From 60b8ee56debf840f0f6bee45081f23eacd7d2068 Mon Sep 17 00:00:00 2001 From: Luigi Operoso <40476330+brokenpip3@users.noreply.github.com> Date: Thu, 12 Jan 2023 17:29:30 +0100 Subject: [PATCH] fix(operator): Attempt to fix all the major issues present atm against the newest jenkins lts version (#784) * fix(seed): fix #742, workaround #698 Original fix proposal: https://github.com/jenkinsci/kubernetes-operator/issues/742#issuecomment-1304398590 * fix(install-plugin.sh): fix #758, #739 * the fix was original attempted here: https://github.com/jenkinsci/kubernetes-operator/pull/764 but was not working correctly due to 2-3 additional changes which needed to be done * removed the openshift check because the env is not mention anywhere and also the new jenkins-plugin-cli does not a specific command for openshift. Finally this does not make any sense in general, the only problem in ocp will be the user id that will be mapped to a random uid but that's another story. The command to install the plugins should remain the same across different k8s flavours. * fix(doc/test): fix /usr/bin/tini in any doc and validation * fix(jenkins): remove AdminWhitelistRule to avoid jvm stack trace, see: https://www.jenkins.io/doc/book/security/controller-isolation/jep-235/#api-compatibility * fix(seed): fix seed img built on a previous jvm, fix #761 * fix(plugin): update the base plugin to work with the newest version of jenkins:lts * fix(run): fix #778 * fix(backup): add a trap to remove the tmp dir if the tar fail, also fix: #770 * test(chart): update chart values for testing, will revert before merge * fix(configmap): leftover * fix(tests): fix seed job test * fix(e2e) * fix(e2e): helm * fix(operator): update the temporary img to reflect latests changes * Fix Helm e2e tests * add trap in case of unwanted exit and make shellcheck happy * chore(plugin): update git ver to 5.0.0 * fix(backup): always force delete the backup directory * chore(operator): update the temporary img to reflect latest changes * chore(jenkins): upgrade jenkins latest lts --- backup/pvc/bin/backup.sh | 7 +++-- backup/pvc/bin/run.sh | 3 +- chart/jenkins-operator/crds/jenkins-crd.yaml | 2 +- chart/jenkins-operator/values.yaml | 31 ++++++++++--------- config.minikube.env | 4 +-- config/crd/bases/jenkins.io_jenkins.yaml | 2 +- docs/docs/developer-guide/index.html | 4 +-- .../v0.1.x/configuration/index.html | 8 ++--- docs/docs/getting-started/v0.1.x/index.xml | 8 ++--- docs/docs/index.xml | 8 ++--- pkg/client/jenkins.go | 4 +-- .../resources/base_configuration_configmap.go | 30 +++++------------- pkg/configuration/base/resources/pod.go | 2 +- .../base/resources/scripts_configmap.go | 21 +++++-------- pkg/configuration/base/validate_test.go | 4 +-- pkg/configuration/user/seedjobs/seedjobs.go | 2 +- .../user/seedjobs/seedjobs_test.go | 2 +- pkg/plugins/base_plugins.go | 14 ++++----- test/e2e/configuration_test.go | 14 ++++----- test/e2e/jenkins_test.go | 8 ++--- test/e2e/restart_test.go | 2 +- test/e2e/test_utility.go | 10 +++--- test/e2e/wait.go | 2 +- test/helm/helm_test.go | 14 ++++----- .../content/en/docs/Developer Guide/_index.md | 2 +- .../Getting Started/v0.1.x/configuration.md | 8 ++--- 26 files changed, 99 insertions(+), 117 deletions(-) diff --git a/backup/pvc/bin/backup.sh b/backup/pvc/bin/backup.sh index c24d2ad1..ff9c9f63 100644 --- a/backup/pvc/bin/backup.sh +++ b/backup/pvc/bin/backup.sh @@ -6,6 +6,7 @@ set -eo pipefail [[ -z "${BACKUP_DIR}" ]] && echo "Required 'BACKUP_DIR' env not set" && exit 1; [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1; BACKUP_TMP_DIR=$(mktemp -d) +trap "test -d "${BACKUP_TMP_DIR}" && rm -fr "${BACKUP_TMP_DIR}"" EXIT ERR SIGINT SIGTERM backup_number=$1 echo "Running backup" @@ -14,10 +15,10 @@ echo "Running backup" # config.xml in child directores is state that should. For example- # branches/myorg/branches/myrepo/branches/master/config.xml should be retained while # branches/myorg/config.xml should not -tar -C ${JENKINS_HOME} -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* --no-wildcards-match-slash --anchored --exclude jobs/*/config.xml -c jobs && \ -mv ${BACKUP_TMP_DIR}/${backup_number}.tar.gz ${BACKUP_DIR}/${backup_number}.tar.gz +tar -C "${JENKINS_HOME}" -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* --no-wildcards-match-slash --anchored --exclude jobs/*/config.xml -c jobs && \ +mv "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" "${BACKUP_DIR}/${backup_number}.tar.gz" -rm -r ${BACKUP_TMP_DIR} +rm -rf "${BACKUP_TMP_DIR}" [[ ! -s ${BACKUP_DIR}/${backup_number}.tar.gz ]] && echo "backup file '${BACKUP_DIR}/${backup_number}.tar.gz' is empty" && exit 1; diff --git a/backup/pvc/bin/run.sh b/backup/pvc/bin/run.sh index e4649fb3..8d83d111 100644 --- a/backup/pvc/bin/run.sh +++ b/backup/pvc/bin/run.sh @@ -10,6 +10,7 @@ do sleep 10 if [[ ! -z "${BACKUP_COUNT}" ]]; then echo "Trimming to only ${BACKUP_COUNT} recent backups in preparation for new backup" - find ${BACKUP_DIR} -name '*.tar.gz' -exec basename {} \; | sort -gr | tail -n +$((BACKUP_COUNT +1)) | xargs -I '{}' rm ${BACKUP_DIR}/'{}' + #TODO: add the list of exceding backup before delete + find ${BACKUP_DIR} -maxdepth 1 -name '*.tar.gz' -exec basename {} \; | sort -gr | tail -n +$((BACKUP_COUNT +1)) | xargs -I '{}' rm ${BACKUP_DIR}/'{}' fi done diff --git a/chart/jenkins-operator/crds/jenkins-crd.yaml b/chart/jenkins-operator/crds/jenkins-crd.yaml index 0567683e..8823ac22 100644 --- a/chart/jenkins-operator/crds/jenkins-crd.yaml +++ b/chart/jenkins-operator/crds/jenkins-crd.yaml @@ -3120,7 +3120,7 @@ spec: type: array seedJobAgentImage: type: string - description: 'SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.9-1 will be used.' + description: 'SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.10-3 will be used.' seedJobs: description: 'SeedJobs defines list of Jenkins Seed Job configurations More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines' diff --git a/chart/jenkins-operator/values.yaml b/chart/jenkins-operator/values.yaml index 7d473db2..08373afb 100644 --- a/chart/jenkins-operator/values.yaml +++ b/chart/jenkins-operator/values.yaml @@ -33,7 +33,7 @@ jenkins: # image is the name (and tag) of the Jenkins instance # Default: jenkins/jenkins:lts # It's recommended to use LTS (tag: "lts") version - image: jenkins/jenkins:2.319.3-lts + image: jenkins/jenkins:2.375.2-lts # env contains jenkins container environment variables env: [] @@ -86,20 +86,21 @@ jenkins: # Example: # # basePlugins: - # - name: configuration-as-code - # version: "1346.ve8cfa_3473c94" - # - name: git - # version: 4.11.3 - # - name: job-dsl - # version: "1.78.1" # - name: kubernetes - # version: 1.31.3 - # - name: kubernetes-credentials-provider - # version: 0.20 - # - name: workflow-aggregator - # version: "2.6" + # version: 3802.vb_b_600831fcb_3 # - name: workflow-job - # version: "1145.v7f2433caa07f" + # version: 1254.v3f64639b_11dd + # - name: workflow-aggregator + # version: 590.v6a_d052e5a_a_b_5 + # - name: git + # version: 5.0.0 + # - name: job-dsl + # version: "1.81" + # - name: configuration-as-code + # version: 1569.vb_72405b_80249 + # - name: kubernetes-credentials-provider + # version: 1.208.v128ee9800c04 + basePlugins: [] # plugins are plugins required by the user @@ -125,7 +126,7 @@ jenkins: # repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git seedJobs: [] - # SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.9-1 will be used. + # SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.10-3 will be used. seedJobAgentImage: "" # Resource limit/request for Jenkins @@ -284,7 +285,7 @@ operator: replicaCount: 1 # image is the name (and tag) of the Jenkins Operator image - image: virtuslab/jenkins-operator:v0.7.1 + image: quay.io/brokenpip3/jenkins-kubernetes-operator:a86b738a # imagePullPolicy defines policy for pulling images imagePullPolicy: IfNotPresent diff --git a/config.minikube.env b/config.minikube.env index aab3d5b2..944978fc 100644 --- a/config.minikube.env +++ b/config.minikube.env @@ -1,8 +1,8 @@ KUBERNETES_PROVIDER=minikube -MINIKUBE_KUBERNETES_VERSION=v1.21.1 +MINIKUBE_KUBERNETES_VERSION=v1.24.8 MINIKUBE_DRIVER=virtualbox -MINIKUBE_VERSION=1.21.0 +MINIKUBE_VERSION=1.28.0 KUBECTL_CONTEXT=minikube JENKINS_API_HOSTNAME_COMMAND=bin/minikube ip diff --git a/config/crd/bases/jenkins.io_jenkins.yaml b/config/crd/bases/jenkins.io_jenkins.yaml index 76e1c0e7..e94f6036 100644 --- a/config/crd/bases/jenkins.io_jenkins.yaml +++ b/config/crd/bases/jenkins.io_jenkins.yaml @@ -3120,7 +3120,7 @@ spec: type: array seedJobAgentImage: type: string - description: SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.9-1 will be used. + description: SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.10-3 will be used. seedJobs: description: 'SeedJobs defines list of Jenkins Seed Job configurations More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines' diff --git a/docs/docs/developer-guide/index.html b/docs/docs/developer-guide/index.html index aee8313b..4de2275e 100644 --- a/docs/docs/developer-guide/index.html +++ b/docs/docs/developer-guide/index.html @@ -1043,7 +1043,7 @@ items: - command: - bash - -c - - /var/jenkins/scripts/init.sh && exec /sbin/tini -s -- /usr/local/bin/jenkins.sh + - /var/jenkins/scripts/init.sh && exec /usr/bin/tini -s -- /usr/local/bin/jenkins.sh env: - name: JAVA_OPTS value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap @@ -1408,4 +1408,4 @@ make deploy-webhook - \ No newline at end of file + diff --git a/docs/docs/getting-started/v0.1.x/configuration/index.html b/docs/docs/getting-started/v0.1.x/configuration/index.html index 71750b17..c43d09f6 100644 --- a/docs/docs/getting-started/v0.1.x/configuration/index.html +++ b/docs/docs/getting-started/v0.1.x/configuration/index.html @@ -1164,16 +1164,16 @@ credentials.

command:
 - bash
 - -c
-- /var/jenkins/scripts/init.sh && /sbin/tini -s -- /usr/local/bin/jenkins.sh
+- /var/jenkins/scripts/init.sh && /usr/bin/tini -s -- /usr/local/bin/jenkins.sh

The script/var/jenkins/scripts/init.sh is provided by the operator and configures init.groovy.d (creates the Jenkins user) and installs plugins. -The /sbin/tini -s -- /usr/local/bin/jenkins.sh command runs the Jenkins master main process.

+The /usr/bin/tini -s -- /usr/local/bin/jenkins.sh command runs the Jenkins master main process.

You can overwrite it in the following pattern:

command:
 - bash
 - -c
-- /var/jenkins/scripts/init.sh && <custom-code-here> && /sbin/tini -s -- /usr/local/bin/jenkins.sh
+- /var/jenkins/scripts/init.sh && <custom-code-here> && /usr/bin/tini -s -- /usr/local/bin/jenkins.sh
Last modified August 5, 2019 @@ -1220,4 +1220,4 @@ The /sbin/tini -s -- /usr/local/bin/jenkins.sh command runs the Jen - \ No newline at end of file + diff --git a/docs/docs/getting-started/v0.1.x/index.xml b/docs/docs/getting-started/v0.1.x/index.xml index 9a8ee7e8..8cc247e6 100644 --- a/docs/docs/getting-started/v0.1.x/index.xml +++ b/docs/docs/getting-started/v0.1.x/index.xml @@ -318,16 +318,16 @@ credentials.</p> <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline"> -</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div> +</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div> <p>The script<code>/var/jenkins/scripts/init.sh</code> is provided by the operator and configures init.groovy.d (creates the Jenkins user) and installs plugins. -The <code>/sbin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p> +The <code>/usr/bin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p> <p>You can overwrite it in the following pattern:</p> <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline"> -</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>&lt;custom-code-here&gt;<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div> +</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>&lt;custom-code-here&gt;<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div> @@ -2319,4 +2319,4 @@ or use the default deployment manifest:</p> - \ No newline at end of file + diff --git a/docs/docs/index.xml b/docs/docs/index.xml index ecb25d8e..9cdcd18a 100644 --- a/docs/docs/index.xml +++ b/docs/docs/index.xml @@ -3562,16 +3562,16 @@ credentials.</p> <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline"> -</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div> +</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div> <p>The script<code>/var/jenkins/scripts/init.sh</code> is provided by the operator and configures init.groovy.d (creates the Jenkins user) and installs plugins. -The <code>/sbin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p> +The <code>/usr/bin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p> <p>You can overwrite it in the following pattern:</p> <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline"> -</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>&lt;custom-code-here&gt;<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div> +</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>&lt;custom-code-here&gt;<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div> @@ -8817,4 +8817,4 @@ the restart of a Jenkins pod over and over again.</p> - \ No newline at end of file + diff --git a/pkg/client/jenkins.go b/pkg/client/jenkins.go index 49c4923e..d0738d0b 100644 --- a/pkg/client/jenkins.go +++ b/pkg/client/jenkins.go @@ -14,7 +14,7 @@ import ( var ( errorNotFound = errors.New("404") - regex = regexp.MustCompile("()(?P[a-z0-9]*)") + regex = regexp.MustCompile("()(?P[a-z0-9]*)") ) // Jenkins defines Jenkins API. @@ -159,7 +159,7 @@ func newClient(url, userName, passwordOrToken string) (Jenkins, error) { httpClient := &http.Client{ Jar: jar, - Timeout: 10 * time.Second, + Timeout: 20 * time.Second, } if len(userName) > 0 && len(passwordOrToken) > 0 { diff --git a/pkg/configuration/base/resources/base_configuration_configmap.go b/pkg/configuration/base/resources/base_configuration_configmap.go index 1e6e1983..5cf592d5 100644 --- a/pkg/configuration/base/resources/base_configuration_configmap.go +++ b/pkg/configuration/base/resources/base_configuration_configmap.go @@ -14,11 +14,10 @@ const ( basicSettingsGroovyScriptName = "1-basic-settings.groovy" enableCSRFGroovyScriptName = "2-enable-csrf.groovy" disableUsageStatsGroovyScriptName = "3-disable-usage-stats.groovy" - enableMasterAccessControlGroovyScriptName = "4-enable-master-access-control.groovy" - disableInsecureFeaturesGroovyScriptName = "5-disable-insecure-features.groovy" - configureKubernetesPluginGroovyScriptName = "6-configure-kubernetes-plugin.groovy" - configureViewsGroovyScriptName = "7-configure-views.groovy" - disableJobDslScriptApprovalGroovyScriptName = "8-disable-job-dsl-script-approval.groovy" + disableInsecureFeaturesGroovyScriptName = "4-disable-insecure-features.groovy" + configureKubernetesPluginGroovyScriptName = "5-configure-kubernetes-plugin.groovy" + configureViewsGroovyScriptName = "6-configure-views.groovy" + disableJobDslScriptApprovalGroovyScriptName = "7-disable-job-dsl-script-approval.groovy" ) const basicSettingsFmt = ` @@ -63,18 +62,6 @@ if (jenkins.isUsageStatisticsCollected()) { } ` -const enableMasterAccessControl = ` -import jenkins.security.s2m.AdminWhitelistRule -import jenkins.model.Jenkins - -// see https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control -def jenkins = Jenkins.instance -jenkins.getInjector() - .getInstance(AdminWhitelistRule.class) - .setMasterKillSwitch(false) // for real though, false equals enabled.......... -jenkins.save() -` - const disableInsecureFeatures = ` import jenkins.* import jenkins.model.* @@ -197,11 +184,10 @@ func NewBaseConfigurationConfigMap(meta metav1.ObjectMeta, jenkins *v1alpha2.Jen suffix = prefix } groovyScriptsMap := map[string]string{ - basicSettingsGroovyScriptName: fmt.Sprintf(basicSettingsFmt, constants.DefaultAmountOfExecutors), - enableCSRFGroovyScriptName: enableCSRF, - disableUsageStatsGroovyScriptName: disableUsageStats, - enableMasterAccessControlGroovyScriptName: enableMasterAccessControl, - disableInsecureFeaturesGroovyScriptName: disableInsecureFeatures, + basicSettingsGroovyScriptName: fmt.Sprintf(basicSettingsFmt, constants.DefaultAmountOfExecutors), + enableCSRFGroovyScriptName: enableCSRF, + disableUsageStatsGroovyScriptName: disableUsageStats, + disableInsecureFeaturesGroovyScriptName: disableInsecureFeatures, configureKubernetesPluginGroovyScriptName: fmt.Sprintf(configureKubernetesPluginFmt, clusterDomain, jenkins.ObjectMeta.Namespace, diff --git a/pkg/configuration/base/resources/pod.go b/pkg/configuration/base/resources/pod.go index 89c50742..1a294971 100644 --- a/pkg/configuration/base/resources/pod.go +++ b/pkg/configuration/base/resources/pod.go @@ -53,7 +53,7 @@ func GetJenkinsMasterContainerBaseCommand() []string { return []string{ "bash", "-c", - fmt.Sprintf("%s/%s && exec /sbin/tini -s -- /usr/local/bin/jenkins.sh", + fmt.Sprintf("%s/%s && exec /usr/bin/tini -s -- /usr/local/bin/jenkins.sh", JenkinsScriptsVolumePath, InitScriptName), } } diff --git a/pkg/configuration/base/resources/scripts_configmap.go b/pkg/configuration/base/resources/scripts_configmap.go index ef2bc3b6..e22bb08c 100644 --- a/pkg/configuration/base/resources/scripts_configmap.go +++ b/pkg/configuration/base/resources/scripts_configmap.go @@ -12,7 +12,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -const installPluginsCommand = "install-plugins.sh" +const installPluginsCommand = "jenkins-plugin-cli" // bash scripts installs single jenkins plugin with specific version const installPluginsBashScript = `#!/bin/bash -eu @@ -341,30 +341,23 @@ chmod +x {{ .JenkinsHomePath }}/scripts/*.sh {{- $installPluginsCommand := .InstallPluginsCommand }} echo "Installing plugins required by Operator - begin" -cat > {{ .JenkinsHomePath }}/base-plugins << EOF +cat > {{ .JenkinsHomePath }}/base-plugins.txt << EOF {{ range $index, $plugin := .BasePlugins }} {{ $plugin.Name }}:{{ $plugin.Version }}{{if $plugin.DownloadURL}}:{{ $plugin.DownloadURL }}{{end}} {{ end }} EOF -if [[ -z "${OPENSHIFT_JENKINS_IMAGE_VERSION}" ]]; then - {{ $installPluginsCommand }} < {{ .JenkinsHomePath }}/base-plugins -else - {{ $installPluginsCommand }} {{ .JenkinsHomePath }}/base-plugins -fi +{{ $installPluginsCommand }} --verbose -f {{ .JenkinsHomePath }}/base-plugins.txt echo "Installing plugins required by Operator - end" echo "Installing plugins required by user - begin" -cat > {{ .JenkinsHomePath }}/user-plugins << EOF +cat > {{ .JenkinsHomePath }}/user-plugins.txt << EOF {{ range $index, $plugin := .UserPlugins }} {{ $plugin.Name }}:{{ $plugin.Version }}{{if $plugin.DownloadURL}}:{{ $plugin.DownloadURL }}{{end}} {{ end }} EOF -if [[ -z "${OPENSHIFT_JENKINS_IMAGE_VERSION}" ]]; then - {{ $installPluginsCommand }} < {{ .JenkinsHomePath }}/user-plugins -else - {{ $installPluginsCommand }} {{ .JenkinsHomePath }}/user-plugins -fi + +{{ $installPluginsCommand }} --verbose -f {{ .JenkinsHomePath }}/user-plugins.txt echo "Installing plugins required by user - end" `)) @@ -388,7 +381,7 @@ func buildInitBashScript(jenkins *v1alpha2.Jenkins) (*string, error) { InitConfigurationPath: jenkinsInitConfigurationVolumePath, BasePlugins: jenkins.Spec.Master.BasePlugins, UserPlugins: jenkins.Spec.Master.Plugins, - InstallPluginsCommand: JenkinsScriptsVolumePath + "/" + installPluginsCommand, + InstallPluginsCommand: installPluginsCommand, JenkinsScriptsVolumePath: JenkinsScriptsVolumePath, } diff --git a/pkg/configuration/base/validate_test.go b/pkg/configuration/base/validate_test.go index 70f1db0f..ad4d7c63 100644 --- a/pkg/configuration/base/validate_test.go +++ b/pkg/configuration/base/validate_test.go @@ -905,7 +905,7 @@ func TestValidateJenkinsMasterContainerCommand(t *testing.T) { Command: []string{ "bash", "-c", - fmt.Sprintf("%s/%s && my-extra-command.sh && exec /sbin/tini -s -- /usr/local/bin/jenkins.sh", + fmt.Sprintf("%s/%s && my-extra-command.sh && exec /usr/bin/tini -s -- /usr/local/bin/jenkins.sh", resources.JenkinsScriptsVolumePath, resources.InitScriptName), }, }, @@ -929,7 +929,7 @@ func TestValidateJenkinsMasterContainerCommand(t *testing.T) { Command: []string{ "bash", "-c", - fmt.Sprintf("%s/%s && my-extra-command.sh && /sbin/tini -s -- /usr/local/bin/jenkins.sh", + fmt.Sprintf("%s/%s && my-extra-command.sh && /usr/bin/tini -s -- /usr/local/bin/jenkins.sh", resources.JenkinsScriptsVolumePath, resources.InitScriptName), }, }, diff --git a/pkg/configuration/user/seedjobs/seedjobs.go b/pkg/configuration/user/seedjobs/seedjobs.go index 912bf8ea..5d7fa5c6 100644 --- a/pkg/configuration/user/seedjobs/seedjobs.go +++ b/pkg/configuration/user/seedjobs/seedjobs.go @@ -46,7 +46,7 @@ const ( AgentName = "seed-job-agent" // DefaultAgentImage is the default image used for the seed-job agent - defaultAgentImage = "jenkins/inbound-agent:4.9-1" + defaultAgentImage = "jenkins/inbound-agent:4.10-3" creatingGroovyScriptName = "seed-job-groovy-script.groovy" diff --git a/pkg/configuration/user/seedjobs/seedjobs_test.go b/pkg/configuration/user/seedjobs/seedjobs_test.go index 3cf06229..6e29b82f 100644 --- a/pkg/configuration/user/seedjobs/seedjobs_test.go +++ b/pkg/configuration/user/seedjobs/seedjobs_test.go @@ -113,7 +113,7 @@ func TestEnsureSeedJobs(t *testing.T) { var agentDeployment appsv1.Deployment err = fakeClient.Get(ctx, types.NamespacedName{Namespace: jenkins.Namespace, Name: agentDeploymentName(*jenkins, AgentName)}, &agentDeployment) assert.NoError(t, err) - assert.Equal(t, "jenkins/inbound-agent:4.9-1", agentDeployment.Spec.Template.Spec.Containers[0].Image) + assert.Equal(t, "jenkins/inbound-agent:4.10-3", agentDeployment.Spec.Template.Spec.Containers[0].Image) }) t.Run("delete agent deployment when no seed jobs", func(t *testing.T) { diff --git a/pkg/plugins/base_plugins.go b/pkg/plugins/base_plugins.go index 880a6074..9eb10998 100644 --- a/pkg/plugins/base_plugins.go +++ b/pkg/plugins/base_plugins.go @@ -1,13 +1,13 @@ package plugins const ( - configurationAsCodePlugin = "configuration-as-code:1346.ve8cfa_3473c94" - gitPlugin = "git:4.11.3" - jobDslPlugin = "job-dsl:1.78.1" - kubernetesPlugin = "kubernetes:1.31.3" - kubernetesCredentialsProviderPlugin = "kubernetes-credentials-provider:0.20" - workflowAggregatorPlugin = "workflow-aggregator:2.6" - workflowJobPlugin = "workflow-job:1145.v7f2433caa07f" + configurationAsCodePlugin = "configuration-as-code:1569.vb_72405b_80249" + gitPlugin = "git:5.0.0" + jobDslPlugin = "job-dsl:1.81" + kubernetesPlugin = "kubernetes:3802.vb_b_600831fcb_3" + kubernetesCredentialsProviderPlugin = "kubernetes-credentials-provider:1.208.v128ee9800c04" + workflowAggregatorPlugin = "workflow-aggregator:590.v6a_d052e5a_a_b_5" + workflowJobPlugin = "workflow-job:1254.v3f64639b_11dd" ) // basePluginsList contains plugins to install by operator. diff --git a/test/e2e/configuration_test.go b/test/e2e/configuration_test.go index 87b5943a..075735bc 100644 --- a/test/e2e/configuration_test.go +++ b/test/e2e/configuration_test.go @@ -24,13 +24,13 @@ import ( const e2e = "e2e" var expectedBasePluginsList = []plugins.Plugin{ - plugins.Must(plugins.New("configuration-as-code:1346.ve8cfa_3473c94")), - plugins.Must(plugins.New("git:4.11.3")), - plugins.Must(plugins.New("kubernetes:1.31.3")), - plugins.Must(plugins.New("kubernetes-credentials-provider:0.20")), - plugins.Must(plugins.New("job-dsl:1.78.1")), - plugins.Must(plugins.New("workflow-aggregator:2.6")), - plugins.Must(plugins.New("workflow-job:1145.v7f2433caa07f")), + plugins.Must(plugins.New("configuration-as-code:1569.vb_72405b_80249")), + plugins.Must(plugins.New("git:5.0.0")), + plugins.Must(plugins.New("kubernetes:3802.vb_b_600831fcb_3")), + plugins.Must(plugins.New("kubernetes-credentials-provider:1.208.v128ee9800c04")), + plugins.Must(plugins.New("job-dsl:1.81")), + plugins.Must(plugins.New("workflow-aggregator:590.v6a_d052e5a_a_b_5")), + plugins.Must(plugins.New("workflow-job:1254.v3f64639b_11dd")), } func createUserConfigurationSecret(namespace string, stringData map[string]string) { diff --git a/test/e2e/jenkins_test.go b/test/e2e/jenkins_test.go index 4d461b56..003bd9fb 100644 --- a/test/e2e/jenkins_test.go +++ b/test/e2e/jenkins_test.go @@ -125,10 +125,10 @@ func createJenkinsCRSafeRestart(name, namespace string, seedJob *[]v1alpha2.Seed }, }, Plugins: []v1alpha2.Plugin{ - {Name: "audit-trail", Version: "3.7"}, - {Name: "simple-theme-plugin", Version: "0.6"}, - {Name: "github", Version: "1.32.0"}, - {Name: "devoptics", Version: "1.1934", DownloadURL: "https://jenkins-updates.cloudbees.com/download/plugins/devoptics/1.1934/devoptics.hpi"}, + {Name: "audit-trail", Version: "3.11"}, + {Name: "simple-theme-plugin", Version: "136.v23a_15f86c53d"}, + {Name: "github", Version: "1.36.0"}, + {Name: "devoptics", Version: "1.1973", DownloadURL: "https://jenkins-updates.cloudbees.com/download/plugins/devoptics/1.1973/devoptics.hpi"}, }, PriorityClassName: priorityClassName, NodeSelector: map[string]string{"kubernetes.io/os": "linux"}, diff --git a/test/e2e/restart_test.go b/test/e2e/restart_test.go index d666d917..20fe50f9 100644 --- a/test/e2e/restart_test.go +++ b/test/e2e/restart_test.go @@ -21,7 +21,7 @@ func configureAuthorizationToUnSecure(namespace, configMapName string) { Namespace: namespace, }, Data: map[string]string{ - "set-unsecured-authorization.groovy": ` + "8-set-unsecured-authorization.groovy": ` import hudson.security.* def jenkins = jenkins.model.Jenkins.getInstance() diff --git a/test/e2e/test_utility.go b/test/e2e/test_utility.go index 846a25f9..76311647 100644 --- a/test/e2e/test_utility.go +++ b/test/e2e/test_utility.go @@ -21,7 +21,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/envtest" ) -const JenkinsTestImage = "jenkins/jenkins:2.319.3-lts" +const JenkinsTestImage = "jenkins/jenkins:2.375.2-lts" var ( Cfg *rest.Config @@ -147,10 +147,10 @@ func RenderJenkinsCR(name, namespace string, seedJob *[]v1alpha2.SeedJob, groovy }, }, Plugins: []v1alpha2.Plugin{ - {Name: "audit-trail", Version: "3.10"}, - {Name: "simple-theme-plugin", Version: "0.7"}, - {Name: "github", Version: "1.34.1"}, - {Name: "devoptics", Version: "1.1934", DownloadURL: "https://jenkins-updates.cloudbees.com/download/plugins/devoptics/1.1934/devoptics.hpi"}, + {Name: "audit-trail", Version: "3.11"}, + {Name: "simple-theme-plugin", Version: "136.v23a_15f86c53d"}, + {Name: "github", Version: "1.36.0"}, + {Name: "devoptics", Version: "1.1973", DownloadURL: "https://jenkins-updates.cloudbees.com/download/plugins/devoptics/1.1973/devoptics.hpi"}, }, PriorityClassName: priorityClassName, NodeSelector: map[string]string{"kubernetes.io/os": "linux"}, diff --git a/test/e2e/wait.go b/test/e2e/wait.go index d5495ff3..b90ce045 100644 --- a/test/e2e/wait.go +++ b/test/e2e/wait.go @@ -93,5 +93,5 @@ func waitForJenkinsSafeRestart(jenkinsClient jenkinsclient.Jenkins) { return false, err } return true, nil - }, time.Second*200, time.Second*5).Should(gomega.BeTrue()) + }, time.Duration(170)*retryInterval, retryInterval).Should(gomega.BeTrue()) } diff --git a/test/helm/helm_test.go b/test/helm/helm_test.go index e6d455b0..b72303cb 100644 --- a/test/helm/helm_test.go +++ b/test/helm/helm_test.go @@ -47,7 +47,7 @@ var _ = Describe("Jenkins Controller", func() { cmd := exec.Command("../../bin/helm", "upgrade", "jenkins", "../../chart/jenkins-operator", "--namespace", namespace.Name, "--debug", "--set-string", fmt.Sprintf("jenkins.namespace=%s", namespace.Name), - "--set-string", fmt.Sprintf("jenkins.image=%s", "jenkins/jenkins:2.319.3-lts"), + "--set-string", fmt.Sprintf("jenkins.image=%s", "jenkins/jenkins:2.375.2-lts"), "--set-string", fmt.Sprintf("operator.image=%s", *imageName), "--install") output, err := cmd.CombinedOutput() Expect(err).NotTo(HaveOccurred(), string(output)) @@ -75,15 +75,15 @@ var _ = Describe("Jenkins Controller with security validator", func() { }, } invalidPlugins = []v1alpha2.Plugin{ - {Name: "simple-theme-plugin", Version: "0.6"}, - {Name: "audit-trail", Version: "3.5"}, - {Name: "github", Version: "1.29.0"}, - } - validPlugins = []v1alpha2.Plugin{ {Name: "simple-theme-plugin", Version: "0.6"}, {Name: "audit-trail", Version: "3.8"}, {Name: "github", Version: "1.31.0"}, } + validPlugins = []v1alpha2.Plugin{ + {Name: "simple-theme-plugin", Version: "136.v23a_15f86c53d"}, + {Name: "audit-trail", Version: "3.11"}, + {Name: "github", Version: "1.36.0"}, + } ) BeforeEach(func() { @@ -117,7 +117,7 @@ var _ = Describe("Jenkins Controller with security validator", func() { jenkins := e2e.RenderJenkinsCR(jenkinsCRName, namespace.Name, seedJobs, groovyScripts, casc, "") jenkins.Spec.Master.Plugins = invalidPlugins jenkins.Spec.ValidateSecurityWarnings = true - Expect(e2e.K8sClient.Create(context.TODO(), jenkins)).Should(MatchError("admission webhook \"vjenkins.kb.io\" denied the request: security vulnerabilities detected in the following user-defined plugins: \naudit-trail:3.5\ngithub:1.29.0")) + Expect(e2e.K8sClient.Create(context.TODO(), jenkins)).Should(MatchError("admission webhook \"vjenkins.kb.io\" denied the request: security vulnerabilities detected in the following user-defined plugins: \ngithub:1.31.0")) }) }) Context("When Jenkins CR doesn't contain plugins with security warnings", func() { diff --git a/website/content/en/docs/Developer Guide/_index.md b/website/content/en/docs/Developer Guide/_index.md index 6dbaf228..92202f0c 100644 --- a/website/content/en/docs/Developer Guide/_index.md +++ b/website/content/en/docs/Developer Guide/_index.md @@ -132,7 +132,7 @@ items: - command: - bash - -c - - /var/jenkins/scripts/init.sh && exec /sbin/tini -s -- /usr/local/bin/jenkins.sh + - /var/jenkins/scripts/init.sh && exec /usr/bin/tini -s -- /usr/local/bin/jenkins.sh env: - name: JAVA_OPTS value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap diff --git a/website/content/en/docs/Getting Started/v0.1.x/configuration.md b/website/content/en/docs/Getting Started/v0.1.x/configuration.md index 90e6007e..3054e2e2 100644 --- a/website/content/en/docs/Getting Started/v0.1.x/configuration.md +++ b/website/content/en/docs/Getting Started/v0.1.x/configuration.md @@ -274,12 +274,12 @@ The default command for the Jenkins master container `jenkins/jenkins:lts` looks command: - bash - -c -- /var/jenkins/scripts/init.sh && /sbin/tini -s -- /usr/local/bin/jenkins.sh +- /var/jenkins/scripts/init.sh && /usr/bin/tini -s -- /usr/local/bin/jenkins.sh ``` The script`/var/jenkins/scripts/init.sh` is provided by the operator and configures init.groovy.d (creates the Jenkins user) and installs plugins. -The `/sbin/tini -s -- /usr/local/bin/jenkins.sh` command runs the Jenkins master main process. +The `/usr/bin/tini -s -- /usr/local/bin/jenkins.sh` command runs the Jenkins master main process. You can overwrite it in the following pattern: @@ -287,8 +287,8 @@ You can overwrite it in the following pattern: command: - bash - -c -- /var/jenkins/scripts/init.sh && && /sbin/tini -s -- /usr/local/bin/jenkins.sh +- /var/jenkins/scripts/init.sh && && /usr/bin/tini -s -- /usr/local/bin/jenkins.sh ``` [job-dsl]:https://github.com/jenkinsci/job-dsl-plugin -[kubernetes-credentials-provider]:https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ \ No newline at end of file +[kubernetes-credentials-provider]:https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/