Performing Auto Updates with Jenkins

An important part of network maintenance is keeping your operating system and programs updated. However, if you have a lot of physical or virtual devices the process of keeping everything updated can become tedious. You could create an automated task using a scheduler, but then checking up on each to ensure the scheduled task executed could again become very tedious.

This is where Jenkins comes in. Jenkins is a continuous integration tool which not only can build and test software , but it can also be used to perform scheduled tasks. To execute commands on various machines takes a bit of setup, but in the end you have a nice dashboard which shows you when your tasks were last completed, if they were successful, and when they should run again.

My network is primarily composed of virtual machines running CentOS. This article assumes you have already configured Jenkins on your network. The following SSH plugins for Jenkins were also installed:

  • Publish Over SSH
  • SSH Agent Plugin
  • SSH Credentials Plugin
  • SSH Plugin

To perform an update on a machine the following command is used:

sudo yum update -y

The command must be run with super user privileges. This usually requires a password to be entered. This article will take you through the steps to run the command from Jenkins over SSH on each machine requiring the update without entering a password.

The first step is creating your public/private key pair on Jenkins. This is done from the Jenkins home directory using the command:

ssh-keygen -t rsa -b 1024

This command generates an RSA key pair with 1024 bits in the .ssh directory. Be sure to remember the passphrase as you will need it again. The file named id_rsa is the private key and id_rsa.pub is the public key.

In the Publish over SSH section of the Jenkins configuration you need to copy the contents of the private key to the key section and enter the passphrase. You will come back to this section after you have configured the servers you wish to connect with via SSH.

On the machine being updated log in and create a jenkins user. This is done with the following two commands:

sudo useradd jenkins
sudo passwd jenkins

Next change to the jenkins user with:

sudo su - jenkins

Once you have changed to the Jenkins user execute the following in the Jenkins home directory:

mkdir .ssh
chmod 700 .ssh
vi .ssh/authorized_keys

In the editor you need to copy the contents of the public key to the file and then save. Next execute:

chmod 600 .ssh/authorized_keys

It’s very important the read/write permission are set or Jenkins will not be able to log in. As root on the remote machine you need to edit the sudoers file. You do this by executing:

visudo

You will need to locate the line in the file which read Defaults requiretty and comment it out by using the hashtag. Commenting this line allows Jenkins to run the sudo command. However, normally sudo would require a password. To prevent the password from being needed you need to add the following to the end of the file.

jenkins ALL=(ALL) NOPASSWD: ALL

Now you are finished with the remote machine. Next, you need to go back to Publish over SSH in the Jenkins configuration and add your SSH server. Provide the name, hostname, and username to login with. For this article jenkins was used. Your setup should look similar to this:

SSHSetup

 

Now create a Jenkins project and add a Send files or execute command over SSH task. It could look like this:

SSHSetup2

In the ssh setup section here select the advanced features and set the timeout for your task. At this point you should be able to execute the Jenkins project which will in turn run the update command via SSH as the jenkins user. Because of the changes to the sudoers list, no password will be required and the update will be accomplished.

In the end you will have a history of the updates on your network machines and also be able to view the console output resulting from the update.