Create Jenkins job to deploy files – Publish over SSH

This document covers how to use the Publish over SSH plugin to copy files to a target server. All files will be overwritten in the target server with this method from the branch that the repository the job is connected to.

Prerequisites

Remote connection

Reference

https://www.linode.com/docs/security/authentication/use-public-key-authentication-with-ssh/

Configure Jenkins to be able to connect to remote server to publish / deploy files.

On Jenkins Server

Generate a Key Pair

  1. Create a new key pair.

Caution

This command will overwrite an existing RSA key pair, potentially locking you out of other systems.

If you’ve already created a key pair, skip this step. To check for existing keys, run ls ~/.ssh/id_rsa*.

If you accidentally lock yourself out of the SSH service on your Linode, you can still use the Lish console to login to your server. After you’ve logged in via Lish, update your authorized_keys file to use your new public key. This should re-establish normal SSH access.

ssh-keygen -b 4096

The -b flag instructs ssh-keygen to increase the number of bits used to generate the key pair, and is suggested for additional security.

2. Press Enter to use the default names id_rsa and id_rsa.pub in the /home/your_username/.ssh directory before entering your passphrase.

Generating public/private rsa key pair. 
Enter file in which to save the key (/home/your_username/.ssh/id_rsa):

3. While creating the key pair, you will be given the option to encrypt the private key with a passphrase. This means that the key pair cannot be used without entering the passphrase (unless you save that passphrase to your local machine’s keychain manager). We suggest that you use the key pair with a passphrase, but you can leave this field blank if you don’t want to use one.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/your_username/.ssh/id_rsa. 
Your public key has been saved in /home/your_username/.ssh/id_rsa.pub. 
The key fingerprint is: f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 your_username@linode

Using ssh-copy-id

  1. To use ssh-copy-id, pass your username and the IP address of the server you would like to access: 
sh-copy-id your_username@192.0.2.0

2. You’ll see output like the following, and a prompt to enter your user’s password:

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/your_username/.ssh/id_rsa.pub" 
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
your_username@192.0.2.0's password:

3. Verify that you can log in to the server with your key.

Sudo permissions (Remote Server)

Reference

https://www.atrixnet.com/allow-an-unprivileged-user-to-run-a-certain-command-with-sudo/

https://www.linux.com/tutorials/configuring-linux-sudoers-file/

Add commands that Jenkins SSH user (to remote server) to sudoers file so that it can be executed without password prompt.

sudo visudo

Add the following lines at the bottom

On Remote Application Server (Example services)

# For jenkins to execute restart of application services
user ALL=(ALL) NOPASSWD: /bin/systemctl restart demo-application1 
centos ALL=(ALL) NOPASSWD: /bin/systemctl restart demo-application2

Publish Over SSH Plugin

Go to Manage Jenkins → Manage Plugins → Available → search for “Publish over SSH” plugin → install without restart.

Configuration

Reference

https://medium.com/@anusha.sharma3010/ci-cd-for-php-using-jenkins-as-ci-server-and-apache2-as-deployment-server-dec954be0271

Configure Jenkins connections

1. Go to Manage Jenkins → Configure System → Publish over SSH

Either provide the path to the generated ssh key or paste it directly. It is important to paste everything including header and footer as shown above.

Then click on ADD button in order to add a server to SSH with/ connect with.

2. Click ‘Test Configuration’ to confirm the connection and ‘Save’ at the bottom of the page.
Note: Target servers must be up and running to test the configuration.

Create a Jenkins Job:

1. Go to Jenkins Dashboard → Click on ‘New Item’ → Provide name of the project (e.g. CI-CD-PHP) → choose ‘Freestyle Job’ → Click ‘OK’.
In the configuration window of the job:


2. Provide the Git URL from where code has to be pulled from.

3. In the Build Environment section choose:
a). Delete workspace before build starts.
b). Send files or execute commands over SSH after the build runs

Provide the Name of the server, source files and remote directory.

Fill in the Exec command if necessary. E.g. if apache needs to be restarted

sudo systemctl restart httpd

Info

Another strategy is to archive artifacts and then send build artifacts over SSH

Also specify the remote directory (Although, if already specified in the configuration system then not necessary to specify it here).


4. Save the job and build it.
5. Check the Apache server for the successful transfer of your files.

Build Triggers (Optional)

The job can be configured to be built if there are commits to the repository. Gitlab needs to be configured.