Версия 15:12, 24 марта 2016

Jenkins

Jenkins is the leading open source automation server. Jenkins provides hundreds of plugins to support building, deploying and automating any project.

Assumptions

Server IP: 192.168.56.102
Server Name: cicd
Root DN: demo
Any password (for all users): r00tme
OS: Ubunti 14.04
All software use default tcp/udp ports if it possible

Installation

Add key:

wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
OK

Add link to Jenkins Ubuntu repo:

sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'

Update repos:

sudo apt-get update

Check in which repo Jenkins package is located. We need this step to be sure we will install Jenkins from correct repo.

apt-cache policy jenkins
jenkins:
  Installed: (none)
  Candidate: 1.654
  Version table:
     1.654 0
        500 http://pkg.jenkins-ci.org/debian/ binary/ Packages

Install Jenkins:

# sudo apt-get install jenkins

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  ca-certificates-java daemon default-jre-headless java-common libasyncns0
  libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libflac8
  libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libogg0
  libpulse0 libsctp1 libsndfile1 libvorbis0a libvorbisenc2 lksctp-tools
  openjdk-7-jre-headless tzdata tzdata-java
Suggested packages:
  default-jre equivs cups-common liblcms2-utils pulseaudio icedtea-7-jre-jamvm
  libnss-mdns sun-java6-fonts fonts-dejavu-extra fonts-ipafont-gothic
  fonts-ipafont-mincho ttf-wqy-microhei ttf-wqy-zenhei ttf-indic-fonts-core
  ttf-telugu-fonts ttf-oriya-fonts ttf-kannada-fonts ttf-bengali-fonts
The following NEW packages will be installed:
  ca-certificates-java daemon default-jre-headless java-common jenkins
  libasyncns0 libavahi-client3 libavahi-common-data libavahi-common3 libcups2
  libflac8 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb
  libogg0 libpulse0 libsctp1 libsndfile1 libvorbis0a libvorbisenc2
  lksctp-tools openjdk-7-jre-headless tzdata-java
The following packages will be upgraded:
  tzdata
1 upgraded, 26 newly installed, 0 to remove and 26 not upgraded.
Need to get 106 MB of archives.
After this operation, 133 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y

Now Jenkins is installed

Check Installation

Check jenkins status using init script
Start Jenkins if it is not started
Check status using init script ancd check processes and and tcp listeners
Check HTTP interface

Status

/etc/init.d/jenkins status
Jenkins Continuous Integration Server is not running

Start Jenkins

/etc/init.d/jenkins  start
 * Starting Jenkins Continuous Integration Server jenkins                                                                                                                                                                                                                   [ OK ]

Status (after start)

/etc/init.d/jenkins status
Jenkins Continuous Integration Server is running with the pid 9332

Check Jenkins process

ps -auxfw | grep jenkins

root      9416  0.0  0.0  11748  2092 pts/3    S+   13:22   0:00                  \_ grep --color=auto jenkins
jenkins   9332  0.0  0.0  20032   196 ?        S    13:19   0:00 /usr/bin/daemon --name=jenkins --inherit --env=JENKINS_HOME=/var/lib/jenkins --output=/var/log/jenkins/jenkins.log --pidfile=/var/run/jenkins/jenkins.pid -- /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
jenkins   9333  9.7  5.3 1746604 165404 ?      Sl   13:19   0:21  \_ /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1

Pids are:

9332
9333

Check for ports opened by Jenkins pids

netstat  -ntpl  | grep -E "9332|9333"
tcp6       0      0 :::8080                 :::*                    LISTEN      9333/java
tcp6       0      0 :::39553                :::*                    LISTEN      9333/java
tcp6       0      0 :::38538                :::*                    LISTEN      9333/java

Check http interface

Open http://192.168.56.102:8080/

Configuration

Apache Proxy

For demo we DO NOT need use apache proxy, but for production installation we suggest to use apache or nginx
Configuration example:

<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	ServerName ci.company.com
	ServerAlias ci
	ProxyRequests Off
	<Proxy *>
		Order deny,allow
		Allow from all
	</Proxy>
	ProxyPreserveHost on
	ProxyPass / http://localhost:8080/ nocanon
	AllowEncodedSlashes NoDecode
</VirtualHost>

localhost:8080 is default Jenkins http address, and can be changed.

Ldap integration

Jenkins has built-in LDAP support, so we need to create LDAP users and enable LDAP in Jenkins.

Create LDAP units, users and groups

Simplest way is manage LDAP from using command-line tools.

add alias

alias ldapmodify="ldapmodify -D cn=admin,dc=demo -w r00tme"

Create Organization Unit to store all CI/CD groups and users

in file cici_organization_unit

dn: ou=cicd,dc=demo
changetype: add
ou: CICD
objectClass: organizationalUnit
description: CICD OU for Jenkis/Gerrit groups and permissions

Add OU to ldap

ldapmodify  < cici_organization_unit
adding new entry "ou=cicd,dc=demo"

Create group in CICD OU

dn: cn=cicd  administrators,ou=cicd,dc=demo
changetype: add
cn: cicd_administrators
objectClass: posixGroup
gidNumber: 5000
description: CI/CD  administrators

ldapmodify < cicd_administrators
adding new entry "cn=cicd  administrators,ou=cicd,dc=demo"

Create users (first user is me :) )

dn: cn=Max Mazur,ou=cicd,dc=demo
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Max Mazur
ou: cicd
uid: mmaxur
givenName: Max
sn: mmaxur
userPassword: {SSHA}5oLdx/TJdGrRb3Jaz/9JWuFsj59pPoPt
<PRE>
Passwords are encoded with <B>slappasswd</B> tool:

<PRE>
slappasswd
New password:
Re-enter new password:
{SSHA}5oLdx/TJdGrRb3Jaz/9JWuFsj59pPoPt

ldapmodify < mmaxur_user
adding new entry "cn=Max Mazur,ou=cicd,dc=demo"

Check objects in ldap

Configure LDAP in Jenkins

Open Jenkins HTTP interface: http://192.168.65.102:8080/
Go to 'Manage Jenkins'

Go to Global Security

Configure LDAP options.

We configured LDAP on the same host as Jenkins, but in "real life" installations usually there is pre-installed corporate LDAP and you can ask for Corporate LDAP administrators for parameters.

- LDAP Server: localhost means use our local demo LDAP server
- User search base: ou=cicd,dc=demo means use cicd organization unit for users.
- Group search filter: (& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup))) means search in different group objects. Our local LDAP supports only posixGroup
- Manager DN/Manager Password: cn=admin,dc=demo / r00tme is pre-configured admin account.

Reload page and log-in (now there is only one user: mmaxur)

Test LDAP

Manage Jenkins -> Configure Global Security --> LDAP

Links

@@ Строка 229: / Строка 229: @@
 <BR>
 [[Изображение:Jenkins4.png|600px]]
-</BR>
+<BR>
 *Configure LDAP options.
@@ Строка 241: / Строка 241: @@
 <BR>
 [[Изображение:Jenkins5.png|600px]]
-</BR>
+<BR>
@@ Строка 247: / Строка 247: @@
 <BR>
 [[Изображение:Jenkins6.png|600px]]
-</BR>
+<BR>
 ====Test LDAP====

Jenkins: различия между версиями