I love The Oatmeal and this is another perfect way to sum up my views on movie dowloads..
Removed all permissions from your account did you? Save it did you? Feeling a bit stupid?
Yeah, me too!
SSH to your server and stop Jenkins
Now modify the config XML
sudo vi /var/lib/jenkins/config.xml
You now have two options to regain access
Turn security off and remove the <authorizationStrategy> node
Now restart Jenkins and head over to your admin UI to resecure it quick before the trolls get in.
Like a boss way
If you want to be safe and not open up a security hole at all, you can add the security permissions into the config XML manually. Just replace USERNAME with own
Now restart Jenkins and sit back with a smug grin.
In my last post about setting up Jenkins I looked at how to do a basic Jenkins setup on an Ubuntu machine. In my case I set it up on an old machine which is fine when I’m working at home but if I make changes when I’m not at home or when my build machine isn’t running the changes are not built and tested. If you hadn’t worked it out, in a proper continuous integration environment you should be running your builds continuously. So this morning I set out to get an EC2 instance running Jenkins.
The other reason I wanted to have the build server running continually is that I need to start scheduling some jobs for Knowsis to do the NLP part of our process., which I could do with Cron, but buildservers liike Jenkins and Teamcity offer really flexible scheduling and a nice interface for feedback so I don’t need to worry about building one myself, for now.
Setting up an EC2 instance
The first step in the process is to set up your EC2 instance. Amazon kindly provide a free tier so you can get a free micro instance for a year. This should work for you initially if your builds aren’t overly complex.
I won’t run through exactly how to get your instance running as you can find plenty of guides online, if you are completely new to EC2 I would recommend this guide provided by Amazon.
One thing to note is that you should make sure you set up the security group for your image to allow all traffic on port 80 so you can actually see Jenkins.
In my previous post I mentioned setting up nginx to route requests to Jenkins but didn’t cover it. So we’ll go though it here as we need a webserver running to host the requests coming through.
We’ll need to use YUM here as apt-get and aptitude aren’t installed. Thankfully the Amazon package index includes a version of nginx.
yum install nginx
Once installed we should start the nginx server to make sure that we can see our new EC2 instance before proceeding.
sudo /etc/rc.d/init.d/nginx start
You should be be able to hit your instance in a web browser. You can get the public hostname of your instance from the AWS management console, but it should look something like this:
In my previous post we used aptitude to install Jenkins but the Amazon Linux AMI doesn’t have the aptitude package manager, s owe have to use YUM instead.
First we need to add the repository to the list of YUM repos:
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
and then get the GPG key:
sudo rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
then we can install Jenkins:
yum install jenkins
The installer will install the server as well as create jenkins user under which the service will run. You can now start the jenkins service:
sudo /etc/init.d/jenkins start
As Jenkins runs on port 8080 by default, the next step is to get nginx to proxy all requests on port 80 to port 8080. You could probably just change Jenkins to run on port 80 by default if you wanted. Anyway, just change your nginx config (/etc/nginx/nginx.conf) so that the server section reads as follows:
listen 80 default;
I won’t go into the details of nginx setup, but this is the minimum required to get you to a point of having Jenkins working.
Make sure you restart nginx to take account of the config changes,
sudo /etc/rc.d/init.d/nginx restart
You should be be able to view the jenkins homepage in a web browser using the same url as before:
One of the topics mentioned but not covered previously was security. As your build server is now visible publicly, you will want to set up some sort of security to prevent people from doing bad things. The simplest way is to use Jenkins own user database, but there are other options to use an LDAP server or the underlying OS users. A few points to make sure that the server is secure:
- Disable the option to allow new users to sign up (unless you actually want people to be able to signup)
- Change the authorisation section to either allow logged in users to do anything or use matrix based security and make sure anonymous users have no permissions
Setting up builds
You should refer back to my previous post on how to get your builds set up.7
Let me know how you get on
I’ve just finished watching Breaking Bad seasons 1&2 on Netflix to find that the third season has yet to air in the UK despite the fourth season having already aired in the US and the fifth and final season being due to air later this year, it’s also not available on physical release presumably the studio are waiting for someone to buy the rights to air it on TV before releasing for physical distribution.
This kind of s**t makes me angry when we have the TV and film studios trying to get the US government to introduce futile laws that aim to impede their customers from trying to enjoy the content that have produced. Yes studio people, they are the customers, they are the people who actually want to watch it, the people who enjoy the programming that you make and commission; they aren’t downloading it to ruin your business or to profit from it – ok a few might be, but they are profiting from the fans who can’t legally get hold of the content that you made for them to watch. Don’t get me wrong, I think copyright theft is bad, I believe that everyone should be paid for what they make/do; my point is that if the content is harder to get legally than it is illegally then people won’t make it hard for themselves. In fact, this tweet sums it up nicely:
New Rule: You don't get to moan about copyright laws until I can purchase your content legally as easily as I can buy milk.—
(@Binarytales) February 07, 2012
I’ve spoken about this before, but it still surprises me that the TV and movie studios have yet to realise what the music industry learnt after requiring DRM on their content for so many years (it was around 5 years after the launch of the iTunes store before DRM was dropped across the board). If it’s easier to get the content people will pay for it. It’s 2012, the problem isn’t a technology one, it’s a human one, it sits with lawyers and executives, the kind of people who don’t have a clue what the internet is and think it’s just for ‘geeks’, the same kind of people that wanted to push SOPA and PIPA through.
It got me thinking that if the UK’s TV channels weren’t going to license the films or tv shows that some many people want to watch, maybe it could be possible to crowd-fund the licensing of this kind of content in a kickstarter fashion. If a streaming service was set up in such a way that all interested parties could register their commitment to certain TV shows and movies and agree an amount that they would be willing to pay to watch it, maybe we could buy it as a cooperative and then stream it beyond that point. Although the problem here is timing, I imagine it would take much longer to get enough interested parties and then negotiate the license agreements with the studios in which time everyone has got it quicker off of
MegaUpload BTJunkie Pirate Bay. I’m interested in hearing people’s thoughts on this idea though.
And for those that haven’t seen Breaking Bad it’s well worth watching