Add 101-jenkins quickstart template script & 'Jenkins On Azure' landi…

…ng page + updated install_jenkins to also add the reverse proxy

README.md

@@ -12,7 +12,8 @@ This repository contains utility scripts to run/configure DevOp systems in Azure
  * [unsecure-jenkins-instance.sh](jenkins/unsecure-jenkins-instance.sh): Disables the security of a Jenkins instance.
  * [Jenkins-Windows-Init-Script.ps1](powershell/Jenkins-Windows-Init-Script.ps1): Sample script on how to setup your Windows Azure Jenkins Agent to communicate through JNLP with the Jenkins master.
  * [Migrate-Image-From-Classic.ps1](powershell/Migrate-Image-From-Classic.ps1): Migrates an image from the classic image model to the new Azure Resource Manager model.
- * [install_jenkins.sh](jenkins/install_jenkins.sh): Simple script to install Jenkins on a Linux VM.
+ * [install_jenkins.sh](jenkins/install_jenkins.sh): Bash script that installs Jenkins on a Linux VM and exposes it to the public through port 80 (login and cli are disabled).
+ * [install-plugins.sh](jenkins/install-plugins.sh): Script that installs Jenkins plugins on a given instance.
 * Spinnaker
  * [add_k8s_pipeline.sh](spinnaker/add_k8s_pipeline/): Adds a Kubernetes pipeline with three main stages:
  1. Deploy to a development environment

jenkins/README.md

@@ -28,7 +28,10 @@ For more informations see the [Jenkins documentation](https://jenkins.io/doc/boo
 
 ## Install Jenkins
 > [install_jenkins.sh](install_jenkins.sh)
+Bash script that installs Jenkins on a Linux VM and exposes it to the public through port 80 (login and cli are disabled).
 
-Bash script that installs Jenkins.
+## Install Jenkins plugins
+> [install-plugins.sh](install-plugins.sh)
+Bash script that installs Jenkins plugins on a given instance.
 
 ## Questions/Comments? [email protected]

jenkins/install-plugins.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+
+function print_usage() {
+ cat <<EOF
+Command
+ $0
+Arguments
+ --jenkins_url|-j [Required]: Jenkins URL
+ --jenkins_user_name|-ju [Required]: Jenkins user name
+ --plugins|-p [Required]: Comma separated list of plugins to install
+ --jenkins_password|-jp : Jenkins password. If not specified and the user name is "admin", the initialAdminPassword will be used
+EOF
+}
+
+function throw_if_empty() {
+ local name="$1"
+ local value="$2"
+ if [ -z "$value" ]; then
+ echo "Parameter '$name' cannot be empty." 1>&2
+ print_usage
+ exit -1
+ fi
+}
+
+#set defaults
+artifacts_location="https://raw.githubusercontent.com/Azure/azure-devops-utils/master/"
+
+
+while [[ $# > 0 ]]
+do
+ key="$1"
+ shift
+ case $key in
+ --jenkins_url|-j)
+ jenkins_url="$1"
+ shift
+ ;;
+ --jenkins_user_name|-ju)
+ jenkins_user_name="$1"
+ shift
+ ;;
+ --jenkins_password|-jp)
+ jenkins_password="$1"
+ shift
+ ;;
+ --plugins|-p)
+ plugins="$1"
+ shift
+ ;;
+ --help|-help|-h)
+ print_usage
+ exit 13
+ ;;
+ *)
+ echo "ERROR: Unknown argument '$key' to script '$0'" 1>&2
+ exit -1
+ esac
+done
+
+throw_if_empty --jenkins_url $jenkins_url
+throw_if_empty --jenkins_user_name $jenkins_user_name
+throw_if_empty --plugins $plugins
+
+if [ "$jenkins_user_name" != "admin" ]; then
+ throw_if_empty --jenkins_password $jenkins_password
+fi
+
+function retry_until_successful {
+ counter=0
+ "${@}"
+ while [ $? -ne 0 ]; do
+ if [[ "$counter" -gt 20 ]]; then
+ exit 1
+ else
+ let counter++
+ fi
+ sleep 5
+ "${@}"
+ done;
+}
+
+#download jenkins cli (wait for Jenkins to be online)
+retry_until_successful wget ${jenkins_url}/jnlpJars/jenkins-cli.jar -O jenkins-cli.jar
+
+if [ -z "$jenkins_password" ]; then
+ # NOTE: Intentionally setting this after the first retry_until_successful to ensure the initialAdminPassword file exists
+ jenkins_password=`sudo cat /var/lib/jenkins/secrets/initialAdminPassword`
+fi
+
+#install the required plugins
+pluginsArray=(${plugins//,/ })
+for plugin_name in "${pluginsArray[@]}"; do
+ retry_until_successful java -jar jenkins-cli.jar -s ${jenkins_url} install-plugin "${plugin_name}" -deploy --username "${jenkins_user_name}" --password "${jenkins_password}"
+done

jenkins/install_jenkins.sh

@@ -1,7 +1,162 @@
 #!/bin/bash
+function print_usage() {
+ cat <<EOF
+Installs Jenkins and exposes it to the public through port 80 (login and cli are disabled)
+Command
+ $0
+Arguments
+ --jenkins_fqdn|-jf [Required] : Jenkins FQDN
+ --artifacts_location|-al : Url used to reference other scripts/artifacts.
+ --sas_token|-st : A sas token needed if the artifacts location is private.
+EOF
+}
+
+function throw_if_empty() {
+ local name="$1"
+ local value="$2"
+ if [ -z "$value" ]; then
+ echo "Parameter '$name' cannot be empty." 1>&2
+ print_usage
+ exit -1
+ fi
+}
+
+#defaults
+artifacts_location="https://raw.githubusercontent.com/Azure/azure-devops-utils/master/"
+azure_web_page_location="/usr/share/nginx/azure"
+
+while [[ $# > 0 ]]
+do
+ key="$1"
+ shift
+ case $key in
+ --jenkins_fqdn|-jf)
+ jenkins_fqdn="$1"
+ shift
+ ;;
+ --artifacts_location|-al)
+ artifacts_location="$1"
+ shift
+ ;;
+ --sas_token|-st)
+ artifacts_location_sas_token="$1"
+ shift
+ ;;
+ --help|-help|-h)
+ print_usage
+ exit 13
+ ;;
+ *)
+ echo "ERROR: Unknown argument '$key' to script '$0'" 1>&2
+ exit -1
+ esac
+done
+
+throw_if_empty --jenkins_fqdn $jenkins_fqdn
+
+jenkins_auth_matrix_conf=$(cat <<EOF
+<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:authenticated</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:authenticated</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:authenticated</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:authenticated</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:authenticated</permission>
+ <permission>hudson.model.Computer.Build:authenticated</permission>
+ <permission>hudson.model.Computer.Configure:authenticated</permission>
+ <permission>hudson.model.Computer.Connect:authenticated</permission>
+ <permission>hudson.model.Computer.Create:authenticated</permission>
+ <permission>hudson.model.Computer.Delete:authenticated</permission>
+ <permission>hudson.model.Computer.Disconnect:authenticated</permission>
+ <permission>hudson.model.Hudson.Administer:authenticated</permission>
+ <permission>hudson.model.Hudson.ConfigureUpdateCenter:authenticated</permission>
+ <permission>hudson.model.Hudson.Read:authenticated</permission>
+ <permission>hudson.model.Hudson.RunScripts:authenticated</permission>
+ <permission>hudson.model.Hudson.UploadPlugins:authenticated</permission>
+ <permission>hudson.model.Item.Build:authenticated</permission>
+ <permission>hudson.model.Item.Cancel:authenticated</permission>
+ <permission>hudson.model.Item.Configure:authenticated</permission>
+ <permission>hudson.model.Item.Create:authenticated</permission>
+ <permission>hudson.model.Item.Delete:authenticated</permission>
+ <permission>hudson.model.Item.Discover:authenticated</permission>
+ <permission>hudson.model.Item.Move:authenticated</permission>
+ <permission>hudson.model.Item.Read:authenticated</permission>
+ <permission>hudson.model.Item.Workspace:authenticated</permission>
+ <permission>hudson.model.Run.Delete:authenticated</permission>
+ <permission>hudson.model.Run.Replay:authenticated</permission>
+ <permission>hudson.model.Run.Update:authenticated</permission>
+ <permission>hudson.model.View.Configure:authenticated</permission>
+ <permission>hudson.model.View.Create:authenticated</permission>
+ <permission>hudson.model.View.Delete:authenticated</permission>
+ <permission>hudson.model.View.Read:authenticated</permission>
+ <permission>hudson.scm.SCM.Tag:authenticated</permission>
+ <permission>hudson.model.Hudson.Read:anonymous</permission>
+ <permission>hudson.model.Item.Discover:anonymous</permission>
+ <permission>hudson.model.Item.Read:anonymous</permission>
+</authorizationStrategy>
+EOF
+)
+
+nginx_reverse_proxy_conf=$(cat <<EOF
+server {
+ listen 80;
+ server_name ${jenkins_fqdn};
+ error_page 403 /jenkins-on-azure;
+ location / {
+ proxy_set_header Host \$host:\$server_port;
+ proxy_set_header X-Real-IP \$remote_addr;
+ proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto \$scheme;
+
+
+ # Fix the “It appears that your reverse proxy set up is broken" error.
+ proxy_pass http://localhost:8080;
+ proxy_redirect http://localhost:8080 http://${jenkins_fqdn};
+ proxy_read_timeout 90;
+ }
+ location /cli {
+ rewrite ^ /jenkins-on-azure permanent;
+ }
+
+ location ~ /login* {
+ rewrite ^ /jenkins-on-azure permanent;
+ }
+ location /jenkins-on-azure {
+ alias ${azure_web_page_location};
+ }
+}
+EOF
+)
+
+#install jenkins
 
 wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | sudo apt-key add -
 sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
 sudo apt-get update --yes
 sudo apt-get install jenkins --yes
-sudo apt-get install jenkins --yes # sometime the first apt-get install jenkins command fails, so we try it twice
+sudo apt-get install jenkins --yes # sometime the first apt-get install jenkins command fails, so we try it twice
+
+#We need to install workflow-aggregator so all the options in the auth matrix are valid
+curl --silent "${artifacts_location}/jenkins/install-plugins.sh${artifacts_location_sas_token}" | sudo bash -s -- -j "http://localhost:8080/" -ju "admin" -p "azure-vm-agents,windows-azure-storage,matrix-auth,workflow-aggregator"
+
+#allow anonymous read access
+inter_jenkins_config=$(sed -zr -e"s|<authorizationStrategy.*</authorizationStrategy>|{auth-strategy-token}|" /var/lib/jenkins/config.xml)
+final_jenkins_config=${inter_jenkins_config//'{auth-strategy-token}'/${jenkins_auth_matrix_conf}}
+echo "${final_jenkins_config}" | sudo tee /var/lib/jenkins/config.xml > /dev/null
+
+#restart jenkins
+sudo service jenkins restart
+
+#install nginx
+sudo apt-get install nginx --yes
+
+#configure nginx
+echo "${nginx_reverse_proxy_conf}" | sudo tee /etc/nginx/sites-enabled/default > /dev/null
+
+#don't show version in headers
+sudo sed -i "s|.*server_tokens.*|server_tokens off;|" /etc/nginx/nginx.conf
+
+#install jenkins-on-azure web page
+curl --silent "${artifacts_location}/jenkins/jenkins-on-azure/install-web-page.sh${artifacts_location_sas_token}" | sudo bash -s -- -u "${jenkins_fqdn}" -l "${azure_web_page_location}" -al "${artifacts_location}" -st "${artifacts_location_sas_token}"
+
+#restart nginx
+sudo service nginx restart