Jenkins Configuration As Code

What Exactly is JCasC ?

This is a plugin that encodes all Jenkins settings and allows us to manage Jenkins settings without clicking on the GUI. This is quite advantageous when we have a fairly extensive configuration of our Jenkins, and it is especially useful in the case of a restore.

Environment

Let’s Start

Run sample full environment which can be found at this link

C:\Temp
λ git clone https://github.com/spy86/jenkins-as-code-docker-demo.git
C:\Temp
λ cd jenkins-as-code-docker-demo\
C:\Temp\jenkins-as-code-docker-demo (master -> origin)
λ vagrant up

After a while, the ready environment should start with Jenkins, and we can login into Jenkins. Open URL http://192.168.123.123:8089/ you should see one job SeedJob on the dashboard, and access for all options.

Jenkins configuration explanation

The configuration of Jenkins based on the jcasc plugin is divided into individual sections that are responsible for the configuration of individual functionalities in Jenkins. Below there are few important sections:

  • jenkins: The main element of the configuration in which we configure most of the options

Example code:

jenkins:
systemMessage: "Jenkins configured automatically by Jenkins Configuration as Code plugin\n\n"
globalNodeProperties:
- envVars:
env:
- key: VARIABLE1
value: example1
- key: VARIABLE2
value: example2
numExecutors: 1
crumbIssuer:
standard:
excludeClientIPFromCrumb: false
remotingSecurity:
enabled: false
securityRealm:
ldap:
configurations:
- groupMembershipStrategy:
fromUserRecord:
attributeName: "memberOf"
inhibitInferRootDN: false
rootDN: "dc=acme,dc=org"
server: "ldaps://ldap.acme.org:1636"
  • tool: The element that is for the tool configurations that are used globally by all jobs/pipelines

Example code:

tool:
git:
installations:
- name: default-git
home: /usr/bin/git
  • credentials: The element that is used for the credentials configuration (RSA keys, Logini, password, secret string etc.)

Example code:

credentials:
system:
domainCredentials:
- credentials:
- usernamePassword:
scope: GLOBAL
id: "github-token"
username: "CHANGE_ME"
password: "CHANGE_ME"
description: "GitHub Token"
- string:
scope: GLOBAL
id: "slack-token"
secret: "CHANGE_ME"

How trigger configuration reload ?

After changes in the configuration file, you should reload the configuration, otherwise the changes will not be visible. This can be done in several ways

⚠️ It must contain valid CRUMB and authentication information like username + token of a user with administrator privileges.

  • From Jenkins-cli
  • From Jenkins pipeline with using simple groovy script
import io.jenkins.plugins.casc.ConfigurationAsCode;
ConfigurationAsCode.get().configure()

I think the best solution is to create a freestyle job that will checkout our configuration to the directory from which we load the yml file and the reload configuration. This job will be required plugin Groovy ,job configuration below:

Conclusion

I think that jcasc is a feature that is worth applying because it makes Jenkins management much easier, and the need to quickly restore or go back to the previous configuration is trivial because we have everything in the git repository.

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store