IMO a Docker image with the right set of plugins you've tested, plus the security config you're talking about about forbidding any upgrade would seem a simpler way. And probably it would your life simpler if you somehow have to support all those different instances which can currently be actually quite different.
HTH Le 11 août 2016 3:14 PM, "Jason Kulatunga" <darkmeth...@gmail.com> a écrit : Hey Jenkins-Users, I manage almost a dozen Jenkins servers and our team has been having some issues with plugin management: such as locking our new installations to known working versions of some troublesome Jenkins plugins. We use chef + Jenkins DSL to completely automate the initial installation of Jenkins, but we're not exactly thrilled with the way the Chef cookbook handles plugin installation and we've also verified that 'installNecessaryPlugins' does not actually respect the version parameter. curl -XPOST http://192.150.23.105:8080/pluginManager/installNecessaryPlugins -d '<install plugin="favorite@1.7" />' As such I've started looking into alternative means of locking plugins in an automated way during installation and I've come up with the following ideas: # An External Dependency Management Tool, eg Bundler, Pip, Berkshelf Basically an executable that would: 1. retrieve a list of all plugins installed in a specific Jenkins server using the API, and add them to a dependency graph (with metadata: installed, pinned, enabled, version) 2. look for a dependency config file (like Gemfile, Berksfile, requirements.txt) 3. iterate through all the uninstalled plugins in the dep config file and add them (and their dependencies) to the dependency graph 4. solve the graph by ensuring that no pinned/locked version conflicts occur. 5. download all uninstalled plugins directly from https://updates.jenkins-ci.org/ <https://updates.jenkins-ci.org/> 6. using the Jenkins api, pin any version locked plugins specified in the dependency config file. 7. write the solved dependency graph to the filesystem (eg Berksfile.lock, Gemfile.lock) (and use it for any subsequent installs if no plugins have changed) 8. disable all permissions to the update center in Jenkins so no users enable/update plugins manually. # UpdateCenter Override 1. subclass the default Jenkins UpdateCenter, and tell Jenkins to use it using a JVM property 2. override the UpdateCenter.InstallationJob constructor to download the plugin version specified from the dependency config lock file if it exists or install like normal and then generate/update a dependency config lock file with every operation. 3. listen to the pin event in the PluginCenter and update the dependency config lock file. I'm not sure if anyone has done something similar but I wanted to get some feedback before I spent too much time investigating either idea. Any and all feedback is welcome -Jason Build Automation Engineer Adobe -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/ msgid/jenkinsci-users/2d4f0e32-7d6a-4159-9635-51df7ff83643%40googlegroups. com <https://groups.google.com/d/msgid/jenkinsci-users/2d4f0e32-7d6a-4159-9635-51df7ff83643%40googlegroups.com?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS54gzCcyVtMd1z4UXGmdeLoNccqJm3G4tU3pOmOKWALQA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
