QualityNet IT Services


Jenkins is an Open Source automation and orchestration engine. Jenkins offers a simple way to help automate the non-human parts of the software development process. Jenkins implements a continuous integration and continuous delivery environment for almost any combination of languages and source code repositories using pipelines, as well as automating other routine development tasks. Cloudbees Jenkins Enterprise (CJE) is a centrally managed Enterprise class version of Jenkins.

Features Include:

        • Continuous Integration: Commit changes to the source code in a shared repository several times a day or more frequently. Every commit made in the repository is then built.  This allows the teams to detect the problems early.
        • Add-On Plugins: Focus on typical Jenkins-related growth challenges faced by enterprises.
        • Agile Methodology: Deliver better products and optimize utilization of resources while getting rapid resolutions on issues.

QUICK START GUIDE

Requesting Access to a CloudBees Jenkins Master

Step 1: If you do not have a HARP account or an EIDM or EUA account, register for a HARP ID. For instructions on the HARP registration process, refer to the HARP page.

Step 2: Once the HARP account has been created, log into HARP and request a QualityNet CloudBees Jenkins entitlement via a HARP User Role. 

NOTE: Due to the Jenkins RBAC security model, users requesting the Jenkins_Admin or Jenkins_Developer role must also request the Jenkins_Browse role.
Until this functionality is developed in HARP, Admins/Developers will need to submit a second role request for the Jenkins_Browse role.

Users requesting access to the HIDS Master will need to select the Jenkins_Browse role and then reach out to the SecDevOps team via Slack (#help-devsecops) or email (ess_devsecops_team@ventera.com) to indicate which specific Jenkins job folder they need access to.

  • Select User Roles from the top of the page and select Request a Role.
  • On the Select a Program Page, select QualityNet-CloudBees Jenkins.
  • On the Select an Organization page, select the Jenkins Master you are requesting access to.
  • On the Select Roles page, select QualityNet-CloudBees Jenkins user role (choose one)
    • Jenkins_Admin
    • Jenkins_Browse
    • Jenkins_Deployer (not available in all Masters)
    • Jenkins_Developer
    • Jenkins_SO
  • Select the Submit button
  • Enter your reason for requesting the selected role in the Request Reason text field.
  • Select the Submit button

Step 3:  Users requesting the Jenkins_Admin or Jenkins_Developer role must also request the Jenkins_Browse role, repeat Step 2 and request the Jenkins_Browse role.  See NOTE above.

Step 4:  The organization's Security Official reviews and approves/denies the user role request. You will be notified via email that your request has been submitted, and again when your role has been approved or denied.



Accessing CloudBees Jenkins:

Step 1: If you do not have Zscaler access, please follow instructions on the Zscaler Getting Started page.

Step 2: Log into Zscaler

Step 3: Log into CloudBees Jenkins at  https://qnetjenkins.cms.gov/cjoc/ using your HARP credentials. Alternatively, you may also log in to the CMS.gov|IDM application portal at https://idm.cms.gov and select the CloudBees Jenkins tile

Note: you must be connected to Zscaler before logging into CloudBees Jenkins


Requesting a New CloudBees Jenkins Master

Step 1: Log into CCSQ ServiceNow using your HARP credentials. If you do not have access to CCSQ ServiceNow, please follow instructions on the
CCSQ ServiceNow Getting Started page.

Step 2: Select ServiceNow after logging in.

Step 3: Locate the SecDevOps Catalog item

  • Type “catalog” in the Filter Navigator
  • Select IT Services Catalog
  • Select SecDevOps
  • Select ADO Onboarding Request
  • Select CloudBees Jenkins Onboarding Request
  • Complete online form and select Submit.

Required Information for online form:

  • Name of the new CloudBees Jenkins Master
  • A brief justification for the new CloudBees Jenkins Master
    • EX: This new Master will be used by the <Your LOB> team to subdivide major applications that are managed by different teams on our program.



FAQs

CJE CORE

The QualityNet CloudBees Jenkins CORE can be accessed using the following URL: https://qnetjenkins.cms.gov//

You can either login using the above url which will redirect you to HARP login. Alternatively, you can login to HARP and click on the Jenkins app icon. 

Users who created a personal Jenkins API token before the Jenkins HARP cutover may need to create a new token.  This is dependent on whether your AD ID is different from your HCQIS ID in your Okta profile.  For users whose AD ID is the same as their HCQIS ID, your previously generated, the previously generated token should work.

For users whose AD ID is different from their HCQIS ID you will need to generate a new API token.

Steps to create a new personal Jenkins API Token:

  1. Log in to Jenkins using your HARP credentials
  2. Select your user name in the upper right and select Configure
  3. In the API Token section, select Add new token, provide a name, and select Generate
  4. Update any credentials that used a previous personal API token
  • 100.65.16.0/24
  • 100.65.17.0/24
  • 100.65.18.0/24

Follow instructions here: How to request ec2 access for Service user for Jenkins Agent connections

The QualityNet CloudBees Jenkins can be accessed using the following URL: https://qnetjenkins.cms.gov/ To login, use your HARP credentials.

Requesting Access to a CloudBees Jenkins Master

Step 1: If you do not have a HARP account or an EIDM or EUA account, register for a HARP ID. For instructions on the HARP registration process, refer to the HARP page.

Step 2: Once the HARP account has been created, log into HARP and request a QualityNet CloudBees Jenkins entitlement via a HARP User Role. 

NOTE: Due to the Jenkins RBAC security model, users requesting the Jenkins_Admin or Jenkins_Developer role must also request the Jenkins_Browse role.
Until this functionality is developed in HARP, Admins/Developers will need to submit a second role request for the Jenkins_Browse role.

Users requesting access to the HIDS Master will need to select the Jenkins_Browse role and then reach out to the SecDevOps team via Slack (#help-devsecops) or email (ess_devsecops_team@ventera.com) to indicate which specific Jenkins job folder they need access to.

  • Select User Roles from the top of the page and select Request a Role.
  • On the Select a Program Page, select QualityNet-CloudBees Jenkins.
  • On the Select an Organization page, select the Jenkins Master you are requesting access to.
  • On the Select Roles page, select QualityNet-CloudBees Jenkins user role (choose one)
    • Jenkins_Admin
    • Jenkins_Browse
    • Jenkins_Developer
    • Jenkins_SO
  • Select the Submit button
  • Enter your reason for requesting the selected role in the Request Reason text field.
  • Select the Submit button

Step 3:  For users requesting the Jenkins_Admin or Jenkins_Developer role, repeat Step 2 and request the Jenkins_Browse role.  See NOTE above.

Step 4:  The organization's Security Official reviews and approves/denies the user role request. You will be notified via email that your request has been submitted, and again when your role has been approved or denied.

Yes, there are some slight changes to building jobs in CJE CORE (2.x). Instead of using docker agents to build jobs, you will now have to use Kubernetes pod templates. If you are already using permanent slave, there would be no change

The process to create custom kubernetes pod templates is documented here: How to create Kubernetes Pod Templates in CJE-CORE

The process to build docker images is documented here: CJE-CORE Building docker images using Buildah

Yes. If you have the role of an ADO Admin, you may install plugins using the plugin manager.



Need Help ?

If you need help or assistance please contact the HCT DevSecOps team. They can be reached via the following methods:







  • No labels