puppet-jenkins icon indicating copy to clipboard operation
puppet-jenkins copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

Jenkins restart service doesn't support safe restart

Open v1v opened this issue 10 years ago • 2 comments

Use case: if any changes then restart jenkins but bear in mind if you restart it might stop/abort those builds which are still running.

Current configuration:

File: manifests/services.pp

  service { 'jenkins':
    ensure     => $jenkins::service_ensure,
    enable     => $jenkins::service_enable,
    hasstatus  => true,
    hasrestart => true,
  }
Suggested configuration:

File: manifests/services.pp

  file { '/var/lib/jenkins/jenkins-safe-restart.sh':
    ensure  => 'file',
    mode    => '0750',
    owner   => 'jenkins',
    group   => 'jenkins',
    content => template("${module_name}/jenkins-safe-restart.erb"),
  }

  service { 'jenkins':
    ensure     => $jenkins::service_ensure,
    enable     => $jenkins::service_enable,
    restart    => '/var/lib/jenkins/jenkins-safe-restart.sh',
    hasstatus  => true,
    hasrestart => true,
    require    => [
      File['/var/lib/jenkins/jenkins-safe-restart.sh'],
      # Package['wget'], #might need this package in order to avoid issues when running jenkins-safe-restart.sh
    ],
  }

File: templates//jenkins-safe-restart.erb

#!/bin/bash
cd /var/lib/jenkins
if [ ! -e jenkins-cli.jar ] ; then
  wget http://localhost:<%= @port %>/jnlpJars/jenkins-cli.jar
fi

java -jar jenkins-cli.jar -s http://localhost:<%= @port %> safe-restart 2> jenkins-safe-restart.stderr
Downsides:

It works as long your Administration security is not in place or you already configured with some granted privileges... or added some cli login setup via -i flag "-i ~jenkins/.ssh/jenkins_id_rsa" or so

In fact: jenkins::cli::safe-restart command might not work if those security layouts are in place AFAIK

Further details: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI (Working with Credentials section).

Let me know your thoughts

Cheers

v1v avatar Sep 04 '15 12:09 v1v

@v1v for the record, I use the feedback-needed label when I need feedback from the original submitter of an issue. This got overlooked because I assumed it was waiting for somebody to add more details in :)

Anyways, I think the idea is a reasonable one but the number of ways a process might be configured to prevent CLI access concerns me. We'll need to make the script much more bullet-proof I think to where if it cannot access the Jenkins service for whatever reason it falls back to the raw process kill/restart semantics

rtyler avatar Sep 09 '15 14:09 rtyler

It shouldn't be to difficult to implement a service provider that uses the cli to invoke safe-restart.

jhoblitt avatar Oct 02 '15 21:10 jhoblitt