-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
17 changed files
with
138 additions
and
124 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,11 @@ | ||
# Jenkins CVEs | ||
CVE-2016-1000027 | ||
CVE-2024-22259 | ||
CVE-2024-22257 | ||
# Jenkins Plugin Manager CVEs | ||
CVE-2023-5072 | ||
GHSA-4jq9-2xhw-jpx7 | ||
CVE-2024-23898 | ||
CVE-2024-25710 | ||
CVE-2024-26308 | ||
CVE-2024-22201 | ||
CVE-2024-22243 | ||
# Fixed in 5.3.33 | ||
CVE-2024-22259 | ||
# Fixed in 5.7.12 | ||
CVE-2024-22257 | ||
CVE-2024-22262 | ||
# Jenkins Plugin Manager CVEs | ||
CVE-2016-1000027 | ||
CVE-2023-5072 | ||
CVE-2024-23898 | ||
# Other | ||
CVE-2023-45288 | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
# Backup and restore Jenkins | ||
A backup is a snapshot of the Jenkins data (jobs, configurations, secrets, plugins, etc.) at a given point in time. This backup can be used to: | ||
* Restore Jenkins to a previous stable state (during disaster recovery). | ||
* Migrate data to a new Jenkins charm instance. | ||
|
||
## Create a backup | ||
1. Create the backup script | ||
From [Backing-up/Restoring Jenkins](https://www.jenkins.io/doc/book/system-administration/backing-up/), This script backs up the most essential files as mentioned in the article: | ||
* The `master.key` file. | ||
* Job-related files in the `./jobs`, `./builds` and `./workspace` folders. | ||
* Plugins (`.hpi` and `.jpi` files) in the `./plugins` folder | ||
|
||
```bash | ||
cat <<EOF > backup.sh | ||
#!/bin/bash | ||
export JENKINS_HOME=/var/lib/jenkins | ||
export JENKINS_BACKUP=/mnt/backup | ||
echo "running backup as \$(whoami) in \$(pwd)" | ||
mkdir -p \$JENKINS_BACKUP | ||
cp \$JENKINS_HOME/secrets/master.key \$JENKINS_BACKUP | ||
cp -r \$JENKINS_HOME/jobs \$JENKINS_BACKUP | ||
cp -r \$JENKINS_HOME/builds \$JENKINS_BACKUP | ||
cp -r \$JENKINS_HOME/workspace \$JENKINS_BACKUP | ||
mkdir -p \$JENKINS_BACKUP/plugins | ||
cp -r \$JENKINS_HOME/plugins/*.hpi \$JENKINS_BACKUP/plugins | ||
cp -r \$JENKINS_HOME/plugins/*.jpi \$JENKINS_BACKUP/plugins | ||
chown -R 2000:2000\$JENKINS_BACKUP | ||
tar zcvf jenkins_backup.tar.gz --directory=/mnt backup | ||
EOF | ||
|
||
chmod +x backup.sh | ||
``` | ||
2. Transfer the backup script above to the running unit of the Jenkins-k8s charm and run it | ||
```bash | ||
JENKINS_UNIT=jenkins-k8s/0 | ||
juju scp --container jenkins ./backup.sh $JENKINS_UNIT:/backup.sh | ||
juju ssh --container jenkins $JENKINS_UNIT /backup.sh | ||
``` | ||
3. Retrieve the compressed backup file | ||
```bash | ||
JENKINS_UNIT=jenkins-k8s/0 | ||
juju scp --container jenkins $JENKINS_UNIT:/jenkins_backup.tar.gz jenkins_backup.tar.gz | ||
``` | ||
You now have the compressed Jenkins data on your host system. | ||
|
||
## Restore the backup on a new (or existing) charm instance | ||
1. Restore the backup on the Jenkins charm unit. | ||
```bash | ||
JENKINS_UNIT=jenkins-k8s/0 | ||
juju scp --container jenkins ./jenkins_backup.tar.gz $JENKINS_UNIT:/jenkins_backup.tar.gz | ||
juju ssh --container jenkins $JENKINS_UNIT tar zxvf jenkins_backup.tar.gz | ||
juju ssh --container jenkins $JENKINS_UNIT chown -R jenkins:jenkins /backup | ||
juju ssh --container jenkins $JENKINS_UNIT cp -avR /backup/* /var/lib/jenkins | ||
juju ssh --container jenkins $JENKINS_UNIT rm -rf /backup /jenkins_backup.tar.gz | ||
``` | ||
2. Restart pebble for the changes to take effect | ||
```bash | ||
juju ssh --container jenkins $JENKINS_UNIT pebble restart jenkins | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# How to redeploy Jenkins | ||
|
||
Redeployment is a process where the old charm instance is removed and data is migrated to a new charm instance. Redeploying the Jenkins charm consists of 3 steps: | ||
|
||
1. Create the new Jenkins charm instance | ||
```bash | ||
juju deploy jenkins-k8s jenkins-k8s-new | ||
``` | ||
2. Migrate Jenkins data | ||
See the `Migrate Jenkins data` section below. | ||
3. Remove the old Jenkins charm instance | ||
```bash | ||
juju remove-application jenkins-k8s | ||
``` | ||
|
||
### Migrate Jenkins data | ||
Follow the instructions in [the charm's documentation for backup and restore](https://charmhub.io/jenkins-k8s/docs/backup-and-restore-jenkins) to migrate the data to the new Jenkins charm instance. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,68 +1,17 @@ | ||
# How to resize the jenkins-home storage volume | ||
The default size of the jenkins-home storage volume for a fresh installation is 1GB. While this works for most scenarios, operators might need to have more storage for installing plugins, storing artifacts, and runninng builds/checking out SCMs on the built-in node. | ||
The default size of the jenkins-home storage volume for a fresh installation is 1GB. While this works for most scenarios, operators might need to have more storage for installing plugins, storing artifacts, and running builds/checking out SCMs on the built-in node. | ||
|
||
A low disk-space on the built-in node will cause the node to go offline, blocking jenkins from running jobs. | ||
A low disk-space on the built-in node will cause the node to go offline, blocking Jenkins from running jobs. | ||
|
||
## Create a backup | ||
From [Backing-up/Restoring Jenkins](https://www.jenkins.io/doc/book/system-administration/backing-up/), This script backs up the most essential files as mentioned in the article: | ||
* The `master.key` file. | ||
* Job-related files in the `./jobs`, `./builds` and `./workspace` folders. | ||
* Plugins (`.hpi` and `.jpi` files) in the `./plugins` folder | ||
### Create a backup of the current Jenkins charm instance | ||
Follow the `Create a backup` section of [the charm's backup and restore documentation](https://charmhub.io/jenkins-k8s/docs/backup-and-restore-jenkins) to create an archive of the Jenkins data on your host system | ||
|
||
### Deploy the new Jenkins charm instance, specifying the size of the storage volume | ||
Create a new application with the `--storage` flag. In this example we'll deploy the charm with a storage of 10GB | ||
```bash | ||
echo cat <<EOF > backup.sh | ||
#!/bin/bash | ||
export JENKINS_HOME=/var/lib/jenkins | ||
export JENKINS_BACKUP=/mnt/backup | ||
echo "running backup as \$(whoami) in \$(pwd)" | ||
mkdir -p \$JENKINS_BACKUP | ||
cp \$JENKINS_HOME/secrets/master.key \$JENKINS_BACKUP | ||
cp -r \$JENKINS_HOME/jobs \$JENKINS_BACKUP | ||
cp -r \$JENKINS_HOME/builds \$JENKINS_BACKUP | ||
cp -r \$JENKINS_HOME/workspace \$JENKINS_BACKUP | ||
mkdir -p \$JENKINS_BACKUP/plugins | ||
cp -r \$JENKINS_HOME/plugins/*.hpi \$JENKINS_BACKUP/plugins | ||
cp -r \$JENKINS_HOME/plugins/*.jpi \$JENKINS_BACKUP/plugins | ||
chown -R 2000:2000 $JENKINS_BACKUP | ||
tar zcvf jenkins_backup.tar.gz --directory=/mnt backup | ||
EOF | ||
|
||
chmod +x backup.sh | ||
``` | ||
1. Transfer the backup script above to the running unit of the Jenkins-k8s charm and run it | ||
```bash | ||
JENKINS_UNIT=jenkins-k8s/0 | ||
juju scp --container jenkins ./backup.sh $JENKINS_UNIT:/backup.sh | ||
juju ssh --container jenkins $JENKINS_UNIT /backup.sh | ||
``` | ||
2. Retrieve the compressed backup file | ||
```bash | ||
JENKINS_UNIT=jenkins-k8s/0 | ||
juju scp --container jenkins $JENKINS_UNIT:/jenkins_backup.tar.gz jenkins_backup.tar.gz | ||
``` | ||
3. With the data backed-up, we can remove the jenkins-k8s application. | ||
```bash | ||
JENKINS_APP=jenkins-k8s | ||
juju remove-application $JENKINS_APP | ||
juju deploy jenkins-k8s-new --storage jenkins-home=10GB | ||
``` | ||
|
||
## Restore the backup on a new charm instance | ||
1. When the application has been deleted, create a new application with the `--storage` flag. In this example we'll deploy the charm with a storage of 10GB | ||
```bash | ||
juju deploy jenkins-k8s --storage jenkins-home=10GB | ||
``` | ||
2. Wait for the charm to be ready, then restore the backup on the new unit. | ||
```bash | ||
JENKINS_UNIT=jenkins-k8s/0 | ||
juju scp --container jenkins ./jenkins_backup.tar.gz $JENKINS_UNIT:/jenkins_backup.tar.gz | ||
juju ssh --container jenkins $JENKINS_UNIT tar zxvf jenkins_backup.tar.gz | ||
juju ssh --container jenkins $JENKINS_UNIT chown -R jenkins:jenkins /backup | ||
juju ssh --container jenkins $JENKINS_UNIT cp -avR /backup/* /var/lib/jenkins | ||
juju ssh --container jenkins $JENKINS_UNIT rm -rf /backup /jenkins_backup.tar.gz | ||
``` | ||
3. Finally restart pebble | ||
```bash | ||
juju ssh --container jenkins $JENKINS_UNIT pebble restart jenkins | ||
``` | ||
### Restore the created backup onto the newly created Jenkins charm instance | ||
Follow the `Restore the backup on a new (or existing) charm instance` section of [the charm's backup and restore documentation](https://charmhub.io/jenkins-k8s/docs/backup-and-restore-jenkins) to create an archive of the Jenkins data on your host system. Remember to update the `JENKINS_UNIT` environment variable. For our example we have `JENKINS_UNIT=jenkins-k8s-new/0` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# External access | ||
The Jenkins charm requires access to the following domains to install Jenkins and its plugins: | ||
|
||
* `jenkins-ci.org` | ||
* `updates.jenkins-ci.org` | ||
* `jenkins.io` | ||
* `updates.jenkins.io` | ||
* `.mirrors.jenkins-ci.org` | ||
* `fallback.get.jenkins.io` | ||
* `get.jenkins.io` | ||
* `pkg.jenkins.io` | ||
* `archives.jenkins.io` | ||
* `pkg.origin.jenkins.io` | ||
* `.mirrors.jenkins.io` | ||
* `www.jenkins.io` | ||
|
||
Depending on the localisation, some region-specific external mirrors might also be used. You can find more information on the [list of mirrors for Jenkins](https://get.jenkins.io/war/2.456/jenkins.war?mirrorstats). | ||
|
||
Some plugins can also require external access, such as `github.com` for the [Github branch source plugin](https://plugins.jenkins.io/github-branch-source/). Or an external Kubernetes cluster if you are using the [Kubernetes plugin](https://plugins.jenkins.io/kubernetes/). Refer to the documentation of the plugin for more details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
cosl==0.0.11 | ||
jenkinsapi==0.3.13 | ||
jsonschema==4.21.1 | ||
ops==2.12.0 | ||
jsonschema==4.22.0 | ||
ops==2.13.0 | ||
pydantic==1.10.15 | ||
requests==2.31.0 | ||
requests==2.32.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.