Jenkins Configuration As Code

Photo by Markus Spiske on Unsplash

What Exactly is JCasC ?

This is a plugin that encodes all Jenkins settings and allows us to manage Jenkins settings without clicking on the GUI. This is quite advantageous when we have a fairly extensive configuration of our Jenkins, and it is especially useful in the case of a restore.

jenkinsci/configuration-as-code-plugin

Environment

• Vagrant
• Ubuntu 18.04 + Docker
• Jenkins docker image

Let’s Start

Run sample full environment which can be found at this link

C:\Temp
λ git clone https://github.com/spy86/jenkins-as-code-docker-demo.git
C:\Temp
λ cd jenkins-as-code-docker-demo\
C:\Temp\jenkins-as-code-docker-demo (master -> origin)
λ vagrant up

After a while, the ready environment should start with Jenkins, and we can login into Jenkins. Open URL http://192.168.123.123:8089/ you should see one job SeedJob on the dashboard, and access for all options.

Jenkins configuration explanation

The configuration of Jenkins based on the jcasc plugin is divided into individual sections that are responsible for the configuration of individual functionalities in Jenkins. Below there are few important sections:

• jenkins: The main element of the configuration in which we configure most of the options

Example code:

jenkins:
  systemMessage: "Jenkins configured automatically by Jenkins Configuration as Code plugin\n\n"
  globalNodeProperties:
  - envVars:
      env:
      - key: VARIABLE1
        value: example1
      - key: VARIABLE2
        value: example2
  numExecutors: 1
  crumbIssuer:
    standard:
      excludeClientIPFromCrumb: false
  remotingSecurity:
    enabled: false
  securityRealm:
    ldap:
      configurations:
        - groupMembershipStrategy:
            fromUserRecord:
              attributeName: "memberOf"
          inhibitInferRootDN: false
          rootDN: "dc=acme,dc=org"
          server: "ldaps://ldap.acme.org:1636"

• tool: The element that is for the tool configurations that are used globally by all jobs/pipelines

Example code:

tool:
  git:
    installations:
      - name: default-git
        home: /usr/bin/git

• credentials: The element that is used for the credentials configuration (RSA keys, Logini, password, secret string etc.)

Example code:

credentials:
  system:
    domainCredentials:
      - credentials:
          - usernamePassword:
              scope: GLOBAL
              id: "github-token"
              username: "CHANGE_ME"
              password: "CHANGE_ME"
              description: "GitHub Token"
          - string:
              scope: GLOBAL
              id: "slack-token"
              secret: "CHANGE_ME"

How trigger configuration reload ?

After changes in the configuration file, you should reload the configuration, otherwise the changes will not be visible. This can be done in several ways

• From GUI go to: Manage Jenkins -> Configuration -> Reload existing configuration
• From http POST to http://192.168.123.123:8089/configuration-as-code/reload

⚠️ It must contain valid CRUMB and authentication information like username + token of a user with administrator privileges.

• From Jenkins-cli
• From Jenkins pipeline with using simple groovy script

import io.jenkins.plugins.casc.ConfigurationAsCode;
ConfigurationAsCode.get().configure()

I think the best solution is to create a freestyle job that will checkout our configuration to the directory from which we load the yml file and the reload configuration. This job will be required plugin Groovy ,job configuration below:

Conclusion

I think that jcasc is a feature that is worth applying because it makes Jenkins management much easier, and the need to quickly restore or go back to the previous configuration is trivial because we have everything in the git repository.