openstack
/
app-catalog
Code Issues Proposed changes
app-catalog/deployment
History
Luong Anh Tuan cf81bd39a6 Replace yaml.load() with yaml.safe_load() 
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: Ife71148013d5f94ec5ae62633ff9a41f419bd3b7
Closes-Bug: #1634265
 		2017-01-18 11:47:26 +07:00
..
catalog-ci-jenkins Replace yaml.load() with yaml.safe_load() 2017-01-18 11:47:26 +07:00
README.md Update repo references 2015-09-11 17:23:10 -07:00
deploy.sh Add deployment scripts for App Catalog CI 2015-05-25 16:31:23 +03:00

README.md

app-catalog-ci

Description

This is a collection of deployment scripts for app-catalog CI project. It consists of Puppet module catalog_ci and an additional shell script. The scripts allow to setup Jenkins with access to Gerrit to trigger appropriate jobs on a commit to the app-catalog project.

Deployment

Execute deploy.sh script to begin deployment: (some operations require superuser access rights)

./deploy.sh

The script will install necessary packages and deploy/configure Jenkins. You will be able to access it at http://server_ip:8080 The following steps are required after deployment:

  • Setup access rights. By default Jenkins uses Launchpad OpenID and all users have full access to Jenkins. Proceed to Manage Jenkins -> Configure Global Security and setup security.
  • Finish Gerrit auth setup: Add a private key file (id_rsa) to Jenkins ssh directory:
    • sudo mkdir -p /var/lib/jenkins/.ssh
    • sudo cp id_rsa /var/lib/jenkins/.ssh
    • sudo chown -R jenkins:jenkins /var/lib/jenkins/.ssh
    • sudo chmod 600 /var/lib/jenkins/.ssh/id_rsa Then proceed to Manage Jenkins -> Gerrit Trigger and press the button in 'Status' column. If button will change its color to green, your connection to Gerrit works OK and Jenkins is receiving Gerrit events. Otherwise please check Gerrit server parameters.
  • rclone (http://rclone.org/) is used to upload images to CDN. Please install and configure it manually, if it's required. 'jenkins' user should be able to access default rclone configuration file in order to use it.

Jenkins Jobs

Jenkins Job Builder is used to configure Jenkins jobs. It will be automatically installed by deployment scripts. Jobs configuration files will be placed to /etc/jenkins_jobs/jobs. You can use the following command to apply your changes

jenkins-jobs update /etc/jenkins_jobs/jobs