DevOps Tools/CI/Jenkins

From r00tedvw.com wiki
Revision as of 13:09, 20 December 2018 by R00t (Talk | contribs)

Jump to: navigation, search

Overview | Continuous Integration (CI) | Source Control Management (SCM) | Containerization | Configuration

Contents

Jenkins

Installation (Docker - OSX)

Reference
Download, Install, and Start Docker CE edition (.dmg)
Install Jenkins image from repo using blueocean image.
~$ sudo docker run \

-u root
--rm \
( Optional ) Automatically removes the Docker container (which is the instantiation of the jenkinsci/blueocean image below) when it is shut down. This keeps things tidy if you need to quit Jenkins.
-d \
( Optional ) Runs the jenkinsci/blueocean container in the background (i.e. "detached" mode) and outputs the container ID. If you do not specify this option, then the running Docker log for this container is output in the terminal window.
-p 8080:8080 \
Maps (i.e. "publishes") port 8080 of the jenkinsci/blueocean container to port 8080 on the host machine. The first number represents the port on the host while the last represents the container’s port. Therefore, if you specified -p 49000:8080 for this option, you would be accessing Jenkins on your host machine through port 49000.
-p 50000:50000 \
( Optional ) Maps port 50000 of the jenkinsci/blueocean container to port 50000 on the host machine. This is only necessary if you have set up one or more JNLP-based Jenkins agents on other machines, which in turn interact with the jenkinsci/blueocean container (acting as the "master" Jenkins server, or simply "Jenkins master"). JNLP-based Jenkins agents communicate with the Jenkins master through TCP port 50000 by default. You can change this port number on your Jenkins master through the Configure Global Security page. If you were to change your Jenkins master’s TCP port for JNLP agents value to 51000 (for example), then you would need to re-run Jenkins (via this docker run …​ command) and specify this "publish" option with something like -p 52000:51000, where the last value matches this changed value on the Jenkins master and the first value is the port number on the Jenkins master’s host machine through which the JNLP-based Jenkins agents communicate (to the Jenkins master) - i.e. 52000.
-v jenkins-data:/var/jenkins_home \
( Optional but highly recommended ) Maps the /var/jenkins_home directory in the container to the Docker volume with the name jenkins-data. If this volume does not exist, then this docker run command will automatically create the volume for you. This option is required if you want your Jenkins state to persist each time you restart Jenkins (via this docker run …​ command). If you do not specify this option, then Jenkins will effectively reset to a new instance after each restart.
Notes: The jenkins-data volume could also be created independently using the docker volume create command:
docker volume create jenkins-data
Instead of mapping the /var/jenkins_home directory to a Docker volume, you could also map this directory to one on your machine’s local file system. For example, specifying the option -v $HOME/jenkins:/var/jenkins_home would map the container’s /var/jenkins_home directory to the jenkins subdirectory within the $HOME directory on your local machine, which would typically be /Users/<your-username>/jenkins or /home/<your-username>/jenkins.
-v /var/run/docker.sock:/var/run/docker.sock \
( Optional ) /var/run/docker.sock represents the Unix-based socket through which the Docker daemon listens on. This mapping allows the jenkinsci/blueocean container to communicate with the Docker daemon, which is required if the jenkinsci/blueocean container needs to instantiate other Docker containers. This option is necessary if you run declarative Pipelines whose syntax contains the agent section with the docker parameter -
i.e.
agent { docker { …​ } }. Read more about this on the Pipeline Syntax page.
jenkinsci/blueocean
The jenkinsci/blueocean Docker image itself. If this image has not already been downloaded, then this docker run command will automtically download the image for you. Furthermore, if any updates to this image were published since you last ran this command, then running this command again will automatically download these published image updates for you.
Note: This Docker image could also be downloaded (or updated) independently using the docker pull command:
docker pull jenkinsci/blueocean
No markup
~$ sudo docker run \
  -u root \
  --rm \
  -d \
  -p 8080:8080 \
  -p 50000:50000 \
  -v jenkins-data:/var/jenkins_home \
  -v /var/run/docker.sock:/var/run/docker.sock \
  jenkinsci/blueocean

Configuration

You should now be able to access your local jenkins instance by opening a webpage from http://127.0.0.1:8080
Jenkins will initially want you to provide a secret key which you can get from the container logs.

~$ sudo docker container ls -a                                                                                                                                                                                  ~
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                                              NAMES
441bad1bf979        jenkinsci/blueocean   "/sbin/tini -- /usr/…"   About an hour ago   Up About an hour    0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp   thirsty_goldwasser

~$ docker logs 441bad1bf979 2>&1 | grep -B2 -i initialAdminPassword                                                                                                                                             ~
b30a84793e9b41e3b4d044b7e2584643

This may also be found at: /var/jenkins_home/secrets/initialAdminPassword

Installation (CentOS 7 - using Repo)

Download and install the latest version of CentOS 7. I went with the Minimal install and below are the initial common packages.

~$ ~$ sudo yum install telnet net-tools vim tcpdump bind-utils redhat-lsb-core wget nfs-utils -y

Install some of the dependencies and repo info

~$ sudo yum install java-1.8.0-openjdk-devel -y
~$ curl --silent --location http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo | sudo tee /etc/yum.repos.d/jenkins.repo
~$ sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key

Install Jenkins

~$ sudo yum install jenkins

Start and enable on boot

~$ sudo systemctl start jenkins
~$ sudo systemctl enable jenkins

Adjust Firewall

~$ sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
~$ sudo firewall-cmd --reload

Installation using Apache/Tomcat (CentOS 7)

Download and install the latest version of CentOS 7. I went with the Minimal install and below are the initial common packages.

~$ ~$ sudo yum install telnet net-tools vim tcpdump bind-utils redhat-lsb-core wget nfs-utils -y

Download and Install

Install httpd, tomcat, and some of the dependencies

~$ sudo yum install java-1.8.0-openjdk-devel httpd tomcat tomcat-webapps -y

enable startup

~$ sudo systemctl enable httpd tomcat ~$ sudo systemctl start httpd tomcat Verify proxy modules are setup

~$ apachectl -M | grep ajp
 proxy_ajp_module (shared)

Apache configuration

Create the virtual host file. The example below is super basic and is missing a lot, but is functional.
Also, I've already added the proxy paths for Jenkins and will set it up later.

~$ sudo vim /etc/httpd/conf.d/localhost.conf

<VirtualHost *:80>

  ProxyRequests Off
  ProxyPass /examples ajp://localhost:8009/examples
  ProxyPassReverse /examples ajp://localhost:8009/examples

  ProxyPass /jenkins ajp://localhost:8009/jenkins
  ProxyPassReverse /jenkins ajp://localhost:8009/jenkins

</VirtualHost>

Test the configuration. Ignore the FQDN issue for this example, Syntax is OK, so we are good.

~$  apachectl configtest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK

Tomcat Configuration

Verify that tomcat is listening for ajp requests. By default it should be.

$ cat /usr/share/tomcat/conf/server.xml | grep -C 2 '<Connector port="8009"'

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Setting JENKINS_HOME

It is needed to set JENKINS_HOME as jenkins will need a directory to read/write/execute in. Thankfully Tomcat already has a couple of built-in EnvironmentFile declarations within /usr/lib/systemd/system/tomcat.service

EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME="
EnvironmentFile=-/etc/sysconfig/tomcat 

Knowing this, we can define our JENKINS_HOME within /etc/sysconfig/tomcat as it is meant for specific service values, /etc/tomcat/tomcat.conf is meant for all services.



Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
2020 Election
Volkswagen
Covid
NCDMV
Toolbox