Jenkins Configuration as Code (a.k.a. JCasC) Plugin

Introduction

Setting up Jenkins is a complex process, as both Jenkins and its plugins require some tuning and configuration, with dozens of parameters to set within the web UI manage section.

Experienced Jenkins users rely on groovy init scripts to customize Jenkins and enforce desired state. Those scripts directly invoke Jenkins API and as such can do everything (at your own risk). But they also require you know Jenkins internals, and are confident in writing groovy scripts on top of Jenkins API.

The Configuration as Code plugin has been designed as an opinionated way to configure Jenkins based on human-readable declarative configuration files. Writing such a file should be feasible without being a Jenkins expert, just translating into code a configuration process one is used to executing in the web UI.

Below configuration file includes root entries for various components of your primary Jenkins installation. The jenkins one is for the root Jenkins object, and other ones are for various global configuration elements.

jenkins:
  securityRealm:
    ldap:
      configurations:
        - groupMembershipStrategy:
            fromUserRecord:
              attributeName: "memberOf"
          inhibitInferRootDN: false
          rootDN: "dc=acme,dc=org"
          server: "ldaps://ldap.acme.org:1636"

  nodes:
    - permanent:
        name: "static-agent"
        remoteFS: "/home/jenkins"
        launcher:
          jnlp:

  slaveAgentPort: 50000
  agentProtocols:
    - "jnlp2"
tool:
  git:
    installations:
      - name: git
        home: /usr/local/bin/git
credentials:
  system:
    domainCredentials:
      credentials:
        - certificate:
            scope: SYSTEM
            id: ssh_private_key
            keyStoreSource:
              fileOnMaster:
                keyStoreFile: /docker/secret/id_rsa

In addition, we want to have a well documented syntax file, and tooling to assist in writing and testing, so end users have full guidance in using this tool set and do not have to search for examples on the Internet.

Also see the presentation slides from DevOps World - Jenkins World 2018 for overview.

Getting Started

First, start a Jenkins instance with the Configuration as Code plugin installed.

• Those running Jenkins as a Docker container (and maybe also pre-installing plugins), do include Configuration as Code plugin.

Second, the plugin looks for the CASC_JENKINS_CONFIG environment variable. The variable can point to any of the following:

• Path to a folder containing a set of config files. For example, /var/jenkins_home/casc_configs.
• A full path to a single file. For example, /var/jenkins_home/casc_configs/jenkins.yaml.
• A URL pointing to a file served on the web. For example, https://acme.org/jenkins.yaml.

If CASC_JENKINS_CONFIG points to a folder, the plugin will recursively traverse the folder to find file (suffix with .yml,.yaml,.YAML,.YML), but doesn't contain hidden files or hidden subdirectories. It doesn't follow symbolic links.

If you do not set the CASC_JENKINS_CONFIG environment variable, the plugin will default to looking for a single config file in $JENKINS_ROOT/jenkins.yaml.

If everything was setup correctly, you should now be able to browse the Configuration as Code page with Manage Jenkins -> Configuration as Code.

Initial Configuration

When configuring the first Jenkins instance, browse the examples shown in the demos directory of this repository. If you have a plugin that does not have an example, consult the reference help document. Click the Documentation link at the bottom of the Configuration as Code page.

If you want to configure a specific plugin, search the page for the name of the plugin. The page will show you which root element belongs to the configuration. Most installed plugins belong under the unclassified root element.

Examples

LDAP

Replacing user interface based configuration for LDAP with the text based configuration.

jenkins:
  securityRealm:
    ldap:
      configurations:
        - groupMembershipStrategy:
            fromUserRecord:
              attributeName: "memberOf"
          inhibitInferRootDN: false
          rootDN: "dc=acme,dc=org"
          server: "ldaps://ldap.acme.org:1636"

Also see demos folder with various samples.

Documentation

You can find more documentation about JCasC here:

• Handling Secrets
• Exporting configurations
• Validating configurations
• Triggering Configuration Reload

The configuration file format depends on the version of jenkins-core and installed plugins. Documentation is generated from a live instance, as well as a JSON schema you can use to validate configuration file with your favourite YAML tools.

The JSON Schema documentation can be found here.

TODO: Provide a Dockerfile to generate documentation from specified jenkins-core release and plugins.

Installing plugins

We don't support installing plugins with JCasC you need to use something else for this,

Dockers users can use:
https://github.com/jenkinsci/docker/#preinstalling-plugins

Kubernetes users:
https://github.com/helm/charts/tree/master/stable/jenkins

Supported Plugins

Most plugins should be supported out-of-the-box, or maybe require some minimal changes. See this dashboard for known compatibility issues.

Configuration-as-Code extension plugins

• configuration-as-code-groovy-plugin
  Allows to specify groovy code that should run on during configuration.
• configuration-as-code-secret-ssm-plugin
  Allows to resolve secrets from AWS' SSM secrets
• hashicorp-vault-plugin
  Allows to resolve secrets from Hashicorp vault

Jenkins Enhancement Proposal

As configuration as code is demonstrated to be a highly requested topic in Jenkins community, we have published JEP 201 as proposal to make this a standard component of the Jenkins project. The proposal was accepted. 🎉