Jenkins config rescue

[samrocketman]

Back up jenkins config without build history.

find . -maxdepth 2 \( -path './config-history/*' -o -path './plugins/*' -o -path './secret*' -o -path './*.xml' -o -type f \( -name 'config.xml' -o -name 'nextBuildNumber' \) \) -exec tar -uvf /tmp/jenkins-config.tar {} +

[samrocketman]

Backup without writing to disk on the remote host

Sometimes it is necessary to read-only backup on the remote host. The following script is designed to backup Jenkins on a remote host that is read-only.

Source code for `backup.sh` (Click to expand)

---

#!/bin/bash
#Created by Sam Gleske (https://github.com/samrocketman)
#Thu Sep 10 17:38:28 EDT 2020
# DESCRIPTION
#   Take a remote backup of Jenkins configuration without writing to disk on
#   the remote host.
#
# USAGE
#   Backup Jenkins at a standard path
#
#       ./backup.sh user@host > local-file.tgz
#
#   Backup Jenkins with a custom home location.
#
#       ./backup.sh user@host /var/lib/jenkins > local-file.tgz
#
#   Backup Jenkins with a custom home location and changing the default depth
#   for searching for job configurations.  For a classic Jenkins instance with
#   no folder hierarchy the  recommended depth to search  configuration is 2.
#
#       ./backup.sh user@host /var/lib/jenkins 2 > local-file.tgz

REMOTE_HOST="$1"
BACKUP_PATH="${2:-/var/lib/jenkins}"
# jervis Jenkins instances require a  depth of 7 to capture folders,
# multibranch pipelines, and job next build numbers.
MAX_DEPTH="${3:-7}"

ssh -T "${REMOTE_HOST}" -- 'sudo -- /bin/bash -o pipefail -ex' <<EOF
echo 'Backup as the following user:' >&2
whoami >&2
cd '${BACKUP_PATH}'
find . \
  -maxdepth '${MAX_DEPTH}' \( \
    -path './config-history/*' \
    -o -path './plugins/*' \
    -o -path './secret*' \
    -o -path './*.xml' \
    -o -path './jenkins-versions.manifest' \
    -o -path './*.groovy.d/*' \
    -o -path './userContent/*' \
    -o -type f \( \
      -name 'config.xml' \
      -o -name 'nextBuildNumber' \
    \) \
  \) \
  | sed 's#^./##' \
  | tar czT -
EOF

#this will output a compressed archive to stdout

---

Example usage

The following example will execute backup.sh to compress the remote Jenkins configuration and write it to local disk on your computer without writing to disk on the remote host.

bash backup.sh user@hostname > backup.tgz

The script supports up to 3 arguments:

1. The user@hostname to connect to the remote host.
2. The remote host Jenkins home.
3. The find -maxdepth to optimize the time it takes. By default the depth is 2. For a jenkins-bootstrap-jervis version of Jenkins the value should be 7.

Customize the user home (-maxdepth 2 is still used).

bash backup.sh user@hostname /path/to/jenkins_home > backup.tgz

To backup a remote Jervis-based Jenkins instance, the following command should be used (-maxdepth 7).

bash backup.sh user@hostname /var/lib/jenkins 7 > backup.tgz

Encrypt local backups

I prefer GPG. The following is an example using my own GPG key.

bash backup.sh user@hostname /var/lib/jenkins 7 | gpg -er E8F732347257E65F -o backup.tgz.gpg

Example output

When a backup successfully runs you should see output similar to the following.

+ echo 'Backup as the following user:'
Backup as the following user:
+ whoami
root
+ cd /var/lib/jenkins
+ find . -maxdepth 7 '(' -path './config-history/*' -o -path './plugins/*' -o -path './secret*' -o -path './*.xml' -o -path ./jenkins-versions.manifest -o -path './*.groovy.d/*' -o -path './userContent/*' -o -type f '(' -name config.xml -o -name nextBuildNumber ')' ')'
+ sed 's#^./##'
+ tar czT -

If you encrypted your backup locally, then you'll need to decrypt it.

gpg -do backup.tgz < backup.tgz.gpg

To extract your local backup run the following.

mkdir restore
cd restore/
tar  -xzf ../backup.tgz

Cross-platform issues

Please note, if your $JENKINS_HOME was on Linux and you try to extract on Mac OS X, then you'll encounter errors due to differences in the filesystem used by Mac. Extract the Linux tar on a Linux machine and you shouldn't get errors.