hide preview

What's next? verify your email address for reply notifications!

unverified 5y, 123d ago

Your setup isn't actually secure. The jenkins user can replace the script with anything of their chosing, because they have write access to the containing directory.

Also your script is missing a #!, and set -x will echo every line in a bash script so you don't have to.

remark link
hide preview

What's next? verify your email address for reply notifications!

russell 5y, 121d ago [edited]

Thank you for the feedback! I updated the blog post with your suggestions. The script is now safely stored in /opt which is owned by root so the jenkins user cannot modify it or swap it out. Additionally I updated the script to use set -x instead of duplicating the commands for echoing.

If anyone out there is curious about seeing my workflow to make and test this change, I did a screen recording:

remark link parent
hide preview

What's next? verify your email address for reply notifications!

unverified 4y, 123d ago

Hello Russell,

Thanks for the post, I would like to know if you could post about Salt-Master and Jenkins setup like sending a message to salt API with salt stack plugin.

Thanks Mohan

remark link
hide preview

What's next? verify your email address for reply notifications!