book

Jenkins: The Definitive Guide

by John Ferguson Smart

July 2011

Intermediate to advanced

401 pages

11h 24m

English

O'Reilly Media, Inc.

Read now

Unlock full access

AudienceBook LayoutJenkins or Hudson?Font ConventionsCommand-Line ConventionsContributorsThe Review TeamBook SponsorsWakaleo ConsultingCloudBeesOdd-eUsing Code ExamplesSafari® Books OnlineHow to Contact UsAcknowledgments
IntroductionContinuous Integration FundamentalsIntroducing Jenkins (née Hudson)From Hudson to Jenkins—A Short HistoryShould I Use Jenkins or Hudson?Introducing Continuous Integration into Your OrganizationPhase 1—No Build ServerPhase 2—Nightly BuildsPhase 3—Nightly Builds and Basic Automated TestsPhase 4—Enter the MetricsPhase 5—Getting More Serious About TestingPhase 6—Automated Acceptance Tests and More Automated DeploymentPhase 7—Continuous DeploymentWhere to Now?
IntroductionPreparing Your EnvironmentInstalling JavaInstalling GitSetting Up a GitHub AccountConfiguring SSH KeysForking the Sample RepositoryStarting Up JenkinsConfiguring the ToolsConfiguring Your Maven SetupConfiguring the JDKNotificationSetting Up GitYour First Jenkins Build JobYour First Build Job in ActionMore Reporting—Displaying JavadocsAdding Code Coverage and Other MetricsConclusion
IntroductionDownloading and Installing JenkinsPreparing a Build Server for JenkinsThe Jenkins Home DirectoryInstalling Jenkins on Debian or UbuntuInstalling Jenkins on Red Hat, Fedora, or CentOSInstalling Jenkins on SUSE or OpenSUSERunning Jenkins as a Stand-Alone ApplicationRunning Jenkins Behind an Apache ServerRunning Jenkins on an Application ServerMemory ConsiderationsInstalling Jenkins as a Windows ServiceWhat’s in the Jenkins Home DirectoryBacking Up Your Jenkins DataUpgrading Your Jenkins InstallationConclusion
IntroductionThe Configuration Dashboard—The Manage Jenkins ScreenConfiguring the System EnvironmentConfiguring Global PropertiesConfiguring Your JDKsConfiguring Your Build ToolsMavenAntShell-Scripting LanguageConfiguring Your Version Control ToolsConfiguring SubversionConfiguring CVSConfiguring the Mail ServerConfiguring a ProxyConclusion
IntroductionJenkins Build JobsCreating a Freestyle Build JobGeneral OptionsAdvanced Project OptionsConfiguring Source Code ManagementWorking with SubversionWorking with GitInstalling the pluginSystem-wide configuration of the pluginSSH key setupUsing the pluginAdvanced per-project source code management configurationBranches to buildExcluded regionsExcluded usersCheckout/merge to local branchLocal subdirectory for repoMerge before buildPrune remote branches before buildClean after checkoutRecursively update submodulesUse commit author in changelogWipe out workspaceChoosing strategyGit executableRepository browserBuild triggersGerrit TriggerPost-build actionsPush only if build succeedsMerge resultsTagsBranchesGitHub pluginBuild TriggersTriggering a Build Job Once Another Build Job Has FinishedScheduled Build JobsPolling the SCMTriggering Builds RemotelyManual Build JobsBuild StepsMaven Build StepsAnt Build StepsExecuting a Shell or Windows Batch CommandUsing Jenkins Environment Variables in Your BuildsRunning Groovy ScriptsBuilding Projects in Other LanguagesPost-Build ActionsReporting on Test ResultsArchiving Build ResultsNotificationsBuilding Other ProjectsRunning Your New Build JobWorking with Maven Build JobsBuilding Whenever a SNAPSHOT Dependency Is BuiltConfiguring the Maven BuildPost-Build ActionsDeploying to an Enterprise Repository ManagerDeploying to Commercial Enterprise Repository ManagersManaging ModulesExtra Build Steps in Your Maven Build JobsUsing Jenkins with Other LanguagesBuilding Projects with GrailsBuilding Projects with GradleThe Gradle plugin for JenkinsIncremental buildsBuilding Projects with Visual Studio MSBuildBuilding Projects with NAntBuilding Projects with Ruby and Ruby on RailsConclusion
IntroductionAutomating Your Unit and Integration TestsConfiguring Test Reports in JenkinsDisplaying Test ResultsIgnoring TestsCode CoverageMeasuring Code Coverage with CoberturaIntegrating Cobertura with MavenIntegrating Cobertura with AntInstalling the Cobertura code coverage pluginReporting on code coverage in your buildInterpreting code coverage metricsMeasuring Code Coverage with CloverAutomated Acceptance TestsAutomated Performance Tests with JMeterHelp! My Tests Are Too Slow!Add More HardwareRun Fewer Integration/Functional TestsRun Your Tests in ParallelConclusion
IntroductionActivating Security in JenkinsSimple Security in JenkinsSecurity Realms—Identifying Jenkins UsersUsing Jenkins’s Built-in User DatabaseUsing an LDAP RepositoryUsing Microsoft Active DirectoryUsing Unix Users and GroupsDelegating to the Servlet ContainerUsing Atlassian CrowdIntegrating with Other SystemsAuthorization—Who Can Do WhatMatrix-based SecuritySetting up matrix-based securityFine-tuning user permissionsHelp! I’ve locked myself out!Project-based SecurityRole-based SecurityAuditing—Keeping Track of User ActionsConclusion
IntroductionEmail NotificationMore Advanced Email NotificationClaiming BuildsRSS FeedsBuild RadiatorsInstant MessagingIM Notification with JabberIM Notification using IRCIRC NotificationDesktop NotifiersNotification via NotifoMobile NotificationSMS NotificationMaking NoiseExtreme Feedback DevicesConclusion

IntroductionCode Quality in Your Build ProcessPopular Java and Groovy Code Quality Analysis ToolsCheckstylePMD/CPDFindBugsCodeNarcReporting on Code Quality Issues with the Violations PluginWorking with Freestyle Build JobsWorking with Maven Build JobsUsing the Checkstyle, PMD, and FindBugs ReportsReporting on Code ComplexityReporting on Open TasksIntegrating with SonarConclusion
IntroductionParameterized Build JobsCreating a Parameterized Build JobAdapting Your Builds to Work with Parameterized Build ScriptsMore Advanced Parameter TypesBuilding from a Subversion TagBuilding from a Git TagStarting a Parameterized Build Job RemotelyParameterized Build Job HistoryParameterized TriggersMulticonfiguration Build JobsSetting Up a Multiconfiguration BuildConfiguring a Slave AxisConfiguring a JDK AxisCustom AxisRunning a Multiconfiguration BuildGenerating Your Maven Build Jobs AutomaticallyConfiguring a JobReusing Job Configuration with InheritancePlugin SupportFreestyle JobsCoordinating Your BuildsParallel Builds in JenkinsDependency GraphsJoinsLocks and LatchesBuild Pipelines and PromotionsManaging Maven Releases with the M2Release PluginCopying ArtifactsBuild PromotionsAggregating Test ResultsBuild PipelinesConclusion
IntroductionThe Jenkins Distributed Build ArchitectureMaster/Slave Strategies in JenkinsThe Master Starts the Slave Agent Using SSHStarting the Slave Agent Manually Using Java Web StartInstalling a Jenkins Slave as a Windows ServiceStarting the Slave Node in Headless ModeStarting a Windows Slave as a Remote ServiceAssociating a Build Job with a Slave or Group of SlavesNode MonitoringCloud ComputingUsing Amazon EC2Setting up your Amazon EC2 build farmUsing EC2 instances as part of your build farmUsing dynamic instancesUsing the CloudBees DEV@cloud ServiceConclusion
IntroductionImplementing Automated and Continuous DeploymentThe Deployment ScriptDatabase UpdatesSmoke TestsRolling Back ChangesDeploying to an Application ServerDeploying a Java ApplicationUsing the Deploy pluginRedeploying a specific versionDeploying a version from a previous Jenkins buildDeploying a version from a Maven repositoryDeploying Scripting-based Applications Like Ruby and PHPConclusion
IntroductionMonitoring Disk SpaceUsing the Disk Usage PluginDisk Usage and the Jenkins Maven Project TypeMonitoring the Server LoadBacking Up Your ConfigurationFundamentals of Jenkins BackupsUsing the Backup PluginMore Lightweight Automated BackupsArchiving Build JobsMigrating Build JobsConclusion
Automating Your Tests with MavenAutomating Your Tests with Ant

Content preview from Jenkins: The Definitive Guide

Chapter 7. Securing Jenkins

Introduction

Jenkins supports several security models, and can integrate with several user repositories. In smaller organizations, where developers work in close proximity, security on your Jenkins machine may not be a large concern—you may simply want to prevent unidentified users tampering with your build job configurations. For larger organizations, with multiple teams, a stricter approach might be required, where only team members and system administrators are allowed to modify their build job configurations. And in situations where the Jenkins server may be exposed to a broader audience, such as on an internal corporate website, or even on the Internet, certain build jobs may be visible to all users whereas others will need to be hidden to unauthorized users.

In this chapter, we will look at how to configure different security configurations in Jenkins, for different environments and circumstances.

Activating Security in Jenkins

Setting up basic security in Jenkins is easy enough. Go to the main configuration page and check the Enable security checkbox (see Figure 7-1). This will display a number of options, that we will investigate in detail in this chapter. The first section, Security Realms, determines where Jenkins will look for users during authentication, and includes options such as using users stored in an LDAP server, using the underlying Unix user accounts (assuming, of course, that Jenkins is running on a Unix machine), or using a simple built-in ...