From BCCD 3.0

(Difference between revisions)
Jump to: navigation, search
Line 100: Line 100:
   <li>Symlink <code>/etc/apache2/mods-available/proxy.conf</code> to <code>/etc/apache2/mods-enabled</code></li>
   <li>Symlink <code>/etc/apache2/mods-available/proxy.{conf,load}</code> to <code>/etc/apache2/mods-enabled</code></li>
   <li>Add the following to <code>/etc/apache2/conf-available/jenkins.conf</code>, symlinking to <code>conf-enabled</code> when done
   <li>Add the following to <code>/etc/apache2/conf-available/jenkins.conf</code>, symlinking to <code>conf-enabled</code> when done

Revision as of 04:05, 12 January 2018



Jenkins is a continuous integration system that the BCCD project uses for automating building and testing of BCCD.


Our local Jenkins server may be found at Login using your CCG username/password.

Note that bigfe is not accessible outside the CCG network ( You may access it from outside using SSH SOCKS proxying. Use your cluster LDAP username/password to login.

  1. Place this block in your ~/.ssh/config:
     Host hopper
             DynamicForward 1081
  2. ssh hopper (not!)
  3. In your browser proxy configuration (for Firefox this is Preferences->Advanced->Network Settings) set your SOCKS v5 proxy to be localhost, port 1081.
  4. You should now be able to access


Builds are automated processes that Jenkins uses to create a software product.

Creating a new build

You will want to do this after you create a new SVN branch.

  1. In the branch, make a bin/build_livecd.conf file that looks like this, changing the parameters as needed.
     SUITE   :   squeeze
     OUTDIR  :   /cluster/bccd-ng/testing/skylar
     WEBSVN  :
     RELEASE :   3.3.2-skylar
  2. Click "New Item"
  3. Give the build a name based on the branch name. Avoid the use of spaces in the name, as it will be used in the workspace directory name and not all utilities (i.e. debootstrap) properly deal with paths with spaces.
  4. Select "Build a free-style software project"
  5. Select Subversion under "Source Code Management".
  6. Supply the SVN repo URL for the branch you want to build (i.e.
  7. Click on "Add build step" and select "Execute Shell".
  8. Enter a variation of this, making sure to change the architecture as appropriate (choices are i386 or amd64):
    PERL5LIB=./trees/usr/local/lib/site_perl /usr/bin/perl bin/ --arch i386

Cloning a build

  1. Click "New Item"
  2. Give the build a name based on the branch name.
  3. Select "Copy existing item"
  4. Enter existing item name

Scheduling a build

From the Jenkins home page (aka build dashboard), click the icon on the far right.

Troubleshooting a build

A failed build will be indicated by a red orb. A project with repeatedly-failed builds will have a thundercloud by it.

Diagnosing a failed build generally involves looking at the console output:

  1. From the Jenkins login page, go to Build History
  2. Click on the terminal icon associated with the failed build.

One can also see the "workspace" of the build, which contains all the files and directories used.


For bigfe:

  1. Install from apt (seems to have latest): apt-get -y install jenkins
  2. In /etc/default/jenkins:
    • Set JENKINS_USER=root and JENKINS_GROUP=root. This is needed to have proper ownership as files are copied into the build directory.
    • Uncomment JAVA_ARGS="" to force IPv6
  3. Start Jenkins: invoke-rc.d jenkins start
  4. Setup SSH SOCKS proxy through hopper.
  5. Go to
    1. Go to Manage Jenkins
    2. Enable Security
    3. Set Access Control to LDAP
      • Server to
    4. Advanced options: Root DN - dc=cluster,dc=loc
    5. Enable Cross Site Request protection w/ default crumbs
  6. Apache2
    1. Symlink /etc/apache2/mods-available/proxy.{conf,load} to /etc/apache2/mods-enabled
    2. Add the following to /etc/apache2/conf-available/jenkins.conf, symlinking to conf-enabled when done
      ProxyPass         /jenkins  http://localhost:8080/jenkins nocanon
      ProxyPassReverse  /jenkins  http://localhost:8080/jenkins
      ProxyRequests     Off
      AllowEncodedSlashes NoDecode
      # Local reverse proxy authorization override
      # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
      <Proxy http://::1:8080/jenkins*>
        Order deny,allow
        Allow from all
    3. Symlink /etc/apache2/sites-available/default-ssl.conf to /etc/apache2/sites-enabled/default-ssl.conf
    4. Add the following to /etc/apache2/sites-available/000-default.conf to force SSL use for Jenkins:
      # Force SSL for Jenkins
      <Location /jenkins>
         RewriteEngine on
         RewriteCond %{HTTPS} off
         RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI}/ [L,R]
  7. Setup a firewall to protect the service
    1. Install the iptables-persistent package if it is not already installed
    2. Agree to save current rule set (both IPv4 and IPv6)
    3. Add this line to /etc/iptables/rules.v4 before the COMMIT:
      # Block all Jenkins connections not from
      -A INPUT -p tcp ! -s --dport 8080 -j REJECT
    4. Add this line to /etc/iptables/rules.v6 before the COMMIT:
      # Block all Jenkins connections not from
      -A INPUT -p tcp ! -s ::1 --dport 8080 -j REJECT
    5. Run invoke-rc.d iptables-persistent stop && invoke-rc.d iptables-persistent start
    6. Run iptables -L and ip6tables -L and verify that the new rules are in place.


All of Jenkins except the workspace contents will be backed up to /cluster/bigfe-backups using the Backup Manager plugin.

Personal tools