Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
by
CloudBees
User Guide
Copyright ...................................................................................................................... v
1. Introducing Jenkins Enterprise by CloudBees ......................................................... 1
1.1. Introduction .................................................................................................... 1
1.1.1. Large Install Plugins ........................................................................... 1
1.1.2. Optimized Utilization Plugins ............................................................ 1
1.1.3. Security Plugins .................................................................................. 2
2. Backup Plugin .......................................................................................................... 3
2.1. Introduction .................................................................................................... 3
2.2. Taking Backup .............................................................................................. 3
2.3. Configuring Backup ...................................................................................... 3
2.4. Restoring From Backup ................................................................................ 4
3. Even Scheduler Plugin ............................................................................................. 5
3.1. Introduction .................................................................................................... 5
3.1.1. Default Jenkins Behavior ................................................................... 5
3.1.2. Even Loading Strategy ....................................................................... 6
3.2. Using Even Scheduler Plugin ........................................................................ 6
3.2.1. Selecting Global Preference ............................................................... 6
3.2.2. Selecting Per-Job Preference .............................................................. 7
4. Folders Plugin .......................................................................................................... 8
4.1. Introduction .................................................................................................... 8
4.2. Overview ....................................................................................................... 8
4.3. Setting up the Folder plugin .......................................................................... 8
4.4. Using the Folders plugin ............................................................................... 9
4.4.1. A sample taxonomy with the Folders plugin .................................... 10
4.4.2. Using folders with other Jenkins Enterprise plugins ........................ 11
5. Label Throttle Build Plugin ................................................................................... 12
5.1. Introduction .................................................................................................. 12
5.2. Overview ...................................................................................................... 12
5.3. Setting up the Label Throttle Build plugin ................................................. 12
5.3.1. ............................................................................................................ 13
6. Role Based Access Control Plugin ........................................................................ 16
6.1. Introduction .................................................................................................. 16
6.2. Concepts and Definitions ............................................................................ 16
6.3. Setting up the Role Based Access Control plugin ....................................... 17
6.3.1. Enabling the authorization strategy .................................................. 19
6.3.2. Configuring and managing roles ...................................................... 21
6.3.3. Configuring and managing groups ................................................... 24
6.3.4. Configuring and managing role filters .............................................. 29
6.4. Example Configurations .............................................................................. 31
6.4.1. Instance owned by one cross-functional team .................................. 31
6.4.2. Instance shared by multiple cross-functional teams .......................... 33
6.4.3. Instance shared by multiple single-function teams ........................... 35
ii
70
71
72
72
72
73
73
73
75
75
75
75
76
78
78
79
79
79
79
80
80
81
iv
Copyright
Copyright 2011 CloudBees, Inc.
Online version published by CloudBees, Inc., Boston, MA., USA.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Apache, Apache Ant, Apache Maven, Ant and Maven are trademarks of The Apache
Software Foundation. Used with permission. No endorsement by The Apache Software
Foundation is implied by the use of these marks.
Other names may be trademarks of their respective owners. Many of the designations
used by manufacturers and sellers to distinguish their products are claimed as
trademarks. Where those designations appear in this book, and CloudBees, Inc. was
aware of a trademark claim, the designations have been printed in caps or initial caps.
While every precaution has been taken in the preparation of this book, the publisher
and authors assume no responsibility for errors or omissions, or for damages resulting
from the use of the information contained herein.
Backup Plugin
Build records
This includes information scoped to individual builds, such as its console output,
artifacts, test reports, code analysis reports, and so on.
The next ons is "where to backup", which controls the destination of the backup.
Local directory
This tells Jenkins Enterprise to backup data as a file in the file system of the
master. For disaster recovery purpose, it is recommended that you back up files
to a network mounted disk.
Remote SFTP server
This tells Jenkins Enterprise to connect to a remote SFTP server and send a
backup over there. This is more convenient way to back up to a remote system
on Unix as it requires no shared file system.
The last one is the retention policy, which controls how many/long backups are kept.
By using this switch you can avoid run-away disk consumption caused by old backups.
Backup retention is based on file names; backup file names include the job name
and the build number of the backup job. So you can safely use a single destination
directory for multiple backup jobs and their backup retention policies are enforced
without interfering with each other.
Exponential decay
This tells Jenkins to keep lots of newer backups and fewer old backups. It's
called "exponential decay" because the number of backups kept is proportional
to e^-t. In this way, you'll always cover the entire lifespan of your Jenkins
installation with some backups, with more coverage on recent data.
Keep all backups
In this mode, Jenkins will not delete any backups that it has created. This is
useful if you are managing backup retention externally, such as via logrotate.
Keep N backups
In this mode, Jenkins will keep the latest N backups and delete any older ones.
4.2. Overview
Jenkins is limited in it's capabilities to organize large number of jobs or organize jobs
around taxonomies such as projects or departments. Today, most teams break up jobs
around views on the dashboard. Views are not optimal to capture custom taxonomies.
The Folders plugin addresses this limitation and helps capture taxonomies in a user
environment and helps organize jobs around these taxonomies.
The Folders plugin allows you to create a folder and group related jobs together.
These jobs can be organized around a project, department, sub-department, release or
any taxonomy that you choose to define. You can create an arbitrary level of nested
folders. Folders are namespace aware, so Job A in Folder A is logically different than
Job A in Folder B
The Folder plugin allows you to clone a folder with its children intact. This is useful
to seed new projects/jobs with information from a particular project type. Folders can
also define properties that are visible to jobs inside, enabling you to simplify branch
and/or workflow managements.
The Folders plugin was introduced in Nectar 11.04.
Folders Plugin
Folders Plugin
Tip
To replicate an existing folder, choose Copy Existing Job and choose the
folder that you want to replicate. This will replicate all jobs and nested
folders.
Folders Plugin
Tip
You can use the filter mechanism with the RBAC plugin to filter out
permissions for a particular sub-folder such that it does not inherit the
parent folder roles.
You can use Folders with the VMWare Pool plugin to localize sharing of pools of
machines to a particular folder.
Tip
This is useful, if you want a particular department or project to share a
particular set of machines
11
5.2. Overview
In the scenario where slaves are setup as virtual machines and share the same physical
resources underneath, Jenkins may think that there is more capacity for builds than
available.
For example, in such an environment, Jenkins might think that there are 10 slaves with
2 executors each, but in reality the physical machine cannot execute 20 concurrent
builds. The number is usually much lower say, 4 1. This is particularly the case when
you have a single-system hypervisor, such as VMWare ESXi, VirtualBox, etc.
Everytime a new build is to start, Jenkins schedules it to one of the available virtual
slaves. However, in this particular case the underlying physical infrastructure cannot
support all the virtual slaves running their respective builds concurrently.
Jenkins Enterprise allows you to define an actual limit to the number of concurrent
builds that can be run on the system. One can group slaves together, then assign a limit
that specifies how many concurrent builds can happen on all the slaves that belong to
that group. In this way, Jenkins Enterprise avoids overloading your hypervisor host
machine 2.
The benefit of using this plugin is that builds run much faster as the underlying
physical machines are not overloaded anymore.
The Label Throttle plugin was introduced in Nectar 11.04.
12
14
15
Done
Yes / No
It is usually best to start small, you can always add more later. If
unsure a reasonable minimal set could be: Read-only; Developer;
Manager; and Administrator. Additionally it is helpful to think about
what you want those roles to be able to do.
Have you got a list of groups you want to define?
Yes / No
You will typically require at least one local group for each role you
define. If some roles are only being assigned to specific users or
groups of users on specific objects, then each of those assignments
will require a group local to that object.
Have you configured and tested your security realm?
Yes / No
The first time you enable the Role Based Access Control plugin, it
defaults to a configuration whereby logged in users can do anything
and users cannot access the system anonymously. If you have not
tested that you can successfully log in to the system with the security
realm you are using, enabling the Role Based Access Control plugin
may result in everyone being completely locked out of the system.
See Section 6.5 for details on how to restore access to the system in
the event of a lock-out.
Does your security realm provide details of external groups?
Yes / No
Yes / No
Yes / No
Done
Note
The first time you enable the Role Based Access Control plugin, it defaults
to a configuration whereby logged in users can do anything and users
cannot access the system anonymously. If you have not tested that you can
successfully log in to the system with the security realm you are using,
enabling the Role Based Access Control plugin may result in everyone
being completely locked out of the system. See Section 6.5 for details on
how to restore access to the system in the event of a lock-out.
Figure 6.1. Enabling the Role Based Access Control authorization strategy
When the Role Based Access Control authorization strategy is enabled there will be a
number of changes to the Jenkins interface.
19
Figure 6.2. The main Jenkins screen with the additional icons for Groups and
Roles.
Figure 6.3. The Manage Roles action from the main Manage Jenkins screen.
20
Figure 6.4. The Manage Roles screen after the Role Based Access Control
authorization strategy has been initially enabled.
There are two types of roles:
system role.
anonymous
This role is automatically assigned to any user that is not logged in. If you do
not want anonymous users to be able to access the system then do not assign any
permissions to the anonymous role.
authenticated
This role is automatically assigned to any user that is logged in. If you want
very fine grained control over user permissions you may end up removing all
permissions from this role.
21
to
Note
If you want to assign all permissions there is a Check all button at the
far right of the screen. There is also a Clear all button to speed up
clearing all the check boxes in a specific row. See Figure 6.7 and Figure 6.8
Figure 6.7. The three icons for: checking all the check boxes in a row; clearing all
the check boxes in a row; and removing the role.
all
Once you have defined all the roles you require, you can save that configuration by
clicking on the Save button.
Warning
Care should be taken when removing the Overall Administer permission,
from roles, as it is possible to lock yourself out of administrative access.
There are some safeguards which will protect you from obvious ways of
locking out administrative access, however, as you may legitimately want
to remove your own administrative access, the safeguards can only protect
the obvious issues. See Section 6.5 for details on how to restore access to
the system in the event of a lock-out.
Note
Other objects added by plugins can support group definitions if the required
support is built into the plugin itself, or is added by an additional plugin.
However, in general, the objects need to have been designed to allow other
plugins to contribute actions in order for the group definition support to be
possible.
Where an object does not support group definitions, the groups are inherited
from the object's parent
Clicking on the
Figure 6.9
Figure 6.9. The initial groups screen for the root of a Jenkins instance
You create a group using the New Group action which will prompt for the group
name as in Figure 6.10. Groups can be renamed after they are created. Group names
are case sensitive and whitespace is allowed (although it can be confusing). When a
group is created with the same name as a group from the parent context, it will hide
the group from the parent context, however the permissions granted to members of the
group will not be removed.
A user id
You can add as many members as you like. Figure 6.14 shows a group containing three
members, one of each type. Circular membership is permitted, i.e. a group can have
as a member a group that it is a member of. When adding external groups the http://
Jenkins-URL /whoAmI page can be useful to figure out what the external group IDs
actually are.
Figure 6.14. A group with multiple members: another group; an external group;
and a user
28
Figure 6.15. Removing a member from a group requires two step confirmation
29
Figure 6.16. The roles screen for a job within a Jenkins showing the roles, their
permissions, and the groups that are assigned to each of the roles for this object
and its children.
If the object supports role filters then the Filter action will be available from that
screen. Clicking on the Filter icon will bring you to a screen similar to that shown in
Figure 6.17
Figure 6.17. The role filter screen for a job within a Jenkins instance where two
roles are being filtered out
30
Permissions
Job | Configure
Job | Build
tester_role
Job | Build
Job | Workspace
31
Permissions
SCM | Tag
Job | Create
Job | Delete
View | Create
View | Delete
View | Configure
Group | Manage
admin_role
Overall | Administer
reader_role
Overall | Read
Job | Read
Group | View
Role | View
Table 6.3. Sample groups for an instance owned by one cross-functional team
Context
Group
Role(s)
Member(s)
ROOT
developers
developer_role
ROOT
testers
tester_role
ROOT
managers
manager_role
ROOT
admins
admin_role
ROOT
readers
reader_role
Group: developers
Group: testers
Group: managers
Group: admins
All the people
requiring read-only
access not covered
by the above groups
32
Permissions
Job | Create
Job | Delete
Job | Configure
Job | Build
Job | Workspace
developer_role
Job | Build
tester_role
Job | Build
Job | Workspace
33
Permissions
SCM | Tag
Job | Create
Job | Delete
View | Create
View | Delete
View | Configure
Group | Manage
admin_role
Overall | Administer
reader_role
Overall | Read
Job | Read
Group | View
Role | View
Group
Role(s)
Member(s)
ROOT
admins
admin_role
ROOT
readers
reader_role
System identity:
authenticated
Team 1 Folder
builders
builder_role
Team 1 Folder
developers
developer_role
Team 1 Folder
testers
tester_role
Team 1 Folder
managers
manager_role
Team 2 Folder
builders
builder_role
Team 2 Folder
developers
developer_role
Group
Role(s)
Member(s)
Team 2 Folder
testers
tester_role
Team 2 Folder
managers
manager_role
Permissions
Job | Create
Job | Delete
Job | Configure
Job | Build
Job | Workspace
tester_role
Job | Build
Job | Workspace
SCM | Tag
devops_role
Job | Configure
35
Permissions
Job | Build
Job | Workspace
SCM | Tag
Table 6.7. Sample groups for an instance shared shared by multiple singlefunction teams
Context
Group
Role(s)
Member(s)
ROOT
sqa
sqa_role
ROOT
devops
devops_role
Product 1
Folder
developers
developer_role
Product 2
Folder
developers
developer_role
Note
If somebody has access to the JENKINS_HOME directory, they will be able
to see the secret project. Similarly, by creating an appropriate build script,
a non-secret project could gain access to the secret project when building
on a file system that the secret project has also built on. If it is absolutely
critical that the project remain secret, then it may be best to use a dedicated
instance for the project.
For most use cases, however, the project is being kept secret from people
who both do not have direct access to the JENKINS_HOME directory, and do
not have access to creating build jobs or modify the source code.
Sample solution.
Create a group in the project (or folder) for the team of people
who will be working on the secret project. Add all the roles that the team will require.
Add all the members of the team. Modify the role filters for the project (or folder)
36
Note
If you are configuring a secret project to which you will not have access,
once you apply the role filters you will be locked out from the project, and
it will appear as if there is no such project. See Section 6.5.3 for details on
how to recover from accidental lock-outs of this type.
It may also be advisable to create a group for admins of the secret project
before configuring the role filters if only a subset of those with the overall
administrator role are to be able to see the secret project.
6.5. Troubleshooting
6.5.1. Recovering from a lock-out
There are two ways to recover from a lock-out. Both require that the Jenkins instance
be stopped and then restarted after completion of the steps.
The first way will remove all the roles that are defined in the system but does not
require any manual editing of XML files
Procedure 6.1. Recovering from a lock-out by removing all roles (on unix based
systems)
1.
2.
Open a shell
3.
cd
$JENKINS_HOME
4.
mv
nectar-rbac.xml nectar-rbac.xml.old
5.
2.
3.
cd
%JENKINS_HOME%
4.
ren
nectar-rbac.xml nectar-rbac.xml.old
5.
The second way will not remove any of the the roles that are defined in the system but
requires manual editing of an XML file.
Procedure 6.3. Recovering from a lock-out by manually editing JENKINS_HOME/
nectar-rbac.xml
1.
2.
3.
Add the following line into the role that you want to have the overall
Administrator permission
<permission id="hudson.model.Hudson.Administer"/>
4.
5.
Warning
There is no way to recover the the user defined roles, local groups and
role filters once you have reset the configuration other than by restoring
a backup of the complete system, and this may have the side-effect of
removing any changes that occur within the system after the configuration
has been reset.
Only follow this procedure if you are absolutely sure that you want to wipe
all of the Role Based Access Control plugin's configuration
Procedure 6.4. Completely resetting the Role Based Access Control plugin's
configuration
1.
If you have been locked out of the system, you will need to follow one of the
procedures in Section 6.5.1 to recover administrative access.
2.
Console
from
39
Click on the Run button. The screen should now look like Figure 6.19
Figure 6.18. Using the script console to completely reset the Role Based Access
Control plugin's configuration.
40
Figure 6.19. After successfully resetting the Role Based Access Control plugin's
configuration via the script console.
41
Figure 7.1. The main project screen when a skip has been applied
42
applySkip
removeSkip
- this operation removes any skip that may have been applied to a
project.
44
Template Plugin
46
Template Plugin
Template Plugin
In the text area, well fill the shell script that this build step is going to execute,
but with expressions here and there of the form ${...} (because this is a Groovy
template). ${target} refers to the actual value of the target attribute we defined
above, and ${build.fullDisplayName} is a Groovy expression to access the
getFullDisplayName() method (which returns the full name of the build) of the build
object, which refers to the current build in progress. The ${build.fullDisplayName}
needs to be quoted because this is going to look like test #1, and # gets interpreted by
shell as a comment sign unless you quote it.
Figure 8.3 captures this template configuration. When you are done, click Save to
save this template. Your template is now ready.
Template Plugin
Template Plugin
Well go back to the template definition by going back to the top page, clicking the
Templates link in the left, and clicking the configuration icon on the right to the Say
Hello World template.
Instead of saying hello, now we make it say good evening.Click save to save this
new definition:
http://ci.jenkins-ci.org/
50
Template Plugin
Template Plugin
The actual configuration of all these jobs are almost identical. They each check out
a Git repository, run mvn -e clean install, send an e-mail at the end of the build, and
update JIRA issues thats discovered in the commit messages.
Each time we add a new plugin, we copy from one of the existing plugins, change
the name, and then call it done. But if tomorrow we want to install a new plugin (say
we start sending the results to IRC via IRC plugin) and make a mass change to all the
plugins, thats hopelessly tedious.
This is a prime use case for the template plugin. So lets turn this into a template.
Template Plugin
53
Template Plugin
http://commons.apache.org/jelly/
http://ci.jenkins-ci.org/view/Plugins/job/plugins_accurev/
54
Template Plugin
Theres one more reference of accurev down in the root module, but this is an
inferred value (we can tell because we are never asked to enter this information in
the configuration page.) So we can simply remove the entire <rootModule> element.
Unless you know the internals of Jenkins, this is a bit of a trial-and-error. Similarly,
if you want to keep XML concise, you can remove a large number of elements from
the configuration XML and Jenkins will still happily read it and provide default values
(again, this involves a bit of trial-and-error in the general case, although there are some
rule of thumbs. for example, boolean fields are always safe, so are most string fields.)
We also need another XML from a plugin thats building in Subversion to complete
this transformation. For this, we look at the configuration of the Subversion plugin4
(which lives in the Subversion repository, somewhat unsurprisingly.) You can spot the
section that configures Subversion, so we do the same variable insertion, and the result
is as follows:
<scm class="hudson.scm.SubversionSCM">
<locations>
<hudson.scm.SubversionSCM_-ModuleLocation>
<remote>https://svn.jenkins-ci.org/trunk/hudson/plugins/${name}</remote>
</hudson.scm.SubversionSCM_-ModuleLocation>
</locations>
...
</scm>
Now, we want to switch between two fragments depending on the value of the
scm attribute. To do this, we use a tag library from Jelly that does the switch/case
equivalent, called choose/when (XSLT has the same elements that do the same thing.)
So where we had the scm tag, we add the following fragment:
<j:choose xmlns:j=jelly:core>
<j:when test="${scm=='git'}">
<scm class="hudson.plugins.git.GitSCM">
<configVersion>2</configVersion>
<userRemoteConfigs>
<hudson.plugins.git.UserRemoteConfig>
<name>origin</name>
<refspec>+refs/heads/*:refs/remotes/origin/*</refspec>
<url>git://github.com/jenkinsci/${name}-plugin.git</url>
</hudson.plugins.git.UserRemoteConfig>
</userRemoteConfigs>
<branches>
<hudson.plugins.git.BranchSpec>
<name>master</name>
</hudson.plugins.git.BranchSpec>
</branches>
<buildChooser class="hudson.plugins.git.util.DefaultBuildChooser"/>
<gitTool>Default</gitTool>
4
http://ci.jenkins-ci.org/view/Plugins/job/plugins_subversion/config.xml
55
Template Plugin
<submoduleCfg class="list"/>
</scm>
</j:when>
<j:when test="${scm=='svn'}">
<scm class="hudson.scm.SubversionSCM">
<locations>
<hudson.scm.SubversionSCM_-ModuleLocation>
<remote>https://svn.jenkins-ci.org/trunk/hudson/plugins/${name}</remote>
</hudson.scm.SubversionSCM_-ModuleLocation>
</locations>
<workspaceUpdater class="hudson.scm.subversion.UpdateUpdater"/>
</scm>
</j:when>
</j:choose>
See Jelly tag library reference5 for more about these tags. The entire transformation
Jelly script is as follows:
<?xml version='1.0' encoding='UTF-8'?>
<maven2-moduleset>
<actions/>
<description></description>
<properties>
<hudson.plugins.disk__usage.DiskUsageProperty/>
</properties>
<j:choose xmlns:j="jelly:core">
<j:when test="${scm=='git'}">
<scm class="hudson.plugins.git.GitSCM">
<configVersion>2</configVersion>
<userRemoteConfigs>
<hudson.plugins.git.UserRemoteConfig>
<name>origin</name>
<refspec>+refs/heads/*:refs/remotes/origin/*</refspec>
<url>git://github.com/jenkinsci/${name}-plugin.git</url>
</hudson.plugins.git.UserRemoteConfig>
</userRemoteConfigs>
<branches>
<hudson.plugins.git.BranchSpec>
<name>master</name>
</hudson.plugins.git.BranchSpec>
</branches>
<buildChooser class="hudson.plugins.git.util.DefaultBuildChooser"/>
<gitTool>Default</gitTool>
<submoduleCfg class="list"/>
</scm>
</j:when>
<j:when test="${scm=='svn'}">
<scm class="hudson.scm.SubversionSCM">
5
http://commons.apache.org/jelly/tags.html
56
Template Plugin
<locations>
<hudson.scm.SubversionSCM_-ModuleLocation>
<remote>https://svn.jenkins-ci.org/trunk/hudson/plugins/${name}</remote>
</hudson.scm.SubversionSCM_-ModuleLocation>
</locations>
<workspaceUpdater class="hudson.scm.subversion.UpdateUpdater"/>
</scm>
</j:when>
</j:choose>
<canRoam>true</canRoam>
<jdk>(Default)</jdk>
<triggers class="vector">
<hudson.triggers.SCMTrigger>
<spec>*/15 * * * *</spec>
</hudson.triggers.SCMTrigger>
</triggers>
<goals>-e clean install</goals>
<defaultGoals>package</defaultGoals>
<mavenName>maven-3.0.3</mavenName>
<mavenValidationLevel>0</mavenValidationLevel>
<aggregatorStyleBuild>true</aggregatorStyleBuild>
<reporters/>
<publishers />
<buildWrappers/>
</maven2-moduleset>
57
Template Plugin
58
Template Plugin
8.4. Concepts
A template is a reusable piece of configuration that only exposes a minimal set of
parameters to users, and is internally translated to a standard Jenkins configuration.
Thus, a template can be used to expose a simplified, abstract, restricted representation
of Jenkins job configuration to users. Changes to a template immediately apply to
everywhere the template is used.
59
Template Plugin
A template is conceptually broken down into a few pieces:
Key concepts in the template plugin
Model
A model defines a set of attributes that constitutes a template. Roughly speaking,
you can think of this as a class of an object-oriented programming language. For
example, if you are creating a template for your organizations standard process
of running a code coverage, you might create a model that has attributes like
packages to obtain coverage, tests to run.
Attribute
An attribute defines a variable, what kind of data it represents, and how it gets
presented to the users. This is somewhat akin to a field definition in a class
definition.
Instance
An instance is an use of a model. It supplies concrete values to the attributes
defined in the template. Roughly speaking, the model-to-instance relationship
in the template plugin is like the class-to-object relationship in a programming
language. You can create a lot of instances from a single template.
Transformer
A transformer is a process of taking an instance and mapping it into the
standard Jenkins configuration, so that the rest of Jenkins understands this and
can execute it. This can be logically thought of as a function.
When we say template it actually is a combination of a model and a transformer.
And each facet of these concepts are individually extensible --- for example, additional
transformers can be developed to let you express the transformation in the language of
your choice.
8.4.1. Models
Models are hierarchical and can extend other models. This can be used to create
some common usage templates, that are not designed for direct usage and will not
be instantiable by users, and create concrete templates by specializing them for a
dedicated task. When a model inherits another, it inherits all the attributes that are
defined in the base model.
For example, a common utility template can handle connection and authentication to
enterprise infrastructure, and child templates can use this basis to expose high-level
tasks, like deploying a new release.
Template hierarchy is a useful way to manage templates growing complexity and
mutualize attribute definition.
60
Template Plugin
Template can be configured as being instantiable by users, or only a way to
encapsulate some configuration to be used from other template by inheritance.
Templates have a dedicated entry in the top page, where the administrator will setup
and maintain the templates.
All templates are based on generating Jenkins configuration from a reduced set of
attributes, that the user will provide to apply the template for a dedicated job. This
major complexity reduction makes configuring new jobs very simple for new users and
reduce the risk of misconfiguration.
8.4.2. Attributes
Each attribute represents a fragment of data that constitutes a template, along with
how it gets presented in the UI to the users. For example, you might define an attribute
called "product code", which stores a string represented in the single-line text field.
Each attribute consists of the following data model:
Data model of attributes
ID
IDs uniquely identify an attribute among other attributes of the same model. ID
is used to refer to an attribute in transformers and other places, so the characters
you can use in ID are restricted.
Display Name
Display name is the human-readable name of the attribute. It is used for example
when Jenkins present the configuration page to edit an instance.
Type
The type of the attribute primarily determines the type of the data that this
attribute holds (such as string, boolean), but it also controls how the data is
represented in the UI (for example, is it a single-line text field or a multi-line text
area?) For the discussion of available attribute types, see Section 8.5, Attribute
Type Reference.
Template Plugin
Transformers access these values as java.lang.String values.
8.5.3. Checkbox
Checkbox holds a boolean value that can be edited through an HTML checkbox.
Transformers access these values as boolean values.
Template Plugin
can add any number of build steps (which are all subtypes of the base model
called Builder.) This mode presents a drop-down menu button that allows the
user to choose the specific auxiliary model type to instantiate.
Transformers access these values as an instance (or as a java.util.List of instances)
of auxiliary models. In the pack server / credential example above, you could access it
like i.credential.username (where i is the instance of the outer model, credential
is the ID of the attribute, and username is the ID of an attribute of the Credential
auxiliary model.)
Template Plugin
At runtime, the actual type of the attribute depends on the expression.
Java
type.
http://javadoc.jenkins-ci.org/hudson/model/Describable.html
64
Template Plugin
At the instance editing time, this attribute will ask the user to choose a model out of all
the models defined in Jenkins.
At runtime, this attribute is accessed as an instance of
com.cloudbees.hudson.plugin.modeling.Model Java type.
Template Plugin
template is also the easiest kind of templates to create, especially in combination
with the specialized transformers that generate shell scripts. This makes the builder
templates the best entry point to the template plugin.
Template Plugin
8.6.2.1. Generate shell script via Jelly/Groovy
For shell scripts, a simpler way to define a builder template is to generate the script
using Jelly or Groovy instrumentation to process the attributes and generate the
adequate script. These specialized transformers eliminate the need of programming by
example by focusing on the shell scripts.
See the transformer reference section for more details about the general syntax of Jelly/
Groovy template, as well as available variable bindings.
The following screenshot demonstrates a groovy generated shell script to run the
du command on an arbitrary user home directory. The ${...} in the text should
not be confused with the shell variable reference. These are expanded during the
transformation before it gets passed to shell.
Such templates are easy to create for Unix administrator to automate maintenance
processes, and can be use to give users the ability to run them without the risk to allow
arbitrary command to be executed.
Template Plugin
This allows you to perform contextual transformations that depend on the parameters
and conditions of the in-progress build (such as the changes in the source code, what
started it, etc.)
To do so, use the build variable from within your template to access the
7
AbstractBuild object that represents the current build in progress.
8.7.1. Configuration
Job templates need to produce a full job XML definition as a result of the
transformation. As discussed in the tutorial, often the simplest way to get this done
is programming by example. You manually create a project (or a few), configure it
with all the desired options, and then get the config.xml file by adding config.xml
to the URL, then insert expressions and statements where you need to reflect actual
values from instances.
7
http://javadoc.jenkins-ci.org/index.html?hudson/model/AbstractBuild.html
68
Template Plugin
Template Plugin
Template Plugin
For example, you can say a product folder template can only contains branch folder
templates.
8.8.2.2. Environment variables
A folder can be configured to define a set of environment variables that are
automatically made visible to all the builds inside the folder. This is one of the primary
ways to use the template attributes and have them affect what goes on inside a folder.
In the earlier example of a folder template that represents a branch, you can define
the environment variable called BRANCH, and all your jobs can refer to this variable to
choose where to check out the code from.
8.8.2.3. Model attribute list view column
The template plugin adds a new list view column extension, which lets you display
values of the specified attribute from items in the container.
This list view column is useful when you have a folder (or a view) that contains
items created from job templates / folder templates. For example, if you have a
folder template that represents a product, which in turn contains folder templates that
represent branches, you can show the name of the branches in a list view inside the
product.
This can be further combined with the computed value attribute type to further
control what to display.
Template Plugin
http://commons.apache.org/jelly/
http://commons.apache.org/jexl/reference/syntax.html
10
http://commons.apache.org/jelly/tags.html
9
72
Template Plugin
model
this variable refers to the model that the instance belongs to. This is of type
com.cloudbees.hudson.plugins.modeling.Model.
These variables and their methods/properties can be accessed to perform intelligent
transformation.
The benefit of this transformation is that the Groovy syntax, with its close alignment
with the Java syntax, makes it easier for Java programmers to perform complex
transformation.
8.10.2.1. Variable Bindings
This transformer exposes the exact same set of variables as the Jelly transformer.
http://groovy.codehaus.org/Groovy+Templates
73
Template Plugin
8.11.1.1. Instance to Item, Item to Instance
The Instance type refers to a Map-like object that retains the values of attributes for a
model, and during the transformation, the current instance is always accessible as the
instance variable.
When those instances are from templates that map to jobs in Jenkins
(such as job template and folder template), these instances are of the
com.cloudbees.hudson.plugins.modeling.impl.entity.EntityInstance
class, which defines the item property that lets you access the corresponding
hudson.model.Item instance (such as FreeStyleProject object and a Folder object.)
So for example, instance.item.isDisabled() would check if the job is disabled or
not.
Conversely, those items that are created from their templates have the instance
property that allows you to navigate back to the instance. In other words,
instance.item.instance==instance. For items that are not created from any
templates, this property returns null. Also note that this property is defined in Groovy,
and not in Java, and therefore it is only accessible when using Groovy transformers.
74
9.2. Configuration
Before jobs can utilize virtual machines it is necessary to configure one or more
machine centers, that connect to vSphere installations, and one or more machine pools
from within those machine centers, from which builds may acquire machines.
From the main page click on "Pooled Virtual Machines", then click on "Configure" to
goto the plugin configuration page.
After configuration the "Pooled Virtual Machines" page will display the current list
of configured machine centers. From this page the click on a machine center to see
the list of machine pools, and from that page click on a machine pool to see the list of
machines.
78
10.2. Overview
Jenkins lets users enter description fields in HTML as shown in Figure 10.1. For some
teams that are concerned about XSS attacks via the description fields, or have policy
preferences towards writing wiki over HTML, this Jenkins Enterprise plugin allows
you to use one of several well known wiki markup formats in place of HTML.
http://confluence.atlassian.com/renderer/notationhelp.action?section=all
http://www.mediawiki.org/wiki/Help:Formatting
3
http://twiki.org/cgi-bin/view/TWiki/TextFormattingRules
4
http://en.wikipedia.org/wiki/Textile_(markup_language)
5
http://trac.edgewall.org/wiki/WikiFormatting
2
79
Wikitext Plugin
80
Index
P
permission, 44
Plugins
Backup, 3-4
Introduced in, 3
Restore, 4
Using, 3
Even Scheduler, 5-7
Enable, 6
Introduced in, 6
Folders, 8, 16
Enable, 8
Introduced in, 8
Using, 9
Using with RBAC, 11
Label Throttle, 12-15
Enable, 12
Introduced in, 12
RBAC, 16-41, 16
Authorization Strategy, 17, 21, 21
Concepts, Definitions, 16
Configuration, Reset, 39
Enable, 19, 19
Enable, Jenkins Changes, 19
Group, External, 17
Group, Local, 17
Groups, Configure, 24
Installation Checklist, 17
Introduced in, 16
Lockout, Recover, 37
Permission, 16
Role, 17
Role, Filter, 17
Sample, 33
Security Realm, 16
Skip Next Build, 42-44
Introduced in, 42
Using, 42
Using, Advanced, 44
Template, 45-74
Concepts, 59
Introduced in, 45
Templates
Auxiliary, 71
Builder, 65
Folders, 69
Job, 68
VMWare Auto-scaling, 75-78
VMWare Pool Auto-scaling
Build, Assign VMs, 78
Configuration, 75
Folder Pools, 76
Introduced in, 75
Jobs, Build on VMs, 78
Machine Centers, 75
Machine Pools, 76
Power Cycling, 76
Power-on Wait, 77
Static Pools, 76
Wikitext, 79-80
Enable, 80
Introduced in, 79
Using, 80
Wiki Markups Supported, 79
81