Arnaud Denoyelle's questions

Background :

I created an app called myapp with Spring-boot. It consists of a self-executable jar and is compatible with systemd services. Now, I am trying to integrate it with jenkins.

What I want:

I want jenkins to be able to :

• stop the service.
• replace the jar.
• restart the service.

Problem:

Up to now, only sudoers can start/stop services. I don't want jenkins to be a sudoer (it seems messy).

Current structure:

I have a user myapp which has a /home/myapp folder. The generated jar is called myapp and is placed at /home/myapp. The user myapp is the owner of the generated jar:

myapp@myserver:~/backend$ ll
total 53900
drwxrwxr-x 2 myapp myapp     4096 Apr 25 17:09 ./
drwxr-xr-x 6 myapp myapp     4096 Apr 25 17:08 ../
-rw-rw-r-- 1 myapp myapp      511 Apr 20 16:13 application.properties
-rwxr--r-- 1 myapp myapp 55175294 Apr 20 19:06 backend-1.0-SNAPSHOT.jar*
lrwxrwxrwx 1 myapp myapp       24 Apr 20 19:20 myapp -> backend-1.0-SNAPSHOT.jar*
-rw-r--r-- 1 myapp myapp      179 Apr 20 19:26 myapp.service

I placed a ssh key so that jenkins can log as myapp@myserver.

As myapp is the owner of the jar, I think that there might be an option that allows the user myapp to call systemctl start/stop myapp. Actually, I can call systemctl status myapp but not start/stop (root password is asked).

Any suggestions?

I am installing an LDAP server and configuring Jenkins in order to accept LDAP for authentication. In Jenkins parameters, I have a weird behavior with the parameter Root DN.

Documentation says :

Root DN

For authenticating user and determing the roles given to this user, Jenkins performs multiple LDAP queries.

[...]

But in practice, LDAP servers maintain an extensive index over the data, so specifying this field is rarely necessary — you should just let Jenkins figure this out by talking to LDAP.

If you do specify this value, the field normally looks something like dc=acme,dc=org

Weird behavior : If I do not specify the parameter, my user is not found. The others parameters have the default value.

LDAP is new to me so I am probably doing something wrong. I created a LDAP tree using slapd. I created one user adenoyelle under a node People that I also created. see ldapsearch result below :

root@myserver:~# ldapsearch -xLLL -b 'dc=acme,dc=com'
dn: dc=acme,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: acme.com
dc: acme

dn: cn=admin,dc=acme,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

dn: ou=people,dc=acme,dc=com
cn: people
objectClass: organizationalRole
objectClass: top
ou: people

dn: uid=adenoyelle,ou=people,dc=acme,dc=com
objectClass: account
objectClass: top
objectClass: simpleSecurityObject
uid: adenoyelle

If I let Root DN blank, my user cannot authenticate. But it works if I give this value for the parameter :

ou=people,dc=acme,dc=com

What am I doing wrong? My guess is that my LDAP nodes are wrong but I cannot find why. Maybe a problem with objectClass values?