PLC/vPLC>> jenkins_config_as_code>> 返回
项目作者: kenych

项目描述 :
jenkins config as code, poc
高级语言: Groovy
项目地址: git://github.com/kenych/jenkins_config_as_code.git
创建时间: 2018-03-17T23:37:06Z
项目社区:https://github.com/kenych/jenkins_config_as_code
开源协议:
下载


Advanced Jenkins config as code setup with 4 steps

Creating Jenkins configation as code and applying changes without downtime with Groovy, Java, Docker and Jenkins job.

POC:
1) Being able to update any Jenkins master or slave immediately - no new image, no redeploy, no downtime
2) No manual changes through UI - everything is kept as a code, and as a result:
3) Jenkins current state and state of image + config is kept in sync
4) Any change could be tested immediatelly without vicious cycle: create a new image, deploy, test, and if fails - repeat!
5) Creating a configuration that could be applied for specific environment only(prod vs test/dev Jenkins), with inheritence of common config and custom per jenkins config

Step 1: Write groovy to interact with Java API

  1. import hudson.model.*
  2. import jenkins.model.*
  3. import com.cloudbees.plugins.credentials.CredentialsScope
  4. import com.cloudbees.plugins.credentials.domains.Domain
  5. import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl
  7. def domain = Domain.global()
  8. def store = Jenkins.instance.getExtensionList('com.cloudbees.plugins.credentials.SystemCredentialsProvider')[0].getStore()
  10. def instance = System.getenv("JENKINS_INSTANCE_NAME").replaceAll('-','_')
  12. ConfigObject conf = new ConfigSlurper().parse(new File(System.getenv("JENKINS_HOME")+'/jenkins_config/credentials.txt').text)
  14. conf.common_credentials.each { key, credentials ->
  15.     println("Adding common credential ${key}")
  16.     store.addCredentials(domain, new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, key, credentials.description, credentials.username, credentials.password))
  17. }
  20. conf."${instance}_credentials".each { key, credentials ->
  21.     println("Adding ${instance} credential ${key}")
  22.     store.addCredentials(domain, new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, key, credentials.description, credentials.username, credentials.password))
  23. }
  25. println("Successfully configured credentials")

Step 2: Create config for the script

  1. common_credentials {
  3.     exclude{
  4.         tyrion-jenkins
  5.     }
  7.     data{
  8.         jenkins_service_user = [
  9.              username: 'jenkins_service_user',
  10.              password: '{{with $secret := secret "secret/jenkins/jenkins_service_user" }}{{ $secret.Data.value }}{{end}}',
  11.              description :'for automated jenkins jobs'
  12.          ]
  14.          slack = [
  15.              username: '{{with $secret := secret "secret/slack/user" }}{{ $secret.Data.value }}{{end}}',
  16.              password: '{{with $secret := secret "secret/slack/pass" }}{{ $secret.Data.value }}{{end}}',
  17.              description: 'slack credentials'
  18.          ]
  19.     }
  21. }
  23. custom_credentials  {
  25.     include{
  26.         john-snow-jenkins
  27.         arya-jenkins
  28.         sansa-jenkins
  29.     }
  31.     data{
  32.         artifactory = [
  33.                 username: 'arti',
  34.                 password: '{{with $secret := secret "secret/jenkins/artifactory" }}{{ $secret.Data.artifactory_password }}{{end}}',
  35.                 description: 'Artifactory credentials'
  36.         ]
  38.     }
  40. }
  42. tyrion-jenkins_credentials  {
  44.     data{
  45.        nexus=[
  46.                 'username':'deployment',
  47.                 'password':'{{with $secret := secret "secret/jenkins/nexus" }}{{ $secret.Data.nexus_password }}{{end}}',
  48.                 'description':'Nexus credentials'
  49.         ]
  51.     }
  53. }

Step 3: Checkout config and script and inject secrets and other variables with consul-template in container:

  1. #!/usr/bin/env bash
  3. git clone ssh://git@your_scm_here/jenkins_config_as_code.git ${JENKINS_HOME}/jenkins_config
  4. mv ${JENKINS_HOME}/jenkins_config/*.groovy ${JENKINS_HOME}/init.groovy.d/
  6. consul-template \
  7.   -consul-addr "$CONSUL_ADDR" \
  8.   -vault-addr "$VAULT_ADDR" \
  9.   -config "jenkins_config.hcl" \
  10.   -once

Step 4: Update continuously with Jenkins job without downtime

  1. node {
  2.     stage('checkout') {
  4.         sh '''
  6.             git clone ssh://git@your_scm_here/jenkins_config_as_code.git ${JENKINS_HOME}/jenkins_config
  7.             mv ${JENKINS_HOME}/jenkins_config/*.groovy ${JENKINS_HOME}/init.groovy.d/
  9.         '''
  10.     }
  12.     stage('run consul template'){
  13.         sh '''
  14.             consul-template \
  15.               -consul-addr "$CONSUL_ADDR" \
  16.               -vault-addr "$VAULT_ADDR" \
  17.               -config "jenkins_config.hcl" \
  18.               -once        
  19.         '''
  20.     }
  22.     stage('update credentials') {
  23.         load("/var/jenkins_home/init.groovy.d/credentials.groovy")
  24.     }
  26.     stage('update k8s') {
  27.         load("/var/jenkins_home/init.groovy.d/kubernetes.groovy")
  28.     }
  30. }