NOTICE! This is a static HTML version of a legacy ImageJ Trac ticket.

The ImageJ project now uses GitHub Issues for issue tracking.

Please file all new issues there.

Ticket #1743 (closed enhancement: moved)

Opened 2013-03-26T11:01:03-05:00

Last modified 2014-05-01T14:08:38-05:00

Migrate cronjob scripts to Jenkins

Reported by: dscho Owned by: dscho
Priority: major Milestone: imagej2-unscheduled
Component: Server Admin Version:
Severity: serious Keywords:
Cc: curtis Blocked By: #1862
Blocking: #1742

Description

Currently, backups on dev and skynet are performed via cronjobs. This is not as visible and not as flexible as Jenkins jobs bound to a certain node. We should convert them to Jenkins jobs and add a job for server as well.

Change History

comment:1 Changed 2013-05-10T14:56:47-05:00 by dscho

  • Status changed from new to accepted

I activated the Project-based Matrix Authorization Strategy in  http://jenkins.imagej.net/configure, adding the authenticated group with all columns checked.

Unfortunately, the ACLs are additive, so I could not set a default for "anonymous" in that page, therefore I wrote this simple script to add the default permissions to all jobs:

#!/usr/bin/jenkins-cli groovy

def maybeAddAnonymousPermissions(project) {
        property = project.getProperty(hudson.security.AuthorizationMatrixProperty.class)

        if (property != null) {
                //println("Leaving " + project.getName() + " alone")
                return
        }

        property = new hudson.security.AuthorizationMatrixProperty(new java.util.HashMap())
        property.add(hudson.model.Item.READ, "anonymous")
        property.add(hudson.model.Item.WORKSPACE, "anonymous")
        property.add(hudson.scm.SCM.TAG, "authenticated")
        property.add(hudson.model.Run.UPDATE, "authenticated")
        property.add(hudson.model.Run.DELETE, "authenticated")
        property.add(hudson.model.Item.BUILD, "authenticated")
        property.add(hudson.model.Item.WORKSPACE, "authenticated")
        property.add(hudson.model.Item.READ, "authenticated")
        property.add(hudson.model.Item.DELETE, "authenticated")
        property.add(hudson.model.Item.CONFIGURE, "authenticated")

        project.addProperty(property)
        project.save()

        println("Added permissions to " + project.getName())
}

map = jenkins.model.Jenkins.instance.getItemMap()
map.each() {
        name, item ->
                if (item instanceof hudson.model.Job) {
                        maybeAddAnonymousPermissions(item)
                }
}

It is an executable script in Jenkins' bin/ directory that calls the jenkins-cli command to run itself as a Groovy script.

This is the second step after Curtis made a private Git repository of the backup scripts: We do not want to hide anything, but there might be sensitive information about the servers in either the script or the script output, therefore we would like to hide the code and the jobs from all but the users with accounts (i.e. trusted people) on our Jenkins server.

comment:2 Changed 2013-05-10T15:00:10-05:00 by dscho

  • Blocked By 1862 added

comment:3 Changed 2014-05-01T14:08:38-05:00 by curtis

  • Status changed from accepted to closed
  • Resolution set to moved