Jenkins

Hashicorp Vault & Jenkins What is HasiCorp Vault? It is an open-source tool that helps teams and projects manage and protect sensitive data and secrets. We want to store and use secrets from vault as much as possible to: Limit secret sprawl To make it easier to rotate secrets from a central place To have finer granularity on which pipelines have access to which secrets Limit secret exposure; If Jenkins server is compromised, the secrets aren’t also compromised Store the Jenkins Secret backup separately from the main backup. Setting up a hashicorp vault instance You can follow Vault’s official documentation to setup a vault instance or use Linode / AWS marketplaces to easi setup a configured instance. ...

I’ve setup a Jenkins server to manage CI/CD for my various projects, and I want to verify if my setup is overly insecure and what things I could do improve my setups security posture. This post will serve mainly as a guide and checklist for myself. Securing the Server I used the linode marketplace to setup my instance. Securing a server is a big topic, and for now, I just want to make sure the basics are covered: ...

Backing up Jenkins Now that I have a running Jenkins instance with a few pipelines setup, I would like to be able to easily recover my setup in case something happens to the main instance. Also, it’s good practice to regularly backup things like your configurations, Jenkins, and databases. But, what do you need to back up exactly? What to Backup It depends exactly on your specific use-case and needs. Do you need to restore the exact version of plugins you had installed? Do you need access to the builds history? Do you need access to old build artifacts? Logs? Jenkins has a guide that details the minimal amount you need to backup in order to restore your pipelines which is a good start. You can add more directories to backup, like jobs, workspaces, plugins, etc.. as the need comes up. I recommend taking time to truly think of your needs and only include what’s truly necessary. ...

Automating my operations - aka DevOps As part of my day job, I regularly interact with systems such as jenkins, terraform, ansible/salt, etc.. without really understand the full power of these systems and what they enable. Time to change and dive in deeper and actually use them for my personal projects. So, what are common tasks that I need to automate: Creating / Destroying the necessary infrastructure, such as setting up VM’s with a sane default firewall with all the common dependencies pre-built into the image or installed as part of user-data. Deploying the apps to the setup machines with any necessary configuration Shutting down and restarting services Updating configuration Deploying new changes to the machines Creating a staging/dev environment to test changes in before they are deployed to production. These tasks can usually be automated and managed via: ...