkins creds for commiting tags back to repo. Can use Env vars on the running image or just insert below.
+domain = Domain.global()
+store = Jenkins.instance.getExtensionList('com.cloudbees.plugins.credentials.SystemCredentialsProvider')[0].getStore()
+gitUsername = System.getenv("GIT_USERNAME") ?: "jenkins-user"
+gitPassword = System.getenv("GIT_PASSWORD") ?: "password-for-user"
+usernameAndPassword = new UsernamePasswordCredentialsImpl(
+  CredentialsScope.GLOBAL,
+  "jenkins-git-creds", "Git creds for Jenkins",
+  gitUsername,
+  gitPassword
+)
+store.addCredentials(domain, usernameAndPassword)
+
+// Add annoymouse access for git webhooks to trigger builds
+def strategy = new GlobalMatrixAuthorizationStrategy()
+//  Setting Anonymous Permissions
+strategy.add(hudson.model.Item.BUILD,'anonymous')
+strategy.add(hudson.model.Item.CANCEL,'anonymous')
+def instance = Jenkins.getInstance()
+instance.setAuthorizationStrategy(strategy)
+instance.save()

configuration/init.groovy.d/configure-credentials.groovy

@@ -0,0 +1,76 @@
+#!/usr/bin/env groovy
+import jenkins.model.*
+import com.smartcodeltd.jenkinsci.plugins.buildmonitor.BuildMonitorView
+import groovy.json.JsonSlurper
+import hudson.tools.InstallSourceProperty
+
+import java.util.logging.Level
+import java.util.logging.Logger
+import org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud
+import jenkins.model.JenkinsLocationConfiguration
+
+final def LOG = Logger.getLogger("LABS")
+
+LOG.log(Level.INFO,  'running configure-jenkins.groovy' )
+
+try {
+    // delete default OpenShift job
+    Jenkins.instance.items.findAll {
+        job -> job.name == 'OpenShift Sample'
+    }.each {
+        job -> job.delete()
+    }
+} catch (NullPointerException npe) {
+   LOG.log(Level.INFO, 'Failed to delete OpenShift Sample job')
+}
+// create a default build monitor view that includes all jobs
+// https://wiki.jenkins-ci.org/display/JENKINS/Build+Monitor+Plugin
+if ( Jenkins.instance.views.findAll{ view -> view instanceof com.smartcodeltd.jenkinsci.plugins.buildmonitor.BuildMonitorView }.size == 0){
+  view = new BuildMonitorView('Build Monitor','Build Monitor')
+  view.setIncludeRegex('.*')
+  Jenkins.instance.addView(view)
+}
+
+
+
+// support custom CSS for htmlreports
+// https://stackoverflow.com/questions/35783964/jenkins-html-publisher-plugin-no-css-is-displayed-when-report-is-viewed-in-j
+System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
+
+// This is a helper to delete views in the Jenkins script console if needed
+// Jenkins.instance.views.findAll{ view -> view instanceof com.smartcodeltd.jenkinsci.plugins.buildmonitor.BuildMonitorView }.each{ view -> Jenkins.instance.deleteView( view ) }
+
+println("WORKAROUND FOR BUILD_URL ISSUE, see: https://issues.jenkins-ci.org/browse/JENKINS-28466")
+
+def hostname = System.getenv('HOSTNAME')
+println "hostname> $hostname"
+
+def sout = new StringBuilder(), serr = new StringBuilder()
+def proc = "oc get pod ${hostname} -o jsonpath={.metadata.labels.name}".execute()
+proc.consumeProcessOutput(sout, serr)
+proc.waitForOrKill(3000)
+println "out> $sout err> $serr"
+
+def sout2 = new StringBuilder(), serr2 = new StringBuilder()
+proc = "oc get route ${sout} -o jsonpath={.spec.host}".execute()
+proc.consumeProcessOutput(sout2, serr2)
+proc.waitForOrKill(3000)
+println "out> $sout2 err> $serr2"
+
+def jlc = jenkins.model.JenkinsLocationConfiguration.get()
+jlc.setUrl("https://" + sout2.toString().trim())
+
+println("Configuring container cap for k8s, so pipelines won't hang when booting up slaves")
+
+try{
+    def kc = Jenkins.instance.clouds.get(0)
+
+    println "cloud found: ${Jenkins.instance.clouds}"
+
+    kc.setContainerCapStr("100")
+}
+finally {
+    //if we don't null kc, jenkins will try to serialise k8s objects and that will fail, so we won't see actual error
+    kc = null
+}
+

configuration/init.groovy.d/configure-jenkins.groovy

@@ -0,0 +1,42 @@
+import jenkins.model.Jenkins
+import jenkins.plugins.git.GitSCMSource;
+import org.jenkinsci.plugins.workflow.libs.SCMSourceRetriever;
+import org.jenkinsci.plugins.workflow.libs.LibraryConfiguration;
+
+import java.util.logging.Level
+import java.util.logging.Logger
+
+final def LOG = Logger.getLogger("LABS")
+
+def gitRepo = System.getenv('SHARED_LIB_REPO')
+
+if(gitRepo?.trim()) {
+
+  LOG.log(Level.INFO,  'Configuring shared library (implicit)...' )
+
+  def sharedLibrary = Jenkins.getInstance().getDescriptor("org.jenkinsci.plugins.workflow.libs.GlobalLibraries")
+
+  def libraryName = System.getenv('SHARED_LIB_NAME') ?: "labs-shared-library"
+  def gitRef = System.getenv('SHARED_LIB_REF') ?: "master"
+  def secretId = System.getenv('SHARED_LIB_SECRET') ?: ""
+
+  //append namespace to secret as it appears in Jenkins
+  if(secretId) {
+    secretId = System.getenv('OPENSHIFT_BUILD_NAMESPACE') + "-" + secretId
+  }
+
+  GitSCMSource source = new GitSCMSource( libraryName, gitRepo, secretId, "*", "", false);
+  SCMSourceRetriever sourceRetriever = new SCMSourceRetriever(source);
+
+  LibraryConfiguration pipeline = new LibraryConfiguration(libraryName, sourceRetriever)
+  pipeline.setDefaultVersion(gitRef)
+  pipeline.setImplicit(true)
+  sharedLibrary.get().setLibraries([pipeline])
+
+  sharedLibrary.save()
+
+  LOG.log(Level.INFO,  'Configured shared library' )
+
+} else {
+  LOG.log(Level.INFO, 'Skipping shared library configuration')
+}

configuration/init.groovy.d/configure-shared-library.groovy

@@ -0,0 +1,44 @@
+import jenkins.model.Jenkins
+import net.sf.json.JSONObject
+
+import java.util.logging.Level
+import java.util.logging.Logger
+
+def slackBaseUrl = System.getenv('SLACK_BASE_URL')
+final def LOG = Logger.getLogger("LABS")
+
+if(slackBaseUrl != null) {
+
+  LOG.log(Level.INFO,  'Configuring slack...' )
+  
+  def slackToken = System.getenv('SLACK_TOKEN')
+  def slackRoom = System.getenv('SLACK_ROOM')
+  def slackSendAs = ''
+  def slackTeamDomain = ''
+  def slackTokenCredentialId = System.getenv('SLACK_TOKEN_CREDENTIAL_ID')
+
+  if(slackTokenCredentialId == null) {
+    slackTokenCredentialId = ''
+  }
+
+  JSONObject formData = ['slack': ['tokenCredentialId': slackTokenCredentialId]] as JSONObject
+
+  def slack = Jenkins.instance.getExtensionList(
+    jenkins.plugins.slack.SlackNotifier.DescriptorImpl.class
+  )[0]
+  def params = [
+    slackBaseUrl: slackBaseUrl,
+    slackTeamDomain: slackTeamDomain,
+    slackToken: slackToken,
+    slackRoom: slackRoom,
+    slackSendAs: slackSendAs
+  ]
+  def req = [
+    getParameter: { name -> params[name] }
+  ] as org.kohsuke.stapler.StaplerRequest
+  slack.configure(req, formData)
+
+  LOG.log(Level.INFO,  'Configured slack' )
+
+  slack.save()
+}

configuration/init.groovy.d/configure-slack.groovy

@@ -0,0 +1,88 @@
+#!/usr/bin/env groovy
+import jenkins.model.*
+import groovy.json.JsonSlurper
+import hudson.plugins.sonar.SonarInstallation
+import hudson.plugins.sonar.SonarRunnerInstallation
+import hudson.plugins.sonar.SonarRunnerInstaller
+import hudson.plugins.sonar.model.TriggersConfig
+import hudson.tools.InstallSourceProperty
+
+import java.util.logging.Level
+import java.util.logging.Logger
+
+final def LOG = Logger.getLogger("LABS")
+
+def disableSonar = System.getenv("DISABLE_SONAR");
+if(disableSonar != null && disableSonar.toUpperCase() == "TRUE") {
+    LOG.log(Level.INFO, 'Skipping SonarQube configuration')
+    return
+}
+
+LOG.log(Level.INFO, 'Configuring SonarQube')
+def sonarConfig = Jenkins.instance.getDescriptor('hudson.plugins.sonar.SonarGlobalConfiguration')
+
+def sonarHost = System.getenv("SONARQUBE_URL");
+if(sonarHost == null) {
+    //default
+    sonarHost = "http://sonarqube:9000"
+}
+
+def tokenName = 'Jenkins'
+
+// Make a POST request to delete any existing admin tokens named "Jenkins"
+LOG.log(Level.INFO, 'Delete existing SonarQube Jenkins token')
+def revokeToken = new URL("${sonarHost}/api/user_tokens/revoke").openConnection()
+def message = "name=Jenkins&login=admin"
+revokeToken.setRequestMethod("POST")
+revokeToken.setDoOutput(true)
+revokeToken.setRequestProperty("Accept", "application/json")
+def authString = "admin:admin".bytes.encodeBase64().toString()
+revokeToken.setRequestProperty("Authorization", "Basic ${authString}")
+revokeToken.getOutputStream().write(message.getBytes("UTF-8"))
+def rc = revokeToken.getResponseCode()
+
+// Create a new admin token named "Jenkins" and capture the value
+LOG.log(Level.INFO, 'Generate new auth token for SonarQube/Jenkins integration')
+def generateToken = new URL("${sonarHost}/api/user_tokens/generate").openConnection()
+message = "name=${tokenName}&login=admin"
+generateToken.setRequestMethod("POST")
+generateToken.setDoOutput(true)
+generateToken.setRequestProperty("Content-Type", "application/x-www-form-urlencoded")
+generateToken.setRequestProperty("Authorization", "Basic ${authString}")
+generateToken.getOutputStream().write(message.getBytes("UTF-8"))
+rc = generateToken.getResponseCode()
+
+def token = null
+
+if (rc == 200) {
+    LOG.log(Level.INFO, 'Successfully generated SonarQube auth token')
+    def jsonBody = generateToken.getInputStream().getText()
+    def jsonParser = new JsonSlurper()
+    def data = jsonParser.parseText(jsonBody)
+    token = data.token
+
+    // Add the SonarQube server config to Jenkins
+    SonarInstallation sonarInst = new SonarInstallation(
+        "sonar", sonarHost, token, "", "", new TriggersConfig(), "")
+    sonarConfig.setInstallations(sonarInst)
+    sonarConfig.setBuildWrapperEnabled(true)
+    sonarConfig.save()
+
+    // Sonar Runner
+    // Source: http://pghalliday.com/jenkins/groovy/sonar/chef/configuration/management/2014/09/21/some-useful-jenkins-groovy-scripts.html
+    def inst = Jenkins.getInstance()
+
+    def sonarRunner = inst.getDescriptor("hudson.plugins.sonar.SonarRunnerInstallation")
+
+    def installer = new SonarRunnerInstaller("3.0.3.778")
+    def prop = new InstallSourceProperty([installer])
+    def sinst = new SonarRunnerInstallation("sonar-scanner-tool", "", [prop])
+    sonarRunner.setInstallations(sinst)
+
+    sonarRunner.save()
+
+    LOG.log(Level.INFO, 'SonarQube configuration complete')
+} else {
+    LOG.log(Level.INFO, "Request failed: ${rc}")
+    LOG.log(Level.INFO, generateToken.getErrorStream().getText())
+}

configuration/init.groovy.d/configure-sonarqube.groovy

@@ -0,0 +1,20 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<scriptApproval plugin="[email protected]">
+  <approvedScriptHashes/>
+  <approvedSignatures>
+    <string>staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int</string>
+    <string>staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods reverse java.lang.String</string>
+    <string>staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods minus java.lang.String</string>
+    <string>staticMethod org.codehaus.groovy.runtime.EncodingGroovyMethods decodeBase64 java.lang.String</string>
+    <string>method hudson.plugins.git.GitSCM getUserRemoteConfigs</string>
+    <string>new java.lang.String byte[]</string>
+    <string>staticMethod java.lang.System getenv java.lang.String</string>
+    <string>staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.lang.String</string>
+    <string>staticMethod org.codehaus.groovy.runtime.ProcessGroovyMethods getText java.lang.Process</string>
+  </approvedSignatures>
+  <aclApprovedSignatures/>
+  <approvedClasspathEntries/>
+  <pendingScripts/>
+  <pendingSignatures/>
+  <pendingClasspathEntries/>
+</scriptApproval>

configuration/scriptApproval.xml

@@ -0,0 +1,11 @@
+# Introduction
+
+A semi automated hack to get updated plugin list. Here's how the helper works:
+
+0. Make sure you have groovy installed, which is available as a package on most linux distros, or via [the download site](http://groovy-lang.org/download.html).
+1. Login in the jenkins you want to replicate.
+2. Post fix the jenkins url with `/pluginManager/api/json?depth=1&tree=plugins[shortName,version]` in your browser.
+3. Copy the output to a new file called `out.json` in the `helpers` dir.
+4. Run `./writePluginFileFromExistingJenkins.groovy` to construct a `plugins.txt` file to be used with the [OpenShift Jenkins S2I image](https://github.com/openshift/jenkins/blob/master/README.md#installing-using-s2i-build)
+5. Delete `out.json`
+6. Check in the new `plugins.txt`