diff options
-rw-r--r-- | hosts/jenkins/etc/default/jenkins | 42 | ||||
-rwxr-xr-x | hosts/jenkins/etc/init.d/jenkins | 25 |
2 files changed, 45 insertions, 22 deletions
diff --git a/hosts/jenkins/etc/default/jenkins b/hosts/jenkins/etc/default/jenkins index 97c4868b..a7bb7eb2 100644 --- a/hosts/jenkins/etc/default/jenkins +++ b/hosts/jenkins/etc/default/jenkins @@ -7,21 +7,21 @@ NAME=jenkins JAVA=/usr/bin/java # arguments to pass to java -#JAVA_ARGS="-Xmx512m" # + MaxPermSize is 128m normally -JAVA_ARGS="-Xmx3072m -XX:MaxPermSize=384m" +JAVA_ARGS="-Djava.awt.headless=true" # Allow graphs etc. to work even when an X server is present +#JAVA_ARGS="-Xmx256m" #JAVA_ARGS="-Djava.net.preferIPv4Stack=true" # make jenkins listen on IPv4 address -PIDFILE=/var/run/jenkins/jenkins.pid +PIDFILE=/var/run/$NAME/$NAME.pid # user and group to be invoked as (default to jenkins) -JENKINS_USER=jenkins -JENKINS_GROUP=jenkins +JENKINS_USER=$NAME +JENKINS_GROUP=$NAME # location of the jenkins war file -JENKINS_WAR=/usr/share/jenkins/jenkins.war +JENKINS_WAR=/usr/share/$NAME/$NAME.war # jenkins home location -JENKINS_HOME=/var/lib/jenkins +JENKINS_HOME=/var/lib/$NAME # set this to false if you don't want Hudson to run by itself # in this set up, you are expected to provide a servlet container @@ -29,38 +29,44 @@ JENKINS_HOME=/var/lib/jenkins RUN_STANDALONE=true # log location. this may be a syslog facility.priority -JENKINS_LOG=/var/log/jenkins/$NAME.log -#HUDSON_LOG=daemon.info +JENKINS_LOG=/var/log/$NAME/$NAME.log +#JENKINS_LOG=daemon.info # OS LIMITS SETUP # comment this out to observe /etc/security/limits.conf # this is on by default because http://github.com/jenkinsci/jenkins/commit/2fb288474e980d0e7ff9c4a3b768874835a3e92e # reported that Ubuntu's PAM configuration doesn't include pam_limits.so, and as a result the # of file # descriptors are forced to 1024 regardless of /etc/security/limits.conf -MAXOPENFILES=32768 +MAXOPENFILES=8192 # set the umask to control permission bits of files that Jenkins creates. -# 027 makes files read-only for group and inaccessible for others. comment this out to inherit setting -# (as of Ubuntu 12.04, by default umask comes from pam_umask(8) and /etc/login.defs -UMASK=022 +# 027 makes files read-only for group and inaccessible for others, which some security sensitive users +# might consider benefitial, especially if Jenkins runs in a box that's used for multiple purposes. +# Beware that 027 permission would interfere with sudo scripts that run on the master (JENKINS-25065.) +# +# Note also that the particularly sensitive part of $JENKINS_HOME (such as credentials) are always +# written without 'others' access. So the umask values only affect job configuration, build records, +# that sort of things. +# +# If commented out, the value from the OS is inherited, which is normally 022 (as of Ubuntu 12.04, +# by default umask comes from pam_umask(8) and /etc/login.defs + +# UMASK=027 # port for HTTP connector (default 8080; disable with -1) HTTP_PORT=8080 -# port for AJP connector (disabled by default) -AJP_PORT=-1 # servlet context, important if you want to use apache proxying -PREFIX=/jenkins +PREFIX=/$NAME # arguments to pass to jenkins. # --javahome=$JAVA_HOME # --httpPort=$HTTP_PORT (default 8080; disable with -1) # --httpsPort=$HTTP_PORT -# --ajp13Port=$AJP_PORT # --argumentsRealm.passwd.$ADMIN_USER=[password] # --argumentsRealm.roles.$ADMIN_USER=admin # --webroot=~/.jenkins/war # --prefix=$PREFIX -JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT" +JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT" diff --git a/hosts/jenkins/etc/init.d/jenkins b/hosts/jenkins/etc/init.d/jenkins index ccb33d5d..2714eb13 100755 --- a/hosts/jenkins/etc/init.d/jenkins +++ b/hosts/jenkins/etc/init.d/jenkins @@ -180,13 +180,27 @@ do_stop() return 0 } +# Verify the process did in fact start successfully and didn't just bomb out +do_check_started_ok() { + sleep 1 + if [ "$1" -ne "0" ]; then return $1; fi + get_running + if [ "$?" -eq "0" ]; then + return 2 + else + return 0 + fi +} + case "$1" in start) log_daemon_msg "Starting $DESC" "$NAME" do_start + START_STATUS="$?" + do_check_started_ok "$START_STATUS" case "$?" in 0|1) log_end_msg 0 ;; - 2) log_end_msg 1 ;; + 2) log_end_msg 1 ; exit 7 ;; esac ;; stop) @@ -194,7 +208,7 @@ case "$1" in do_stop case "$?" in 0|1) log_end_msg 0 ;; - 2) log_end_msg 1 ;; + 2) log_end_msg 1 ; exit 100 ;; esac ;; restart|force-reload) @@ -207,10 +221,13 @@ case "$1" in case "$?" in 0|1) do_start + START_STATUS="$?" + sleep 1 + do_check_started_ok "$START_STATUS" case "$?" in 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start + 1) log_end_msg 1 ; exit 100 ;; # Old process is still running + *) log_end_msg 1 ; exit 100 ;; # Failed to start esac ;; *) |