6. The evolution of Jenkins
Jenkins is moving fast (there is competition:
travis-ci, gitlab-runners)
Far away from just the java world (e.g. mvn
specifics are gone in Pipeline world)
7. What can you do with Jenkins?
Testing, building, deploying
Software
Services
Infrastructure
11. Automating Jenkins
Why is it needed?
Make build processes transparent
Make build processes improvable
Make build process reproducible
Lower the barrier to update Jenkins
security - audit - bugfixes - plugins
12. Automating Jenkins
Why is it hard?
Building Software is hard
For long, Jenkins has been strongly UI-Driven
It is "easy" to deploy (.war file)
Hey I've deployed Jenkins on my Laptop!
It has lots of plugins (and you need them)
25. Installing Jenkins
Do NOT use war file (yes I know it's easy)
Use Jenkins LTS (3 months lifecycle vs 1
week)
Think about: user, directories, backups,...
Packages provides: upgrade path, downgrade
path, control, checksums, signatures, ...
26. Automating the Jenkins Service
Chef: Jenkins in the supermarket
Puppet: module rtyler/jenkins
Playbooks/etc for other tools as well
Docker
27. Jenkins Plugins
You NEED them (never seen a Jenkins setup
without 20-100 plugins)
Fetched from https://updates.jenkins-ci.org
Can be installed from the UI :(
Can be installed from the CLI
28. Packaging Jenkins Plugins
Plugins have dependencies (against plugins &
Jenkins core)
They have a fixed download path
They are listed in updates.jenkins.io/update-
center.json
https://github.com/roidelapluie/Jenkins-
Plugins-RPM
29. Mirroring Jenkins Plugins
Mirror http://updates.jenkins-ci.org
By default, "latest" will be fetched
Don't cache too much
github.com/jenkinsci/docker install-
plugins.sh
32. system-config-dsl-plugin
Like Job DSL, but for the system
https://github.com/jenkinsci/system-config-
dsl-plugin
JENKINS-31094
Downside: it does not exist yet
34. Groovy
Yet another language to learn? yes.
Programming language for the Java platform
Scripting language
Fully integrated in Jenkins
Used by automation tools (chef cookbook,
puppet module...)
35. The Jenkins Script Console
A groovy console is available at /script
http://jenkins.example.com/script
also with curl
Requires "Overall/Run Scripts" permission
48. Jenkins init.groovy.d
Upon startup, Jenkins will run
$JENKINS_HOME/init.groovy.d/*.groovy
scripts
Meanwhile, "Jenkins is getting ready..."
message is displayed
Drop files, restart Jenkins
Allows you to preconfigure everything --
without the GUI
50. Inside Jenkins
Creative Commons Attribution-ShareAlike 4.0 International
https://commons.wikimedia.org/wiki/File:Mystery_Cave_passage.jpg
51. The Multiple Approaches
GUI .. but this talk is about automation, right?
init.groovy.d: to create your seed job
Jenkins Job Builder: declarative, python, yaml
Jenkins Job DSL: imperative, groovy
52. Jenkins Job Builder
An Openstack Project
Python (not a Jenkins Plugin!)
Support templates
Extensible
Can do raw xml
Limited support for plugins and pipeline
Put Jobs config under SCM
53. Jenkins Job DSL
A Jenkins Plugin
2012
Groovy DSL to create views & jobs
Put Jobs config under SCM
64. Unleash the power of groovy
import jenkins.model.Jenkins;
dslCfg = Jenkins.instance.getDescriptor(
"javaposse.jobdsl.plugin.
GlobalJobDslSecurityConfiguration")
dslCfg.useScriptSecurity = false
==
(sec issue with old versions of the plugin)
(or power user trick)
69. What is a Jenkinsfile (aka
Pipeline)
A file that contains the definition of a job
No need of Gui
Defines Steps, Reports, Environments,
Nodes,...
Plugins can provide steps
Generic "step"
70. How to write Pipelines?
Visual Pipeline editor (WIP)
"Pipeline Syntax" link in jobs
78. Docker Docker Docker
Run jobs inside containers
Clean, short lived containers
Easy to update
Docker Plugin
79. Docker nodes pattern
Build Container
Tag it with a tag "candidate"
Push it to your registry
Run normal testing
Run actual builds with that "candidate"
If success -> tag with "release" && push
80. In practice
Docker Plugin config automated with groovy
Candidate and Release tags are setup as
slaves
They get two labels: "image" "tag" (e.g. "build-
centos-7" "candidate")
Jobs get a parameter "tag"
81. In the build Jenkinsfile
pipeline {
agent {
label("buildcentos7 && ${params.tag}")
}
}
83. Pros/Cons
Updated containers won't block the builds (e.g
on packages updates)
Containers stay up to date
Don't forget that builds release artifacts
(sometime you don't want that in nodes tests)
85. Jenkins Master in Docker
WHY WOULD YOU DO THAT?
Atomic upgrade of all plugins at the same
time
Easy rollback / update
Easy to test
Reduce the cost to upgrade
86. Jenkins master in Docker
At which price?????
Do not run ANYTHING on master; slave
everything
Keep a Docker Registry with history
Assume Docker instability
Think docker deployment etc... (A pipeline for
your Jenkins master - how cool is this?)
96. Seed jobs
Somewhere in init.groovy.d
cause = new RemoteCause('localhost',
'Build triggered by init.groovy.d')
job = Jenkins.instance.getItem("seed")
cAction = new CauseAction(cause)
build = job.scheduleBuild2(0, cAction)
res = build.get().getResult().toString()
assert res == 'SUCCESS'
Last lines check for completion of seed job
97. Benefits
A Pipeline to Deploy Jenkins
Automated checks of init.groovy.d etc
Check that the seed job works
99. Trash the Jenkins config
Only keep build history
Do notput config in persistent volume
Let init.groovy.d/job dsl build your config only
from code
Still, keep job history
103. Jenkins can be FULLY
automated
My recommendations:
init.groovy.d
Jenkins Job DSL
Pipeline
Try dockerized Jenkins ; might work for you
(spoiler: works for us)