diff options
Diffstat (limited to 'hosts/jenkins/etc/default')
-rw-r--r-- | hosts/jenkins/etc/default/jenkins | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/hosts/jenkins/etc/default/jenkins b/hosts/jenkins/etc/default/jenkins index 97c4868b..a7bb7eb2 100644 --- a/hosts/jenkins/etc/default/jenkins +++ b/hosts/jenkins/etc/default/jenkins @@ -7,21 +7,21 @@ NAME=jenkins JAVA=/usr/bin/java # arguments to pass to java -#JAVA_ARGS="-Xmx512m" # + MaxPermSize is 128m normally -JAVA_ARGS="-Xmx3072m -XX:MaxPermSize=384m" +JAVA_ARGS="-Djava.awt.headless=true" # Allow graphs etc. to work even when an X server is present +#JAVA_ARGS="-Xmx256m" #JAVA_ARGS="-Djava.net.preferIPv4Stack=true" # make jenkins listen on IPv4 address -PIDFILE=/var/run/jenkins/jenkins.pid +PIDFILE=/var/run/$NAME/$NAME.pid # user and group to be invoked as (default to jenkins) -JENKINS_USER=jenkins -JENKINS_GROUP=jenkins +JENKINS_USER=$NAME +JENKINS_GROUP=$NAME # location of the jenkins war file -JENKINS_WAR=/usr/share/jenkins/jenkins.war +JENKINS_WAR=/usr/share/$NAME/$NAME.war # jenkins home location -JENKINS_HOME=/var/lib/jenkins +JENKINS_HOME=/var/lib/$NAME # set this to false if you don't want Hudson to run by itself # in this set up, you are expected to provide a servlet container @@ -29,38 +29,44 @@ JENKINS_HOME=/var/lib/jenkins RUN_STANDALONE=true # log location. this may be a syslog facility.priority -JENKINS_LOG=/var/log/jenkins/$NAME.log -#HUDSON_LOG=daemon.info +JENKINS_LOG=/var/log/$NAME/$NAME.log +#JENKINS_LOG=daemon.info # OS LIMITS SETUP # comment this out to observe /etc/security/limits.conf # this is on by default because http://github.com/jenkinsci/jenkins/commit/2fb288474e980d0e7ff9c4a3b768874835a3e92e # reported that Ubuntu's PAM configuration doesn't include pam_limits.so, and as a result the # of file # descriptors are forced to 1024 regardless of /etc/security/limits.conf -MAXOPENFILES=32768 +MAXOPENFILES=8192 # set the umask to control permission bits of files that Jenkins creates. -# 027 makes files read-only for group and inaccessible for others. comment this out to inherit setting -# (as of Ubuntu 12.04, by default umask comes from pam_umask(8) and /etc/login.defs -UMASK=022 +# 027 makes files read-only for group and inaccessible for others, which some security sensitive users +# might consider benefitial, especially if Jenkins runs in a box that's used for multiple purposes. +# Beware that 027 permission would interfere with sudo scripts that run on the master (JENKINS-25065.) +# +# Note also that the particularly sensitive part of $JENKINS_HOME (such as credentials) are always +# written without 'others' access. So the umask values only affect job configuration, build records, +# that sort of things. +# +# If commented out, the value from the OS is inherited, which is normally 022 (as of Ubuntu 12.04, +# by default umask comes from pam_umask(8) and /etc/login.defs + +# UMASK=027 # port for HTTP connector (default 8080; disable with -1) HTTP_PORT=8080 -# port for AJP connector (disabled by default) -AJP_PORT=-1 # servlet context, important if you want to use apache proxying -PREFIX=/jenkins +PREFIX=/$NAME # arguments to pass to jenkins. # --javahome=$JAVA_HOME # --httpPort=$HTTP_PORT (default 8080; disable with -1) # --httpsPort=$HTTP_PORT -# --ajp13Port=$AJP_PORT # --argumentsRealm.passwd.$ADMIN_USER=[password] # --argumentsRealm.roles.$ADMIN_USER=admin # --webroot=~/.jenkins/war # --prefix=$PREFIX -JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT" +JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT" |