infra/nomad/jenkins.nomad

job "jenkins" {
  datacenters = ["columbia"]
  region      = "global"
  type        = "service"

  update {
    stagger      = "30s"
    max_parallel = 1
  }

  constraint {
    attribute = "${meta.long_lived}"
    value     = "true"
  }

  vault {
    policies    = ["default", "ansible"]
    change_mode = "restart"
  }
  group "jenkins" {
    count = 1

    task "jenkins" {
      driver = "docker"
      config {
        image   = "docker.service.masked.name:8082/jenkins"
        ports   = ["https"]
        volumes = [
          "/opt/jenkins_home:/var/jenkins_home"
        ]
      }

      template {
        data = <<EOH
            {{- with secret "pki_int/issue/masked-dot-name" "common_name=jenkins.service.masked.name" "alt_names=jenkins.service.columbia.masked.name" -}}
            {{- .Data.certificate -}}
            {{- end -}}
        EOH
        destination   = "${NOMAD_SECRETS_DIR}/jenkins.crt"
        change_mode   = "restart"
      }

      template {
        data = <<EOH
            {{- with secret "pki_int/issue/masked-dot-name" "common_name=jenkins.service.masked.name" "alt_names=jenkins.service.columbia.masked.name" -}}
            {{- .Data.private_key -}}
            {{- end -}}
        EOH
        destination   = "${NOMAD_SECRETS_DIR}/jenkins.key"
        change_mode   = "restart"
      }

      env {
        ROOT_URL     = "${NOMAD_ADDR_https}"
        JAVA_ARGS = "-Xmx2048m"
        JENKINS_OPTS = "--httpsPort=8443 --httpsKeyStore=/secrets/jenkins.jks --httpsKeyStorePassword=password --httpPort=-1"
      }

      resources {
        cpu    = 2000
        memory = 2560
      }
    }

    network {
      port "https" {
        to = 8443
       }
    }

    service {
      name = "jenkins"
      port = "https"

      check {
        name     = "jenkins"
        type     = "tcp"
        interval = "10s"
        timeout  = "2s"
        address_mode = "driver"
      }
    }
  }
}
Basic jenkins install (no ssl) with nomad 2020-10-04 00:35:33 +00:00			`job "jenkins" {`
			`datacenters = ["columbia"]`
			`region = "global"`
			`type = "service"`

			`update {`
			`stagger = "30s"`
			`max_parallel = 1`
			`}`

			`constraint {`
			`attribute = "${meta.long_lived}"`
			`value = "true"`
			`}`

Add jenkins nomad job seriously god, kill me 2020-10-14 02:56:43 +00:00			`vault {`
			`policies = ["default", "ansible"]`
			`change_mode = "restart"`
			`}`
Basic jenkins install (no ssl) with nomad 2020-10-04 00:35:33 +00:00			`group "jenkins" {`
			`count = 1`

			`task "jenkins" {`
			`driver = "docker"`
			`config {`
			`image = "docker.service.masked.name:8082/jenkins"`
			`ports = ["https"]`
			`volumes = [`
			`"/opt/jenkins_home:/var/jenkins_home"`
			`]`
			`}`

Add jenkins nomad job seriously god, kill me 2020-10-14 02:56:43 +00:00			`template {`
			`data = <<EOH`
			`{{- with secret "pki_int/issue/masked-dot-name" "common_name=jenkins.service.masked.name" "alt_names=jenkins.service.columbia.masked.name" -}}`
			`{{- .Data.certificate -}}`
			`{{- end -}}`
			`EOH`
			`destination = "${NOMAD_SECRETS_DIR}/jenkins.crt"`
			`change_mode = "restart"`
			`}`

			`template {`
			`data = <<EOH`
			`{{- with secret "pki_int/issue/masked-dot-name" "common_name=jenkins.service.masked.name" "alt_names=jenkins.service.columbia.masked.name" -}}`
			`{{- .Data.private_key -}}`
			`{{- end -}}`
			`EOH`
			`destination = "${NOMAD_SECRETS_DIR}/jenkins.key"`
			`change_mode = "restart"`
			`}`

Basic jenkins install (no ssl) with nomad 2020-10-04 00:35:33 +00:00			`env {`
Add jenkins nomad job seriously god, kill me 2020-10-14 02:56:43 +00:00			`ROOT_URL = "${NOMAD_ADDR_https}"`
			`JAVA_ARGS = "-Xmx2048m"`
Remove http for jenkins 2020-10-14 02:57:55 +00:00			`JENKINS_OPTS = "--httpsPort=8443 --httpsKeyStore=/secrets/jenkins.jks --httpsKeyStorePassword=password --httpPort=-1"`
Basic jenkins install (no ssl) with nomad 2020-10-04 00:35:33 +00:00			`}`

			`resources {`
			`cpu = 2000`
Add jenkins nomad job seriously god, kill me 2020-10-14 02:56:43 +00:00			`memory = 2560`
Basic jenkins install (no ssl) with nomad 2020-10-04 00:35:33 +00:00			`}`
			`}`

			`network {`
			`port "https" {`
Add jenkins nomad job seriously god, kill me 2020-10-14 02:56:43 +00:00			`to = 8443`
Basic jenkins install (no ssl) with nomad 2020-10-04 00:35:33 +00:00			`}`
			`}`

			`service {`
			`name = "jenkins"`
			`port = "https"`

			`check {`
			`name = "jenkins"`
			`type = "tcp"`
			`interval = "10s"`
			`timeout = "2s"`
			`address_mode = "driver"`
			`}`
			`}`
			`}`
			`}`