Jenkins Administrator’s Guide: Install, manage, and scale a CI/CD build and release system to accelerate your product life cycle
- Length: 436 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2021-12-24
- ISBN-10: 1838824324
- ISBN-13: 9781838824327
- Sales Rank: #2089102 (See Top 100 Books)
Build and manage a production Jenkins instance, complete with CI/CD pipelines using GitHub and Docker Hub, Jenkins Configuration as Code, Shared Libraries, Script Security, and optimization guides
Key Features
- Set up production-grade Jenkins and CI/CD pipelines with GitHub and Docker Hub integrations
- Manage, protect, and upgrade a production Jenkins instance regardless of its size and the number of users
- Scale a Jenkins instance using advanced optimization tips, tricks, and best practices
Book Description
Jenkins is a renowned name among build and release CI/CD DevOps engineers because of its usefulness in automating builds, releases, and even operations. Despite its capabilities and popularity, it’s not easy to scale Jenkins in a production environment. Jenkins Administrator’s Guide will not only teach you how to set up a production-grade Jenkins instance from scratch, but also cover management and scaling strategies.
This book will guide you through the steps for setting up a Jenkins instance on AWS and inside a corporate firewall, while discussing design choices and configuration options, such as TLS termination points and security policies. You’ll create CI/CD pipelines that are triggered through GitHub pull request events, and also understand the various Jenkinsfile syntax types to help you develop a build and release process unique to your requirements. For readers who are new to Amazon Web Services, the book has a dedicated chapter on AWS with screenshots. You’ll also get to grips with Jenkins Configuration as Code, disaster recovery, upgrading plans, removing bottlenecks, and more to help you manage and scale your Jenkins instance.
By the end of this book, you’ll not only have a production-grade Jenkins instance with CI/CD pipelines in place, but also knowledge of best practices by industry experts.
What you will learn
- Set up a production-grade Jenkins instance on AWS and on-premises
- Create continuous integration and continuous delivery (CI/CD) pipelines triggered by GitHub pull request events
- Use Jenkins Configuration as Code to codify a Jenkins setup
- Backup and restore configurations and plan for disaster recovery
- Plan, communicate, execute, and roll back upgrade scenarios
- Identify and remove common bottlenecks in scaling Jenkins
- Use Shared Libraries to develop helper functions and create new DSLs
Who this book is for
This book is for both new Jenkins administrators and advanced users who want to optimize and scale Jenkins. Jenkins beginners can follow the step-by-step directions, while advanced readers can join in-depth discussions on Script Security, removing bottlenecks, and other interesting topics. Build and release CI/CD DevOps engineers of all levels will also find new and useful information to help them run a production-grade Jenkins instance following industry best practices.
Table of Contents
- Jenkins Infrastructure with TLS/SSL and Reverse Proxy
- Jenkins with Docker on HTTPS on AWS and inside a Corporate Firewall
- GitOps-Driven CI Pipelines with GitHub
- GitOps-Driven CD Pipelines with Docker Hub and More Jenkinsfile Features
- Headfirst AWS for Jenkins
- Jenkins Configuration as Code (JCasC)
- Backup and Restore and Disaster Recovery
- Upgrading the Jenkins Controller, Agents, and Plugins
- Reducing Bottlenecks
- Shared Libraries
- Script Security
Foreword
Contributors
About the authors
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1 Jenkins Infrastructure with TLS/SSL and Reverse Proxy
Technical requirements
Why Jenkins?
Searching for answers online with Jenkins keywords
Understanding the Jenkins architecture
Controller
Domain name, TLS/HTTPS, load balancer, and reverse proxy
Agents
Bringing it all together
AWS: FAQs, routing rules, EC2 instances, and EIPs
EC2 instance types and sizes
Regions and Availability Zones
Routing rules
EC2 instances and EIPs
Installing Docker on our VMs
Acquiring domain names and TLS/SSL certificates
Domain names
TLS/SSL certificates
Storage concerns
IOPS benchmarks using fio
EC2 and EBS
The IT VM's disk
NFS/SAN
Physical disks
Review
Summary
2 Jenkins with Docker on HTTPS on AWS and inside a Corporate Firewall
Technical requirements
Running a Jenkins controller with Docker on HTTPS
Custom image to match the UID/GID for a bind mount
Running Jenkins
Reverse proxy and TLS/SSL termination options
TLS termination at the reverse proxy
Terminating the TLS certificate directly on the Jenkins controller
Installing plugins and configuring Jenkins
Installing more plugins
Configure System
Configure Global Security
Configure Global Credentials
Installing even more plugins
Attaching SSH and inbound agents
SSH agent
Inbound agent
Labels and Usage
Creating a secure Docker Cloud
Generating a CA, server certificates, and client certificates
Storing the certificates
Configuring the Docker service
Configuring Jenkins
Summary
3 GitOps-Driven CI Pipeline with GitHub
Technical requirements
Project overview
Creating two sets of projects and users in Jenkins
Creating a static pipeline for build and unit tests
Displaying test results and a code coverage report
Creating a premerge CI pipeline with GitHub PR hooks
GitHub personal access token
GitHub Pull Request Builder System Configuration
Configuring the premerge trigger
Testing the premerge trigger
Building the PR branch
Building an arbitrary branch
Requiring a successful build for a merge
Summary
4 GitOps-Driven CD Pipeline with Docker Hub and More Jenkinsfile Features
Technical requirements
Project overview
Packaging the Docker image and running integration tests
Versioning Git and Docker using Semantic Versioning
Using more Jenkinsfile features with DooD and bare-metal agents
agent none, buildDiscarder options, and credentials in environment variables
Using a custom Dockerfile for a dockerfile agent and running Groovy code in a script block
Docker-outside-of-Docker in Jenkins
Variable handling, Docker Hub login, and docker push
Bare-metal agents, Groovy language features, and alternate ways to run Docker and handle credentials
post
Saving the files, making a PR, and merging
Creating a static pipeline for packaging, integration tests, and delivery
Creating a postmerge CD pipeline with a GitHub webhook and polling
Configuring the postmerge trigger
Testing the postmerge trigger
Summary
5 Headfirst AWS for Jenkins
Technical requirements
Logging in to AWS
Navigating the AWS console
Important notes
EC2 instances and EIPs
Step 1 – Create an SSH key pair
Step 2 – Create a security group
Step 3 – Create an EC2 instance
Step 4 – Create and attach an EIP
Let's Encrypt
Manual verification
Automated verification for AWS Route 53
Setting up an application ELB for the AWS Jenkins controller
Step 1 – Create a TLS certificate in AWS Certificate Manager
Step 2 – Create a security group
Step 3 – Create an ALB
Other DNS providers
Summary
6 Jenkins Configuration as Code (JCasC)
Technical requirements
Downloading and understanding the current configuration
User passwords aren't codified
Secrets aren't portable
Most entries are auto-generated defaults
Converting controller configuration to JCasC
Converting agent configuration to JCasC
Converting Docker cloud configuration to JCasC
Converting the pipeline configurations to JCasC
Redeploying Jenkins using JCasC
Reverting back to the original Jenkins
Retrospective
Advanced: CasC Plugin – Groovy Scripting Extension
Summary
7 Backup and Restore and Disaster Recovery
Technical requirements
A small change for testing backup and restore
Backup strategies
Snapshotting the entire disk as an image
Saving the directory content as files
Backing up a large Jenkins instance
Deciding which files to back up and at what frequency
Directories for live backup
Backing up and restoring with the ThinBackup plugin
Moving the backup archives out of the disk
Experimenting with ThinBackup
Restoring a backup using ThinBackup
Configuring ThinBackup
Disaster recovery from a user mistake
Disaster
Recovery
Disaster recovery from an infrastructure failure
Summary
8 Upgrading the Jenkins Controller, Agents, and Plugins
Technical requirements
Understanding the challenges of plugin version management
Upgrading to the next immediate LTS version of Jenkins
Upgrading while skipping many versions of LTS releases
Pitfalls of preinstalling failed plugins
Upgrade strategies
Upgrade strategy for a small- to medium-scale Jenkins instance
Upgrade strategy for a large-scale Jenkins instance
Upgrading plugins using Plugin Manager
Upgrading the controller
Announcing the upgrade plans to the users
Building a new controller image
Pre-upgrade checklist
Finally, the actual upgrade
Summary
9 Reducing Bottlenecks
Technical requirements
Recommendations for hosting Jenkins to avoid bottlenecks
General server recommendations
How to keep Jenkins memory footprint light
Memory and garbage collection tuning
Periodic triggers versus webhook triggers297
Tracking operational costs in the cloud
Quick performance improvements in an existing Jenkins instance
GitHub Pull Request Builder plugin boot optimization
Frontpage load delay due to the "weather" health display
Pipeline speed/durability settings
Improving Jenkins uptime and long-term health
What is a periodic maintenance job and how do you create one?
Terminating long-running pipelines
Releasing stale locks in lockable resources from force killing builds
Log cleanup for beginners
Log cleanup for multibranch pipeline job types
Avoiding and reducing the use of echo step
CPU bottleneck: NonCPS versus CPS pipeline as code
Pre-compiling all NonCPS code as an external jar
Including a NonCPS library as a plugin
Controller bottlenecks created by an agent
Defining agent and controller interaction bottlenecks
Agent booting start up bottleneck
Stashing and archiving artifacts
Storing controller and agent logs in CloudWatch
Pipeline Logging over CloudWatch plugin
Controller logging over CloudWatch
AWS IAM roles for controller and agent CloudWatch logging
Other ways to reduce agent log output
Strategy – Writing logs to the agent disk
Drawbacks: Writing logs to the agent disk
Summary
10 Shared Libraries
Technical requirements
Understanding the directory structure
Creating a shared library
Providing shared libraries
Folder-level shared libraries
Global shared libraries
Using shared libraries
Static loading
Dynamic loading
Use cases
Code reuse via global variables – Pre-formatted Slack messages
Advanced – Custom DSL
Summary
11 Script Security
Technical requirements
Administrator versus non-administrator
Outside the Groovy sandbox
Direct pipeline
Global shared library
Inside the Groovy sandbox
Approve assuming permission check
Identity crisis – everyone is a SYSTEM user380 Where the SYSTEM user can do things
What the SYSTEM user can do everywhere
Understanding why the Authorize Project plugin is needed
Configuring the Authorize Project plugin
Thoughts on disabling Script Security
Summary
IndexDonate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Jenkins Administrator’s Guide: Install, manage, and scale a CI/CD build and release system to accelerate your product life cycle, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.
Build AI-Enhanced Audio Plugins with C++
