Jenkins Slave Automatic Start

Scenario: Jenkins Master running on Windows with a Jenkins Slave running on CentOS

Problem: The Jenkins Slave is not automatically connecting after a restart of the slave server, master server, or master Jenkins service

Solution: In early 2013 Jenkins introduced a security token fix outlined here

The thread provides many options for connecting. I decided the path of least resistence was to enable anonymous connect/disconnect for slaves. This is acceptable in my environment because each Jenkins instance is behind a firewall and I feel the security risk is minimal. This might not always be the case, but in this situation, it fixed the problem quickly.

I created a jenkins-slave service in /etc/init.d based on this article. I made a few modifications to the script, but it's working great.

AWS SimpleDB IAM Access

We have nodejs applications running in AWS EC2. Instances should be disposable. We setup the apps to log to AWS SimpleDB. But creating a user to access SimpleDB was more difficult then I expected. In IAM, I created a user and applied two policies using the policy generator:

{
  "Statement": [
    {
      "Action": [
        "sdb:*"
      ],
      "Resource": [
        "arn:aws:sdb:*:1111222333:domain/node*"
      ],
      "Effect": "Allow"
    }
  ]
}

{
  "Statement": [
    {
      "Action": [
        "sdb:ListDomains"
      ],
      "Resource": [
        "arn:aws:sdb:*:1111222333:*"
      ],
      "Effect": "Allow"
    }
  ]
}

The number is the AWS account number
The key for success was the second policy for Listing Domains

This is an excellent way to connect and manage SimpleDB from the Chrome browser
https://chrome.google.com/webstore/detail/sdbnavigator/ddhigekdfabonefhiildaiccafacphgg?hl=en-US

Statsd + Graphite Server Configuration

Thanks to Eric for most of this work, he did the heavy lifting and then I documented https://github.com/etsy/statsd/

Yum
yum install python-pip graphite-web python-carbon python-whisper graphite nodejs npm mysql-server mysql-client MySQL-python

User
Create user nodejs to run application
vi /etc/sudoers
Add: nodejs ALL = NOPASSWD: /usr/bin/node
Comment: #Defaults requiretty

Node
mkdir /opt/statsd
cd /opt/statsd
npm install nodeunit
npm install temp
npm install underscore
chown -R nodejs:nodejs /opt/statsd

Mysql
mysql -u root -p

create database graphite;
create user 'graphite'@'localhost' identified by 'password';
grant all on graphite.* to 'graphite'@'localhost';

cd /etc/graphite-web
Edit local_settings.py
Change Database Configuration settings, uncomment and edit to the following

DATABASES = {
    'default': {
        'NAME': 'graphite',
        'ENGINE': 'django.db.backends.mysql',
        'USER': 'graphite',
        'PASSWORD': 'password',
        'HOST': 'localhost',
        'PORT': '3306'
    }
}

Graphite
Run the following
/usr/lib/python2.6/site-packages/graphite/manage.py syncdb
/usr/lib/python2.6/site-packages/graphite/manage.py createsuperuser

Graphite will connect to Apache by default to root directory
service httpd restart
Open Browser and go to http:// and should see graphite

Statsd Config Download statsd from Github and extract to /opt/statsd

Copy exampleConfig.js to Config.js and add the following

{
  "graphitePort": 2003,
  "graphiteHost": "127.0.0.1",
  "address": "0.0.0.0",
  "port": 8125,
  "flushInterval": 10000,
  "deleteIdleStats": false,
  "deleteGauges": false,
  "deleteTimers": false,
  "deleteSets": false,
  "deleteCounters": false,
  "graphite": {
    "legacyNamespace": true,
    "globalPrefix": "stats",
    "prefixCounter": "counters",
    "prefixTimer": "timers",
    "prefixGauge": "gauges",
    "prefixSet": "sets"
  }

Firewall
Open UPD port in ipTables/Firewall
iptables -I INPUT 10 -m state --state NEW -p udp --dport 8125 -j ACCEPT (10 is the line number, change per ipTables open ports)
/sbin/service iptables save
service iptables restart

Upstart
Create /etc/init/statsd

#!upstart
description "statsd"

env PROGRAM_NAME="statsd"
env FULL_PATH="/opt/statsd"
env FILE_NAME="stats.js"
env NODE_PATH="/usr/bin/node"
env USERNAME="nodejs"

start on runlevel [2345]
stop on runlevel [016]

script
    echo $$ > /var/run/$PROGRAM_NAME.pid
    cd $FULL_PATH       
    exec sudo -u $USERNAME $NODE_PATH $FULL_PATH/$FILE_NAME /opt/statsd/dbs2Config.js >> /var/log/$PROGRAM_NAME.sys.log 2>&1
end script

Start statsd
initctl start statsd

Cacti LDAP Authentication with Active Directory

Cacti 0.8.8a
Windows 2008 R2 Domain Level

yum install php-ldap

Settings -> Authentication -> LDAP Authentication

LDAP used for admins only, graph readers will use the guest account

Guest User: No User
User Template: admin
Server: FQDN of domain controller
Port Standard: 389
Port SSL: 636
Protocol Version: Version 3
Referrals: Disabled
Mode: Specific Searching
Distinguished Name: Blank
Require Group Membership: Not Checked
Group Distinguished Name: CN=cacti_admins,OU=groups_users,DC=foo,DC=domain,DC=com
Group Member Attribute: member
Group Member Type: Distinguished Name
Search Base: ou=groups_users,DC=foo,DC=domain,DC=com
Search Filter: (&(objectclass=user)(objectcategory=user)(userPrincipalName=*))
Search Distinguished Name: ldaplookupuser@foo.domain.com
Search Password: *********

Tips: Some users report issues trying to connect via local and LDAP in the same browser session, log out to test

Execute MS SQL scripts from Jenkins with Powershell

Prerequisite: Install SQL Native Client and SQL Command Line Tools on Jenkins server

This script will look inside a directory and sort the .sql scripts by name. It will execute each script and right the output to a temp file. Then it displays the output on the Jenkins console.

Options for the sqlcmd.exe are here: MSDN sqlcmd Utility

ECHO "Executing SQL Scripts"
$sqldir = "$tagDir\"
$sqlfiles = Get-ChildItem $sqldir *.sql -rec | Sort-Object Name 
foreach ($fileName in $sqlfiles) {
$file = $sqldir + $fileName
& "C:\Program Files\Microsoft SQL Server\100\Tools\Binn\sqlcmd.exe" -S $sqlserver -U $deployuser -P $deploypassword -d $database -i $file -e -b -o C:\temp\output.txt
Get-Content "C:\temp\output.txt"
}

This code will make a backup of a database

& "C:\Program Files\Microsoft SQL Server\100\Tools\Binn\sqlcmd.exe" -S $sqlserver -U $deployuser -P $deploypassword -Q "BACKUP DATABASE $database TO DISK='$backupPostLocation'"

Change Collation on SQL 2008 R2

It is best to install a SQL server with the proper collation. But sometimes a server is built and the requester then realizes he/she needs a different collation. This command saved me a lot of time.

Browse or attach the installation media and open a command line

setup.exe /ACTION=REBUILDDATABASE /QUIET /INSTANCENAME=MSSQLSERVER /SAPWD=P@ssword01password01 /SQLSYSADMINACCOUNTS="FBDOMAIN\sql2k8svc" /SQLCOLLATION=Latin1_General_BIN

This will remove accounts and settings on the system databases.

SyntaxHighlighter on Blogger

In my previous post I shared some code with SyntaxHighlighter from Alex Gorbatchev.

This is what I did to integrate it with Blogger.

Log in to Blogger
Click on Design -> Click on Edit HTML Inside the tag, paste in the following:

Copy Code
If you double click inside of the window it will highlight the code, Control-C will copy it to the clipboard.

Use in posts and change brushes
To use the SyntaxHighlighter, edit a post in HTML and put the code inside of these tags:
of pre tags with class="brush: name of brush"

Information of available brushes is here: Available Brushes

Check for Authorized Jenkins Builds

This is a PowerShell script to prevent an unauthorized user to run a job in Jenkins. I like to use a single script with parameters to deploy code in each environment. But the script could be used by a developer to deploy code from a Jenkins instance in test directly to production.

To get around this, I added code to check the JENKINS_URL environment variable. If a user on a test Jenkins instance tries to deploy to production, the script will immediately stop the deploy.

$env is a reserved variable by PowerShell that imports the JENKINS_URL variable without passing it to the script.

# Check Jenkins URL
$JENKINS_URL = $env:JENKINS_URL
if (($rngenv -eq "prod") -and ($JENKINS_URL -ne "http://jenkinswin.fbfs.com/jenkins")) {
Write-Host "Production deploys must be done from a production Jenkins instance"
Exit}

Firefox Preferences Controlled by System Administrators

After finally receiving formal permission to install Firefox on my enterprise laptop, the desktop team decided to set the homepage for all users.  When I'm working on a program and click new tab to do research, going to the company intranet homepage does me no good.  It actually slows down my work.  After some web searches, I found the answer.

http://www.mockbox.net/configmgr-sccm/300-firefox-set-default-home-page-for-all-users

As Administrator I edited mozilla.cfg to use Google as my homepage.

I anticipate this will break the next time a Firefox package is pushed to my machine so I wanted to make sure I remembered the fix.

Install Guest Additions on Fedora 17/18/19

1) Yum update
2) Devices > Guest Additions
3) Become root
4) mkdir /media/VirtualBoxGuestAdditions
    mount -r /dev/cdrom /media/VirtualBoxGuestAdditions
5) yum install gcc kernel-devel kernel-headers dkms make bzip2
6) KERN_DIR=/usr/src/kernels/`uname -r`-`uname -m`
     export KERN_DIR
7) cd /media/VirtualBoxGuestAdditions
    ./VBoxLinuxAdditions.run
8) reboot