How to upgrade Jenkins

Jenkins regularly releases new versions. To upgrade Jenkins

On Linux

To install the Generic Java Package (.war)

  1. Write down the current version of Jenkins you have on your server
  2. Download the Jenkins “Generic Java Package (.war)” file from https://jenkins.io/download/to your workstation
  3. Upload the installer to Artifactory or other HTTP repository
  4. SSH into the Jenkins server
  5. Switch to sudo mode
  6. Stop the Jenkins service with
    service jenkins stop
  7. Navigate to the Jenkins directory
    cd /usr/lib/jenkins/
  8. Rename the current Jenkins .war file to include the version, so you can restore it if the new version does not work as expected
    mv jenkins.war jenkins_2.46.3.war
  9. Download the Jenkins war file from Artifactory
    url -O http://THE_IP_ADDRESS_OF_THE REPOSITORY/.../jenkins.war
  10. Start the Jenkins service
    service jenkins start

 

Add SSH key to a Jenkins Git step

To access a Git repository Jenkins can use an SSH key.

To add the SSH key to the Jenkins server use the following Chef script

Store the SSH key in an encrypted data bag called “keys”.

{
 "id": "ci_private_keys",
 "ci_github_key": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----",
}

 

Add the following to the Jenkins Chef recipe

  • Install Git
package 'git'
  • Install the Git and Credentials Jenkins plugins
jenkins_plugin 'git'
jenkins_plugin 'credentials'
  • Copy the SSH key to the Jenkins server
rsa_key = data_bag_item('keys', 'ci_private_keys')
file '/var/lib/jenkins/.ssh/id_rsa' do
  content "#{rsa_key['ci_github_key']}"
  owner 'jenkins'
  group 'jenkins'
  mode '0600'
end
  • Add github.com to the known hosts
bash 'provide github.com RSA fingerprint' do
  code <<-EOF
   ssh-keyscan github.com >> /var/lib/jenkins/.ssh/known_hosts
   chown jenkins.jenkins /var/lib/jenkins/.ssh/known_hosts
  EOF
  not_if{system('grep github.com /var/lib/jenkins/.ssh/known_hosts')}
end

 

To specify the SSH key in the Git step

  1. When the Jenkins server is operational, navigate to the Web interface
  2. Create a new Jenkins project
  3. In the Source Code Management section
    1. Select Git
    2. Enter the SSH URL of the repository
    3. When you are adding the first project, click the Add button to create the credential

      1. Click Jenkins to select the credentials provider
      2. Select SSH Username with private key as the Kind
      3. Enter the username you used when you created the SSH key for the Git repository
      4. Select From the Jenkins master ~/.ssh as the Private Key
      5. Click the Add button
    4. In the Credentials drop down select the credential you have created (the Git user name)

 

How to secure Jenkins

When you install Jenkins, the default settings allow anyone to sign up and administer it. There are many ways to secure Jenkins, the simplest is to disable the user sign up and require login to administer the server.

  1. Click sign up in the upper right corner and create an account for yourself
  2. On the Jenkins Dashboard select Manage Jenkins
  3. On the Manage Jenkins page select Configure Global Security
  4. Make sure the circled items are set according to the picture below.