Jenkins¶
Purpose¶
Jenkins continuous integration server for building software artifacts for CAcert.org and this documentation.
Application Links¶
- Jenkins web interface
Administration¶
System Administration¶
Primary: Jan Dittberner
Secondary: None
Application Administration¶
Application |
Administrator(s) |
|---|---|
Jenkins |
Contact¶
Additional People¶
No additional people have sudo access on that machine.
Basics¶
Physical Location¶
This system is located in an LXC container on physical machine Infra02.
Logical Location¶
- IP Internet:
reverse proxied from Web
- IP Intranet:
- IP Internal:
- MAC address:
00:ff:a4:c9:aa:49(eth0)
See also
See Network
Monitoring¶
- internal checks:
DNS¶
Name |
Type |
Content |
|---|---|---|
jenkins.cacert.org. |
IN A |
213.154.225.242 |
jenkins.cacert.org. |
IN SSHFP |
1 1 2CAEBE197C0F1C25404890ADFEDABB371FB05650 |
jenkins.cacert.org. |
IN SSHFP |
1 2 6110A42530A5197AB1180417EE32B2EB581813CA773498177481B11D969BB529 |
jenkins.cacert.org. |
IN SSHFP |
2 1 4CE4EEF515BDEE033D68B92419F71679880B2FD5 |
jenkins.cacert.org. |
IN SSHFP |
2 2 7E76D01B8DC48178535F3F6164C07EF35D3436F352DB8C62FFACD5B8E3C106A7 |
jenkins.cacert.org. |
IN SSHFP |
3 1 1CE55A42B27BF42A78E281440F146DA17255A97D |
jenkins.cacert.org. |
IN SSHFP |
3 2 20763231FECF9518C2CECAB05AC76E4483F563C0853F8B8A53E469316DA75381 |
jenkins.intra.cacert.org. |
IN A |
172.16.2.115 |
See also
Operating System¶
Debian GNU/Linux 11 Buster
Services¶
Listening services¶
Port |
Service |
Origin |
Purpose |
|---|---|---|---|
22/tcp |
ssh |
ANY |
admin console access |
25/tcp |
smtp |
local |
mail delivery to local MTA |
2022/tcp |
Jenkins |
internal |
Jenkins ssh port |
5665/tcp |
icinga2 |
monitor |
remote monitoring service |
8080/tcp |
Jenkins |
internal |
Jenkins web interface |
Running services¶
Service |
Usage |
Start mechanism |
|---|---|---|
cron |
job scheduler |
systemd unit |
Exim |
SMTP server for local mail submission |
systemd unit |
dbus-daemon |
System message bus daemon |
systemd unit |
icinga2 |
Icinga2 monitoring agent |
systemd unit |
Jenkins |
Jenkins CI server |
systemd unit |
openssh server |
ssh daemon for remote administration |
systemd unit |
Puppet agent |
configuration management agent |
systemd unit |
rsyslog |
syslog daemon |
systemd unit |
Connected Systems¶
Outbound network connections¶
Infra02 as resolving nameserver
Emailout as SMTP relay
Git for fetching source code
Proxyout as HTTP proxy for APT and Jenkins plugin updates
Puppet for configuration management
Webstatic for publishing code documentation to codedocs.cacert.org and infrastructure documentation to infradocs.cacert.org
arbitrary Internet HTTP, HTTPS, FTP, FTPS, git servers for fetching source code and build dependencies (via
&CONTAINER_OUT_ELEVATED("jenkins");in/etc/ferm/ferm.d/jenkins.confon Infra02).
Security¶
SSH host keys¶
Algorithm |
Fingerprints |
|---|---|
RSA |
|
DSA |
|
ECDSA |
|
ED25519 |
|
See also
Non-distribution packages and modifications¶
The Puppet agent package and a few dependencies are installed from the official Puppet APT repository because the versions in Debian are too old to use modern Puppet features.
Jenkins from pkg.jenkins-ci.org
package source is defined in
/etc/apt/sources.list.d/jenkins.listFew packages (i.e. go toolchain) from Debian testing
package source is defined in
/etc/apt/sources.list.d/buster.list
Risk assessments on critical packages¶
Jenkins is a widely used CI server with regular updates. Security issues are handled quickly by the upstream developers.
Critical Configuration items¶
The system configuration is managed via Puppet profiles. There should be no configuration items outside of the Puppet repository.
Todo
move configuration of jenkins to Puppet code
Jenkins configuration¶
Jenkins stores its configuration and working directories in
/var/lib/jenkins. Jenkins administration is performed via an integrated
management web interface with role based access control.
Tasks¶
Changes¶
Planned¶
build more of CAcert’s software on the Jenkins instance
System Future¶
No plans
Additional documentation¶
See also
