puppet-jenkins

This is intended to be a re-usable Puppet module that you can include in your own tree.

Experimental Types and Providers

The experimental types/providers are not for the faint of heart. If you are starting out with this module you probably want to skip directly to Getting Started.

A family of experimental native types and providers has been added to this module, in parallel to the existing classes and defined types, with the goal of soliciting feedback. One of the primary benefits of these new types is not requiring manifest changes to manage jenkins with or without "security" enabled. The goal is to eventually replace the functionality of the existing classes/defines with the new types. Usage feedback (positive and negative), bug reports and/or PRs would be greatly welcomed.

The semantics and API of these types should be considered unstable and almost certainly will change based on feedback. It is currently unclear if these types will be considered part of the public API or treated as private to the module.

See NATIVE_TYPES_AND_PROVIDERS.md

Jenkins 2.54 and 2.46.2 remoting free CLI and username / password CLI auth

Jenkins refactored the CLI in 2.54 and 2.46.2 in response to several security incidents (See JENKINS-41745. This module has been adjusted to support the new CLI.

The CLI supports proper authentication with username and password. It's a requirement for supporting AD and OpenID authentications (there is no ssh key there). You can supply $jenkins::cli_username and $jenkins::cli_password to use username / password based authentication. Then the puppet automation user can also reside in A.D

Note: Jenkins requires a ssh username, so you must also provide $jenkins::cli_username for ssh. If you specify both username/password and ssh key file, SSH authentication is preferred.

Using puppet-jenkins

Getting Started

puppet module install puppet/jenkins

    node 'hostname.example.com' {
        include jenkins
    }

Then the service should be running at http://hostname.example.com:8080/.

Jenkins' options

Master Executor Threads

class { 'jenkins':
  executors => 0,
}

Managing Jenkins jobs

Build jobs can be managed using the jenkins::job define

Creating or updating a build job

  jenkins::job { 'test-build-job':
    config => template("${templates}/test-build-job.xml.erb"),
  }

Removing an existing build job

  jenkins::job { 'test-build-job':
    ensure => 'absent',
  }

Installing Jenkins plugins

The Jenkins puppet module defines the jenkins::plugin resource which will download and install the plugin "by hand"

The names of the plugins can be found on the update site

Latest

By default, the resource will install the latest plugin, i.e.:

  jenkins::plugin { 'git': }

If you specify version => 'latest' in current releases of the module, the plugin will be downloaded and installed with every run of Puppet. This is a known issue and will be addressed in future releases.

By version

If you need to peg a specific version, simply specify that as a string, i.e.:

  jenkins::plugin { 'git':
    version => '1.1.11',
  }

Note that plugin will timeout if it takes longer than 120 seconds to download. You can increase this by specifying a timeout value, i.e: timeout => 240.

Verifying

This module will download the jenkins modules over HTTP, without SSL. In order to add some verification regarding the downloaded file, you can specify a checksum. You can also define a checksum type with 'digest_type' (default to sha1 if unspecified) ie.:

  jenkins::plugin { 'git':
    version       => '2.2.12',
    digest_string => '48141822e0eea1faa1a1a99b35372494e7352c2746ca3aa3a19a07f34b021848d2cd0bffc8959c1b809c5be231c1b49e9ffec0430dd68938197ac0f34588ee25',
    digest_type   => 'sha512',
  }

Direct URL

Direct URL from which to download plugin without modification. This is particularly useful for development and testing of plugins which may not be hosted in the typical Jenkins' plugin directory structure.

  jenkins::plugin { 'myplugin':
    source => 'https://example.org/myplugin.hpi',
  }

Note that that when source is specified, the version and plugin_url parameters will have no effect on the plugin retrieval URL.

Plugin dependencies

Dependencies are not automatically installed. You need to manually determine the plugin dependencies and include those as well. The Jenkins wiki is a good place to do this. For example: The Git plugin page is at https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin.

Slaves

You can automatically add slaves to jenkins, and have them auto register themselves. Most options are actually optional, as nodes will auto-discover the master, and connect.

Full documentation for the slave code is in jenkins::slave.

It requires the swarm plugin on the master & the class jenkins::slave on the slaves, as below:

    node /jenkins-slave.*/ {
      class { 'jenkins::slave':
        masterurl => 'http://jenkins-master1.domain.com:8080',
        ui_user => 'adminuser',
        ui_pass => 'adminpass',
      }
    }

    node /jenkins-master.*/ {
        include jenkins
        include jenkins::master
    }

Depending on Jenkins

If you have any resource in Puppet that depends on Jenkins being present, add the following require statement:

  exec { 'some-exec':
    require => Class['jenkins::package'],
    # ... etc
  }

Advanced features

1. Plugin Hash - jenkins::plugins
2. Config Hash - jenkins::config
3. Configure Firewall - jenkins (init.pp)
4. Outbound Jenkins Proxy Config - jenkins (init.pp)
5. CLI Helper
   • exec_cli_helper
6. Jenkins Users
7. Credentials
8. Simple security model configuration

API-based Resources and Settings (Users, Credentials, security)

This module includes a groovy-based helper script that uses the Jenkins CLI to interact with the Jenkins API. Users, Credentials, and security model configuration are all driven through this script.

When an API-based resource is defined, the Jenkins' CLI is installed and run against the local system (127.0.0.1). Jenkins is assumed to be listening on port 8080, but the module is smart enough to notice if you've configured an alternate port using jenkins::config_hash['JENKINS_PORT'].

Users and credentials are Puppet-managed, meaning that changes made to them from outside Puppet will be reset at the next puppet run. In this way, you can ensure that certain accounts are present and have the appropriate login credentials.

CLI Helper

The CLI helper assumes unauthenticated access unless configured otherwise. You can configure jenkins::cli_helper to use an SSH key on the managed system by passing the keyfile path as a class parameter:

  class {'jenkins':
    cli_ssh_keyfile => '/path/to/id_rsa',
  }

... or via hiera:

jenkins::cli_ssh_keyfile: "/path/to/id_rsa"

Direct including of the jenkins::cli_helper class into the manifest is deprecated.

There's an open bug in Jenkins (JENKINS-22346) that causes authentication to fail when a key is used but authentication is disabled. Until the bug is fixed, you may need to bootstrap jenkins out-of-band to ensure that resources and security policy are configured in the correct order. For example:

# In puppet:
  anchor {'jenkins-bootstrap-start': } ->
    Class['jenkins::cli_helper'] ->
      Exec[$bootstrap_script] ->
        anchor {'jenkins-bootstrap-complete': }

# Code for $bootstrap_script
#!/bin/bash -e
# Generate an SSH key for the admin user
ADMIN_USER='<%= admin_user_name %>'
ADMIN_EMAIL='<%= admin_user_email %>'
ADMIN_PASSWORD='<%= admin_user_password %>'
ADMIN_FULLNAME='<%= admin_user_full_name %>'
ADMIN_SSH_KEY='<%= admin_ssh_keyfile %>'
JENKINS_CLI='<%= jenkins_libdir %>/jenkins-cli.jar'
PUPPET_HELPER='<%= jenkins_libdir %>/puppet_helper.groovy'
HELPER="java -jar $JENKINS_CLI -s http://127.0.0.1:8080 groovy $PUPPET_HELPER"
DONEFILE='<%= jenkins_libdir %>/jenkins-bootstrap.done'

ADMIN_PUBKEY="$(cat ${ADMIN_SSH_KEY}.pub)"

# Create the admin user, passing no credentials
$HELPER create_or_update_user "$ADMIN_USER" "$ADMIN_EMAIL" "$ADMIN_PASSWORD" "$ADMIN_FULLNAME" "$ADMIN_PUBKEY"
# Enable security. After this, credentials will be required.
$HELPER set_security full_control

touch $DONEFILE

jenkins::cli::exec

The defined type jenkins::cli::exec may be used to execute arbitrary CLI helper commands.

Arguments to the CLI helper script may be specified as the resource's title.

  jenkins::cli::exec { 'set_num_executors 0': }

Or passed as an array to the command parameter. This example is semantically equivalent to the first.

  jenkins::cli::exec { 'set_num_executors 0':
    command => ['set_num_executors', '0'],
  }

which is also equivalent to:

  jenkins::cli::exec { 'set_num_executors 0':
    command => 'set_num_executors 0',
  }

If the unless parameter is specified, an environment variable named $HELPER_CMD is declared which contains the complete string needed to execute the CLI helper script (minus arguments). This may be useful in constructing idempotent exec statements.

  $num_executors = 0
  jenkins::cli::exec { "set_num_executors ${num_executors}":
    unless => "[ \$(\$HELPER_CMD get_num_executors) -eq ${num_executors} ]"
  }

Users

Email and password are required.

Create a johndoe user account whose full name is "Managed by Puppet":

  jenkins::user { 'johndoe':
    email    => 'jdoe@example.com',
    password => 'changeme',
  }

Credentials

Password is required. For ssh credentials, password is the key passphrase (or '' if there is none). private_key_or_path is the text of key itself or an absolute path to a key file on the managed system.

Create ssh credentials named 'github-deploy-key', providing an unencrypted private key:

    jenkins::credentials { 'github-deploy-key':
      password            => '',
      private_key_or_path => hiera('::github_deploy_key'),
    }

Setting a UUID:

You can also specify a UUID to use with the credentials, which will be used to identify the credentials from within the job config. This is necessary when setting credentials for use with the git plugin, for example.

You can either manually generate a UUID from a site like UUIDTools.com, or use the UUID from an existing user, which is accessible within the URL of the Jenkins console when managing an existing user's credentials.

    jenkins::credentials { 'deploy-user':
      password            => '',
      private_key_or_path => hiera('::deploy_key'),
      uuid                => hiera('::deploy_credentials_uuid'),
    }

Configuring Security

The Jenkins security model can be set to one of two modes:

• full_control - Users have full control after login. Authentication uses Jenkins' built-in user database.
• unsecured - Authentication is not required.

Jenkins security is not managed by puppet unless jenkins::security is defined.

Using from Github / source

With librarian

If you use librarian-puppet, add the following to your Puppetfile:

mod "puppet/jenkins"

With the "puppet module" tool

This module is compatible with the puppet module tool. Appropriately this module has been released to the Puppet Forge, allowing you to easily install the released version of the module

To quickly try this module with the puppet module tool:

% sudo puppet module install puppet/jenkins
% sudo puppet apply -v -e 'include jenkins'
info: Loading facts in facter_dot_d
info: Loading facts in facter_dot_d
info: Applying configuration version '1323459431'
notice: /Stage[main]/Jenkins::Repo::El/Yumrepo[jenkins]/descr: descr changed '' to 'Jenkins'
notice: /Stage[main]/Jenkins::Repo::El/Yumrepo[jenkins]/baseurl: baseurl changed '' to 'http://pkg.jenkins-ci.org/redhat/'
notice: /Stage[main]/Jenkins::Repo::El/Yumrepo[jenkins]/gpgcheck: gpgcheck changed '' to '1'
notice: /Stage[main]/Jenkins::Repo::El/File[/etc/yum/jenkins-ci.org.key]/ensure: defined content as '{md5}9fa06089848262c5a6383ec27fdd2575'
notice: /Stage[main]/Jenkins::Repo::El/Exec[rpm --import /etc/yum/jenkins-ci.org.key]/returns: executed successfully
notice: /Stage[main]/Jenkins::Package/Package[jenkins]/ensure: created
notice: /Stage[main]/Jenkins::Service/Service[jenkins]/ensure: ensure changed 'stopped' to 'running'
notice: Finished catalog run in 27.46 seconds

Overriding the jenkins package name

It's possible to specify a different package name to the default jenkins if you wish:

class { 'jenkins':
  package_name => 'jenkins_custom',
}

Installing from a hosted RPM

Sometimes you don't have an RPM repository available and are not allowed to directly install from repositories on the Internet. In this case, you can still install Jenkins with this module by hosting the jenkins RPM file somewhere accessible (http server, S3 bucket, etc.) and tell

class { 'jenkins':
  direct_download => 'http://myserver/rpms/jenkins-x.xxx-1-1.rpm',
}

Changelog

All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.

v5.0.0 (2024-05-07)

Full Changelog

Breaking changes:

• CentOS: Drop EoL 7/8 support #1106 (bastelfreak)
• Use native Puppet instead of the retries Gem in the CLI provider, replacing try_sleep parameter by exponential backoff #904 (ekohl)

Implemented enhancements:

• update puppet-systemd upper bound to 8.0.0 #1102 (TheMeier)
• Add support for Puppet 8 #1095 (evgeni)
• Add support for puppetlabs/java 11.x #1094 (evgeni)
• replace deprecated merge function with native puppet #1092 (zilchms)
• Remove legacy top-scope syntax #1084 (smortex)
• Add download option to jenkins module #1073 (ekohl)

v4.0.0 (2023-09-29)

Full Changelog

Breaking changes:

• Drop Ubuntu 18.04, add 20.04 and 22.04 support #1080 (evgeni)
• Drop Puppet 6 support #1074 (bastelfreak)

Implemented enhancements:

• Add support for EL9, document Alma/Oracle/Rocky support #1081 (evgeni)
• Allow puppetlabs/stdlib 9.x, puppetlabs/java 10.x, puppet/archive 7.x, puppet/zypprepo 5.x, puppet/systemd 6.x #1076 (bastelfreak)

v3.3.0 (2023-04-19)

Full Changelog

Implemented enhancements:

• Update repository key for 2023 #1069 (flichtenheld)

Merged pull requests:

• Fix GitLabApiTokenImpl & BrowserStackCredentials tests #1071 (ekohl)

v3.2.1 (2023-04-11)

Full Changelog

Fixed bugs:

• Allow puppetlabs/java 9 #1068 (ekohl)

v3.2.0 (2023-04-11)

Full Changelog

Implemented enhancements:

• Mark compatible with puppetlabs/apt 9 & puppetlabs/java 8 #1066 (ekohl)

v3.1.0 (2023-04-07)

Full Changelog

Implemented enhancements:

• el repo enabled toggle added #1064 (wimkorevaar)
• bump puppet/systemd to \< 5.0.0 #1063 (jhoblitt)

Merged pull requests:

• Fix broken Apache-2 license #1062 (bastelfreak)

v3.0.0 (2022-09-16)

Full Changelog

Breaking changes:

• remove deprecated param $ssh_keyfile from jenkins::cli_helper #866
• Change slave on mac to use plist and use EPP #1057 (ekohl)
• Remove deprecated hiera_array usage #1055 (ekohl)
• Drop Ubuntu 16.04 support #1039 (ekohl)
• Drop sysvinit support in jenkins::slave #1038 (ekohl)
• Rewrite to native systemd #1035 (ekohl)
• Change supported Puppet versions to 6 & 7 #1003 (genebean)
• Remove deprecated enabled parameter on job #991 (ekohl)
• Remove params from jenkins::plugin and make it lint clean #985 (ekohl)
• Drop code old CLI remoting support #984 (ekohl)

Implemented enhancements:

• Add a way to set the open files limit in systemd service #1009
• function hiera_array is deprecated #983
• Support for Ubuntu 16.04 (systemd) #666
• Add support for a custom JAVA_HOME #217
• Should we include the puppet-jenkinstracking code? #110
• The module should support FreeBSD 10 and pkgng #105
• Install Java 11 JDK on Red Hat OSes #1054 (ekohl)
• Install Java 11 on Red Hat OSes #1053 (ekohl)
• Drop-in file systemd configuration #1044 (jan-win1993)
• Allow up-to-date dependencies #1019 (smortex)
• puppet/archive: allow 5.x #1010 (bastelfreak)
• Implement ConduitCredentialsImpl in groovy_helper #986 (ekohl)
• Bugfix/custom localdir with user: Fixes #462 #484 (vStone)

Fixed bugs:

• Update references to rtyler/jenkins in README #934
• template path is required to be absolute #768
• Jenkins no longer supports java 7 #638
• Create jenkins user before installing the package with manage_user #462
• Error in plugin version check algo? #192
• Allow template to be a string #1059 (ekohl)
• Fix a reference to jenkins::service #950 (ekohl)
• Use variables for tries and try_sleep everywhere instead of hardcoding #919 (jhooyberghs)

Closed issues:

• Support for Jenkins \< 2.332 #1042
• Does no longer work with jenkins 2.332.1 or 2.335 onwards #1031
• Jenkins is no longer forking (--daemon has been removed) #1024
• Error #1012
• Error #1011
• Plugin download / installation not idempotent #1002
• jenkins-cli.jar has been renamed in the jenkins rpm. #998
• Jenkins Redhat repo certificate has expired #989
• Puppet enterprise error line 425 Could not find class ::java #988
• Jenkins not installing on Centos 7 due to gpg key #979
• The Jenkins Debian package key needs to be updated #971
• Step /Jenkins::Cli/Exec[jenkins-cli] Fails on install #970
• Jenkins-CLI cli.pp #944
• Installed Credentials + Structs plugins are not pinned to a specific version #941
• jenkins-slave-run script fails when JAVA_ARGS is set with multiple settings #939
• CSP Support #927
• Code ordering issue on Ubuntu 18.04 and Puppet6 #920
• remoting-cli setting removed in 2.165 #918
• repo parameter does not work #906
• File jenkins-slave created with wrong owner under Darwin. #892
• Release new version? #891
• semi-regular triage/use case discussions? #857
• new Forge release checklist #855
• revert new CLI interface #854
• Acceptance tests related to plugin installations (or that require a plugin installation) are not failing/succeeding consistenly. #839
• legacy CLI.jar remoting is broken #814
• Deprecated cli access, unable to set initial admin account #808
• Add a docker based acceptance test for Arch Linux #797
• use get-job to ensure that exists, before create it #787
• apt-get update not run after jenkins repo added #785
• RSpec Testing when overriding default plugins #784
• Puppetserver workaround still works? #693
• 1.7.1 release? #678
• Service[jenkins-slave] not idempotent #639
• Could not unmask jenkins-slave #578
• 2.1 support #575
• travis lint warnings #520
• Create ci.jenkins-ci.org job for this project #510
• JAVA_ARGS escaping issue #448

Merged pull requests:

• Remove unused plugins_from_updatecenter #1056 (ekohl)
• Remove old RHEL 5 example #1052 (ekohl)
• Remove PIDFile workaround and deprecated code #1045 (ekohl)
• Fix acceptance tests #1041 (ekohl)
• Move static params to the top level #1037 (ekohl)
• More puppet-strings conversion #1036 (ekohl)
• Fix unit tests with kwarg expectations #1034 (ekohl)
• Don't put unparseable JSON in output #1028 (jvdmr)
• Remove Optional[] where the param has a default #1027 (ekohl)
• Drop EL6 tests #1026 (ekohl)
• add version fact and daemon param for systemd unit file #1025 (fe80)
• puppet-lint: fix top_scope_facts warnings #1020 (bastelfreak)
• switch from camptocamp/systemd to voxpupuli/systemd #1018 (bastelfreak)
• camptocamp/systemd: Allow 3.x #1017 (bastelfreak)
• puppet/zypprepo: Allow 3.x & 4.x #1016 (bastelfreak)
• puppetlabs/apt: allow 8.x #1015 (bastelfreak)
• puppetlabs/stdlib: allow 7.x #1014 (bastelfreak)
• Fix slave run with additional swarm arguments provided #1013 (vStone)
• update dependency puppetlabs-java to support \< 8.0.0 #1008 (saz)
• Lint clean and add more puppet-strings docs #995 (ekohl)
• allow puppetlabs/java \< 7.0.0 #994 (saz)
• Drop GoogleRobotPrivateKeyCredentials implementation #987 (ekohl)
• Rewrite function tests to modern rspec-puppet #982 (ekohl)
• Fix the plugin acceptance tests #981 (ekohl)
• Fix BasicSSHUserPrivateKey acceptance test #978 (ekohl)
• Update debian GPG key #972 (igalic)
• Feature/cli auth fix #965 (TomRitserveldt)
• Use voxpupuli-acceptance #963 (ekohl)
• Fix incorrect syntax in acceptance tests #958 (ekohl)
• Drop okjson #956 (ekohl)
• Respect manage_service with Jenkins::Systemd[Jenkins] #955 (ekohl)
• Avoid global variables in acceptance tests #954 (ekohl)
• Remove unused file #953 (ekohl)
• Drop Puppet 3.x code #952 (ekohl)
• Use more expressive rspec syntax #951 (ekohl)
• Reference jenkins_plugins via $facts #949 (ekohl)
• Remove redundant code #948 (ekohl)
• Simplify the fact definition #947 (ekohl)
• Switch to open source UUID generator #938 (aarreedd)
• Update references to rtyler/jenkins #935 (gguillotte)
• Clean up acceptance spec helper #931 (ekohl)
• Rely more on stdlib and apt modules #917 (ekohl)
• Refactor repository handling #882 (ekohl)

v2.0.0 (2019-06-04)

Full Changelog

Breaking changes:

• modulesync 2.7.0 and drop puppet 4 #908 (bastelfreak)
• modulesync 2.4.0 + drop Ubuntu 14.04 #879 (bastelfreak)

Implemented enhancements:

• Allow slave defaults management to be optional #619
• Update jenkins::slave::java_args to be an array. #573
• resurrect PR #467: Support FileCredentialsImpl in jenkins_credentials native type #529
• Default to running beaker tests on EC2 #401
• Including group parameter for jenkins slave #361
• Initscripts shouldn't call su/runuser as login shell #287
• Add puppet-doc-lint #178
• Darwin/osx support #112
• Add browserstack credentials support #897 (vStone)
• Add support for GoogleRobotPrivateKeyCredentials #861 (thaiphv)
• Run apt_update when defining debian repos #821 (beezly)
• Feature/job replace parameter #759 (vStone)
• Fix https://github.com/jenkinsci/puppet-jenkins/issues/744 by setting mode explicitly #745 (elconas)
• Add support for conduit credentials #737 (oc243)
• Provide a way to override default_plugins_host for all plugins at one time #727 (egouraud-claranet)
• really, really fix slave auth #719 (jhoblitt)
• restart jenkins master after purging plugins #706 (jhoblitt)
• add purge_plugins param to jenkins class #704 (jhoblitt)
• add jenkins::default_plugins param #697 (jhoblitt)
• systemd jenkins master support on RedHat #694 (jhoblitt)
• fix slave systemd support #692 (jhoblitt)
• add swarm client systemd support #691 (jhoblitt)
• add jenkins::sysconfdir parameter #689 (jhoblitt)
• disable plugin pinning by default #688 (jhoblitt)
• add firewall module dependency info #676 (vinhut)
• Add support for gitlab api token credential - #664 #667 (ripclawffb)
• Add support for disabling management of Service[jenkins] #661 (rtyler)
• Add swarm client args string to support multiple arguments #655 (rtyler)
• Disable swarm unique id on slave #650 (mterzo)
• Allow groups to be set for the jenkins-slave user #629 (br0ch0n)
• Removing 'enable' statement on job.pp and job/present.pp #584 (zonArt)
• Dynamic job configuration #583 (zonArt)

Fixed bugs:

• archive type not failing on HTTP 404s #783
• slave password authentication broken #714
• Credentials plugin hard coded #665
• puppet_helper.groovy throws java.lang.ClassNotFoundException: hudson.tasks.Mailer.UserProperty #633
• puppet_helper.groovy throwing error.. No such property: cred for class: Actions #624
• Won't install alongside puppetlabs-mysql #623
• uninitialized constant json when using Jenkins_credentials provider #617
• jenkins_user experimental password setting is broken #499
• Ensure $jenkins::localstatedir to Directory Breaks Filesystem's With Symlinked Mounts #403
• repo::debian.pp does not work with apt module >= 2.0.0 #402
• Jenkins Plugin manifest are now readable since it has got some invalid byte sequence in US-ASCII #265
• Default INFO logging makes jenkins cli output messages that are then … #907 (jhooyberghs)
• Avoid getting plainText from null passphrase #760 (vStone)
• Fix all require statements for files in puppet_x #755 (vStone)
• fix multiple slave labels #721 (jhoblitt)
• workaround voxpupuli/puppet-archive#242 #699 (jhoblitt)
• fix security setting idempotentance #698 (jhoblitt)
• require JSON module -- rebase of #565 #696 (jhoblitt)
• Fix a typo in README - Jennkins #670 (roidelapluie)
• Newer versions of parallel_tests require Ruby 2.0 or newer #662 (rtyler)
• Fix get_running issue for jenkins slave #660 (gtorka)
• Fix syntax for class load of hudson.tasks.Mailer$UserProperty #636 (alan-schwarzenberger)
• Fix for groovy.lang.MissingPropertyException #628 (dangerfield)
• Plugins fail to install due to search false positives #626 (m3brown)

Closed issues:

• jenkins cli broken with latest LTS 2.164.1 ? #905
• Recent Jenkins version may have broken the CLI #896
• Duplicated declaration #880
• New tag? #876
• disable anonymous read when jenkins_authorization_strategy { 'hudson.security.FullControlOnceLoggedInAuthorizationStrategy': #867
• "Triage Meeting" on Monday 2018-02-19 @ 1600UTC #850
• Passwords aren't quoted properly in jenkins-run.erb #836
• Transfer to Vox Pupuli? #828
• Error: Invalid or corrupt jarfile /usr/lib/jenkins/jenkins-cli.jar #827
• A Catalog type is required. at /etc/puppetlabs/code/modules/jenkins/manifests/cli.pp:46:37 #826
• Release a new version in Puppet Forge #825
• Private key passing issue with Groovy through jenkins pipeline #817
• Missing dependency for Exec['reload-jenkins'] #813
• jenkins service restart on each puppet run under Redhat 7 #807
• Module puppetlabs/transition required for Debian/Ubuntu nodes #799
• Replace darin/zypprepo with puppet/zypprepo #798
• Remove puppetlabs/apt from hard dependencies #786
• code deploy fails when we add mod 'rtyler-jenkins', '0.3.1' to puppetfile #777
• Release the software in accordance with semantic versioning #770
• Ensure Jenkins::slave failed. #769
• Prevents upgrade of puppetlabs-java module to 2.0.0 #767
• plugins should not reinstall themselves if they are already installed #766
• Commit breaks tests #753
• puppet_helper.groovy uses deprecated remoting mode #749
• Plugin gets reinstalled and restarts Jenkins on Puppet daemon run but NOT manual run #748
• When running with "umask 027" /usr/lib/jenkins/jenkins-cli.jar will be unusable by others #744
• allow jenkins::repo to run in another stage #741
• Swarm 3.3 download URL doesn't exist #739
• The SSL certificate has expired for https://updates.jenkins-ci.org #726
• jenkins-slave exposes password as command argument #700
• Issue with puppetlabs-apt 2.3.0 #686
• The job xml is stored in /tmp #683
• Keeps want to recreate users on every run #682
• Successful installation/setup, unsuccessful login #681
• Duplicate declaration: Jenkins::Plugin[credentials] is already declared #680
• setting security is not idempotent #673
• 'digest_type' default of 'sha1' is causing all plugins to install repeatedly #668
• puppet_helper.groovy throws an error with unsupported credentials #664
• $jenkins::libdir is undef in jenkins::cli class #654
• Unsuccessful Installation #647
• jenkins::plugins doesn't work properly with puppet 4.6.2 #637
• Allow virtual jenkins host #630
• Ability to send in swarm flags (i.e. deleteExistingClients) to jenkins::slave #616
• Authentication failed. No private key accepted. #602
• Experimental Resource Types not working on Java Puppetmaster (jRuby) #597
• no ordering in config_hash #443
• using jenkins::job with jenkins::cli_helper ends up in dependency loop #258

Merged pull requests:

• add output of facter command to know value of custom fact #916 (Dan33l)
• Allow puppetlabs/stdlib 6.x, puppetlabs/java 4.x and puppet/archive 4.x #914 (alexjfisher)
• Update metadata for Vox Pupuli release #912 (pillarsdotnet)
• Allow puppetlabs/apt 7.x #911 (dhoppe)
• Replace merge function with + #909 (alexjfisher)
• split examples about error and idempotency as much as possible #900 (Dan33l)
• fix unreferenced variables; add puppet5/6 support #898 (bastelfreak)
• Add show_diff parameter to pass to augeas resource #895 (zipkid)
• Replace is_array with Puppet 4 native comparision #894 (baurmatt)
• Adding SLES to supported platforms #893 (msurato)
• fix puppet_helper.groovy exception when listing users on recent jenkins versions #889 (jhoblitt)
• Pass java_cmd to start_slave.sh (OS X) #887 (hlaf)
• allow puppetlabs/stdlib 5.x #886 (bastelfreak)
• Allow custom location for slave JAVA command #883 (esalberg)
• Fix small typo in jenkins-slave-defaults.erb #881 (danedf)
• partial modulesync 1.9.2 #874 (bastelfreak)
• partial modulesync 1.9.2 #873 (bastelfreak)
• puppet-lint: autofix #872 (bastelfreak)
• notify service containing class instead of service resource #871 (jhoblitt)
• fix native type idempotency with github-oauth plugin #870 (jhoblitt)
• drop EOL OSs; fix puppet version range #869 (bastelfreak)
• bump lower puppet version to 4.10.0 #864 (bastelfreak)
• allow camptocamp/systemd 2.X #859 (bastelfreak)
• 4 more rubocop fixes #852 (alexjfisher)
• RFC: Remove dead JPM code #849 (alexjfisher)
• More rubocop fixes #848 (alexjfisher)
• Fix all remaining auto-fixable rubocop violations #847 (alexjfisher)
• Disable rubocop for okjson.rb and resync from upstream. Fix Rubocop Style/RegexpLiteral #845 (alexjfisher)
• More Rubocop fixes #843 (alexjfisher)
• add pending to AWSCredentialsImpl and GitLabApiTokenImpl #842 (TomRitserveldt)
• Feature/slave tunnel #840 (jhooyberghs)
• Bugfix/dependency 813 #838 (jhooyberghs)
• [828] Change badge url after transferring the repo to voxpopuli #837 (v1v)
• Fixes password quoting for jenkins.run template #835 (tthayer)
• Cleanup the .travis.yml for a modulesync #834 (bastelfreak)
• drop legacy puppet version from testmatrix #832 (bastelfreak)
• Fixes for 21 different rubocop cop violations #831 (alexjfisher)
• VoxPupuli Migration: Fix puppet-lint, rspec-puppet example groups and start rubocop migration #830 (alexjfisher)
• bump dependency on camptocamp/systemd #822 (costela)
• Add missing dependency to the gitlab plugin (credentials) test #820 (vStone)
• GitLab, AWS, and File credentials #815 (danzilio)
• change namespace from PuppetX::Jenkins -> Puppet::X::Jenkins #806 (jhoblitt)
• change zypprepo dependency to voxpupuli #805 (jhoblitt)
• Remove dependencies section from README. #804 (jhoblitt)
• allow newer puppet-archive versions #803 (mmoll)
• allow newer puppetlabs-apt versions #802 (mmoll)
• allow newer puppetlabs-java version #801 (mmoll)
• fix archive type not failing on HTTP 404s #795 (jhoblitt)
• Switch repositories to HTTPs to take advantage of end-to-end TLS #794 (jhoblitt)
• Replace legacy validate_* calls with puppet4 datatypes #793 (jhoblitt)
• remove jenkins plugin dir before upgrade #792 (jhoblitt)
• update travis matrix #790 (jhoblitt)
• bump stdlib min version to 4.18.0 #789 (jhoblitt)
• add rake shellcheck target #788 (jhoblitt)
• Support null passphrase when fetching credential_info #778 (anne23)
• Fix '-remoting' flag tests #775 (alvin-huang)
• Add archlinux support #773 (kBite)
• Restore archive require #763 (madAndroid)
• (documentation) [ci skip]: minor typo affecting markdown rendering of jenkins_job #762 (crayfishx)
• travis matrix update #758 (jhoblitt)
• Correct all arrow alignments using puppet-lint #756 (vStone)
• add support for new CLI interface (remoting is deprecated) #752 (elconas)
• Added legacy functionality when using the -s flag in the jenkins cli #751 (darioatbashton)
• Remove doc string for unused java_version param #735 (christek91)
• update update-center base URL #728 (jhoblitt)
• lint #722 (PascalBourdier)
• gem updates - leftovers from #713 #717 (jhoblitt)
• fix slave auth broken by #710 #715 (jhoblitt)
• assorted gem updates, cleanups, and/or removals #713 (jhoblitt)
• change apt module >= 2.1.0 #711 (jhoblitt)
• do not expose slave password in process table #710 (jhoblitt)
• initial puppet strings doc format conversion #709 (jhoblitt)
• fix acceptance tests on Debian #707 (jhoblitt)
• tidy up beaker nodesets #695 (jhoblitt)
• swarm update #690 (jhoblitt)
• fix exclusion of puppet 3.x / ruby 2.2 #687 (jhoblitt)
• update travis test matrix #685 (jhoblitt)
• allow newline before start of private key #657 (rtyler)
• Improve credentials definition idempotency #656 (rtyler)
• Avoid "Undefined variable 'proxy_server'" warnings. #648 (jgreen210)
• bump travis puppet version matrix #645 (jhoblitt)
• resolve incompatible beaker related gem versions #644 (jhoblitt)
• Fixes apt module deprecation warnings #458 (vStone)

v1.7.0 (2016-08-18)

Full Changelog

Implemented enhancements:

• Update jenkins::slave::labels to be an array. #572
• jenkins_job unable to pretech jobs contained in folders #541
• Missing proxy support for jenkins::slave #442
• puppet module conflict with camptocamp/archive #427
• validate all DSL class/define params #392
• Credential types #373
• Jenkins::Slave wget needs proxy configuration #248
• Update plugin if it already installed #11
• jenkins 2.x support #611 (jhoblitt)
• -- #573: Convert jenkins::slave::java_args to support both strings and arrays. #604 (madelaney)
• Escape +'s when grepping through jenkins plugin version numbers #599 (cliff-svt)
• -- #572: Converted the jenkins slave labels param to accept a string … #591 (madelaney)
• rubocop #552 (jhoblitt)
• allow master + swarm client to coexist on the same node #545 (jhoblitt)
• multiple jenkins_job type improvements #544 (jhoblitt)
• make jenkins_job type cloudbees-folder aware #540 (jhoblitt)
• add StringCredentialsImpl support to jenkins_credentials #531 (jhoblitt)
• bump swarm plugin/client versions to 2.0 #528 (jhoblitt)
• use puppet/archive for all file downloads #516 (jhoblitt)
• add rspec runtime profiling and .travis.yml linting #515 (jhoblitt)
• Adds Beaker docker testing to .travis.yml #503 (petems)
• Use Active Directory realm as type #495 (danielpalstra)
• Add support for prefix configuration in the CLI config class. #494 (danielpalstra)
• add ability to set java_args on slaves #485 (adamcstephens)
• An augeas helper define to deal with configs #480 (vStone)
• Add ensure=>file to pinning file #475 (alexjfisher)
• validate all class/define params #473 (jhoblitt)
• Support FileCredentialsImpl in jenkins_credentials native type #467 (matez)
• Allow the user to manage the localstatedir themselves. #407 (jniesen)
• Add manage_client_jar option #307 (bigon)

Fixed bugs:

• jenkins-slave don't stop correctly #557
• jenkins_job broken by org.jenkinsci.plugins.workflow.job.WorkflowJob jobs #551
• Parameter jenkins::slave::ui_pass not enclosed in quotes. #542
• jenkins::slave should not depend on jenkins #533
• slow unit test causing travis failures #517
• jenkins:plugin can incorrectly believe a plugin is installed (when it isn't) #513
• jenkins::plugin ignores version changes #512
• swarm client installation broken by bad TLS certificate #507
• Jenkins::Slave/Exec[get_swarm_client] is not idempotent #505
• Experimental types do not have support for Puppet enterprise #498
• Bug when it tries puppet-jenkins tries to create a user #476
• plugins_dir and job_dir don't default correctly #474
• Core plugins won't upgrade #465
• Systemd causes puppet idempotency issues #447
• Error: Could not find a suitable provider for jenkins_authorization_strategy #434
• port parameter ignored #214
• jenkins::proxy host options need to be documented #108
• Fix tool_locations bash via doublequotes #614 (br0ch0n)
• travis performance and acceptance test reliability improvements #613 (jhoblitt)
• add 'proxy_server' param to jenkins::slave class #612 (jhoblitt)
• 5th parameter is server list for ActiveDirectory #564 (cdenneen)
• Fix path LOCK_FILE #562 (caiohasouza)
• test if job class responds to #isDisabled in job_list_json #554 (jhoblitt)
• attempt to determine the correct gem provider #530 (jhoblitt)
• Dependency correction when manage_slave_user is false #523 (james-powis)
• cleanup existing plugin archive if extension changes #519 (jhoblitt)
• Plugins from updatecenter performance fixes #518 (petems)
• fix plugin install logic matching #514 (jhoblitt)
• Revert the parts of 00a90d4d that make no sense (fixes #474) (2nd attempt) #483 (vStone)
• Fix for the jenkins.rb facter error #471 (jhoblitt)
• Updated for RedHat systemd systems to use redhat provider until PUP-5353 is fixed #470 (cdenneen)

Closed issues:

• Archive module doesn't have parameter source #620
• support jenkins 2.x #603
• jenkins::credentials is not working with credentials plugin > version 1.24 #601
• Forge release cycle #594
• Beaker tests failing, is it a plan to fix them ? #588
• Can't create jobs/creds/plugins after LDAP auth #581
• Facter 3.1 no longer has osfamily, operatingsystemrelease, operatingsystemmajrelease #571
• Dependency issues #563
• jenkins-cli puppet_helper not working with FullControlOnceLoggedInAuthorizationStrategy #561
• Installing plugins fails jenkins-bootstrap-start #558
• Sauce labs Credentials #538
• Credit #525
• update swarm plugin + client jar to 2.0 #522
• Remove 1.9.3 tests #509
• The homedir is different on CentOS7 #493
• The metadata.json does not contain java as dependency #492
• PR #467 broke puppet_cli_helper #477
• jenkins::plugin incorrectly assumes port 80 on puppet apply #457
• rtyler-jenkins fails to respect install_java => false #455
• How does one insert private key contents directly into private_key_or_path in jenkins::credentials? #452
• Module is missing the Jenkins configuation part #451
• "No checksum for this archive" when installing plugins #450
• Installation fail on Ubuntu Wily #449
• Plugins specified by version number are not updated #445
• Passing an array to jenkins::plugin #429
• Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1: #424
• $jenkins::port does not properly manage listening port #416
• Using Plugin Hash Exec Test for plugin Fails #410
• jenkins::job::present issue #409
• Using Direct URL for plug-ins restarts jenkins with every puppet run #408
• Missleading documentation regarding HTTP_PORT #263

Merged pull requests:

• Update metadata.json for the 1.7.0 release #625 (rtyler)
• Pin the loose dependency (from hiera) on json_pure to something less than 2.0.2 #622 (rtyler)
• Use a up-to-date swarm client URL #621 (rtyler)
• attempt to debug travis beaker failures #615 (jhoblitt)
• rubocop update #607 (jhoblitt)
• fix rubocop conf path syntax warning #586 (jhoblitt)
• remove README reference to nanliu/staging #585 (jhoblitt)
• Updating documentation to reflect the modification of puppet-archive module #582 (zonArt)
• Kludge around jenkins 2.x landing in the 'latest' repos #576 (jhoblitt)
• use single quotes for ruby string literals #553 (jhoblitt)
• replace centos-7-docker fakesystemd with classic flavor #550 (jhoblitt)
• travis puppet versions #549 (jhoblitt)
• fix beaker acceptance tests on Ubuntu #548 (jhoblitt)
• simplify jenkins::slave ordering logic #547 (jhoblitt)
• skip pending beaker tests #546 (jhoblitt)
• minor puppet_helper.groovy cleanup #543 (jhoblitt)
• Improve spec speed #537 (petems)
• make centos-6-docker acceptance tests required #527 (jhoblitt)
• Add folder support to puppet_helper #496 (danielpalstra)
• enable install of cli_helper when jenkins::cli => true #488 (jhoblitt)
• autorequire cli_jar from all PX::J::Type::Cli based types #486 (jhoblitt)
• Revert "Support FileCredentialsImpl in jenkins_credentials native type" #478 (jhoblitt)
• Rtyler 417 cleanup cli helper #469 (jhoblitt)
• Clarify documention for cli_ssh_keyfile param. #446 (BobVincentatNCRdotcom)
• travis does not need the :system_tests group #438 (jhoblitt)
• Minor clean up of difftool patch #430 (rtyler)
• Suppress notice messages when using archive::download #428 (queeno)
• Add a simple rspec-puppet test to verify changing jenkins::plugin's timeout #421 (rtyler)
• Fix Plugin Download Timeout #419 (mooreandrew)
• Unify the ssh_keyfile #417 (chizou)
• Check if the retries gem is not already declared #411 (boyand)
• Undefine create_user in plugins #406 (jonbca)
• fix job_dir variable reference to jenkins class #400 (shieldwed)

v1.6.1 (2015-10-14)

Full Changelog

Closed issues:

• Preparing a release for PuppetConf #384

v1.6.0

(Kato release)

• #219 - Plugins are installed each time and restarting service
• #314 - Update jenkins-slave.RedHat init.d script work bash < 4.0
• #362 - Error on updating existing job
• #365 - jenkins user and jenkins_home directory not configurable
• #367 - [puppet-jenkins#366] Replace -toolLocations with --toolLocation
• #371 - slave: INFO: Failure authenticating with BASIC 'Jenkins' 401
• #372 - Slave: swarm-client requires a cashe directory /home/jenkins-slave/.jenkins/
• #374 - add single quotes for credentials
• #376 - Add template in the jenkins::job
• #377 - Making the management of the daemon package optional
• #378 - fix rspec-puppet raise_error warning
• #382 - (RFC) native types and providers
• #383 - fix acceptance test path prefix for jenkins-cli.jar
• #385 - WIP: completely rework the way imports work for the native types
• #386 - set_security() does not save jenkins state
• #387 - Avoid referring to class objects directly in the Groovy helper
• #388 - Fix relationship for pinned files
• #389 - remove seperate resources for handling plugin extension
• #390 - Adds Examples for various platforms for Jenkins
• #391 - use ensure_packages() to manage the daemon package
• #395 - Fix username quoting
• #396 - add user/group mgt. + localstatedir params to jenkins class
• #398 - client_url is hardcoded in slave.pp
• #399 - document types and providers puppetserver known issues

v1.5.0

(Jennings release)

• #227 - Add parameter to set user uuid in jenkins::credentials define
• #288 - add source parameter to jenkins::plugin define
• #289 - set user on exec resources in jenkins::plugin define
• #290 - Support getting external .xml job descriptions
• #292 - Feature/puppet helper util
• #295 - Use jenkins::cli::exec in security.pp
• #296 - should be jenkins::cli::exec
• #297 - Add jenkins::users class to declare all users
• #298 - Maint/fix resource relationships
• #301 - Apt upgrade
• #302 - Package name no longer hardcoded
• #303 - Puppet helper slaveagentport
• #319 - Adding optional description to slave
• #320 - Forge Project URL link broken
• #323 - Upgraded apt module dependency to support v2
• #325 - add puppet ~> 3.8 & ~> 4.1 to travis matrix
• #326 - Fixed project_page in metadata.json
• #328 - Support configuring a yum proxy server
• #331 - Set retries in job configuration to global parameters
• #335 - Fix jenkins::plugin with create_user false
• #336 - Features/9618 stronger plugin verification
• #347 - Fix require paths
• #351 - add darwin/osx support to slave class
• #352 - Adding cli_ssh_keyfile parameter to specify the location of a private key
• #353 - Class cannot find exec in jenkins::cli::reload.
• #357 - CLI classes unaware of Jenkins' --prefix
• #358 - Added jenkins_prefix function to retrieve configured prefix

v1.4.0

(Smithers release)

• #222 - Add retry to credentials execs
• #229 - Jenkins slave defaults bugfix
• #233 - fixes timeouts on restart
• #235 - Make creation of user optional
• #236 - Cleanup metadata.json for better mechanical score
• #237 - Update the README with a few puppet-lint things and puppet highlighting.
• #238 - Fix Bracket issue
• #239 - Refactor acceptance tests to use beaker-rspec
• #244 - Add instructions for acceptance tests
• #245 - Added support for the 'toolLocations' parameter.
• #256 - Direct package
• #260 - Feature/puppet helper num executors
• #261 - Escape job names for shell commands
• #262 - Change apt key to full fingerprint
• #264 - Broken link on puppetlabs.com page
• #266 - pin puppetlabs-apt fixtures version to 1.8.0
• #268 - Improvements on job import via cli
• #270 - remove rspec gem ~> 2.99.0 constraint
• #271 - fix rspec > 3 compatiblity
• #272 - use mainline puppetlabs_spec_helper gem
• #273 - update spec_helper_acceptance boiler plate
• #274 - remove puppet module versions constraints from beaker setup
• #275 - add .bundle to .gitignore
• #276 - add log/ to .gitignore
• #277 - add puppet 3.7.0 to travis matrix
• #278 - remove unnecessary whitespace from $jenkins::cli_helper::helper_cmd
• #279 - add metadata-json-lint to Gemfile & enable rake validate target
• #280 - change puppetlabs/stdlib version dep to >= 4.6.0
• #282 - Feature/puppet 4
• #285 - convert raw execs of puppet_helper.groovy to jenkins::cli::exec define

v1.3.0

(Barnard release)

• #134 - Added in ability for user to redefine update center plugin URL
• #139 - document additional class params
• #169 - Allow build jobs to be configured and managed by puppet. Includes #163 a...
• #174 - setting configure_firewall true returns error, port is undefined
• #177 - switch to metadata.json
• #188 - Fix installation of core plugins
• #189 - Fix test.
• #191 - set default port for firewall
• #195 - Bump up swarm version to 1.17
• #198 - Relationship error when testing Jenkins::jobs
• #199 - missing include causes issuse #198
• #202 - Proxy work
• #203 - Fix typo in job/present.pp
• #204 - Fix for #174 allows setting $jenkins::port
• #206 - Refactor some of the firewall port configuration
• #207 - Introduce the jenkins_port function

v1.2.0

(Nestor release)

• #117 - Add feature to disable SSL verification on Swarm clients
• #131 - Support updates for core jenkins modules
• #135 - cli option broken w/ jenkins 1.563 on ubuntu precise
• #137 - repos should be enabled if repo=true on RedHat
• #140 - Packaging Cruft in 1.1.0
• #144 - Update init.pp - correct plugins example syntax
• #149 - Do not ensure plugin_parent_dir to be a directory (#148)
• #150 - Add ensure parameter to jenkins::slave
• #151 - Unsupported OSFamily RedHat on node
• #152 - Jenkins-slave on Centos: killproc and checkpid commands not found
• #153 - Fixes to Jenkins slave init and class
• #154 - slave_mode doesn't apply on debian distros.
• #155 - Add defined check for plugin_parent_dir resource
• #157 - Add missing slave mode to Debian defaults file
• #160 - User and credentials creation, simple security management
• #166 - Error loading fact /var/lib/puppet/lib/facter/jenkins.rb no such file to load -- json
• #171 - A bit of RedHat and Debian slave initd script merging
• #176 - no such file to load -- json
• #180 - Replace use of unzip with jar for unpacking jenkins CLI
• #182 - Include the apt module when installing an apt repository
• #183 - Rely on the jar command instead of unzip to unpack the cli.jar
• #185 - Allow setting the slave name, default to the fqdn at runtime
• #186 - Puppet Forge module
• #187 - Jenkins slave on RedHat - jenkins-slave.erb

v1.1.0

(Duckworth release)

Features

• #86, #122 - Add support for disabling SSL verification on slaves
• #116 - Add support for setting the -fsroot option for slaves
• init script for Debian-family slaves added
• Initial code for a jpm based Package provider merged

Bug fixes

• #107 - Private/internal classes made truly private
• #109 - Fix for dependency issue between repo and package installation.
• $jenkins_plugins fact refactored and RSpec tests added
• #121 - daemon package installed to make Debian slave installs functional
• #126 - Facter exception bug fixed

* This Changelog was automatically generated by github_changelog_generator