Posted on

use groovy for Jenkins job automation

  1. we can find latest Jenkins version from https://www.jenkins.io/download/, if we select Docker, to use the latest LTS: docker pull jenkins/jenkins:lts
  2. git clone https://github.com/zhuby1973/jenkins-docker-groovy.git
root@ubunu2004:~/jenkins-docker-groovy# ls
build.sh config.xml create-seed-job.groovy Dockerfile plugins.groovy plugins.txt README.md security.groovy seeddsl.groovy
root@ubunu2004:~/jenkins-docker-groovy# cat Dockerfile
FROM jenkins/jenkins:lts
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy
COPY seeddsl.groovy /usr/share/jenkins/seeddsl.groovy
COPY config.xml /usr/share/jenkins/seed-job-config.xml
COPY create-seed-job.groovy /usr/share/jenkins/ref/init.groovy.d/create-seed-job.groovy
COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
root@ubunu2004:~/jenkins-docker-groovy# cat build.sh
#!/bin/bash
docker rm -f `docker ps -a -q`
docker build -t local/jenkins . && docker run --name jenkins -d -p 80:8080 -p 50000:50000 local/jenkins && docker logs -f `docker ps -a -q`
root@ubunu2004:~/jenkins-docker-groovy# ls build.sh config.xml create-seed-job.groovy Dockerfile plugins.groovy plugins.txt README.md security.groovy seeddsl.groovy root@ubunu2004:~/jenkins-docker-groovy# cat Dockerfile FROM jenkins/jenkins:lts ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false" COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy COPY seeddsl.groovy /usr/share/jenkins/seeddsl.groovy COPY config.xml /usr/share/jenkins/seed-job-config.xml COPY create-seed-job.groovy /usr/share/jenkins/ref/init.groovy.d/create-seed-job.groovy COPY plugins.txt /usr/share/jenkins/ref/plugins.txt RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt root@ubunu2004:~/jenkins-docker-groovy# cat build.sh #!/bin/bash docker rm -f `docker ps -a -q` docker build -t local/jenkins . && docker run --name jenkins -d -p 80:8080 -p 50000:50000 local/jenkins && docker logs -f `docker ps -a -q`
root@ubunu2004:~/jenkins-docker-groovy# ls
build.sh  config.xml  create-seed-job.groovy  Dockerfile  plugins.groovy  plugins.txt  README.md  security.groovy  seeddsl.groovy
root@ubunu2004:~/jenkins-docker-groovy# cat Dockerfile
FROM jenkins/jenkins:lts
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy
COPY seeddsl.groovy /usr/share/jenkins/seeddsl.groovy
COPY config.xml /usr/share/jenkins/seed-job-config.xml
COPY create-seed-job.groovy /usr/share/jenkins/ref/init.groovy.d/create-seed-job.groovy
COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
root@ubunu2004:~/jenkins-docker-groovy# cat build.sh
#!/bin/bash
docker rm -f `docker ps -a -q`
docker build -t local/jenkins . && docker run --name jenkins -d -p 80:8080 -p 50000:50000 local/jenkins && docker logs -f `docker ps -a -q`

3. sh build.sh you will get Jenkins Docker image build and running on port 80, you can login with admin/admin (which we created from security.groovy

4. run “seed” job, you will find another job “DSL-Tutorial-1-Test” created successfully!

5. we installed two important plugins: Seed Jenkins plug-in and Authorize Project for this automation. you can manually approve groovy script in “In-process Script Approval”, or you can install Authorize Project, then update “Configure Global Security” => “Access Control for Builds” as below:

6. reference link:
https://plugins.jenkins.io/job-dsl/
https://github.com/jenkinsci/seed-plugin/wiki/Generation
https://github.com/jenkinsci/job-dsl-plugin/wiki/Tutorial—Using-the-Jenkins-Job-DSL

Posted on

How to enable vault on WildFly

  • create vault keystore

root@ubunu2004:/opt/wildfly/bin# keytool -genseckey -alias busa -storetype jceks -keyalg AES -keysize 256 -storepass union1234 -keypass union1234 -keystore vault.store

  • setup vault
root@ubunu2004:/opt/wildfly/bin# ./vault.sh --keystore ./vault/vault.store --keystore-password union1234 --alias busa --vault-block vb --attribute password --sec-attr something --enc-dir ./vault/ --iteration 50 --salt 1234abcd
=========================================================================
JBoss Vault
JBOSS_HOME: /opt/wildfly
JAVA: java
=========================================================================
Oct 08, 2020 9:24:25 AM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX00361: Default Security Vault Implementation Initialized and Ready
WFLYSEC0047: Secured attribute value has been stored in Vault.
Please make note of the following:
********************************************
Vault Block:vb
Attribute Name:password
Configuration should be done as follows:
VAULT::vb::password::1
********************************************
WFLYSEC0048: Vault Configuration commands in WildFly for CLI:
********************************************
For standalone mode:
/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "./vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "./vault/")])
********************************************
For domain mode:
/host=the_host/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "./vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "./vault/")])
********************************************
root@ubunu2004:/opt/wildfly/bin# ./vault.sh --keystore ./vault/vault.store --keystore-password union1234 --alias busa --vault-block vb --attribute password --sec-attr something --enc-dir ./vault/ --iteration 50 --salt 1234abcd ========================================================================= JBoss Vault JBOSS_HOME: /opt/wildfly JAVA: java ========================================================================= Oct 08, 2020 9:24:25 AM org.picketbox.plugins.vault.PicketBoxSecurityVault init INFO: PBOX00361: Default Security Vault Implementation Initialized and Ready WFLYSEC0047: Secured attribute value has been stored in Vault. Please make note of the following: ******************************************** Vault Block:vb Attribute Name:password Configuration should be done as follows: VAULT::vb::password::1 ******************************************** WFLYSEC0048: Vault Configuration commands in WildFly for CLI: ******************************************** For standalone mode: /core-service=vault:add(vault-options=[("KEYSTORE_URL" => "./vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "./vault/")]) ******************************************** For domain mode: /host=the_host/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "./vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "./vault/")]) ********************************************
root@ubunu2004:/opt/wildfly/bin# ./vault.sh --keystore ./vault/vault.store  --keystore-password union1234 --alias busa --vault-block vb --attribute password --sec-attr something --enc-dir ./vault/ --iteration 50 --salt 1234abcd
=========================================================================

  JBoss Vault

  JBOSS_HOME: /opt/wildfly

  JAVA: java

=========================================================================

Oct 08, 2020 9:24:25 AM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX00361: Default Security Vault Implementation Initialized and Ready
WFLYSEC0047: Secured attribute value has been stored in Vault.
Please make note of the following:
********************************************
Vault Block:vb
Attribute Name:password
Configuration should be done as follows:
VAULT::vb::password::1
********************************************
WFLYSEC0048: Vault Configuration commands in WildFly for CLI:
********************************************
For standalone mode:
/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "./vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "./vault/")])
********************************************
For domain mode:
/host=the_host/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "./vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "./vault/")])
********************************************
  • run CLI command to add Vault Configuration
root@ubunu2004:/opt/wildfly# ./bin/jboss-cli.sh --connect controller=192.168.0.43:9990
[standalone@192.168.0.43:9990 /] /core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/opt/wildfly/bin/vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "/opt/wildfly/bin/vault/")])
{"outcome" => "success"}
root@ubunu2004:/opt/wildfly# ./bin/jboss-cli.sh --connect controller=192.168.0.43:9990 [standalone@192.168.0.43:9990 /] /core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/opt/wildfly/bin/vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "/opt/wildfly/bin/vault/")]) {"outcome" => "success"}
root@ubunu2004:/opt/wildfly# ./bin/jboss-cli.sh --connect controller=192.168.0.43:9990
[standalone@192.168.0.43:9990 /] /core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/opt/wildfly/bin/vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "/opt/wildfly/bin/vault/")])
{"outcome" => "success"}
  • verify the standalone.xml
<vault>
<vault-option name="KEYSTORE_URL" value="/opt/wildfly/bin/vault/vault.store"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-0FOV91/9idPaMgF3tkR9.V"/>
<vault-option name="KEYSTORE_ALIAS" value="busa"/>
<vault-option name="SALT" value="1234abcd"/>
<vault-option name="ITERATION_COUNT" value="50"/>
<vault-option name="ENC_FILE_DIR" value="/opt/wildfly/bin/vault/"/>
</vault>
<vault> <vault-option name="KEYSTORE_URL" value="/opt/wildfly/bin/vault/vault.store"/> <vault-option name="KEYSTORE_PASSWORD" value="MASK-0FOV91/9idPaMgF3tkR9.V"/> <vault-option name="KEYSTORE_ALIAS" value="busa"/> <vault-option name="SALT" value="1234abcd"/> <vault-option name="ITERATION_COUNT" value="50"/> <vault-option name="ENC_FILE_DIR" value="/opt/wildfly/bin/vault/"/> </vault>
    <vault>
        <vault-option name="KEYSTORE_URL" value="/opt/wildfly/bin/vault/vault.store"/>
        <vault-option name="KEYSTORE_PASSWORD" value="MASK-0FOV91/9idPaMgF3tkR9.V"/>
        <vault-option name="KEYSTORE_ALIAS" value="busa"/>
        <vault-option name="SALT" value="1234abcd"/>
        <vault-option name="ITERATION_COUNT" value="50"/>
        <vault-option name="ENC_FILE_DIR" value="/opt/wildfly/bin/vault/"/>
    </vault>