Problem scenario
You have Jenkins set up on Linux. You want it to deploy files to other Linux servers, how do you do this as a proof of concept?
Solution
There are many different ways of accomplishing this task. These directions do not cover the production-recommended best practices associated with security. For such a solution, you may want to see this external site. (These directions could be adapted for non-AWS environments. You would configure the relevant firewall(s) instead of the relevant Security Group(s).)
Prerequisite
You need to have Jenkins set up. If you do not know how to set it up and you are using Debian/Ubuntu Linux, see this link.; if you are using CentOS/RHEL/Fedora Linux, see this posting. Ensure that the Security Group(s) governing the Jenkins server allows for connectivity to this other server.
Procedures
Part 1
Configure passwordless SSH between the two servers.
1. Optional step to be potentially done on the back-end of the Jenkins server. If you do not know the Jenkins password and you can change it, do the following:sudo passwd jenkins
# Press enter. Then enter a new password twice.
2. On the Jenkins server run these commands:
su jenkins
ssh-keygen -t rsa -P ""
# You will be prompted after the above command. Press enter to accept the default location to save the key.
Then run this command:cat /var/lib/jenkins/.ssh/id_rsa.pub
3. Go to the non-Jenkins server. Append the output of the above command to an authorized_keys file on the non-Jenkins server. Assuming the "ubuntu" username on the non-Jenkins server that has the ability to write to the destination directory where the file will go, the authorized_keys file that will receive the appendage is this /home/ubuntu/.ssh/authorized_keys
4. Connect from the Jenkins server to the server just configured. When prompted to "Continue" type "Yes" (with no quotes) and press enter. Then exit the SSH connection. (Alternatively you could turn off the fingerprint verification step.) This is just to allow Jenkins to SSH to the server.
Part 2
1. Identify the file path on the Jenkins server you want to transfer. (Make note of the full directory path.) For this example, we will assume it is /coolpath/goodfile.
2. Open Jenkins web UI.
3. Click on "New Item."
4. Give it a name, and choose "Freestyle project" and click "Ok."
5. On the next screen for configuring this project, scroll to the bottom and click on the "Add build step" underneath "Build."
6. Click on "Execute shell." Enter this text*:
scp /coolpath/goodfile ubuntu@x.x.x.x:/tmp/goodfile2
* You will substitute the text above according to the following:
- "/coolpath/goodfile" is the full directory path of the source file you want to transfer on the Jenkins server
- "ubuntu" with the username that received the modification to its authorized_keys file on the non-Jenkins server that will receive files from jenkins (in step 3 of Part 1 above).
- "/tmp/goodfile2" is the directory destination and file name you want the file to be on the non-Jenkins server
- x.x.x.x is the IP address of the non-Jenkins server. To determine if it should be the internal (found with an ip addr show command) or external IP address (found with a curl icanhazip.com command), use the one that corresponds with the AWS Security Group rule or GCP firewall rule for the Jenkins server. That is if the AWS Security Group or GCP firewall was configured to all an external IP address of the Jenkins server, use the external IP address of the non-Jenkins server. If the Jenkins server's internal IP address was used in the GCP firewall or AWS Security Group configuration, use the internal IP address of the non-Jenkins server.
- "/tmp/goodfile2" is the directory destination and file name you want the file to be on the non-Jenkins server
- x.x.x.x is the IP address of the non-Jenkins server. To determine if it should be the internal (found with an ip addr show command) or external IP address (found with a curl icanhazip.com command), use the one that corresponds with the AWS Security Group rule or GCP firewall rule for the Jenkins server. That is if the AWS Security Group or GCP firewall was configured to all an external IP address of the Jenkins server, use the external IP address of the non-Jenkins server. If the Jenkins server's internal IP address was used in the GCP firewall or AWS Security Group configuration, use the internal IP address of the non-Jenkins server.
7. Click "Save."
8. From the back end of the Jenkins server, run the shell command you entered in step #6. You do this exactly one time to manually accept the fingerprint. (This prompt will not happen again; it would have stopped the Jenkins job from completing successfully.)
9. Go back to the Jenkins web UI. Click "Build Now" on the left.