diff --git a/uc-certificate-fix/Dockerfile b/uc-certificate-fix/Dockerfile new file mode 100644 index 0000000..a4195d9 --- /dev/null +++ b/uc-certificate-fix/Dockerfile @@ -0,0 +1,10 @@ +FROM cloudbees/cloudbees-core-mm:2.303.2.6 + +USER jenkins + +RUN mkdir -p /var/jenkins_home/init.groovy.d +COPY --chown=jenkins:jenkins ./ucCertRemediation.groovy /var/jenkins_home/init.groovy.d/ + +RUN touch /var/jenkins_home/DO_NOT_RUN_UC_REMEDIATION && \ + chown jenkins /var/jenkins_home/DO_NOT_RUN_UC_REMEDIATION && \ + chmod 755 /var/jenkins_home/DO_NOT_RUN_UC_REMEDIATION diff --git a/uc-certificate-fix/ucCertRemediation.groovy b/uc-certificate-fix/ucCertRemediation.groovy index f78cfc4..48e13a7 100644 --- a/uc-certificate-fix/ucCertRemediation.groovy +++ b/uc-certificate-fix/ucCertRemediation.groovy @@ -31,6 +31,10 @@ * - 2.277.42.0.3 or newer on the 2.277.x fixed release, or * - 2.249.33.0.2 on the 2.249.x fixed release * + * - OCI Container notes + * If this script is installed into a container via Dockerfile, the container will need to be run once and restarted + * for this script to take effect. + * * How to use this script * - This script can be run using the script console on any individual operations center or controller. It may also be run via * a cluster-operation (https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/cluster-operations) @@ -59,9 +63,22 @@ * DISABLED_CERT_VALIDATION * REMOVED_OFFLINE_UC * UNINSTALLED_SCRIPT + * SKIPPING_FIRST_RUN * ERROR_CONTACT_SUPPORT: [msg] */ +import hudson.model.UpdateCenter; +import hudson.model.UpdateSite; +import hudson.util.PersistedList; +import jenkins.model.Jenkins; +import com.cloudbees.jenkins.plugins.license.nectar.CloudBeesUpdateSite; +import net.sf.json.JSONObject; +import net.sf.json.JSONException; +import hudson.util.FormValidation; +import java.security.cert.CertificateExpiredException; +import hudson.model.DownloadService; + + def _script = ''' import hudson.model.UpdateCenter; import hudson.model.UpdateSite; @@ -87,7 +104,7 @@ _dry_run = false; //Constants - do not edit below this line // ---------------------------------------------------------------------------------------------------- -_version = "00005"; +_version = "00007"; _online_uc_url_prefix = "https://jenkins-updates.cloudbees.com/update-center/"; _offline_uc_url = "file:" + Jenkins.getInstance().getRootDir() + File.separator + "war" + File.separator + "WEB-INF" + File.separator + "plugins" + File.separator + "update-center.json"; _offline_uc_url_modern = "file:" + Jenkins.getInstance().servletContext.getRealPath("/") + File.separator + "WEB-INF" + File.separator + "plugins" + File.separator + "update-center.json"; @@ -95,6 +112,16 @@ _retry_time = 30000; // how long to wait before checking for an update site to _cert_error_str = "CertificateExpiredException: NotAfter: Tue Oct 19 14:31:36 EDT 2021"; // MAIN CODE BODY +info("Checking for first run inside an OCI container"); +// The Dockerfile will need to create this file. It will prevent this script from running. +noRunFilePath = "/var/jenkins_home/DO_NOT_RUN_UC_REMEDIATION"; +def noRunFile = new File (noRunFilePath) +if (noRunFile.exists()) { + info("Found marker file for first run. Removing file and exiting") + noRunFile.delete() + return "SKIPPING_FIRST_RUN" +} + info("Executing remediation check [v" + _version + "]"); if (System.properties['_CLOUDBEES_UC_CERT_REMEDIATION_INSTALL'] == "TRUE") { info("Running bootstrap install, disabling retry interval"); @@ -403,6 +430,8 @@ if (result.equals("NO_CHANGE_NEEDED")) { println("The remediation is now complete and successful"); } else if (result.equals("UNINSTALLED_SCRIPT")) { println("No issues detected, script has been uninstalled"); +} else if (result.equals("SKIPPING_FIRST_RUN")) { + println("Running in container and skipping first run. Restart container to run script."); } else { // some other error occured println("An error occured: " + result);