jenkins
sudo
3
pm2
5
node
PrevNext
Learnings and Musings - Dec 2pm2 the All-in-Wonder Tool

Like many emerging tech, Continuous Integration/ Deployment has remains elusive to me. Not that I was resistant to learning; some concepts just fell outside of my grasp. Lately I had newfound inspiration to review my understanding of Jenkins Pipeline and PM2 deployment. Along the way I learnt a little more about Sudo.

The Plan and why it failed

The setup sounds safe enough if one were to Google: Code commit into GitLab triggers a webhook starting a Jenkins Pipeline script that will test and deploy via PM2. So why did it fail?

Simply put: I wasn't able to get GitLab to send a trigger config accepted by Jenkins. Yes I am aware of the GitLab plugin for Jenkins. Jenkins expects a POST with parameters that are not well documented. It's probably my fault; there must be a step I'm not catching in the documentation.

Frankensteining the alternative

Jenkins supports a generic HTTP GET build trigger, requiring a user API token to be passed in the format http://userid:apitoken@ip:port/jenkins/project/projectname; examples here. I wrote a simple (hopefully scalable and potentially able to replace parts of Jenkins) middleware REST agent receiving the GitLab call and triggering the GET in Jenkins. With some some (read: numerous) learnings that got working.

Does anyone else feel Jenkins is kinda slow?

Learning Pipeline script

With the help of online documentation and examples, I managed a working script. The following script deploys the code to 'production' after passing automated testing.

pipeline {
    agent any
    environment {
        NODE_ENV = 'production'
    }
    stages {
        stage('Checkout') {
            steps {
                git branch: 'master', url: 'http://host.homeserver.ip:30000/jhfoo/webhook-receiver.git'
            }
        }
        stage('Build') {
            steps {
                sh 'npm install'
            }
        }
        stage('Test') {
            steps {
                sh 'npm run lint'
            }
        }
        stage('Deploy') {
            steps {
                sh 'sudo -u jhfoo pm2 deploy ecosystem.json production'
            }
        }
    }
}

Notes:

  1. Script runs as the user Jenkins is running as. For my case that user is 'jenkins'. Ordinarily that wouldn't be a problem in a real production setup where production server(s) are different from the Jenkins host. In my case it's all the same box, so running pm2 in the Deploy stage of the script created conflict in the pm2 log file at /tmp/pm2-deploy.log.
  2. To enable password-less SSH (PM2 will need this) use ssh-copy-id. If Could not open a connection to your authentication agent encountered do eval $(ssh-agent).
  3. To enable sudo to run-as user without password, add a line similar to this in /etc/ssh/sshd_config; examples here.
fromuserid   ALL=(runasuserid) NOPASSWD: ALL

Open Issues

  1. How to engage Surge to deploy without manually entering password?
  2. Need to verify if Pipeline sh command has timeout: npm install may not be running correctly.
  3. How to clear the Jenkins project workspace to build from scratch?