Giters

opensearch-project / opensearch-ci

Enables continuous integration across OpenSearch, OpenSearch Dashboards, and plugins.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Upgrade jenkins to latest LTS: 2.387.1

gaiksaya opened this issue · comments

commented

Is your feature request related to a problem? Please describe

We need to upgrade jenkins to latest version in order to resolve the existing CVEs as well as use new features and bug fixes.
https://www.jenkins.io/changelog-stable/

Describe the solution you'd like

We tried upgrading to 2.346.3 but it introduced a 9.8 score CVE. The CVE was resolved in later versions hence using latest makes more sense.

Below are the steps to upgrade:

  1. Upgrade docker image: Docker is the source of jenkins in this setup. Sample PR #260
  2. Upgrade Java: The new version upgrades java to either 11 or 17. Current one uses 8 hence need to bump java version in all agent nodes as well. (packer scripts)
  3. Bump jenkins core version in build.gradle: Associated repos https://github.com/opensearch-project/opensearch-build, https://github.com/opensearch-project/opensearch-build-libraries
  4. Add documentation on how to upgrade. Documentation should mention EBS backing up as well.

Describe alternatives you've considered

Use the same version

Additional context

No response

commented

All packer agents need to be updated to have jdk11 as their main jdk.
https://github.com/opensearch-project/opensearch-ci/blob/main/packer/