Is there a good way to add these tests?

Hi,

I was working on the heavywater recipe, and now, I see that opscode cookbook points here. I see the begining of your work, it seems easier!

Do you know if the other one will be abandoned, and should I contribute to this one?
I'll be happy to help you!

Thanks for your help!

Pierre

Jenkins version - 1.538
Chef version - 11.8.2
Jenkins cookbook version - 2.0.0
Centos version 6.4
Java version - 1.7.0_51

When attempting to use the jenkins_jnlp_slave resource, and have the attribute default['jenkins']['executor']['private_key'] defined to:

IO.read(File.join(node['jenkins']['user_home'], '.ssh/id_rsa'))

There is a failure to authenticate the connection attempt. When a manual invocation of the cli command who-am-i is run with the same key, Jenkins correctly authenticates and returns the correct user the key is assigned to.

The chef run error is https://gist.github.com/xeon22/8520882

We've encountered a weird issue.

When we add a SSH slave to our master, a new SSH credential is being created with the following parameters:

 Username: a6dad942-1e94-4083-a4f7-8282c6215600
 Description: test-jenkins-slave.domain.com
 Private Key: From the Jenkins master ~/.ssh 

The following was used to create the SSH slave.

Chef Code:

   jenkins_ssh_slave 'test-jenkins-slave.domain.com' do
      action :create
      host 'test-jenkins-slave.domain.com'
      credentials 'a6dad942-1e94-4083-a4f7-8282c6215600'
      user 'jenkins'
      description 'Jenkins Slave'
      remote_fs '/var/lib/jenkins'
      labels slave['jenkins']['labels']

Resulting Groovy Script:

 import hudson.model.*
            import hudson.slaves.*
            import jenkins.model.*
            import jenkins.slaves.*

            props = []
            availability = null
            usage_mode = "normal"
            env_map = null
            labels = "ops"

            // Compute the usage mode
            if (usage_mode == 'normal') {
              mode = Node.Mode.NORMAL
            } else {
              mode = Node.Mode.EXCLUSIVE
            }

            // Compute the retention strategy
            if (availability == 'demand') {
              retention_strategy =
                new RetentionStrategy.Demand(
                  0,
                  1
              )
            } else if (availability == 'always') {
              retention_strategy = new RetentionStrategy.Always()
            } else {
              retention_strategy = RetentionStrategy.NOOP
            }

            // Create an entry in the prop list for all env vars
            if (env_map != null) {
              env_vars = new hudson.EnvVars(env_map)
              entries = env_vars.collect {
                k,v -> new EnvironmentVariablesNodeProperty.Entry(k,v)
              }
              props << new EnvironmentVariablesNodeProperty(entries)
            }

            // Launcher
                    credentials_id = "a6dad942-1e94-4083-a4f7-8282c6215600"
        launcher =
          new hudson.plugins.sshslaves.SSHLauncher(
            "test-jenkins-slave.domain.com",
            22,
            credentials_id,
            null,
            null,
            null,
            null
          )
println "Launcher Username: $launcher.username"
                      // Build the slave object
            slave = new DumbSlave(
              "test-jenkins-slave.domain.com",
              "Jenkins Slave",
              "/var/lib/jenkins",
              "1",
              mode,
              labels,
              launcher,
              retention_strategy,
              props
            )
println "Slave Launcher Username: $slave.launcher.username"

       nodes = new ArrayList(Jenkins.instance.getNodes())
                      nodes.add(slave)
println ("Node Launcher Username: " + nodes[0].launcher.username)

Outputs:

Launcher Username: a6dad942-1e94-4083-a4f7-8282c6215600
Slave Launcher Username: a6dad942-1e94-4083-a4f7-8282c6215600
Node Launcher Username: a6dad942-1e94-4083-a4f7-8282c6215600

Shouldn't this be the username from the credentials I have set (jenkins)?

If we use the following Chef Code:

   jenkins_ssh_slave 'test-jenkins-slave.domain.com' do
      action :create
      host 'test-jenkins-slave.domain.com'
      credentials 'jenkins'
      user 'jenkins'
      description 'Jenkins Slave'
      remote_fs '/var/lib/jenkins'
      labels slave['jenkins']['labels']

Then Groovy does:

           import hudson.model.*
            import hudson.slaves.*
            import jenkins.model.*
            import jenkins.slaves.*

            props = []
            availability = null
            usage_mode = "normal"
            env_map = null
            labels = "ops"

            // Compute the usage mode
            if (usage_mode == 'normal') {
              mode = Node.Mode.NORMAL
            } else {
              mode = Node.Mode.EXCLUSIVE
            }

            // Compute the retention strategy
            if (availability == 'demand') {
              retention_strategy =
                new RetentionStrategy.Demand(
                  0,
                  1
              )
            } else if (availability == 'always') {
              retention_strategy = new RetentionStrategy.Always()
            } else {
              retention_strategy = RetentionStrategy.NOOP
            }

            // Create an entry in the prop list for all env vars
            if (env_map != null) {
              env_vars = new hudson.EnvVars(env_map)
              entries = env_vars.collect {
                k,v -> new EnvironmentVariablesNodeProperty.Entry(k,v)
              }
              props << new EnvironmentVariablesNodeProperty(entries)
            }

            // Launcher
                                      import jenkins.model.*
        import com.cloudbees.plugins.credentials.*
        import com.cloudbees.plugins.credentials.common.*
        import com.cloudbees.plugins.credentials.domains.*;

        username_matcher = CredentialsMatchers.withUsername("jenkins")
        available_credentials =
          CredentialsProvider.lookupCredentials(
            StandardUsernameCredentials.class,
            Jenkins.getInstance(),
            hudson.security.ACL.SYSTEM,
            new SchemeRequirement("ssh")
          )
          user_credentials =
          CredentialsMatchers.firstOrNull(
            available_credentials,
            username_matcher
          )

          credentials_id = user_credentials.id

        launcher =
          new hudson.plugins.sshslaves.SSHLauncher(
            "test-jenkins-slave.domian.com",
            22,
            'jenkins',
            null,
            null,
            null,
            null
          )
println "Launcher Username: $launcher.username"
            // Build the slave object
            slave = new DumbSlave(
              "test-jenkins-slave.domian.com",
              "Jenkins Slave",
              "/var/lib/jenkins",
              "1",
              mode,
              labels,
              launcher,
              retention_strategy,
              props
            )
println "Slave Launcher Username: $slave.launcher.username"
            // Create or update the slave in the Jenkins instance
            nodes = new ArrayList(Jenkins.instance.getNodes())
            nodes.add(slave)
println ("Node Launcher Username: " + nodes[0].launcher.username)

Outputs:

Launcher Username: jenkins
Slave Launcher Username: jenkins
Node Launcher Username: jenkins

But this creates a slave with no credentials set, we have to go in and save the configuration again to set them properly.

I'm fairly certain this is a bug in Jenkins or the SSH Slave/Credentials plugins. But I wanted some other eyes on it.

Has anyone else seen this?

Is it time to push to community site?

Hi,

I think there is a problem with jenkins_private_key_credentials for cookbook version "2.0.2" (the only I tested)

when using:

jenkins_private_key_credentials cred do
    description cred
    private_key "-----BEGIN RSA PRIVATE KEY-----\nMIIEpgIBAAKC ..."
end

got this error

OpenSSL::PKey::RSAError
-----------------------
Neither PUB key nor PRIV key:: nested asn1 error

with this details

/var/chef/cache/cookbooks/jenkins/libraries/credentials_private_key.rb:

 40:      # @param [String] arg
 41:      # @return [String]
 42:      #
 43:      def private_key(arg = nil)
 44:        if arg.nil?
 45:          @private_key
 46:        else
 47>>         arg = OpenSSL::PKey::RSA.new(arg).to_pem unless arg.empty?
 48:          set_or_return(:private_key, arg, kind_of: String)
 49:        end
 50:      end
 51:
 52:      #
 53:      # Passphrase for the private key of the credentials.
 54:      #
 55:      # @param [String] arg
 56:      # @return [String]

I'am using the omnibus chef-client

Chef: 11.8.2

Is this a bug or a kind of formating issue ?
Thanx in advance

There are issues in the ruby block that starts the jenkins service if there are auth plugins that block access to the jenkins web. e.g. 403 would mean the site is up, but your are denied, but should still kick you out of the ruby block loop in the jenkins::defuault recipe.

Hi

I created master and now I am trying to create slaves for jenkins using this cookbook. However I don't see slave recipe. How does slave creation work?

I bootstrapped VM with chef-client and uplaoded jenkins cookbook to my chef-server. How do I tell chef that VM is supposed to be a slave?

Thanks

P.S - I am new to Chef and just started working on it today, pardon my ignorance

I'm trying to configure Jenkins credentials via jenkins_private_key_credentials for a private key which is created in the same Chef client run. The idea is to use lazy attribute evaluation provided by chef:

jenkins_private_key_credentials 'foobar' do
  description "credentials"
  private_key lazy { File.read(<path to key file>) }
end

Unfortunately this does not seem to work.

Issue originally reported by Tucker on the Chef mailing list:
http://lists.opscode.com/sympa/arc/chef/2014-01/msg00221.html

I'm also seeing plugins not upgrading when a version is specified:

[2014-01-15T12:57:02-05:00] INFO: Processing jenkins_plugin[ldap] action install (jenkins-cookbook::master line 56)
[2014-01-15T12:57:02-05:00] DEBUG: Load jenkins_plugin[ldap] plugin information from /srv/jenkins/plugins/ldap/META-INF/MANIFEST.MF
[2014-01-15T12:57:02-05:00] DEBUG: jenkins_plugin[ldap] already installed - skipping

The ldap plugin is still 1.2 and not 1.7, as specified.  I'll look at this deeper in a bit but felt it was worth mentioning.

Issue reported on Jenkins 1.532-1.1 installed from packages on CentOS.

There are cases where you don't want jenkins to restart after a plugin install. There are also cases where you want it to restart immediately and not wait for the end of the run. How about adding a restart parameter to the jenkins resource with the possible values of :immediately, :delayed or false.

:immediately - Pass the -restart flag to the install-plugin command.
:delayed - Current behavior.
:false - Don't restart.

Some plugins can be successfully deployed without restart using the -deploy flag.

Installs a plugin either from a file, an URL, or from update center.
 SOURCE    : If this points to a local file, that file will be installed. If
             this is an URL, Jenkins downloads the URL and installs that as a
             plugin.Otherwise the name is assumed to be the short name of the
             plugin in the existing update center (like "findbugs"),and the
             plugin will be installed from the update center
 -deploy   : Deploy plugins right away without postponing them until the reboot.
 -name VAL : If specified, the plugin will be installed as this short name
             (whereas normally the name is inferred from the source name
             automatically.)
 -restart  : Restart Jenkins upon successful installation

Add a deploy parameter to the jenkins resource. If true then add the -deploy flag to the install-plugin call.

I am getting this error converging on test-kitchen. This happens not the first time, but on all subsequent runs. It seems to only be a problem with the environment-script plugin; if I remove it from the list every other plugin installs fine.

================================================================================       
Error executing action `install` on resource 'jenkins_plugin[environment-script]'       
================================================================================       


ArgumentError       
-------------       
invalid byte sequence in US-ASCII       


Cookbook Trace:       
---------------       
/tmp/kitchen/cache/cookbooks/jenkins/libraries/plugin.rb:270:in `split'       
/tmp/kitchen/cache/cookbooks/jenkins/libraries/plugin.rb:270:in `block in current_plugin'       
/tmp/kitchen/cache/cookbooks/jenkins/libraries/plugin.rb:263:in `map'       
/tmp/kitchen/cache/cookbooks/jenkins/libraries/plugin.rb:263:in `current_plugin'       
/tmp/kitchen/cache/cookbooks/jenkins/libraries/plugin.rb:115:in `load_current_resource'       


Resource Declaration:       
---------------------       
# In /tmp/kitchen/cache/cookbooks/essess_jenkins/recipes/plugins.rb       

 48:     jenkins_plugin plugin do       
        49:         action :install
        50:     end
        51: end



       Compiled Resource:

       ------------------
       # Declared in /tmp/kitchen/cache/cookbooks/essess_jenkins/recipes/plugins.rb:48:in `block in from_file'

       jenkins_plugin("environment-script") do
         provider Chef::Provider::JenkinsPlugin
         action [:install]
         retries 0
         retry_delay 2
         version :latest
         cookbook_name "essess_jenkins"
         recipe_name "plugins"
       end

For example, on action install you there is

if current_resource.installed?
  if current_resource.version == new_resource.version ||
    new_resource.version.to_sym == :latest
    Chef::Log.debug("#{new_resource} already installed - skipping")
  else
    converge_by("Upgrade #{new_resource} from #{current_resource.version} to #{new_resource.version}", &block)
     notify(:restart)
   end
 else
   converge_by("Install #{new_resource}", &block)
   notify(:restart)
 end

This should probably be

if current_resource.installed?
  if current_resource.version == new_resource.version ||
    new_resource.version.to_sym == :latest
    Chef::Log.debug("#{new_resource} already installed - skipping")
  else
    converge_by("Upgrade #{new_resource} from #{current_resource.version} to #{new_resource.version}", &block)
     new_resource.updated_by_last_action(true)
     notify(:restart)
   end
 else
   converge_by("Install #{new_resource}", &block)
   new_resource.updated_by_last_action(true)
   notify(:restart)
 end

I keep getting the following error when running the jenkins_ssh_slave provider:

https://gist.github.com/xeon22/8848292

I believe it is complaining about following two lines in the generated groovy:

current_slave['command_prefix'] = jenkins.launcher.prefixStartSlaveCmd
current_slave['command_suffix'] = jenkins.launcher.suffixStartSlaveCmd

Shouldn't they read:

current_slave['command_prefix'] = slave.launcher.prefixStartSlaveCmd
current_slave['command_suffix'] = slave.launcher.suffixStartSlaveCmd

I'm not an expert in Jenkins or Groovy or the new jenkins cookbook and I'm having a hell of a time trying to get authentication and FullControlOnceLoggedInAuthorizationStrategy to work in a wrapper cookbook around the new jenkins cookbook.

The following doesn't work. The jenkins_script 'add_authentication' script does work if I run it into the Jenkins Script editor. But it always fails in the chef client run with:

Exception in thread "main" java.io.EOFException
    at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
    at hudson.cli.Connection.readBoolean(Connection.java:94)
    at hudson.cli.CLI.authenticate(CLI.java:553)
    at hudson.cli.CLI._main(CLI.java:464)
    at hudson.cli.CLI.main(CLI.java:382)

Here's my wrapper code for seting up the user:

require 'net/ssh'
key = OpenSSL::PKey::RSA.new(4096)
private_key = key.to_pem
public_key  = "#{key.ssh_type} #{[key.to_blob].pack('m0')}"

# Create the Jenkins user with the public key
jenkins_user 'chef' do
  public_keys [public_key]
end

# Set the private key on the Jenkins executor
ruby_block 'set private key' do
  block { node.set['jenkins']['executor']['private_key'] = private_key }
end

# Enable authentication.
jenkins_script 'add_authentication' do
  command <<-EOH.gsub(/^ {4}/, '')
    import jenkins.model.*
    import hudson.security.*
    import org.jenkinsci.plugins.*

    def instance = Jenkins.getInstance()

    def securityRealm = new HudsonPrivateSecurityRealm(true)
    instance.setSecurityRealm(securityRealm)

    def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
    instance.setAuthorizationStrategy(strategy)

    instance.save()
  EOH
end

On a related note, it would be stupendously helpful to have a full example of wrapper cookbooks that do stuff like this. The Readme has a lot but it doesn't show anything in a complete use case. Things like the order of doing stuff isn't clear such as authentication/adding users.

Thanks!

Some system create a separate partition for /var/run (vagrant ubuntu 12.04) which is very limited in size. Jenkins then complains about no memory(it needs a lot because of expanding the war file).
Solution is to move away from /var/run to /var/cache or make JENKINS_ARGS modifiable by exposing it in the node attributes. The culprit file is templates/default/jenkins.erb

move from
JENKINS_ARGS="--webroot=/var/run/jenkins/war --httpListenAddress=$HTTP_HOST --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT"

to
JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpListenAddress=$HTTP_HOST --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT"

When using this Cookbook with chef-solo I get the following error. It seems @params is empty, but I can't find out why this is happening.

================================================================================
Error executing action `create` on resource 'template[/etc/init.d/jenkins]'
================================================================================


Chef::Mixin::Template::TemplateError
------------------------------------
undefined method `[]' for nil:NilClass


Cookbook Trace:
---------------
/root/continuous-integration/setup/cookbooks/runit/libraries/provider_runit_service.rb:141:in `configure_service'
/root/continuous-integration/setup/cookbooks/runit/libraries/provider_runit_service.rb:82:in `block in action_enable'
/root/continuous-integration/setup/cookbooks/runit/libraries/provider_runit_service.rb:81:in `action_enable'

Compiled Resource:
------------------
# Declared in 

template("/etc/init.d/jenkins") do
  provider Chef::Provider::Template
  action "create"
  retries 0
  retry_delay 2
  path "/etc/init.d/jenkins"
  backup 5
  source "init.d.erb"
  cookbook "runit"
  variables {:options=>{}}
  owner "root"
  group "root"
  mode 493
end


Template Context:
-----------------
on line #3
  1: #!/bin/sh
  2: ### BEGIN INIT INFO
  3: # Provides:          <%= @params[:name] %>
  4: # Required-Start:
  5: # Required-Stop:

Since we only grab plugin *.hpi files via remote_file a plugins dependencies are not taken into account at download time.

A concrete example of this issue is the Jenkin's git plugin. Starting with version 1.2.0 it had a dependency on the git-client plugin. When the git-client plugin was not present in a Jenkins instance the git plugin would not activate, appear in the update center or show up in any logs.

Bonus points if the new jenkins_plugin LWRP proposed in #2 could do some sort of basic dep resolution!

Platform Ubuntu 12.04.2 & Centos 6.4

Setting default['jenkins']['master']['version'] = "1.555"

I get:
E: Version '1.555' for 'jenkins' was not found

It looks as though Jenkins only shows the current version in their apt repo:

$ apt-cache madison jenkins
   jenkins |      1.557 | http://pkg.jenkins-ci.org/debian/ binary/ Packages
   jenkins | 1.424.6+dfsg-1ubuntu0.2 | http://us.archive.ubuntu.com/ubuntu/ precise-updates/universe amd64 Packages
   jenkins | 1.424.6+dfsg-1ubuntu0.1 | http://security.ubuntu.com/ubuntu/ precise-security/universe amd64 Packages
etc..

This seems most likely an issue that Jenkins doesn't provide anything besides current in the apt repo (and effectively makes package installation unusable as 1.556/7 have a bug with ssh key auth)

I guess I'm opening this bug more for visibility and maybe warn that version and packages cant be used together or am I completely missing something.

Currently plugins are added by calling remote_file for every item passed into the node['jenkins']['server']['plugins'] attribute. Creating an LWRP would:

• allow additional actions like :update and :remove
• give a better integration/encapsulation point for @fnichol's http HEAD update logic

We use Jenkins Job Builder to create our jobs. Is there anyway to support this?
https://github.com/openstack-infra/jenkins-job-builder

Maybe with this repo? Or with the idea in this issue?
https://github.com/sebastianbergmann/php-jenkins-template/issues/83#issuecomment-32466413

The url for the jnlp.jar should read http://host/computer/name/slave-jnlp.jar instead of slave_jnlp.jar.

It looks like names aren't passed to jenkins-cli escaped, so jenkins-cli chokes when a name has a space in it.

node_ssh will recreate a new_ssh_launcher everytime it is run killing any local modifications you may have made to the node manually.

it should be modified to only run new_ssh_launcher if the node does not already exist

Issue originally reported by Tucker on the Chef mailing list:
http://lists.opscode.com/sympa/arc/chef/2014-01/msg00219.html

Attempting to create credentials using the jenkins_private_key_credentials resource ends in the following exception:

Expected process to exit with [0], but received '255'
---- Begin output of java -jar /var/chef/cache/jenkins-cli.jar -s http://localhost:8080 groovy = <<-GROOVY_SCRIPT
        import com.cloudbees.plugins.credentials.impl.*;
        import com.cloudbees.jenkins.plugins.sshcredentials.impl.*;

                import jenkins.model.*
        import com.cloudbees.plugins.credentials.*
        import com.cloudbees.plugins.credentials.common.*
        import com.cloudbees.plugins.credentials.domains.*;

        username_matcher = CredentialsMatchers.withUsername("root")
        available_credentials =
          CredentialsProvider.lookupCredentials(
            StandardUsernameCredentials.class,
            Jenkins.getInstance(),
            hudson.security.ACL.SYSTEM,
            new SchemeRequirement("ssh")
          )

        credentials =
          CredentialsMatchers.firstOrNull(
            available_credentials,
            username_matcher
          )


        if(credentials == null) {
          return null
        }

        current_credentials = [
          id:credentials.id,
          description:credentials.description,
          username:credentials.username
        ]

        current_credentials['private_key'] = credentials.privateKey
current_credentials['passphrase'] = credentials.passphrase.plainText

        builder = new groovy.json.JsonBuilder(current_credentials)
        println(builder)

GROOVY_SCRIPT ----
STDOUT:
STDERR: org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed:
RemoteClass: 15: unable to resolve class SchemeRequirement
 @ line 15, column 13.
               new SchemeRequirement("ssh")
               ^

1 error

        at org.codehaus.groovy.control.ErrorCollector.failIfErrors(ErrorCollector.java:302)
        at org.codehaus.groovy.control.CompilationUnit.applyToSourceUnits(CompilationUnit.java:861)
        at org.codehaus.groovy.control.CompilationUnit.doPhaseOperation(CompilationUnit.java:550)
        at org.codehaus.groovy.control.CompilationUnit.compile(CompilationUnit.java:499)
        at groovy.lang.GroovyClassLoader.doParseClass(GroovyClassLoader.java:302)
        at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:281)
        at groovy.lang.GroovyShell.parseClass(GroovyShell.java:731)
        at groovy.lang.GroovyShell.run(GroovyShell.java:516)
        at hudson.cli.GroovyCommand.run(GroovyCommand.java:94)
        at hudson.cli.CLICommand.main(CLICommand.java:229)
        at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:299)
        at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:280)
        at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:239)
        at hudson.remoting.UserRequest.perform(UserRequest.java:118)
        at hudson.remoting.UserRequest.perform(UserRequest.java:48)
        at hudson.remoting.Request$2.run(Request.java:326)
        at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
        at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
        at hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorService.java:95)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)

Full Chef output available here:
https://gist.github.com/tucker-altiscale/6d31f71f425e66a3ad83

Issue reported on Jenkins 1.532-1.1 installed from packages on CentOS.

This cookbook should expose a jenkins_slave LWRP which incapsulates the logic in the following recipes:

• jenkins::node_jnlp
• jenkins::node_ssh
• jenkins::node_windows

The existing jenkins_node LWRP does some of this but the existing recipes still contain a lot of required configuration logic.

Some items it would be nice to configure:

• global security/authentication including:
  • local account user/pass
  • LDAP
  • GitHub OAuth
• number of executors
• global scm polling period
• admin e-mail address

The Jenkins repo is created using the Yum cookbook, but there's no way to specify that the 'proxy' setting should be added to the repo definition. This prevents the master recipe from working when the server needs to pass through a proxy to the internet.

Ideally, the repo setting could be fully configured, so that you could not only specify a proxy, but even the specific repo to use.

The jenkins ssh_slave plugin uses the ssh_credential plugin to determine which ssh key to use when connecting to an ssh slave.

The default credential created by the ssh_credential plugin uses a tuple of username "jenkins" and "${JENKINS_HOME}/.ssh/id_rsa"

node_ssh (and the other node_ providers) set the slave username to 'jenkins-node', thus breaking the master's ability to log into the slave.

we can change the node user name to 'jenkins', which means we can't run a slave on the same machine as a master, or we need to be able to manipulate the ssh_credentials programatically.

I'm trying to setup a Windows node, but Jenkins CLI calls do not work. I guess that here documents do not work on Windows or need a different syntax.

Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of java -jar C:\\chef\\cache/jenkins-cli.jar -s http://acme.com -i C:\\chef\\cache/jenkins-key groovy = <<-GROOVY_SCRIPT
        import hudson.model.*
        import hudson.slaves.*
        import jenkins.model.*
        import jenkins.slaves.*

        slave = Jenkins.instance.getNode('acme1') as Slave

        if(slave == null) {
          return null
        }

        current_slave = [
          name:slave.name,
          description:slave.nodeDescription,
          remote_fs:slave.remoteFS,
          executors:slave.numExecutors.toInteger(),
          usage_mode:slave.mode.toString().toLowerCase(),
          labels:slave.labelString.split().sort(),
          environment:slave.nodeProperties.get(EnvironmentVariablesNodeProperty.class)?.envVars,
          connected:(slave.computer.connectTime > 0),
          online:slave.computer.online
        ]

        // Determine retention strategy
        if (slave.retentionStrategy instanceof RetentionStrategy.Always) {
          current_slave['availability'] = 'always'
        } else if (slave.retentionStrategy instanceof RetentionStrategy.Demand) {
          current_slave['availability'] = 'demand'
          retention = slave.retentionStrategy as RetentionStrategy.Demand
          current_slave['in_demand_delay'] = retention.inDemandDelay
          current_slave['idle_delay'] = retention.idleDelay
        } else {
          current_slave['availability'] = null
        }



        builder = new groovy.json.JsonBuilder(current_slave)
        println(builder)

GROOVY_SCRIPT ----
STDOUT:
STDERR: << was unexpected at this time.

[2013-05-15T02:39:20+00:00] INFO: Processing log[plugins updated, restarting jenkins] action nothing (jenkins::server line 98)
[2013-05-15T02:39:20+00:00] INFO: Processing service[jenkins] action nothing (dynamically defined)
[2013-05-15T02:39:20+00:00] INFO: Processing runit_service[jenkins] action enable (jenkins::server line 113)

Error executing action enable on resource 'runit_service[jenkins]'

NameError

Cannot find a resource for load_new_resource_state on ubuntu version 12.04

Cookbook Trace:

/tmp/vagrant-chef-1/chef-solo-1/cookbooks/runit/libraries/provider_runit_service.rb:93:in `action_enable'

Resource Declaration:

In /tmp/vagrant-chef-1/chef-solo-1/cookbooks/jenkins/recipes/server.rb

112:
113: runit_service "jenkins" do
114: action [:enable, :start]
115: notifies :create, "ruby_block[block_until_operational]", :immediately
116: end

Compiled Resource:

Declared in /tmp/vagrant-chef-1/chef-solo-1/cookbooks/jenkins/recipes/server.rb:113:in `from_file'

runit_service("jenkins") do
service_name "jenkins"
log_template_name "jenkins"
log true
retry_delay 2
sv_templates true
service_dir "/etc/service"
run_template_name "jenkins"
sv_bin "/usr/bin/sv"
retries 0
recipe_name "server"
status_command "/usr/bin/sv status /etc/service"
restart_on_update true
pattern "jenkins"
action [:enable, :start]
cookbook_name :jenkins
service_mirror # Declared in

service("jenkins") do
service_name "jenkins"
retry_delay 2
start_command "/usr/bin/sv start /etc/service/jenkins"
retries 0
status_command "/usr/bin/sv status /etc/service/jenkins"
restart_command "/usr/bin/sv restart /etc/service/jenkins"
pattern "jenkins"
action [:nothing]
startup_type :automatic
stop_command "/usr/bin/sv stop /etc/service/jenkins"
supports {:status=>true, :restart=>true, :reload=>true}
provider Chef::Provider::Service::Simple
end

finish_script_template_name "jenkins"
sv_dir "/etc/sv"
startup_type :automatic
supports {:status=>true, :restart=>true, :reload=>true}
provider Chef::Provider::Service::Runit
end

[2013-05-15T02:39:20+00:00] ERROR: Running exception handlers
[2013-05-15T02:39:20+00:00] ERROR: Exception handlers complete
[2013-05-15T02:39:21+00:00] FATAL: Stacktrace dumped to /tmp/vagrant-chef-1/chef-stacktrace.out
[2013-05-15T02:39:21+00:00] FATAL: NameError: runit_service[jenkins](jenkins::server line 113) had an error: NameError: Cannot find a resource for load_new_resource_state on ubuntu version 12.04

When the attribute default['jenkins']['master']['endpoint'] is defined with a subdir (ie '/jenkins') the following function in slave.rb truncates the extra path.

slave.rb

#
# The url of the +slave.jar+ on the Jenkins master.
#
# @return [String]
#
def slave_jar_url
  path = ::File.join('jnlpJars', 'slave.jar')
  URI.join(endpoint, path).to_s
end

slave_jnlp.rb

#
# The path (url) of the slave's unique JNLP file on the Jenkins
# master.
#
# @return [String]
#
def jnlp_url
  return @jnlp_url if @jnlp_url
  path = ::File.join(
           'computer', new_resource.slave_name, 'slave-agent.jnlp')
  @jnlp_url = URI.join(endpoint, path).to_s
end

eg.

When endpoint is defined as "http://host/jenkins"
the cookbook returns "http://host/jnlpJars/slave.jar" and jenkins returns a 404.

The issue is present in slave.rb and slave_jnlp.rb.

When trying to install a plugin or a job (or anything else that requires running the Jenkins CLI) and the default HTTP port for Jenkins has been altered, this change is not taken into consideration and as a result the installation command fails.

Example (with Jenkins running on port 8101, overriden via attributes on a role cookbook):

override['jenkins']['master']['port'] = 8101
override['jenkins']['master']['url'] = "http://#{node['jenkins']['master']['host']}:#{node['jenkins']['master']['port']}"

Jenkins::Helper::JenkinsNotReady: The Jenkins master at `http://localhost:8080' did not become ready within 60
seconds. On large Jenkins instances, you may need to increase the timeout to
240 seconds. Alternatively, Jenkins may have failed to start.
Jenkins can fail to start if:

  - a configuration file is invalid
  - a plugin is only partially installed
  - a plugin's dependencies are not installed

If this problem persists, check your Jenkins log files.

Basically in our recipe we are creating a jenkins_private_key_credentials, and a jenkins_job, and need to embed the CredentialsID from that credential in the XML for the job, and I'm at a bit of a loss how to do it.

Any guidance would be appreciated.

This cookbook should expose a jenkins_master or jenkins_server LWRP which incapsulates all the logic in the jenkins::server recipe. This will make it much easier to manage a multi-cluster Jenkins environment.

I just started using this cookbook and really wish I'd been able to wait four days, as the ongoing changes look to be a big step forward. Unfortunately, I have already started my wrapper work and can't wait until this stabilizes to move forward. In the mean time, I can't help but notice the version has only been bumped by (according to the semver standard) a single patch level. As this is completely API incompatible with the previous releases, it should probably be bumped by a major version. The inclusion of the yum 3.0.x alone cookbook warrants a minor version bump at the very least.

Hello,

I am managing user/group setup via a separate cookbook where user/group information is managed via data bags or roles.

I would prefer an attribute to make jenkins user setup optional in jenkins cookbook, so that user can choose whether to go with default user setup or manage it separately without altering cookbook.

e.g. Attribute: node['jenkins']['master']['user_setup']

By default jenkins cookbook will setup jenkins user and group by below default option:

jenkins/attributes/master.rb:

  master['user_setup'] = true

Anybody who do not want jenkins cookbook to create users can set below option to false:

  node['jenkins']['master']['user_setup'] = false

Jenkins master recipe will skip or setup user/group accordingly:

jenkins/recipes/master.rb:

if node['jenkins']['master']['user_setup']
  # Create the Jenkins user
  user node['jenkins']['master']['user'] do
    home node['jenkins']['master']['home']
  end

  # Create the Jenkins group
  group node['jenkins']['master']['group'] do
    members node['jenkins']['master']['user']
  end
end

I would be more than happy to submit a pull request if this make some sense.

Cheers,
V

Whenever I install Jenkins using jenkins::server, files and folders don't always get the correct group.

For example, a default Jenkins installation results in the following:

drwxr-xr-x  2 jenkins jenkins 4.0K Mar 30 09:15 jobs
-rw-r--r--  1 jenkins jenkins  907 Mar 30 09:18 nodeMonitors.xml
drwx------ 22 jenkins nogroup 4.0K Mar 30 09:15 plugins

As you can see, the plugins folder has a group nogroup.

Now, if I check which group the Jenkins user belongs to, I see it belonging to jenkins:

root@ip-10-239-95-77:/var/lib/jenkins/jenkins-data# groups jenkins
jenkins : jenkins

However, when looking at the default attributes, it seems that it should belong to the nogroup group, given that Ubuntu is part of the debian family:

default['jenkins']['server']['user'] = "jenkins"
case node['platform_family']
when "debian"
  default['jenkins']['server']['group'] = "nogroup"
else
  default['jenkins']['server']['group'] = node['jenkins']['server']['user']
end

When looking inside the plugins directory, there are both plugins belonging to the jenkins group and the nogroup group, the difference being the first one being a standard plugin installed with jenkins.war, the second one being a plugin I specified in the plugin attribute:

drwxr-xr-x  4 jenkins jenkins  4.0K Mar 30 09:15 ant
-rw-r--r--  1 jenkins jenkins   81K Mar 30 09:15 ant.jpi
drwxr-xr-x  4 jenkins jenkins  4.0K Mar 30 09:15 campfire
-rw-------  1 jenkins nogroup  511K Mar 30 09:15 campfire.hpi

All seemed to work fine, so I wasn't worried about this. Except that I want to back up my secret keys for future re-deployments. When re-adding the secret keys through Chef, they end up as jenkins:nogroup and I get a warning inside Jenkins saying I have to re-key my installation due to a security issue.

This last part might not be related, but I suspect it is, and came acros this either way, so wanted to report it here and ask if this is normal behavior?

Using vagrant, on top of an ubuntu 12.04 box, jenkins recipe fails to install by itself.

config.vm.provision :chef_solo do |chef|
  chef.add_recipe "jenkins"
end

2013-06-04T23:03:16+00:00] FATAL: Stacktrace dumped to /tmp/vagrant-chef-1/chef-stacktrace.out
[2013-06-04T23:03:16+00:00] FATAL: NameError: Cannot find a resource for apt_repository on ubuntu version 12.04
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.

If I, however, explicitly include the "apt" recipe, installation proceeds

config.vm.provision :chef_solo do |chef|
  chef.add_recipe "apt"
  chef.add_recipe "jenkins"
end

My base box:

config.vm.box_url = "http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-vagrant-i386-disk1.box"

I'm not fully glad of this script. In gentoo at least (I assume, it is the same on other platform), in the Jenkins WebUI, go to http://jenkins-url/systemInfo , and check the LOGNAMEand USER Environment Variables, there are set to root. Do you think it's a normal behavior? Personally, I added the following to the runit script :

env \
USER=<%= node['jenkins']['server']['user'] %> \
LOGNAME=<%= node['jenkins']['server']['user'] %> \
HOME=<%= node['jenkins']['server']['home'] %> \
GEM_HOME=/var/lib/jenkins/.gem \

I think that the USER and LOGNAME should be set to node['jenkins']['server']['user'] and then, we can have a variable to set what ever options like GEM_HOME.

What do you think? I can do a pull request if you like the idea?

It'd be nice to provide a jenkins.master.read_only attribute that would default to false. This would allow consumers of this cookbook to quickly setup a Jenkins where the web interface has no power but management can continue through the resources this cookbook provides.

I'm sure there is a groovy way to do this (no pun intended) but I'm having a hard time determining what options need to be set and the interfaces that would be involved in such a script.

Let me know if this request is reasonable or if modifications are required.

Thanks

Am I creating an SSH Slave properly?

Considering the following recipes, my jenkins_ssh_slave_credentials resources seem to ignore both the credentials and the host, where chef actually tries to usermod jenkins on the master instead of foo on 172.16.1.2. Of course, it bombs out because usermod can't modify users while the user jenkins is logged in on the master (because the daemon is running). What should I do? Thanks in advance.

#
# variant 1
#
jenkins_private_key_credentials 'foo' do 
  private_key "a real private key"
end

foos_creds = Chef::Resource::JenkinsCredentials.new('foo')
Chef::Log.info("foos_creds is a #{foos_creds.class}")

jenkins_ssh_slave 'bar' do
  remote_fs '/data/jenkins_slave'
  host '172.16.1.2'
  credentials foos_creds
end

#
# variant 2
# 
jenkins_private_key_credentials 'foo' do 
  private_key "a real private key"
end

jenkins_ssh_slave 'bar' do
  remote_fs '/data/jenkins_slave'
  host '172.16.1.2'
  credentials 'foo'
end

Hi,
I am a newb at chef and if apologize if i have not followed protocol by putting this issue here. I am using this jenkins cook book to install jenkins behind apache proxy on a vagrant vm. I am also using basic_auth for apache. In order to access jenkins on my vagrant.vm i have set the following setting in the Vagrant file:
config.vm.network :forwarded_port, guest: 80, host: 8080

Everything works perfectly on the first run. I am able to access jenkins by going to localhost:8080. This takes me to the vagrantvm.80 which in turn forwards to port 8080 on the vagrant vm. I am able to access jenkins just fine!

However, if i restart the vagrant vm then the next time i try to go to jenkins i get a "Service Temporarily Unavailable apache error". I can tell that apache is still running correctly because i am prompted to enter ther the proxy basic_auth password.

Could it be that jenkins is not starting correctly on a vagrant vm restart?

I am able to replicate the behavior every time.

Please help or point me in the right direction.

Hello,

I am trying to Setup jenkins master on an ubuntu instance running on amazon platform.

But apt-get seems to fail the package authentication.

Below the is the Chef Client run stacktrace:

Generated at 2014-02-10 11:09:20 +0000
Mixlib::ShellOut::ShellCommandFailed: package[jenkins] (jenkins::_master_package line 34) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '100'
---- Begin output of apt-get -q -y install jenkins=1.550 ----
STDOUT: Reading package lists...
Building dependency tree...
Reading state information...
The following packages were automatically installed and are no longer required:
  python-twisted-web gir1.2-gudev-1.0 python-twisted-names
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  daemon
The following NEW packages will be installed:
  daemon jenkins
0 upgraded, 2 newly installed, 0 to remove and 52 not upgraded.
Need to get 61.1 MB of archives.
After this operation, 67.5 MB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  jenkins
STDERR: E: There are problems and -y was used without --force-yes
---- End output of apt-get -q -y install jenkins=1.550 ----
Ran apt-get -q -y install jenkins=1.550 returned 100
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/mixlib-shellout-1.2.0/lib/mixlib/shellout.rb:251:in `invalid!'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/mixlib-shellout-1.2.0/lib/mixlib/shellout.rb:237:in `error!'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/mixin/shell_out.rb:45:in `shell_out!'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/provider/package/apt.rb:126:in `run_noninteractive'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/provider/package/apt.rb:94:in `install_package'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/provider/package.rb:82:in `block in action_install'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/mixin/why_run.rb:52:in `call'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/mixin/why_run.rb:52:in `add_action'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/provider.rb:149:in `converge_by'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/provider/package.rb:80:in `action_install'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/provider.rb:114:in `run_action'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/resource.rb:625:in `run_action'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/runner.rb:49:in `run_action'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/runner.rb:81:in `block (2 levels) in converge'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/runner.rb:81:in `each'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/runner.rb:81:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/resource_collection.rb:98:in `block in execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/resource_collection/stepable_iterator.rb:116:in `call'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/resource_collection/stepable_iterator.rb:116:in `call_iterator_block'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/resource_collection/stepable_iterator.rb:104:in `iterate'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/resource_collection.rb:96:in `execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/runner.rb:80:in `converge'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/client.rb:433:in `converge'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/client.rb:500:in `do_run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/client.rb:199:in `block in run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/client.rb:193:in `fork'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/client.rb:193:in `run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/application.rb:208:in `run_chef_client'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/application/client.rb:312:in `block in run_application'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/application/client.rb:304:in `loop'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/application/client.rb:304:in `run_application'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/lib/chef/application.rb:66:in `run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.8.2/bin/chef-client:26:in `<top (required)>'
/usr/bin/chef-client:23:in `load'
/usr/bin/chef-client:23:in `<main>'

Below are system details:

# uname -a
Linux chefclientubuntu.bsbportal.in 3.2.0-57-virtual #87-Ubuntu SMP Tue Nov 12 21:53:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04.3 LTS"

Jenkins Version attribute: Not Set
Jenkins Cookbook Version: 2.0.0

Please let me know if appears to be a bug or something i am doing wrong.

Cheers,
V

The recipe master.rb delegates the installation of Jenkins to a different recipe defined in the attribute: node['jenkins']['master']['install_method']. The recipe chosen must be part of the Jenkins cookbook.

At IBM we have written and published a recipe to install Jenkins on top of liberty profile. We would like it if this requirement for the recipe could be lifted, which would allow us to have the Jenkins cookbook delegate to our recipe.

If this request meets you approval I am happy to submit a pull request.

Storing the private key on the node object is probably a bad idea (we discussed this as a team). Instead, we should use the run_state to temporarily store the contents of the private key loaded from (somewhere) and pass it around during the run. By the nature of doing so, we will also hit this issue in #147 and need to refactor the way we check for authentication presence.

After I use the new recipe (v2.0.0) to install jenkins and I enabled crowd2 authentication I'm getting this error when I execute the recipe again:

===============================================================================
Error executing action `delete` on resource 'jenkins_private_key_credentials[stash-jenkins]'
================================================================================


Jenkins::Helper::JenkinsNotReady
--------------------------------
The Jenkins master at `http://xxxxxxxx:8080/jenkins' did not become ready within 60
seconds. On large Jenkins instances, you may need to increase the timeout to
240 seconds. Alternatively, Jenkins may have failed to start.
Jenkins can fail to start if:

  - a configuration file is invalid
  - a plugin is only partially installed
  - a plugin's dependencies are not installed

If this problem persists, check your Jenkins's log files.



Cookbook Trace:
---------------
/var/chef/cache/cookbooks/jenkins/libraries/_helper.rb:260:in `rescue in wait_until_ready!'
/var/chef/cache/cookbooks/jenkins/libraries/_helper.rb:246:in `wait_until_ready!'
/var/chef/cache/cookbooks/jenkins/libraries/_helper.rb:57:in `executor'
/var/chef/cache/cookbooks/jenkins/libraries/credentials.rb:232:in `current_credentials'
/var/chef/cache/cookbooks/jenkins/libraries/credentials_private_key.rb:115:in `current_credentials'
/var/chef/cache/cookbooks/jenkins/libraries/credentials.rb:105:in `load_current_resource'
/var/chef/cache/cookbooks/jenkins/libraries/credentials_private_key.rb:69:in `load_current_resource'


Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/tcn-jenkins/recipes/stash.rb

 17: jenkins_private_key_credentials 'stash-jenkins' do
 18:    action :delete
 19: end
 20:



Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/tcn-jenkins/recipes/stash.rb:17:in `from_file'

jenkins_private_key_credentials("stash-jenkins") do
  provider Chef::Provider::JenkinsPrivateKeyCredentials
  action [:delete]
  retries 0
  retry_delay 2
  username "stash-jenkins"
  id "e55569f0-618e-46ef-a284-2dcefc3315c4"
  description "Credentials for stash-jenkins - created by Chef"
  cookbook_name "tcn-jenkins"
  recipe_name "stash"
end

the solution could be to change method wait_until_read method in _helper.rb to
this

def wait_until_ready!
  Timeout.timeout(timeout) do
    begin
      open(endpoint)
    rescue SocketError,
        Errno::ECONNREFUSED,
        Errno::ECONNRESET => ex
      Chef::Log.info("Jenkins is not accepting requests - #{ex.message}")
      sleep(0.5)
      retry
    rescue OpenURI::HTTPError => e
      puts e.message
      if /^403/ =~ e.message
        return
      else
        Chef::Log.info("Jenkins is not accepting requests - #{e.message}")
        sleep(0.5)
        retry
      end
    end
  end
rescue Timeout::Error
  raise JenkinsNotReady.new(endpoint, timeout)
end

The config attribute of jenkins_job should accept a template resource

Although the behaviour is clearly documented I would prefer node['jenkins']['master']['mirror'] to be used for both installation methods and for the jenkins_plugin resource.

In my case we have a mirror set up within the data center where I want to manage Jenkins installations.