doc: updated changes due to permission restriction
Signed-off-by: Marc Mattmüller <marc.mattmueller@netmodule.com>
This commit is contained in:
Marc Mattmüller
parent
3e52ea97ed
commit
dd0c8c871c
|
|
@ -459,18 +459,126 @@ Let's create the new instance and bring it up:
|
||||||
+-----------+----------------------------+-------+---------+--------+----------+------------+----------+------------------+--------------+---------+
|
+-----------+----------------------------+-------+---------+--------+----------+------------+----------+------------------+--------------+---------+
|
||||||
|
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
The setup above ran for about a week and today when I entered Jenkins with the browser I got an error page with the
|
||||||
|
error ``An LDAP connection URL must be supplied``. I have no clue why it worked the week before.
|
||||||
|
So far I did not get support from the Guardians regarding LDAP and this password story. Thus I needed to help myself
|
||||||
|
somehow...
|
||||||
|
|
||||||
|
I entered the running Jenkins docker with ``docker exec -it 0eb450fc827a /bin/bash`` and I verified the config.xml
|
||||||
|
of Jenkins (*/var/jenkins_home/config.xml*). Inthere I saw that the server config was empty, hence I added
|
||||||
|
*ldaps://denec1adc003p.gad.local:3269* to this config item and stopped Jenkins with
|
||||||
|
``./manage.sh --name=nwl_0_1_1 stop``, checking if no container is running anymore and started it again with
|
||||||
|
``./manage.sh --name=nwl_0_1_1 start``.
|
||||||
|
|
||||||
|
Now Jenkins is back but without the rights to build a job...
|
||||||
|
|
||||||
|
|
||||||
|
Needed Security Adaptions
|
||||||
|
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
In the note before you read about the issue of LDAP and read-only permissions. I got the information that the IT did
|
||||||
|
some work in the Active Directories. Currently Belden and NetModule users are still not in the same directory. Hence the
|
||||||
|
password for LDAP as mentioned above would not solve my issue. I needed some trials to find the right way but finally it
|
||||||
|
worked to bring the job back so that an anonymous user can build and configure the job. The following steps were
|
||||||
|
necessary that we could launch jobs without authentication.
|
||||||
|
|
||||||
mma Tasks
|
* Clean-up and changes on the server ``10.115.101.98``
|
||||||
**********
|
|
||||||
These are the tasks:
|
|
||||||
|
|
||||||
* [x] build on the server locally the docker compound
|
- Adaptions because of the LDAP URL in ``~/work/ci/config/jenkins.xml``:
|
||||||
* [x] start the instance
|
|
||||||
* [x] test the build pipelines
|
|
||||||
* [ ] implement LDAP connection?
|
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
# log into the server and enter the ci directory:
|
||||||
|
cd ~/work/ci
|
||||||
|
|
||||||
|
# perform the changes according this git difference:
|
||||||
|
git diff
|
||||||
|
diff --git a/config/jenkins.xml b/config/jenkins.xml
|
||||||
|
index 83cd9b8..fa0eeed 100644
|
||||||
|
--- a/config/jenkins.xml
|
||||||
|
+++ b/config/jenkins.xml
|
||||||
|
@@ -3,7 +3,7 @@
|
||||||
|
<jenkins>
|
||||||
|
<admin name="GA_ContinuousIntegration" user="GA_ContinousIntegrat" email="GA_ContinuousIntegration@belden.com"/>
|
||||||
|
|
||||||
|
- <ldap managerPw="<<password>>" managerDn="GA_ContinousIntegration@eu.GAD.local" server="ldaps://denec1adc003p.gad.local:3269"/>
|
||||||
|
+ <ldap managerDn="GA_ContinousIntegration@eu.GAD.local" server="ldaps://denec1adc003p.gad.local:3269"/>
|
||||||
|
|
||||||
|
<smtp server="host.docker.internal" suffix="@belden.com"/>
|
||||||
|
|
||||||
|
- Stop and destroy the current instnace:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
# assuming we are still logged in the server
|
||||||
|
|
||||||
|
# stop and destroy the current running instance
|
||||||
|
./manage.sh --name=nwl_0_1_1 destroy
|
||||||
|
|
||||||
|
# remove the residing file system content
|
||||||
|
rm -rf instances/nwl/main
|
||||||
|
|
||||||
|
* Switching to our local machine:
|
||||||
|
|
||||||
|
- Configuration changes in build-docker repository according these commits:
|
||||||
|
|
||||||
|
+ `job config <https://bitbucket.gad.local/projects/INET-CI/repos/build-docker/commits/8bb9276ebde54f7fcf413bd676c87b0c2e3869c3>`_
|
||||||
|
+ `jenkins config <https://bitbucket.gad.local/projects/INET-CI/repos/build-docker/commits/eed1ad7dcdac7937397c9fac2fbcf9a324b17076>`_
|
||||||
|
|
||||||
|
- Rebuild the docker images on my local machine with tag 0.1.2 (we focus only on *nwl-env-ci* and *nwl-jenkins-ci*):
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
DOCKER_BUILDKIT=1 ./build.sh nwl 0.1.2
|
||||||
|
|
||||||
|
docker image ls
|
||||||
|
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||||
|
nwl-env-ci latest 11ea232de20e 48 minutes ago 2.18GB
|
||||||
|
nwl-jenkins-ci latest 990a0aebd49f 48 minutes ago 2.18GB
|
||||||
|
|
||||||
|
- Upload the essential images to the server (*nwl-env-ci* and *nwl-jenkins-ci*):
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
docker save nwl-env-ci:latest | bzip2 | pv | ssh user@10.115.101.98 docker load
|
||||||
|
The image nwl-env-ci:latest already exists, renaming the old one with ID sha256:e28a607cbbfb19dddf766e9404572811475fe8fc533a1737b2dc325ecbc06e6e to empty string
|
||||||
|
Loaded image: nwl-env-ci:latest
|
||||||
|
|
||||||
|
docker save nwl-jenkins-ci:latest | bzip2 | pv | ssh user@10.115.101.98 docker load
|
||||||
|
The image nwl-jenkins-ci:latest already exists, renaming the old one with ID sha256:c7666cf7a03e5e1096325f26e83f8bde1cbe102cdce3fbb5242e6ab9e08eb89f to empty string
|
||||||
|
Loaded image: nwl-jenkins-ci:latest
|
||||||
|
|
||||||
|
* Switching back to the server
|
||||||
|
|
||||||
|
- Tag the new images to differntiate them from the others:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
docker image tag nwl-env-ci:latest nwl-env-ci:0.1.2
|
||||||
|
docker image tag nwl-jenkins-ci:latest nwl-jenkins-ci:0.1.2
|
||||||
|
|
||||||
|
- Create and start the new instance:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
./manage.sh --image=nwl-env-ci:0.1.2 --branch=main \
|
||||||
|
--name=nwl_0_1_2 --platform=nwl \
|
||||||
|
--config=/home/user/work/ci/config/config.xml \
|
||||||
|
--revision=0.1.2 --maintainer=TeamCHBE create
|
||||||
|
Creating new instance...
|
||||||
|
Done!
|
||||||
|
|
||||||
|
# check the entry:
|
||||||
|
./manage.sh -p
|
||||||
|
+-----------+----------------------------+-------+---------+--------+----------+------------+----------+------------------+--------------+---------+
|
||||||
|
| name | host | port | status | branch | revision | maintainer | platform | image | container | display |
|
||||||
|
+-----------+----------------------------+-------+---------+--------+----------+------------+----------+------------------+--------------+---------+
|
||||||
|
| nwl_0_1_2 | netmodule-03.tcn.gad.local | 32780 | running | main | 0.1.2 | TeamCHBE | nwl | nwl-env-ci:0.1.2 | 59675d5b0142 | NULL |
|
||||||
|
+-----------+----------------------------+-------+---------+--------+----------+------------+----------+------------------+--------------+---------+
|
||||||
|
|
||||||
|
|
||||||
|
* Entering checking in the `browser <https://10.115.101.98:32780/>`_ shows us now the desired effect and we can build
|
||||||
|
a NWL image.
|
||||||
|
|
||||||
|
|
||||||
.. |coreOsCiChain| image:: ./media/nwl-ci-jenkins-dashboard.png
|
.. |coreOsCiChain| image:: ./media/nwl-ci-jenkins-dashboard.png
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue