From bfc61d596e40f8afc3454e8d61232a36db2e2a2c Mon Sep 17 00:00:00 2001 From: jarjar Date: Sat, 8 Mar 2025 13:51:38 +0000 Subject: [PATCH] The end --- answers.md | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/answers.md b/answers.md index f771334..e7ba656 100644 --- a/answers.md +++ b/answers.md @@ -50,24 +50,27 @@ When i restarted the job, i got the same result as the old build. So the modific _Explain in a few lines the steps you took and provide a package (git repository / patch files) containing your modifications and a note explaining your changes._ -4. Describe another solution to make the Job environment and/or Job executable behave in the same manner as it was before. +**4. Describe another solution to make the Job environment and/or Job executable behave in the same manner as it was before.** +To test without changing the code, you can use the CMake “CXXFLAGS” environment variable. This solution is less viable, as it's easy to forget to set this environment variable. _Explain in a few lines and compare it against your first solution._ -5. Now that everything is running as expected, it is time to suggest a production rollout for this service. Please suggest changes to the service to ensure a secure, production-ready deployment to be accessed by a team of developers. The suggestions are not limited in scope, but should focus on security, performance and reliability. +**5. Now that everything is running as expected, it is time to suggest a production rollout for this service. Please suggest changes to the service to ensure a secure, production-ready deployment to be accessed by a team of developers. The suggestions are not limited in scope, but should focus on security, performance and reliability.** - - L'accès à jenkins se fait à travers d'un mot de passe propre à chaque utilisateur (SSO si disponible pour simplifier l'user experience) et avoir une 2FA. Une politique de moindre privilège peut etre mis en place, des plugins comme : https://plugins.jenkins.io/role-strategy/ permettent de faire ce genre d'action. + - Access to jenkins is via a user-specific password (SSO if available to simplify user experience) and a 2FA. A policy of least privilege can be implemented, with plugins such as https://plugins.jenkins.io/role-strategy/. - - Avoir au moins deux masters avec un Haproxy devant pour que si un master tombe l'autre prend le relais. Pour éviter le SPOF sur le haproxy on peut en mettre deux avec keepalived pour qu'on puisse accéder aux master à travers une VIP. + - Have at least two masters with a Haproxy in front, so that if one master goes down, the other takes over. To avoid SPOF on the haproxy, you can install two with keepalived so that you can access the masters via a VIP. - - Dans un soucis de scalabilité et de sécurité l'architecture de build distribué est à priviligié. C'est à dire que les builds sont effectué par des agents au lieu du master, ce qui permet de protéger le master du code déployé ou d'une mauvais manipulation d'un developpeurs. Pour la partie scalabilité, si on a besoin de plus de ressources pour gérer plus de build on peut donc ajouter plus d'agents. + - For scalability and security, the distributed build architecture is privileged. This means that builds are carried out by agents instead of the master, thus protecting the master from deployed code or improper handling by a developer. As for scalability, if you need more resources to manage more builds, you can add more agents. - - Un plugin comme https://plugins.jenkins.io/job-restrictions/ permet de faire en sorte que des jobs s'execute que sur certains agents. Ce qui peut permettre de séparer les jobs et les agents en fonction des équipes. Chaque équipe à ses propres ressources. + - A plugin such as https://plugins.jenkins.io/job-restrictions/ can be used to make jobs run only on certain agents. This makes it possible to separate jobs and agents by team. Each team has its own resources. - - Backup + - Set up a backup system to recover data or return to a previous state. - - Centralisation des logs + - Connect Jenkins to the company's log centralization system, in particular audit logs to know what actions are being performed on Jenkins. - - kubernetes + - If administrators have the knowledge and time to set this up, installing Jenkins in a Kubernetes cluster can be a good solution to take advantage of its scalability. - - Test master \ No newline at end of file + - The Jenkins documentation also recommends setting up a “test” master to test plugin version upgrades. + +All these points can be used to set up a production deployment. \ No newline at end of file