Jenkins¶
Upgrading Jenkins¶
Regular Jenkins maintenance is necessary to ensure security patches are up to date.
Follow these steps to update Jenkins:
Notify community that maintenance is about to begin
Put Jenkins into Shutdown mode (https://jenkins.example.org/quietDown)
yum update -y --exclude=jenkins(Do this step while waiting for Jobs to clear in shutdown mode.)yum update -yUpdate Jenkins plugins via Manage Jenkins > Manage Plugins
Ensure that you click “Download now and install after restart” but DO NOT check the “Restart Jenkins when installation is complete and no jobs are running” button.
Restart the server itself
systemctl rebootRemove Shutdown mode from Jenkins (https://jenkins.example.org/cancelQuietDown)
GitHub Configuration¶
Jenkins requires admin level configuration to work with GitHub.
Create a GitHub account for Jenkins to use
The user needs to have Full Admin access to the GitHub Organization that Jenkins will manage, this is so that Jenkins can automatically manage the hooks.
Navigate to
https://jenkins.example.org/configureUnder
GitHub Serversclick Advanced > Manage GitHub actions > Convert login and password to tokenChoose
From login and passwordand enter the github-jenkins account detailsClick Create token credentials
Under
GitHub Serversclick Add GitHub Server and configure the following:Name: <Leave blank> API URL: https://api.github.com Credentials: <Auto-generated token> Manage hooks: true GitHub client cache size (MB): 20
Click
Re-register hooks for all jobs
Security Configuration¶
Security recommendations for Jenkins.
Install the OWASP Markup Formater Plugin
Navigate to https://jenkins.example.org/configureSecurity/
Configure the following:
Enable
CSRF ProtectionwithDefault Crumb IssuerEnable
Agent -> Master Access ControlDisable
JNLP Protocol 1 - 3Enable
JNLP Protocol 4Set
Markup FormattertoSafe HTML