/configuration-as-code-plugin

Jenkins Configuration as Code Plugin

Primary LanguageJava

Jenkins Configuration as Code Plugin

logo

Introduction

Setting up Jenkins is a complex process, as both Jenkins and it's plugin require some tunning and configuration, with dozen parameters to set within the web UI manage section.

Experimented Jenkins users rely on groovy init scripts to customize jenkins and enforce desired state. Those scripts directly invoke Jenkins API and as such can do everything (at your own risks). But they also require you know Jenkins internals, and are confident in writing groovy scripts on top of Jenkins API.

Configuration-as-Code plugin has been designed as an opinionated way to configure jenkins based on human-readable declarative configuration files. Writing such a file should be feasible without being a Jenkins expert, just translating into code a configuration process one is used to execute in the web UI.

So, we are trying to replace this :

configuration form

with this :

jenkins:

  securityRealm:
    ldap:
      configurations:
        - server: ldap.acme.com
          rootDN: dc=acme,dc=fr
          managerPasswordSecret: ${LDAP_PASSWORD}
      cache:
        size: 100
        ttl: 10
      userIdStrategy: CaseSensitive
      groupIdStrategy: CaseSensitive

In addition, we want such a file to have a well documented syntax, and tooling to assist in writing and testing, so end-users have full guidance in using this toolset and don't have to search stackoverflow for samples.

Jenkins Enhancement Proposal

As Configuration-as-code demonstrated to be a highly requested topic in Jenkins community, we have published JEP 201 as proposal to make this a standard component of the Jenkins project.

Current status : proposal accepted.

Releases

There's no release yet.

Examples

Configuration file do include root entries for various components of your jenkins master installation. the jenkins one is for the root jenkins object, and other ones are for various global configuration elements.

jenkins:
  securityRealm:
    (...)
  
  nodes:
    slave:
      name: "static-slave"
      remoteFS: "/home/jenkins"
      launcher: "jnlp"
      
  slaveAgentPort: 50000
  agentProtocols:
    - "jnlp2"    
      
tool:
  git:
    installations:
      - name: git
        home: /usr/local/bin/git

mailer:
  adminAddress: admin@acme.org
  replyToAddress: do-not-reply@acme.org
  smtpHost: smtp.acme.org
  smtpPort: 4441
  
credentials:
  system:
    ? # "global"
    : - certificate:
          scope:    SYSTEM
          id:       ssh_private_key
          keyStoreSource: 
            fileOnMaster:
              keyStoreFile: /docker/secret/id_rsa

Also see demos folder with various samples.

Full documentation

The configuration file format depends on the version of jenkins-core and installed plugins. Documentation is generated from a live instance, as well as JSON-schema you can use to validate configuration file with your favourite yaml tools.

TODO provide a dockerfile to 'build' this documentation from specified jenkins-core release and plugins.

Supported plugins

Here is a list of plugin we have successfuly tested to support configuration-as-code approach :

  • active directory plugin (details)
  • artifactory plugin (details)
  • credentials plugin (details)
  • docker plugin (details)
  • git plugin (details)
  • ldap plugin (details)
  • mailer plugin with some limitations (details)
  • tfs plugin with some limitations (details)
  • workflow-cps-global-lib aka "global libraries" (details)
  • more to come soon...