cd_jenkins | Parameters

The following parameters are used in cd_puppetdb. They editable via params.pp or can be overridden through ENC (recommended). Values changed will take immediate effect at next puppet run. Services will be restarted where necessary.

Mandatory Parameters

  • js_master_node (string) (defaults to: "jenkins_master.${::domain}")

    The FQDN of the jenkions master node(s). Must be the true FQDN, not a load balancer CNAME.

    Other Parameters

  • pkg_ensure (string) (defaults to: 'latest')

    which package type to choose, i.e. latest or present.

  • js_slave_node (string) (defaults to: ["jenkins_slave01.${::domain}","jenkins_slave02.${::domain}"])

    FQDN for slave nodes to be attached to the master node. Currently not active.

  • js_manage_users (boolean) (defaults to: true)

    Whether or not to manage Jenkins users. If set to false, users will not be managed, effectively leading to everyone having full access. not recommended

  • js_first_user (string) (defaults to: 'jenkins_admin')

    The name of the first admin user on Jenkins

  • js_first_password (string) (defaults to: 'ChangeM3')

    The password for the first user. Hardcoded due to the way Jenkins stores credentials in xml files. should be changed after first login.

  • js_user_name (string) (defaults to: 'jenkins')

    the name of the Jenkins service user. Normally not required to be changed.

  • js_u_comment (string) (defaults to: 'Jenkins Continuous Integration Server User')

    The user comment in /etc/passwd. Shows up in email notifications coming from the service user, so might need to be adjusted to something meaningful in your environment.

  • js_u_groups (string) (defaults to: undef)

    Any secondary groups the Jenkins user should be in. Must not contain primary group.

  • js_user_shell (string) (defaults to: '/bin/false')

    The shell for the Jenkins service user, which never should be allowed to log in.

  • js_user_uid (string) (defaults to: '993')

    The UID for the Jenkins service user. Important in shared environments, i.e. when sharing pluginsg through NFS

  • js_user_gid (string) (defaults to: 'jenkins')

    The GID for the Jenkins service user.

  • js_main_dir (string) (defaults to: '/var/lib/jenkins')

    The main working directory. Used in various templates.

  • js_main_seltype (string) (defaults to: 'var_lib_t')

    The seltype for the main working directory. might need to be adjusted if choosing a different working directory

  • js_java_command (string) (defaults to: '')
  • js_skip_chown (string) (defaults to: false)

    Setting in Jenkins main systemconfig whether or not to chown all files $JENKINS_HOME location at startup.

  • js_java_options (string) (defaults to: '-Djava.awt.headless=true')
  • js_listen_address (string) (defaults to: '')

    Setting in Jenkins main systemconfig listens on all interfaces when empty

  • js_jenkins_port (string) (defaults to: '8080')

    Port to be listening to. used in various templates including firewall settings

  • js_https_port (string) (defaults to: '')

    only to be specified when not using a frontend web server as proxy.

  • js_https_key_store (string) (defaults to: '')

    only to be specified when not using a frontend web server as proxy.

  • js_keystore_pw (string) (defaults to: '')

    only to be specified when not using a frontend web server as proxy.

  • js_https_listen_address (string) (defaults to: '')

    only to be specified when not using a frontend web server as proxy.

  • js_debug_level (string) (defaults to: '5')

    Default debug level for Jenkins service. Setting in Jenkins main systemconfig

  • js_enable_access_log (string) (defaults to: 'no')

    Whether or not to enable the Jenkins access log. Setting in Jenkins main systemconfig

  • js_handler_max (string) (defaults to: '100')

    Maximum HTTP handlers threads Setting in Jenkins main systemconfig

  • js_handler_idle (string) (defaults to: '20')

    Maximum number of idle http worker threads Setting in Jenkins main systemconfig

  • js_jenkins_args (string) (defaults to: '')

    Pass arbitrary arguments to Jenkins. Setting in Jenkins main systemconfig

  • js_enable_fw (boolean) (defaults to: true)

    Whether or not to enable the iptables firewall.

  • js_fw_order_no (string) (defaults to: '50')

    prefix number to determine the ordering of the firewall rule to ensure it is effective.

  • js_allowed_networks (string) (defaults to: '0.0.0.0/0')

    Allowed source networks to access Jenkins.

  • js_apache_http_port (string) (defaults to: '80')

    http port to use in proxy frontend, opens port in firewall if enabled

  • js_apache_https_port (string) (defaults to: '443')

    https port to use in proxy frontend, opens port in firewall if enabled

  • js_manage_settings (boolean) (defaults to: true)

    Whether or not to actively manage Jenkins settings through Puppet. Since Jenkins tends to overwrite configuration files with data in its memory, this is usefully mostly for deployments only.

  • js_enable_cli (boolean) (defaults to: false)

    Whether or not to enable remote CLI. discouraged.

  • js_update_center (string) (defaults to: 'http://updates.jenkins-ci.org/update-center.json')

    the url for the update center, if using your own.

  • js_node_req_disk_space (string) (defaults to: '1GB')

    minimum required disk space available for jenkins. if not enough space is available, Jenkins shuts down.

  • js_node_tmp_disk_space (string) (defaults to: '1GB')

    minimum required disk space in /tmp available for jenkins. if not enough space is available, Jenkins shuts down.

  • js_slave_master_switch (boolean) (defaults to: true)

    whether or not to enable master/ slave control.

  • js_manage_plugins (boolean) (defaults to: true)

    whether or not to manage plugins. done through copying plugin files onto the node, since cusrrently no API is available for plugins on Jenkins.

  • js_scm_retry_count (string) (defaults to: '0')

    The SCM retry count.

  • js_quiet_period (string) (defaults to: '5')

    Default quiet period.

  • js_admin_address (string) (defaults to: "jenkins@${::domain}")

    the email address for the Jenkins administrator.

  • js_master_labels (string) (defaults to: 'puppet ansible general')

    labels for the jenkins master to control job-to-node allocations

  • js_use_gitlab_plugin (boolean) (defaults to: false)

    whether or not to use the gitlab plugin. used in various templates

  • js_enable_proj_auth_end (boolean) (defaults to: false)

    Whether or not to enable authentication for '/project' end-point.

  • js_gl_connection_name (string) (defaults to: 'gitlab example.net')

    friendly name for the gitlab connection use dto build strings for API.

  • js_gl_connection_url (string) (defaults to: 'gitlab.example.net')

    FQDN only for the gitlab url. used to build API url, so should not include http or https.

  • js_gl_token_id (string) (defaults to: '0bb6fbb5-6e13-4fba-a96d-1e4d3dcd3b91')

    the id within Jenkins for a credential to connect to Gitlab using a token ID. Effectively you will need a working Jenkins instance to create this, unless having LDAP or similar ways of authenticating.

  • js_gl_ignore_ssl_errors (boolean) (defaults to: true)

    Whether or not to ignore SSL errors.

  • js_gl_connection_timeout (string) (defaults to: '10')

    timeout value for gitlab connection

  • js_gl_read_timeout (string) (defaults to: '10')

    timeout value for reading gitlab repos.

  • js_api_version (string) (defaults to: 'v3')

    api version , used to build API calls.

  • js_private_token_id (string) (defaults to: 'YxYxYxYxYxYxYxYxYxY')

    token ID for Jenkins to talk to Gitlab. can be found in the profile for the gitlab /github user owning the repo.

  • js_cred_scope (string) (defaults to: 'GLOBAL')

    Jenkins credential scrope. GLOBAL or NORMAL. used to create a credential on Jenkins able to connect to Gitlab.

  • js_cred_name (string) (defaults to: "Gitlab API token${::domain}")

    the name of the credential to create. used to create a credential on Jenkins able to connect to Gitlab.

  • js_api_token (string) (defaults to: '{123456789_abcdefg}')

    used to create an SSH agent crednetial which can connect to gitlab. required since various different plugins are using different ways of connecting, and their own settings file. can be used to create a connection for Jenkins itself to update repos after jobs, rather than through the repo owner, so there would be a Jenkins user on Gitlab too.

  • js_git_user (string) (defaults to: "${::domain} Jenkins")

    used for the git configuration of Jenkins in main config, as well as for jenkins pipeline jobs.

  • js_git_user_email (string) (defaults to: "jenkins@${::domain}")

    used for the git configuration of Jenkins in main config, as well as for jenkins pipeline jobs.

  • js_git_create_accounts (boolean) (defaults to: false)

    whether or not to create user accounts on Jenkins from user git commit data.

  • js_enable_front_proxy (boolean) (defaults to: true)

    Whether or not to use a frontend proxy. strongly recommended as this allows to connect to jenkins without having to specify a port in the URL.

  • js_proxy_type (string) (defaults to: 'apache')

    which servicve to use as frontent proxy. currently supporting only Apache httpd

  • js_web_server_name (string) (defaults to: "jenkins.${::domain}")

    The DNS name for the jenkins frontend. can be A name or CNAME i.e. for loadbalanced environments.

  • js_enable_https (boolean) (defaults to: true)

    whether or not to enable https. creates required configuration on Apache and opens the firewall port as specified,

  • js_allowed_client_nets (string) (defaults to: ['127.0.0.1'])

    Specify if the web interface should be restricted to a particular network range. use 0.0.0.0/0 for unrestricted access.

  • js_certs_path (string) (defaults to: '/etc/pki/tls/certs')

    path for TLS certificates, used in web configuration templates.

  • js_privkey_path (string) (defaults to: '/etc/pki/tls/private')

    path for TLS private keys, used in web configuration templates.

  • js_ca_cert (string) (defaults to: 'ca-chain.crt.pem')

    name of the ca certificate. used in web configuration templates.

  • js_privkey (string) (defaults to: "${::fqdn}.key.pem")

    name of the private key. used in web configuration templates.

  • js_certificate (string) (defaults to: "${::fqdn}.crt.pem")

    name of the certificate. used in web configuration templates.

  • js_use_certbot (boolean) (defaults to: false)

    whether or not to use certbot for automated TLS certificate signing. if enabled, installs a certbot instance and manages certificate requests automaticall for you

  • js_certbot_cert_path (string) (defaults to: '/var/www/html')

    path for certbot to temporary publish challenge requests for the cert signing process,

  • js_certbot_mail_user (string) (defaults to: 'jenkins')

    prefix for email address used in the certificate signing process and for notifications about certs. used with domain default.

  • js_manage_jobs (boolean) (defaults to: true)

    whether or not to manage jobs. if enabled, creates a seed job to automate job creations on Jenkins

  • js_scm_interval (string) (defaults to: '@daily')

    the interval for polling SCM, used by the seed job to connect to gitlab and create new jobs if finding new active projects.

  • js_scm_user (string) (defaults to: 'user')

    Specify a user owning software repositories on Gitlab or Github

  • js_seed_branch (string) (defaults to: '*/development')

    Specify the branch to be used in jobs, i.e. */development (git format)

  • js_enable_script_sec (boolean) (defaults to: false)

    Whether or not to enable script security for groovy scripts. if enabled, any change in scripts will have to be manually confirmed, which is much more secure but also much more in the way of automated job creations.

Leave a Reply