Best Practices for Mission-Critical Jenkins

Jenkins User Conference New York, May 17 2012 #jenkinsconf

Best Practices for a Mission-
Critical Jenkins

Mike Rooney
Consultant/Jenkins Connoisseur

http://linkedin.com/in/mcrooney


Jenkins Uses

Genius.com
– staging deployment, code reviews,
automated branching and merging, monitors
Canv.as
– continuous deployment, scoring, monitoring,
newsletter mailing
Conductor
– environment creation, staging / prod
deployment, selenium monitoring


Hand-check: How critical is your Jenkins?


What problems have you faced?


Problems
disk failure / data loss
hardware failure / downtime
load / latency


Solution
make Jenkins instance trivial to respin
– ideally a one-liner that even handles DNS
– “create.sh jenkins”


Persistence
$JENKINS_HOME
– plugins, users, jobs, builds, configuration


Persistence
git / svn
– make $JENKINS_HOME a checkout
– have a Jenkins job that commits daily
– examples: http://jenkins-
ci.org/content/keeping-your-configuration-
and-data-subversion


Persistence
EBS on AWS
– put $JENKINS_HOME on an EBS volume
– snapshot nightly via a Jenkins job
– trivial to attach to a new host, restore snapshot

a NAS + RAID / backups works similarly


Environment
Jenkins is more than $JENKINS_HOME
– specific Jenkins .war / .deb / .rpm version
– startup options
– dependent packages: git, ruby gems, pip
– ssh keys, m2 settings
– swap, tmpfs, system configuration


Environment
configuration
management:Puppet/Chef*

* https://wiki.jenkins-ci.org/display/JENKINS/Puppet


Environment
standalone
– puppet apply path/to/your/manifest.pp
puppetmaster
– set up /etc/puppet.conf, run puppet agent


Putting it Together
have manifest handle $JENKINS_HOME
– clone git repo, mount EBS volume, etc


Putting it Together…on AWS
upload manifests to S3 on check-in
– a Jenkins SCM job using S3 plugin
use cloud-init to install puppet, download
manifests, and run puppet
– a custom AMI with an rc.local script also works
when it dies: “create.sh jenkins”
– ec2-launch-instance config user-data


Monitoring
… but how do you know when it’s down?
check out services like Pingdom
– notifies you when a URL does give HTTP 200 OK


Going further: Elastic Beanstalk
handles provisioning simply from a .war
pros
– just give it a war
– automatically replaces unhealthy instances
– behind a load-balancer (consistent URL)
– normally hard AWS changes like AMI, Security
Groups, or Key Pairs are now trivial to make
cons
– behind a load-balancer (cost overhead)
– no UI option (yet) for controlling AZ
– no great way to pass data to instances for puppet
– locked in to Amazon Linux AMI (CentOS)


set min/max instances to 1
– ignore scaling triggers, irrelevant in this case
use beanstalk CLI to set desired AZ (if EBS)
– https://forums.aws.amazon.com/thread.jspa?t
hreadID=61409
puppet
– use a custom AMI that specifically runs Jenkins
manifests
– but this requires a specific AMI for each
Beanstalk application.
– let’s get creative…


passing data to instances

PARAM1..5 meant as args to .war
end up in /etc/sysconfig/tomcat7
JAVA_OPTS
parse out and:
– puppet apply –certname=$PARSED_ROLE


Questions?


High Availability Artifacts
protect: artifacts, reports, userContent
from:
– planned downtime:
Jenkins restarts/upgrades, server upgrades
– unplanned downtime:
software/hardware failure
– unresponsive Jenkins:
very high load


High(er) Availability Artifacts
easy mode:
– put Jenkins behind nginx/apache, shadow
userContent and relevant directories
– still available during Jenkins restarts, or very
high Jenkins load/latency
– not safe from server downtime


High Availability Artifacts
advanced mode: S3
– 99.99% availability, 99.999999999% durability*
• if you store 10K objects, expect to lose one every 10
million years
– use Jenkins S3 plugin to upload artifacts to S3

* http://aws.amazon.com/s3/faqs


Fault-tolerant Jobs
design with possible downtime in mind
– SCM triggering is great, but keep polling too


Fault-tolerant Jobs
*/15 * * * *
– BAD:
update users where join_time < 15m ago
– GOOD:
update users where id > last_id_updated


Error handling
for non-critical jobs, use email / IM post-
build notifiers
– but be careful of creating too much noise,
people will ignore or filter it out
for critical jobs, integrate Jenkins with a
service like PagerDuty
– Jenkins emails myalert@pagerduty.com
– PagerDuty texts / calls the people on-call until
resolved
– a failing build will wake you up at 4AM


Security: Authentication
read-only
matrix-based
HTTP basic auth


Security: Authentication
but what about traffic sniffing?


Security: HTTPS
throw nginx/apache in front of Jenkins
– proxy mode
– ssl (self-signed or just buy one)


Security: Authorization
use project-based matrix authentication
give anonymous/authenticated readonly
use it if you’ve got it:
LDAP, Active Directory, UNIX
Jenkin’s own database also works fine
ensure each user has their own account
– each build will have an audit trail


Security: Authorization (AWS)
when interfacing with AWS API/CLI, use
IAM so Jenkins can only access what it
needs


Thank You To Our Sponsors
Platinum
Sponsor

Gold
Sponsors

Silver
Sponsors

Bronze
Sponsors

Best Practices for Mission-Critical Jenkins

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Best Practices for Mission-Critical Jenkins (20)

Recently uploaded (20)

Best Practices for Mission-Critical Jenkins