Gitlab, Jenkins and puppet playing together


Jenkins in one of my favourite open source tools. It must also be one of the most flexible

You can set up Jenkins to monitor your Gitlab project for any changes. If Jenkins sees any commits to the master repo, Jenkins will execute a build script and run any customised scripts. Here is how to set this up.

  • Set up a project in Gitlab. This will be your git repo.
  • Create a your git repo using a git client on a linux box of your choice.
  • Configure Jenkins job to poll the git repo and to run a build script if there are any changes.

Here is how to configure the Jenkins server to poll the git repo.

Install the gitlab plugin to Jenkins

Set up a Jenkins job and specify the following under source code management


note: The repository URL can be obtained from gitlab as shown below


Setting up build triggers

Under build triggers, select the Poll SCM and set a Schedule. The schedule is in cron format and be set as desired. Here we have set Jenkins to poll the git repo every 5 minutes for changes.

Note: Once the job is setup, you can click on the jenkins_4

Here you will see the git polling working as shown below:


SSH keys and sudo access

We will need to set up ssh keys and sudo access for the jenkins_admin user which is used to log on to the puppet masters to sycnronise the manifests and modules. To set up the keys, run the following commands on the jenkins box.

1 – Log in as jenkins_admin@jenkins on the jenkins server

2 – Run the following command to drop into the jenkins user

sudo - s -H -u jenkins

3 – Run the following to set up the ssh key pair

$ cd ~/.ssh/
$ ssh-sopy-id -i jenkins_admin@puppet-server

note: # where puppet-server is the puppet master you need to sync the manifests on

4- Configure sudo on the puppet-master so Jenkins_admin is not prompted for the password. Note you can use a manifest to configure sudo via puppet.

on the puppet-server (as root)

sudo visudo


jenkins_admin ALL= NOPASSWD:/usr/bin/rsync

Make sure you do this process for each puppet-server you wish to configure sudo and ssh keys for

Configure the Jenkins build job

Configure the Jenkins build job as follows:

# Specifies a AD user who has sudo rights on the puppet server to run the rsync
commands without requiring a password


# List of puppet masters that will receive manifests and modules

for HOST in 'puppet-server1t' 'puppet-server2' 'puppet-server3'


# rsync command to sync changes from gitlab repo

rsync -e "ssh -t -l jenkins_admin" --rsync-path='sudo rsync' -avz --stats
--progress --human-readable --exclude .git --exclude README $WORKSPACE/


This completes the setup.