Back to trying to get Jenkins updated to a more recent LTS version

After reading some other posts recently, I think I have a better understanding of the approach I should take to try to upgrade our Jenkins system to a newer LTS version. I have pasted our current setup below in the Jenkins setup section. Highlights: Version 2.346.3 using Java 11. We have a lot of plug-ins, many of which are deprecated. I installed the Plugin-Usage plugin and none of the deprecated plugins are being used by any current jobs. Previously, I was moving up one LTS release at a time, but because of how many plugins are installed and because I would have to try to guess which versions to upgrade to since the version of Jenkins I have been going to were a couple of years old, I can’t use the Plugin Manager to automatically download the versions of plugins compatible with the version of Jenkins.
My idea for the next approach:

1. Disable deprecated plugins
2. Uninstall deprecated plugins
3. Install OpenJDK 21 on server (RHEL 8)
4. Stop Jenkins (currently running OpenJDK 11).
5. Configure OpenJDK 21 as the primary JDK. (alternatives --config java)
6. Upgrade Jenkins to v2.462.3 (chose this version since it is under 1 year old. This means that the Plugin Manager will allow me to update installed plugins through the UI rather than having to upload them manually (hope this is correct?)

7. Start Jenkins and check logs for critical issues.
8. Go to Plugin Manager.
9. Upgrade all plugins to versions compatible with v2.462.3.
10. Deactivate/Uninstall any additional deprecated plugins.
    I will plan to take many snapshots along the way. Now that I am thinking about it, maybe there isn’t any reason not to go ahead and upgrade to 2.492.3 or 2.504.3.
    Any thoughts/suggestions/critiques would be appreciated!

Jenkins setup:

Jenkins: 2.346.3

OS: Linux - 4.18.0-477.15.1.el8_8.x86_64
Java: 11.0.22 - Red Hat, Inc. (OpenJDK 64-Bit Server VM)

JDK_Parameter_Plugin:1.0
ace-editor:1.1
analysis-collector:2.0.0
analysis-core:1.96
analysis-model-api:10.2.5
ant:1.11
antisamy-markup-formatter:2.1
apache-httpcomponents-client-4-api:4.5.13-1.0
authentication-tokens:1.4
backup:1.6.1
bootstrap4-api:4.6.0-3
bootstrap5-api:5.0.2-1
bouncycastle-api:2.25
branch-api:2.6.2
build-flow-plugin:0.20
build-pipeline-plugin:1.5.8
build-token-root:1.7
buildgraph-view:1.8
caffeine-api:2.9.1-23.v51c4e2c879c8
checks-api:1.7.2
checkstyle:4.0.0
chromedriver:1.2
cloudbees-folder:6.16
cobertura:1.16
code-coverage-api:1.4.0
command-launcher:1.6
conditional-buildstep:1.4.1
config-file-provider:3.8.0
convert-to-pipeline:1.0
copyartifact:1.46.1
credentials:2.5
credentials-binding:1.27
dashboard-view:2.16
data-tables-api:1.10.25-3
date-parameter:0.0.4
display-url-api:2.3.5
docker-commons:1.17
docker-workflow:1.26
dry:3.0.0
durable-task:1.37
echarts-api:5.1.2-3
email-ext:2.83
emailext-template:1.2
extended-choice-parameter:0.82
extensible-choice-parameter:1.8.0
external-monitor-job:1.7
findbugs:5.0.0
font-awesome-api:5.15.3-4
forensics-api:1.2.1
git:4.8.1
git-client:3.9.0
git-parameter:0.9.13
git-server:1.9
gitlab-oauth:1.10
gitlab-plugin:1.5.20
gradle:1.37.1
groovy:2.4
handlebars:3.0.8
hidden-parameter:0.0.4
icon-shim:2.0.3
jackson2-api:2.12.4
javadoc:1.6
javax-activation-api:1.2.0-2
javax-mail-api:1.6.2-5
jaxb:2.3.0.1
jdk-tool:1.5
jobgenerator:1.22
jquery:1.12.4-1
jquery-detached:1.2.1
jquery3-api:3.6.0-2
jsch:0.1.55.2
junit:1.51
ldap:2.0
lockable-resources:2.11
mailer:408.vd726a_1130320
matrix-auth:2.6.8
matrix-project:1.20
maven-artifact-choicelistprovider:1.9.0
maven-plugin:3.8
momentjs:1.1.1
nexus-artifact-uploader:2.13
nodejs:1.4.0
pam-auth:1.6
parameterized-trigger:2.39
pipeline-aggregator-view:1.11
pipeline-build-step:2.14
pipeline-graph-analysis:1.11
pipeline-input-step:2.12
pipeline-milestone-step:1.3.2
pipeline-model-api:1.9.1
pipeline-model-declarative-agent:1.1.1
pipeline-model-definition:1.9.1
pipeline-model-extensions:1.9.1
pipeline-npm:0.9.2
pipeline-rest-api:2.19
pipeline-stage-step:2.5
pipeline-stage-tags-metadata:1.9.1
pipeline-stage-view:2.19
plain-credentials:1.7
plugin-usage-plugin:2.1
plugin-util-api:2.4.0
pmd:4.0.0
popper-api:1.16.1-2
popper2-api:2.5.4-3
powershell:1.5
promoted-builds:3.10
publish-over:0.22
publish-over-ssh:1.22
repository-connector:1.2.6
resource-disposer:0.16
run-condition:1.5
run-selector:1.1.1
scm-api:2.6.5
script-security:1.78
scriptler:3.3
snakeyaml-api:1.29.1
sonar:2.14
ssh:2.6.1
ssh-agent:1.22
ssh-credentials:1.18.1
sshd:3.0.3
structs:1.23
tasks:4.53
timestamper:1.13
token-macro:2.13
trilead-api:1.0.13
uno-choice:2.5.6
warnings:5.0.1
warnings-ng:9.4.0
windows-slaves:1.8.1
workflow-aggregator:2.6
workflow-api:2.46
workflow-basic-steps:2.23
workflow-cps:2.93
workflow-cps-global-lib:2.19
workflow-durable-task-step:2.39
workflow-job:2.41
workflow-multibranch:2.24
workflow-remote-loader:1.5
workflow-scm-step:2.13
workflow-step-api:2.24
workflow-support:3.8
ws-cleanup:0.39

Plugins you can already safely remove I think as they are no longer distributed or are deprecated (assuming they are not used):
ace-editor
analysis-collector
analysis-core
bootstrap4-api
build-flow-plugin
checkstyle
code-coverage-api
dry
findbugs
handlebars
icon-shim
momentjs
jquery-detached
pmd
popper-api
popper2-api
tasks
warnings
windows-slaves

Candidates that can be deleted when not used
build-pipeline-plugin
buildgraph-view
jquery

Which securityRealm are you using?
You have gitlab-oauth, ldap and pam-auth, you need only one of them.
When you update to 2.479.3 or higher and you use ldap you will need to update ldap in lockstep with Jenkins (see Upgrade Guide for 2.479.x)

I propose to first try out the upgrade on a test instance.

You might also consider using the GitHub - jenkinsci/plugin-installation-manager-tool: Plugin Manager CLI tool for Jenkins to download all the plugins while Jenkins is offline and put the jpi files in the plugins directory. This might be better especially when you jump to 2.479.x and higher as it avoids the problem with the ldap plugin. Also most plugins you have installed require 2.479.x or higher in their latest version so you need to update them anyway after starting with the new Jenkins version. That approach will save you

Good evening, Markus. Thank you for your response. I looked through the Readme for the Plugin Manager CLI tool, but it isn’t clear to me how to use it. Can you give me some more instructions on how to use it? I don’t currently see a plugins.txt file in my $JENKINS_HOME/plugins directory. I only see a directory for each plugin, a .jpi file for each and a .bak for each. I do see the war file in /usr/share/java. The command line shown in the Readme is like this:

java -jar jenkins-plugin-manager-*.jar --war /your/path/to/jenkins.war --plugin-download-directory /your/path/to/plugins/ --plugin-file /your/path/to/plugins.txt --plugins delivery-pipeline-plugin:1.3.2 deployit-plugin

For my environment, it would look something like this:

java -jar jenkins-plugin-manager-2.13.2.jar --war /usr/share/java/jenkins.war --plugin-download-directory /u01/jenkins-data/plugins/ --plugin-file (?)plugins.txt --plugins (?) deployit-plugin

Would I need to create the plugins.txt by entering each plugin in a text file, one line for each plugin name? How do I tell it to get the latest version of each one? And is the -–plugins option only if I wanted to specify an individual plugin instead of a list in a plugin.txt file?

I appreciate any advise you can offer for this!

I would recommend using a plugins.txt file that contains all plugins you need. You need to create yourself, it is not provided or maintained by Jenkins. Specifying all plugins on the commandline might be a bit cumbersome. Theoretically you don’t need to specify plugins that are only used transitively but it’s hard to tell which those are so you could create the list with all your currently installed plugins (minus the deprecated ones).
With a plugins.txt you don’t need the option -plugins. Put in the file just the plugin names without a version. Then it will automatically install the latest version that fits your Jenkins.
You can preview what will be downloaded with the options -l and --no-download