• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
    • Get the 2022 Cloud Scurity Comparison Guide
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
      • Cyber Threat Categories and Definitions
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Spotlight

Build a Programmable LED for Jenkins CI

By Michael Merritt
Posted on May 26, 2015
Updated on October 15, 2020

Share

FacebookTweetLinkedIn

For our latest OpenDNS hackathon, I decided it would be a fun exercise to use an individually addressable digital LED strip to create a build light for our Jenkins instance. We work in a continuous development environment, and the light gives a quick heads-up display to see if it’s safe to merge. Plus, LEDs are just plain fun!
Screen Shot 2015-05-22 at 3.33.27 PM
I followed this Adafruit article but used a Raspberry Pi 2 instead of Pi 1. The Pi 2 has more available pins, but the connecting pins will be the same. For power, I opted for a 5V/10Amp switching PSU, which provides more than double what my two-meter strip needed.

If you have some basic knowledge of Python, Linux, and soldering you should have no problem completing this in a few hours. If you’re anything like me, you’ll spend the majority of your time playing with different lighting patterns.

Hardware used

  • Digital RGB LED strip – LPD8806
  • 5V/10A switching power supply (must be 5v)
  • JST 4-pin inline cables (plug and receptacle)
  • DC power jack
  • Female jumper wires (or ribbon cable)
  • Raspberry Pi 2 (or 1)
  • SDCard (Raspberry Pi boots off the SDCard)
  • Soldering iron*, solder, and wire strippers
  • Optional Raspberry Pi case

*You can get away with not soldering if you buy appropriate connectors to hold wires in the place. I also tried the ribbon cable used in the Adafruit tutorial and it provided a very tight connection.

Let’s wire it up!
Screen Shot 2015-05-22 at 3.42.41 PM
Raspberry Pi 2 Pin-out diagram
Screen Shot 2015-05-26 at 10.18.44 AM
Connect power

Connect +5V and GND from the power supply to the +5V and GND pins on both the LED strip and the Raspberry Pi2 GPIO header. I simply soldered two wires into the positive jack and then two into the ground jack of the DC adapter. That way I could power both the Raspberry Pi and the LED strip off the same PSU.

Note: Do not attempt to power the LEDs off a micro USB cable connected to the Pi.

Connect the LED strip

The board’s SPI_MOSI pin connects to the DI input on the LED strip, and SPI_CLK pin connects to the CI input on the LED strip. Screen Shot 2015-05-26 at 10.19.47 AM
Be aware of polarity

I lucked out and Adafruit shipped my LEDs with a female JST 4-pin inline cable attached to the inputs of the LEDs. But Adafruit’s website says this is not always the case, and you might find your JST cable connected to the LED outputs! So be aware of which end you’re connecting to on the LED strip. If you look closely at your LED solder points you can see DI and CI for input, while DO and CO are your outputs respectively.

Once everything is connected it’s time to plug in the PSU.

OK, now I’ve got random LEDs lit

Initially, when I connected my LED strip there were no lights or random lights turning on until I ran my python script instructing the LEDs. Whew! But this could also be a sign that you’re not providing enough amperage to your LEDs. Adafruit has some troubleshooting tips to read over. If you’re using more than enough power then lets ignore the random LEDs and let’s move on.

Raspberry Pi setup

Rasberry Pi’s own site has very good instructions on how to do the following:

  • Install an OS to Raspberry’s SDCard (I used NOOBS with Raspbian)
  • Find the Raspberry’s IP address
  • Be able to SSH to the device
  • Enable SPI (serial port interface bus)

Software dependencies

Here’s some of the software dependencies and updates that helped me. I used python 2.7.3 for this project, which was preinstalled on the Pi. I recommend using virtualenv to install your python dependencies. It’s a good habit to get into and keeps things tidy. You need to first ssh pi@ipaddress and install these from the command line of the Pi. Most of these will require sudo.

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install python-pip
$ sudo apt-get install python-dev
$ sudo apt-get install git

Install Bibliopixel for LED bliss

Download and install the latest from github

$ git clone git@github.com:ManiacalLabs/BiblioPixel.git
$ cd BiblioPixel
$ sudo python setup.py install
$ sudo pip install -r requirements.txt

Reboot once everything is installed

$ sudo reboot

LED drivers

Bibliopixel should’ve included multiple drivers to choose from. We’re using the LPD8806. Once it’s installed (and SPI is enabled) you should see the device in your dev directory on your Pi:

$ ls -la /dev/spidev*
crw-rw---T 1 root spi 153, 0 Jan  1  1970 /dev/spidev0.0

Now for the fun part, playing with LEDs!

I wrote a simple python script that utilizes threads and a queue. Using a queue is one way to communicate between threads with the added bonus that it’s thread safe. The change of color can be thought of as an event and your event pool as a handler. When an event is emitted, the appropriate candidate responds with it’s particular color or animation.

The color changes I’m using in my script are very simplistic on/off color changes but Bibliopixel provides some very fun pre-written animations that you might try modifying, for example:

Clone the latest copy of the jenkins status light script:

$ git clone https://github.com/opendns/jenkins-status-light
$ cd jenkins_status_light
$ sudo pip install -r requirements.txt

Manually running the script

Simply supply the jenkins host and job name as command line arguments to run:

$ sudo python jenkins_status_light.py --jenkins-url https://jenkins.example.com --job job-name

It’s working!

At this point if the script didn’t exit you should see LEDs come up for the current build status of Jenkins and change whenever Jenkins build status change from success, failure or aborted. But if the script did exit, you’ll need to read through your console to see what is failing and address that.

Changing colors

The colors I selected might not be what you want, but you can easily swap out predefined colors in the global section at the top of my script.

Supervisor

Once things are working then we should try wrapping our script with Supervisor. This provides us with monitoring and helps keep the script running. If our lighting script exits or crashes for any reason, Supervisor will restart it. As an added bonus, when you plugin the Raspberry Pi, the script will automatically run and the lights come right up!
As the root user, run the following command to install the Supervisor package:

apt-get install supervisor

Let’s add a configuration file to tell Supervisor where our jenkins_status_light.py file is and what to do with it. Save the file at /etc/supervisor/conf.d/jenkins_status_light.conf.

[program:jenkins_status_light]
command=/usr/bin/env python /home/pi/jenkins_status_light.py --jenkins-url https://jenkins.server.com --job job-name
autostart=true
autorestart=true
stderr_logfile=/var/log/jenkins_status_light.err.log
stdout_logfile=/var/log/jenkins_status_light.out.log

Once you’ve saved that file then as the root user you can inform Supervisor of our new file:

supervisorctl reread

Then update with those changes:

supervisorctl update

To control Supervisor you can use the following commands:

sudo service supervisor stop / start / restart

To monitor stdout of our py file output:

tail -f /var/log/jenkins_status_light.out.log

There’s also an interactive mode that is worth reading about.

Securing the Pi

The Raspberry Pi is a full fledged computer and it’s only as secure as you make it. Here’s a list of some things to do to increase the security of your device:

  • The first thing you should absolutely do is change the default password. You can test the strength of your password with Steve Gibson’s password haystack. The higher the entropy the better.
  • Make sure everything is up to date. We did this with apt-get update and apt-get upgrade above.
  • Enabling unattended security updates which can help avoid “0-day exploits”.
  • Change the default user account to something other than ‘pi’ (Note that root is disabled by default on Raspbian which is great)
  • Close all services and ports you don’t use.
  • Don’t let untrusted people near it. It’s simple to plug a malicious device into it to gain control.
  • Don’t make the Pi publicly available on the internet unless you know what you’re doing. It’s best to sit behind your NAT router with DMZ disabled and behind a firewall if you have one (there’s one built into Linux, but it can be difficult to manage).
  • Consider using IP tables to only allow specific IP addresses or IP ranges to connect to your device.
  • Setup Fail2ban to block suspicious SSH connections who make too many failed attempts attempts against the device. This will provide a 10 minute ban for anyone who has 3 unsuccessful login attempts:
    • $ sudo apt-get install fail2ban

Note that some things such as “changing the ssh port” while not bad, will only get you so far. “Security through obscurity” won’t do much but slow down a determined hacker.

Project improvements

  • Using a queue means lights don’t always update immediately, esp. if build times are very short
  • Daemonizing threads and being able to cleanly exit the script would be great
  • Sometimes the light will quickly flash a past build color before updating to the correct color
  • Have the script automatically determine how many LED strips exist
  • Try creating a moving ‘progress bar’ animation to display estimated build duration.

Since this was 24-hour hackathon project I’m sure there are plenty of code improvements to be made. Please feel free to fork and submit changes and improvements! We’d love to see your own projects and what you did with this! Happy hacking!

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella