Ticket #1743 (closed enhancement: moved)

Opened 7 years ago

Last modified 5 years ago

Migrate cronjob scripts to Jenkins

Reported by: dscho Owned by: dscho
Priority: major Milestone: imagej2-unscheduled
Component: Server Admin Version:
Severity: serious Keywords:
Cc: curtis Blocked By: #1862
Blocking: #1742

Description

Currently, backups on dev and skynet are performed via cronjobs. This is not as visible and not as flexible as Jenkins jobs bound to a certain node. We should convert them to Jenkins jobs and add a job for server as well.

Change History

comment:1 Changed 6 years ago by dscho

  • Status changed from new to accepted

I activated the Project-based Matrix Authorization Strategy in  http://jenkins.imagej.net/configure, adding the authenticated group with all columns checked.

Unfortunately, the ACLs are additive, so I could not set a default for "anonymous" in that page, therefore I wrote this simple script to add the default permissions to all jobs:

#!/usr/bin/jenkins-cli groovy

def maybeAddAnonymousPermissions(project) {
        property = project.getProperty(hudson.security.AuthorizationMatrixProperty.class)

        if (property != null) {
                //println("Leaving " + project.getName() + " alone")
                return
        }

        property = new hudson.security.AuthorizationMatrixProperty(new java.util.HashMap())
        property.add(hudson.model.Item.READ, "anonymous")
        property.add(hudson.model.Item.WORKSPACE, "anonymous")
        property.add(hudson.scm.SCM.TAG, "authenticated")
        property.add(hudson.model.Run.UPDATE, "authenticated")
        property.add(hudson.model.Run.DELETE, "authenticated")
        property.add(hudson.model.Item.BUILD, "authenticated")
        property.add(hudson.model.Item.WORKSPACE, "authenticated")
        property.add(hudson.model.Item.READ, "authenticated")
        property.add(hudson.model.Item.DELETE, "authenticated")
        property.add(hudson.model.Item.CONFIGURE, "authenticated")

        project.addProperty(property)
        project.save()

        println("Added permissions to " + project.getName())
}

map = jenkins.model.Jenkins.instance.getItemMap()
map.each() {
        name, item ->
                if (item instanceof hudson.model.Job) {
                        maybeAddAnonymousPermissions(item)
                }
}

It is an executable script in Jenkins' bin/ directory that calls the jenkins-cli command to run itself as a Groovy script.

This is the second step after Curtis made a private Git repository of the backup scripts: We do not want to hide anything, but there might be sensitive information about the servers in either the script or the script output, therefore we would like to hide the code and the jobs from all but the users with accounts (i.e. trusted people) on our Jenkins server.

comment:2 Changed 6 years ago by dscho

  • Blocked By 1862 added

comment:3 Changed 5 years ago by curtis

  • Status changed from accepted to closed
  • Resolution set to moved
Note: See TracTickets for help on using tickets.