From 476dfae44031a35d77be3e5290be842e61e601ad Mon Sep 17 00:00:00 2001 From: Sayali Gaikawad <61760125+gaiksaya@users.noreply.github.com> Date: Wed, 27 Apr 2022 09:23:44 -0700 Subject: [PATCH] Fix permissions for EFS , logging and init commands (#112) Signed-off-by: Sayali Gaikawad --- lib/compute/jenkins-main-node.ts | 8 +++++++- resources/baseJenkins.yaml | 2 -- resources/docker-compose.yml | 1 + test/compute/jenkins-main-node.test.ts | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/compute/jenkins-main-node.ts b/lib/compute/jenkins-main-node.ts index 9e81f427..1c41d26d 100644 --- a/lib/compute/jenkins-main-node.ts +++ b/lib/compute/jenkins-main-node.ts @@ -196,6 +196,9 @@ export class JenkinsMainNode { 'secretsmanager:GetSecretValue', 'secretsmanager:ListSecrets', 'sts:AssumeRole', + 'elasticfilesystem:DescribeFileSystems', + 'elasticfilesystem:DescribeMountTargets', + 'ec2:DescribeAvailabilityZones', ], resources: ['*'], })], @@ -364,7 +367,8 @@ export class JenkinsMainNode { InitCommand.shellCommand('sleep 90'), // Download jenkins-cli from the local machine - InitCommand.shellCommand('wget -O "jenkins-cli.jar" http://localhost:8080/jnlpJars/jenkins-cli.jar'), + InitCommand.shellCommand('until $(curl --output /dev/null --silent --head --fail http://localhost:8080); do sleep 5; done &&' + +' wget -O "jenkins-cli.jar" http://localhost:8080/jnlpJars/jenkins-cli.jar'), InitFile.fromFileInline('/initial_jenkins.yaml', jenkinsyaml), @@ -377,6 +381,8 @@ export class JenkinsMainNode { + ' for i in $varkeys; do newvalue=`echo $var | yq .$i` && myenv=$newvalue i=$i yq -i \'.jenkins.securityRealm.oic.[env(i)]=env(myenv)\' /initial_jenkins.yaml ; done' : 'echo No changes made to initial_jenkins.yaml with respect to OIDC'), + InitCommand.shellCommand('sleep 30'), + // Reload configuration via Jenkins.yaml InitCommand.shellCommand('cp /initial_jenkins.yaml /var/lib/jenkins/jenkins.yaml &&' + ' java -jar /jenkins-cli.jar -s http://localhost:8080 reload-jcasc-configuration'), diff --git a/resources/baseJenkins.yaml b/resources/baseJenkins.yaml index 892681d0..3f0e505b 100644 --- a/resources/baseJenkins.yaml +++ b/resources/baseJenkins.yaml @@ -17,8 +17,6 @@ jenkins: name: "all" projectNamingStrategy: "standard" quietPeriod: 5 - remotingSecurity: - enabled: true scmCheckoutRetryCount: 0 securityRealm: local: diff --git a/resources/docker-compose.yml b/resources/docker-compose.yml index 49d48aae..e2bd424e 100644 --- a/resources/docker-compose.yml +++ b/resources/docker-compose.yml @@ -3,6 +3,7 @@ services: jenkins: image: opensearchstaging/jenkins:latest privileged: true + tty: true user: root ports: - 8080:8080 diff --git a/test/compute/jenkins-main-node.test.ts b/test/compute/jenkins-main-node.test.ts index 16e21531..e7a286f1 100644 --- a/test/compute/jenkins-main-node.test.ts +++ b/test/compute/jenkins-main-node.test.ts @@ -25,7 +25,7 @@ describe('JenkinsMainNode Config Elements', () => { // THEN test('Config elements expected counts', async () => { - expect(configElements.filter((e) => e.elementType === 'COMMAND')).toHaveLength(18); + expect(configElements.filter((e) => e.elementType === 'COMMAND')).toHaveLength(19); expect(configElements.filter((e) => e.elementType === 'PACKAGE')).toHaveLength(10); expect(configElements.filter((e) => e.elementType === 'FILE')).toHaveLength(4); });