The way to secure Jenkins is mentioned below :-
Ensure global security is on.
Ensure that Jenkins is integrated with company’s user directory with appropriate plugin.
Ensure that Matrix/Project matrix is enabled to fine tune access.
Automate the process of setting rights/privileges in Jenkins with custom version controlled script.
Limit physical access to Jenkins data/folders.
Periodically run security audits on same.
Explain how to create a backup and copy files in Jenkins?
To create a backup, all you need to do is to periodically back up your JENKINS_HOME directory. This contains all of your build jobs configurations, your slave node configurations, and your build history. To create a back-up of your Jenkins setup, just copy this directory. You can also copy a job directory to clone or replicate a job or rename the directory.
While considering Continuous Integration (CI) for your project, one has to think of tools that are readily available out there. Few such names that come to our mind as Enterprise level CI servers are Jenkins and Bamboo. These are widely used by some of the major companies around the world.
Jenkins is an open source Continuous Integration tool written in Java with more than 400 plugins available to extend its usage. Whereas, Bamboo is a commercial product from Atlassian. It also has multiple plugins to customize its usage. A user can extend the functionality of the above products by writing their own plugins using the SDK’s provided.
So, let’s explore this article and know more about these popular tools.
* Jenkins supports multiple build tools such as Maven, Ant, and Make.
* Jenkins is a popular open-source tool and it is easy to integrate multiple plugins for build execution purposes.
* It manages and controls the development lifecycle processes such as build, document, test, * package, stage, deployment, static analysis and much more.
* Jenkins is an open source and it is easy to use and setup.
* It does not perform automatic branching or merging.
* A user can setup Jenkins to watch out for any code changes in places like SVN and Git.
* Combining Jenkins with Ant, Gradle, or other build automation tools, the possibilities are limitless.
* Jenkins can be extended by additional plugins for building and testing Android applications or to support the Git version control system.
INSTALLATION OF JENKINS:
Jenkins can be started through the command line or can run in a web application server. Under Linux as a service, a user can also install Jenkins as a system service.
If you have installed Jenkins locally, you can find it running under the following URL: http://localhost:8080/
HOW JENKINS WORKS-SETUP:
While setting up a project in Jenkins, a user will find the following options:
* Associating with a version control server.
* Triggering builds.
* Execution of Shell scripts, Bash scripts, Ant targets, and Maven targets.
* Publishes JUnit test results and Javadocs.
* Bamboo supports programmed stretching and combining.
* It also supports multiple build tools such as Maven, Maven 2, Maven 3, and Make.
* Bamboo incorporates well with Atlassian suite(Jira, Bamboo, Bitbucket, Stash and Confluence).
* If Jira is used for bugs and issue management, and Confluence for documentation, we can create a ticket in Jira for a bug/issue directly from the documentation generated in Confluence and create a build job from the Jira ticket itself.
* It can do automatic branching or merging via web hooks to Git, Bitbucket Server(Stash) or Mercurial and can perform automated builds once the code is integrated to the Development or Feature branch in Stash, Git and Mercurial.
* It can do automated deployments to the production server and can also run parallel jobs.
* There are many plugins available in the Atlassian store to facilitate smoother build execution and enhanced reporting capabilities in Bamboo.
* Bamboo is the next popular CI tool after Jenkins and is a licensed software with LTS(Long Term Support) provided by Atlassian.
* It is available as an Windows and Linux service.
* Configure the default local agent and set JDK and builder capabilities.
* Integrate with a VCS for continuous deployment.
* Always associates with a project.
It defines the trigger that will initiate the build.
Both the tools have equal importance when compared to each other on the basis of its functionality. The choice always depends on the need and the requirements of the project.