Best practices for installing plugins on production instances

Administrators are often asked to install plugins on production instances. However, doing so may cause unintended consequences.

Follow these best practices to ensure a smooth plugin installation:

  1. Determine if the plugin is part of CloudBees Assurance Program.

    If it is, you can skip to step 2.

    If it is not, answer the following questions. If you answer yes to all of the following questions, proceed to step 2. If you answer no to any of the following questions, do not install the plugin.

    • Was it released less than 2 years ago?

    • Is it maintained?

    • Does it have activity?

    • Is it free of security issues?

    • Does it have less than 5 non-security issues?

  2. Install it on a development instance and run tests.

  3. If it passes tests on the development instance, install it on a staging instance and run tests.

  4. If it passes tests on the staging instance, install it on the production instance.

Installing plugins from the Plugin Manager

To install plugins from the Plugin Manager:

  1. From your CloudBees product, select Manage Jenkins Manage Plugins.

  2. Verify that the plugin is not already installed. On the Installed tab, type the name of the plugin you want to install in the Filter field.

    If the plugin appears, then it is already installed.

  3. On the Available tab, type the name of the plugin you want to install in the Filter field.

  4. Select the Install check box on the left of the plugin’s name.

  5. Scroll down the page and click either the Install without restart or Download now and install after restart button.

Installing plugins from the command line

You can use the Jenkins CLI tool to install plugins from the command line instead of via the Manage Plugins GUI.

Executing a Groovy script and install a plugin using the CLI

See the CLI user guide for more information on downloading and configuring the Jenkins CLI tool.

The following bash script will execute a Groovy script and install the 'beer' plugin on all the online client controllers:

#!/usr/bin/env bash

JENKINS_CLI=jenkins-cli.jar
JENKINS_CJOC_URL=http://localhost:8080/
JENKINS_AUTH=admin:admin

if [ -z "$JENKINS_CJOC_URL" ]; then
    echo "Need to set environment variable JENKINS_CJOC_URL (Operations Center root URL)."
    exit 1
fi

if [ -z "$JENKINS_AUTH" ]; then
    echo "Need to set environment variable JENKINS_AUTH (format: 'userId:apiToken')."
    exit 1
fi


if [ -f "$JENKINS_CLI" ]
then
	echo "Using $JENKINS_CLI."
else
	wget -O "$JENKINS_CLI" $JENKINS_CJOC_URL/jnlpJars/jenkins-cli.jar
fi

java -jar $JENKINS_CLI -s $JENKINS_CJOC_URL -auth $JENKINS_AUTH list-masters | jq -r '.data.masters[] | select(.status == "ONLINE") | .url' | while read url; do
	java -jar $JENKINS_CLI -s $url -auth $JENKINS_AUTH groovy = < configuration-script.groovy
	java -jar $JENKINS_CLI -s $url -auth $JENKINS_AUTH install-plugin beer
done