jenkins (Publish with SSH Plugin) - jenkins

I want to build my maven project in Jenkins and copy all the the jar files to a remote Unix machine.
Also I want to connect to a LDAP data Store and start the services and test if the services are up and running
Basically I want to do the following tasks after my project is successfully build in Jenkins:-
1)Copy current version of my project to designated machine and location
2)Copy configure to connect to a designated integration test DS
3)Start the services in my project
4)Test that it is running.
Can I achieve this by Publish over SSH plugin provided in jenkins??
Or Shall I create some scripts which can automate the above tasks.The reason I am asking this is because I am not very familiar with Jenkins and Unix scripting.
Is there any good approach to do this task.
Thanks in advance.
Ansia

The Publish over SSH plugin will allow you copy files to remote server and execute arbitrary commands on the remote server.
Question is - do you know how you would achieve the following on the remote server?
2)Copy configure to connect to a designated integration test DS
3)Start the services in my project
4)Test that it is running
If yes, just enter those commands into Publish over SSH configuration. Or provide a script to be executed.
If you don't know how to achieve that, then that's a separate question.

Yes, you can use the publish over ssh plugin to copy the jars, and execute a script which launches your services. Take a look here to see how to launch a script "in the background" so it does not get killed when the session ends or to avoid blocking the Jenkins build by making it wait for the script to finish executing
Can't say much about LDAP as I haven't used it but depending on your needs I guess you could create a basic helper-jar with spring-ldap or any other similar library.

Related

Unable to open GUI Application through Jenkins

I'm new to Jenkins, I've created a Jenkins freestyle job used necessary plugins to invoke desktop application. When I execute the job with user credentials, I cannot see the application but application got up and logged on with user credentials. I'm doing GUI Automation which causes failures all the times when I try to run the job.
I created a batch file on HOST, calling the batch file through Jenkins. I have tried injecting the environment for job. I have enabled interactive services and Jenkins-slave on HOST machine. I tried to change NT/System user to Specific user. I enabled interactive services in both conditions. I'm not sure what I'm missing here. Do I need to install anything else, so far I have Jenkins-slave.exe on my HOST, I managed to generate executable Jar file using that.
Any help on this will be appreciated.
I'm calling the batch file, Jenkins cannot find the application opening apparently, it returning error as None type Object(Python) as described in screenshot.errors on Jenkins Job execution
I had a similar issue when I was trying to run Selenium UI Test on Windows Slave.
When the Slave is connected to Windows as a Service, then it does not bring up the application in foreground. It runs only in background even if you enable the service to interact with the desktop.
I had to change my browser to headless browser and then my test cases were passed in background mode.
My Old Question

Deploy web app via Jenkins

I have recently started to mess about with Jenkins and am unsure how to deploy my web app to a basic server. I've gotten into the Pipeline (https://jenkins.io/doc/book/pipeline/) and it seems like a fantastic way to work.
Where I'm a bit stuck is in two spots:
Once my repo is in my workspace within Jenkins, how do I prep it so I am only deploying the files necessary for the application? For example, I don't need my src/ directory or my Vagrantfile when I'm deploying things.
How do I deploy my app to the server? I see examples all over the place, but I am getting a bit lost since there seems to be so many ways to do this. I'm assuming scp or something like that...?
To build off of #2, is there a way to deploy web apps as transactions (in one shot) rather than file-by-file?
Please let me know if I can provide any information for potential answers!
I can't speak to your specific use case but a common way to do this is the build-and-deploy model, where you will have 2 Jenkins jobs. The "build" job will check out from source, run build commands such as maven or make, and lastly will "archive" the build artifacts. The latter is an option under the 'post-build actions' tab at the bottom.
In the "deploy" job, you will grab the artifacts of your choice. You can fetch a single file, all of them, and everything in between. This requires use of the 'Copy Artifact' plug-in and it allows you to copy files generated by other jobs. Now you can run your usual deploy script in the 'Execute Command' box. Most command line paradigms are supported out of the box such as setting environment variables.
The instructions above assume that you want to run your application off of a host that you've provisioned as a Jenkins slave.
Use artifacts as mentioned by Paul Back, or a 3rd party artifactory server as in video
This is always tricky and error-prone. Why not spin up a fresh server with new release (humanly verified once)
Jenkins & Ansible is the answer here. This is how I deploy to production, since I am in no need to use anything like Docker (too many issues with particular app) so have to run the app natively. Quick example would be
You monitor a specific branch in gitlab / github or whatever else and then call a webhook on push / merge etc on that branch, at this point you deal with anything you need to do by running a playbook on the jenkins job that monitors that branch (jenkins).
in my case jenkins and ansible run on the same server. Jenkins runs the ansible playbook that does whatever I need to do.
for example with ansible, I copy certain files that need to be there, run configs / change filenames etc. setup nginx, run composer,
you get the point.

How to modify jenkins Web Interface to pick artifacts to publish?

I have an project to upgrade my jenkins. So the problem is I use jenkins plugins called "Publish over ssh". As I read that plugin can publish our artifactory file to another server by ssh connection. But in the configuration it always run after our job finised. So every jobs that I run, always publish to server.
So, I want to ask, how can I pick which build history artifacts that I want to publish? and it can publish when I want to publish. And then I have an Idea to adding button in jenkins web interface, to trigger adding job configuration, build it, and publish it over SSH. But, I don't know how to modify jenkins web interface. My server use tomcat, that run java ".war" file.
So, do you all have suggestion for my problem, how to modify jenkins web interface, or how to pick certain build artifacts?
Thanks...

How can we execute Jenkins job using other user credential

I need to execute few of the Jenkins jobs such as "Release to Production" through Jenkins UI using logged on user credential. The reason is, we have separate Support Team Members, who have access to the production boxes and not the Dev team members. So, in order to deploy any code base to production, all the Windows Deploy Commands (ex, create, update files, folder etc.) needs to be run with specific user credential who has access to the Production Box. So that even the Dev team members who don't have access to the Production box but are Jenkins Admin, execute the same job should result in failure due to "Access Denied". The job should succeed only if its been run by Support Team members with their credential.
I tried using parameterized plugin but couldn't able to pass the Password successfully to the batch file which contains MSDeploy instructions. Even the Jenkins console log displays the parameter passed in its console output, which is a security issue.
I checked Role based security plugin, but that doesn't help me much. I just need a plugin which should ask for user to provide their credential before start building the Job and should use the user credential to get the job executed, so that my MSDeploy command will be able to deploy the code on Production boxes, when the Support team member build that Job using their credential. I wish there was support for impersonation.
Right now all the Jenkins Jobs are getting executed using the service account which the Tomcat service is configured to run with on which Jenkins is hosted.
Any help would be appreciated.
Just in case there is any confusion a Jenkins job will always run as the same OS user. The Matrix based security applies to users who log into the Jenkins server and controls features like creating or launching jobs.
You could configure the job to use a set of generic production credentials and then prevent your developers from invoking the job.
Perhaps a better approach would be to separate the process that builds the code from the one that deploys the code. The following diagram (Taken from the xebia-france project) demonstrates how some of my favourite tools Rundeck and Nexus can be integrated with Jenkins.
Finally, I highly recommend reading the following link:
Using Rundeck and Chef to build devops tool chains
Hi I know I'm coming late on this thread, but I just fell on this issue and had a hard time solving it, so I thought I might just share what I managed to set-up.
First things first: if you want to run a Jenkins job "as a specific user" (with all the correct habilitations) the easiest way is to run a Jenkins SLAVE as this user.
Then you might very well stumble into the following: you probably want to run serveral slaves on the same windows machine as windows services. This is very fine, as long as each slave has his own Remote root directory and probably have a specific "label" too.
Once you managed to run your slave as a windows service, launch the service console (run services.msc). Edit the newly created service properties, go to Log On tab. Select "Log on as: This account" and enter your account credentials.
Cheers :)
You can utilize the built in windows runas or Powershell InvokeCommand cmdlet and -Credential to run - Both these would store the username/password in plain text - So do think about the risks, but this gives you flexibility.
I'm surprised this doesn't have a better answer of set an agent on another machine to run as another service and define agent as a special "type" which picks up the jobs - Something along those lines is what I would expect but I haven't seen an implementation like that in Jenkins (I'm new to Jenkins so was looking for an answer and found this thread).
Something else that could be considered for someone more familiar with Jenkins is when you set the custom path to MSBuild could you set that to runas /user:... msbuild.exe perhaps? I don't have an extra Jenkins server currently to try that on.

Need help on automating QA, Stage, Prod delpoy using Jenkins\Hudson

We are using Hudson as a CI tool. At present we are needed to use Jenkins, to deploy the build to Stage, Prod environment. What is the best aproach we should follow.
I know about promote buld plugin, but the issue is authentication. I want whevener we need to promote a build to deploy to Stage or Prod, it should ask for netqwork credential first. And then the promote job should execute the Batch command using the creadential supplied. At present, the promote plugin, runs using the credentials which the Tomcat server is configured to run.
Same issue with Build Pipeline plugin.
I want only dev or even hudson admin also should not be able to execute the promote build unless credential supplied. (We have windows 2008 r2 OS)
Can you please help me in resolving the issue. so that basically whenever a user click on Promote build to QA\Stage\Prod the plugin should ask for credential or should use the logged on users credential and execute the batch script using the logged users credential only and not by using the credentials of the account with which the tomcat server is configured.
Can you please help me?
Please suggests us the best aproach for making automated build on prod\stage.
For deployment I normally use SSH, Private/Public keys takes care of the authentication problems normally associated with running commands on other servers.
SSH is normally associated with unix based systems, but it does support windows.
Finally, I would recommend considering decoupling your build system (jenkins) from the system performing the deployment by using an intermediate repository. See the following answer for more details:
Jenkins : how to check out artifact from Nexus and Deploy on Tomcat-

Resources