summaryrefslogtreecommitdiffstats
path: root/utils/jenkins-jnlp-connect.sh
blob: cd81f29d3a8e59a8c78c2968b205c3b42eab2540 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
#!/bin/bash
# SPDX-license-identifier: Apache-2.0
##############################################################################
# Copyright (c) 2016 Linux Foundation and others.
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################

#Monit setup script for opnfv jnlp slave connections

test_firewall() {
    echo "testing that the firewall is open for us at build.opnfv.org"
    test=$(echo "blah"| nc -w 4 build.opnfv.org 57387 > /dev/null 2>&1; echo $?)
    if [[ $test == 0 ]]; then
        echo "Firewall is open for us at build.opnfv.org"
        exit 0
    else
        cat << EOF
LF firewall not open, please send a report to helpdesk with your gpg key attached, or better yet upload it to the key servers. (I should be able to find it with gpg --search-keys your@company.email.com
opnfv-helpdesk@rt.linuxfoundation.org
Jenkins Home: $jenkinshome
Jenkins User: $jenkinsuser
Slave Name: $slave_name
IP Address: $(curl -s http://icanhazip.com)
EOF
        exit 1
    fi
}

main () {
    #tests
    if [[ -z $jenkinsuser || -z $jenkinshome ]]; then
        echo "jenkinsuser or home not defined, please edit this file to define it"
        exit 1
    fi

    if [[ $(pwd) != "$jenkinshome" ]]; then
        echo "This script needs to be run from the jenkins users home dir"
        exit 1
    fi

    if [[ -z $slave_name || -z $slave_secret ]]; then
        echo "slave name or secret not defined, please edit this file to define it"
        exit 1
    fi

    if [[ $(whoami) != "root" && $(whoami) != "$jenkinsuser"  ]]; then
        echo "This script must be run as user root or jenkins user"
        exit 1
    fi

    if [[ $(whoami) != "root" ]]; then
      if sudo -l | grep "requiretty"  | grep -v "\!requiretty"; then
        echo "please comment out Defaults requiretty from /etc/sudoers"
        exit 1
      fi
    fi

    #make pid dir
    pidfile="/var/run/$jenkinsuser/jenkins_jnlp_pid"
    if ! [ -d /var/run/$jenkinsuser/ ]; then
        sudo mkdir /var/run/$jenkinsuser/
        sudo chown $jenkinsuser:$jenkinsuser /var/run/$jenkinsuser/
    fi

    if [[ $skip_monit != true ]]; then
        #check for monit
        if [ $(which monit) ]; then
            echo "monit installed"
        else
            if [ -n "$(command -v yum)" ]; then
                echo "please install monit; eg: yum -y install monit"
                exit 1
            elif [ -n "$(command -v apt-get)" ]; then
                echo "please install monit; eg: apt-get install -y monit"
                exit 1
            else
                echo "system not supported plese contact help desk"
                exit 1
            fi
        fi

        if [ -d /etc/monit/conf.d ]; then
            monitconfdir="/etc/monit/conf.d/"
        elif [ -d /etc/monit.d ]; then
            monitconfdir="/etc/monit.d"
        else
            echo "Could not determine the location of the monit configuration file."
            echo "Make sure monit is installed."
            exit 1
        fi

        chown=$(type -p chown)
        mkdir=$(type -p mkdir)

        makemonit () {
            echo "Writing the following as monit config:"
        cat << EOF | tee $monitconfdir/jenkins
check directory jenkins_piddir path /var/run/$jenkinsuser
if does not exist then exec "$mkdir -p /var/run/$jenkinsuser"
if failed uid $jenkinsuser then exec "$chown $jenkinsuser /var/run/$jenkinsuser"
if failed gid $jenkinsuser then exec "$chown :$jenkinsuser /var/run/$jenkinsuser"

check process jenkins with pidfile /var/run/$jenkinsuser/jenkins_jnlp_pid
start program = "/usr/bin/sudo -u $jenkinsuser /bin/bash -c 'cd $jenkinshome; export started_monit=true; $0 $@' with timeout 60 seconds"
stop program = "/bin/bash -c '/bin/kill \$(/bin/cat /var/run/$jenkinsuser/jenkins_jnlp_pid)'"
depends on jenkins_piddir
EOF
        }

        if [[ -f $monitconfdir/jenkins ]]; then
            #test for diff
            if [[ "$(diff $monitconfdir/jenkins <(echo "\
check directory jenkins_piddir path /var/run/$jenkinsuser
if does not exist then exec \"$mkdir -p /var/run/$jenkinsuser\"
if failed uid $jenkinsuser then exec \"$chown $jenkinsuser /var/run/$jenkinsuser\"
if failed gid $jenkinsuser then exec \"$chown :$jenkinsuser /var/run/$jenkinsuser\"

check process jenkins with pidfile /var/run/$jenkinsuser/jenkins_jnlp_pid
start program = \"/usr/bin/sudo -u $jenkinsuser /bin/bash -c 'cd $jenkinshome; export started_monit=true; $0 $@' with timeout 60 seconds\"
stop program = \"/bin/bash -c '/bin/kill \$(/bin/cat /var/run/$jenkinsuser/jenkins_jnlp_pid)'\"
depends on jenkins_piddir\
") )" ]]; then
                echo "Updating monit config..."
                makemonit $@
            fi
        else
            makemonit $@
        fi
    fi

    if [[ $started_monit == "true" ]]; then
        wget --timestamping https://build.opnfv.org/ci/jnlpJars/slave.jar && true
        chown $jenkinsuser:$jenkinsuser slave.jar

        if [[ -f /var/run/$jenkinsuser/jenkins_jnlp_pid ]]; then
            echo "pid file found"
            if ! kill -0 "$(/bin/cat /var/run/$jenkinsuser/jenkins_jnlp_pid)"; then
                echo "no java process running cleaning up pid file"
                rm -f /var/run/$jenkinsuser/jenkins_jnlp_pid;
            else
                echo "java connection process found and running already running quitting."
                exit 1
            fi
        fi

        if [[ $run_in_foreground == true ]]; then
            $connectionstring
        else
            exec $connectionstring &
            echo $! > /var/run/$jenkinsuser/jenkins_jnlp_pid
        fi
    else
        echo "you are ready to start monit"
        echo "eg: service monit start"
        echo "example debug mode if you are having problems:  /usr/bin/monit -Ivv -c /etc/monit.conf "
        exit 0
    fi
}

usage() {
    cat << EOF

**this file must be copied to the jenkins home directory to work**
jenkins-jnlp-connect.sh configures monit to keep slave connection up
Checks for new versions of slave.jar
run as root to create pid directory and create monit config.
can be run as root additional times if you change variables and need to update monit config.
after running as root you should see "you are ready to start monit"

usage: $0 [OPTIONS]
 -h  show this message
 -j  set jenkins home
 -u  set jenkins user
 -n  set slave name
 -s  set secret key
 -t  test the connection string by connecting without monit
 -f  test firewall

Example: $0 -j /home/jenkins -u jenkins -n lab1 -s 727fdefoofoofoofoofoofoofof800
note: a trailing slash on -j /home/jenkins will break the script
EOF

    exit 1
}

if [[ -z "$@" ]]; then
    usage
fi

while getopts "j:u:n:s:htf" OPTION
do
    case $OPTION in
        j ) jenkinshome="$OPTARG" ;;
        u ) jenkinsuser="$OPTARG" ;;
        n ) slave_name="$OPTARG" ;;
        s ) slave_secret="$OPTARG";;
        h ) usage ;;
        t ) started_monit=true
            skip_monit=true
            run_in_foreground=true ;;
        f ) test_firewall ;;
        \? ) echo "Unknown option: -$OPTARG" >&2; exit 1;;
    esac
done

connectionstring="java -jar slave.jar -jnlpUrl https://build.opnfv.org/ci/computer/"$slave_name"/slave-agent.jnlp -secret "$slave_secret" -noCertificateCheck "

main "$@"