Updating Jenkins CI behind corporate firewall
Our Jenkins CI server (https://jenkins.company.com
) doesn’t have access to Internet (neither directly nor through a proxy), yet we need to update both Jenkins itself as well as the Jenkins plugins.
We’ve set up another of our servers, https://jenkins-repo.company.com
, as a Jenkins mirror site, which on a regular basis runs this command in a cron job:
rsync -a -v rsync://rsync.osuosl.org/jenkins/plugins /srv/mirrors/jenkins/
The /srv/mirrors/jenkins
folder is hosted by Nginx.
As the rsync’ed files contain references to https://updates.jenkins.io
, Jenkins will try and contact https://updates.jenkins.io
when downloading the updated plugins, even though we’re hosting all the plugins over at https://jenkins-repo.company.com
ourselves.
As a quick and easy workaround, I’ve simply added an entry like this to our Jenkins server’s /etc/hosts file:
1.2.3.4 updates.jenkins-ci.org
…where 1.2.3.4
is the IP address to https://jenkins-repo.company.com
.
UPDATE: The above solution for some reason stopped working. I developed this simple script, which every night runs on our repo server:
#/bin/bash
export PATH="/usr/local/bin:/usr/bin:/bin"
pushd /srv/mirrors/jenkins/
logger "Removing old update-center.json file from /srv/mirrors/jenkins, and fetching a new one."
rm -f update-center.json; wget https://updates.jenkins.io/current/update-center.json
logger "Replacing urls in update-center.json"
sed -i 's|updates.jenkins.io/download/|jenkins.company.com/|g' update-center.json