From BCCD 3.0

(Difference between revisions)
Jump to: navigation, search
Line 130: Line 130:
JkRequestLogFormat    "%w %V %T"
JkRequestLogFormat    "%w %V %T"
   <li>Add the following to <code>/etc/apache2/sites-available/default-ssl</code>
   <li>Add the following to <code>/etc/apache2/sites-available/default-ssl.conf</code>
JkMount  /jenkins/* jenkins
JkMount  /jenkins/* jenkins
   <li>Symlink <code>/etc/apache2/sites-available/default-ssl</code> to <code>/etc/apache2/sites-enabled/001-default-ssl</code></li>
   <li>Symlink <code>/etc/apache2/sites-available/default-ssl.conf</code> to <code>/etc/apache2/sites-enabled/default-ssl.conf</code></li>
   <li>Add the following to <code>/etc/apache2/sites-available/default</code> to force SSL use for Jenkins:
   <li>Add the following to <code>/etc/apache2/sites-available/000-default.conf</code> to force SSL use for Jenkins:
# Force SSL for Jenkins
# Force SSL for Jenkins

Revision as of 03:48, 12 January 2018



Jenkins is a continuous integration system that the BCCD project uses for automating building and testing of BCCD.


Our local Jenkins server may be found at Login using your CCG username/password.

Note that bigfe is not accessible outside the CCG network ( You may access it from outside using SSH SOCKS proxying. Use your cluster LDAP username/password to login.

  1. Place this block in your ~/.ssh/config:
     Host hopper
             DynamicForward 1081
  2. ssh hopper (not!)
  3. In your browser proxy configuration (for Firefox this is Preferences->Advanced->Network Settings) set your SOCKS v5 proxy to be localhost, port 1081.
  4. You should now be able to access


Builds are automated processes that Jenkins uses to create a software product.

Creating a new build

You will want to do this after you create a new SVN branch.

  1. In the branch, make a bin/build_livecd.conf file that looks like this, changing the parameters as needed.
     SUITE   :   squeeze
     OUTDIR  :   /cluster/bccd-ng/testing/skylar
     WEBSVN  :
     RELEASE :   3.3.2-skylar
  2. Click "New Item"
  3. Give the build a name based on the branch name. Avoid the use of spaces in the name, as it will be used in the workspace directory name and not all utilities (i.e. debootstrap) properly deal with paths with spaces.
  4. Select "Build a free-style software project"
  5. Select Subversion under "Source Code Management".
  6. Supply the SVN repo URL for the branch you want to build (i.e.
  7. Click on "Add build step" and select "Execute Shell".
  8. Enter a variation of this, making sure to change the architecture as appropriate (choices are i386 or amd64):
    PERL5LIB=./trees/usr/local/lib/site_perl /usr/bin/perl bin/ --arch i386

Cloning a build

  1. Click "New Item"
  2. Give the build a name based on the branch name.
  3. Select "Copy existing item"
  4. Enter existing item name

Scheduling a build

From the Jenkins home page (aka build dashboard), click the icon on the far right.

Troubleshooting a build

A failed build will be indicated by a red orb. A project with repeatedly-failed builds will have a thundercloud by it.

Diagnosing a failed build generally involves looking at the console output:

  1. From the Jenkins login page, go to Build History
  2. Click on the terminal icon associated with the failed build.

One can also see the "workspace" of the build, which contains all the files and directories used.


For bigfe:

  1. Install from apt (seems to have latest): apt-get -y install jenkins
  2. In /etc/default/jenkins:
    • Set JENKINS_USER=root and JENKINS_GROUP=root. This is needed to have proper ownership as files are copied into the build directory.
    • Set AJP_PORT=8009
    • Uncomment JAVA_ARGS="" to force IPv6
  3. Start Jenkins: invoke-rc.d jenkins start
  4. Setup SSH SOCKS proxy through hopper.
  5. Go to
    1. Go to Manage Jenkins
    2. Enable Security
    3. Set Access Control to LDAP
      • Server to
    4. Advanced options: Root DN - dc=cluster,dc=loc
    5. Enable Cross Site Request protection w/ default crumbs
  6. Apache2
    1. Install libapache2-mod-jk
    2. Symlink the following files from /etc/apache2/mods-available to /etc/apache2/mods-enabled:
      • ssl.load
      • jk.load
      • rewrite.load
    3. Set the following in /etc/libapache2-mod-jk/, unsetting references to ajp13_worker
      # configure jk-status
      # configure jk-manager
    4. Add the following to /etc/apache2/conf-available/jenkins.conf, symlinking to conf-enabled when done
      JkLogFile     /var/log/apache2/mod_jk.log
      JkLogLevel    info
      JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
      JkOptions     +ForwardKeySize +ForwardURICompat -ForwardDirectories
      JkRequestLogFormat     "%w %V %T"
    5. Add the following to /etc/apache2/sites-available/default-ssl.conf
      JkMount  /jenkins/* jenkins
    6. Symlink /etc/apache2/sites-available/default-ssl.conf to /etc/apache2/sites-enabled/default-ssl.conf
    7. Add the following to /etc/apache2/sites-available/000-default.conf to force SSL use for Jenkins:
      # Force SSL for Jenkins
      <Location /jenkins>
         RewriteEngine on
         RewriteCond %{HTTPS} off
         RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI}/ [L,R]
  7. Setup a firewall to protect the service
    1. Install the iptables-persistent package if it is not already installed
    2. Agree to save current rule set (both IPv4 and IPv6)
    3. Add this line to /etc/iptables/rules.v4 before the COMMIT:
      # Block all Jenkins connections not from
      -A INPUT -p tcp ! -s --dport 8080 -j REJECT
    4. Add this line to /etc/iptables/rules.v6 before the COMMIT:
      # Block all Jenkins connections not from
      -A INPUT -p tcp ! -s ::1 --dport 8080 -j REJECT
    5. Run invoke-rc.d iptables-persistent stop && invoke-rc.d iptables-persistent start
    6. Run iptables -L and ip6tables -L and verify that the new rules are in place.


All of Jenkins except the workspace contents will be backed up to /cluster/bigfe-backups using the Backup Manager plugin.

Personal tools