[MediaWiki-commits] [Gerrit] operations/puppet[production]: jenkins: disable auto-discovery

Dzahn (Code Review) Fri, 20 Oct 2017 12:15:40 -0700

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/385230 )


Change subject: jenkins: disable auto-discovery
......................................................................


jenkins: disable auto-discovery

Jenkins listens on UDP 33848 for broadcast or multicast (on
239.77.124.231) so that agents can discover masters in a network.
It also advertise over multicast DNS via _jenkins._tcp.local

We do not use those features, disable them using system properties.

References:
https://wiki.jenkins.io/display/JENKINS/Auto-discovering+Jenkins+on+the+network
https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties

Bug: T178608
Change-Id: Ie6ee9d73ffaf45fe9b270662b9d08a560e6f0100
---
M modules/jenkins/manifests/init.pp
1 file changed, 3 insertions(+), 0 deletions(-)

Approvals:
  jenkins-bot: Verified
  Ayounsi: Looks good to me, but someone else must approve
  Dzahn: Looks good to me, approved



diff --git a/modules/jenkins/manifests/init.pp 
b/modules/jenkins/manifests/init.pp
index fd3bd96..de27c66 100644
--- a/modules/jenkins/manifests/init.pp
+++ b/modules/jenkins/manifests/init.pp
@@ -124,6 +124,9 @@
         #   
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
         '-Dhudson.model.ParametersAction.keepUndefinedParameters=true',
         '-Djava.util.logging.config.file=/etc/jenkins/logging.properties',
+        # Disable auto discovery T178608
+        '-Dhudson.udp=-1',
+        '-Dhudson.DNSMultiCast.disabled=true',
     ], ' ')
 
     $real_service_ensure = $service_ensure ? {

-- 
To view, visit https://gerrit.wikimedia.org/r/385230
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie6ee9d73ffaf45fe9b270662b9d08a560e6f0100
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hashar <has...@free.fr>
Gerrit-Reviewer: Ayounsi <ayou...@wikimedia.org>
Gerrit-Reviewer: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Hashar <has...@free.fr>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: jenkins: disable auto-discovery

Reply via email to