Jenkins

Это часть лекции CI/CD за один день,

Jenkins is the leading open source automation server. Jenkins provides hundreds of plugins to support building, deploying and automating any project.

Assumptions

• Server IP: 192.168.56.102
• Server Name: cicd
• Root DN: demo
• Any password (for all users): r00tme
• OS: Ubunti 14.04
• All software use default tcp/udp ports if it possible

Installation

Add key:

wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
OK

Add link to Jenkins Ubuntu repo:

sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'

Update repos:

sudo apt-get update

Check in which repo Jenkins package is located. We need this step to be sure we will install Jenkins from correct repo.

apt-cache policy jenkins
jenkins:
  Installed: (none)
  Candidate: 1.654
  Version table:
     1.654 0
        500 http://pkg.jenkins-ci.org/debian/ binary/ Packages

Install Jenkins:

# sudo apt-get install jenkins

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  ca-certificates-java daemon default-jre-headless java-common libasyncns0
  libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libflac8
  libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libogg0
  libpulse0 libsctp1 libsndfile1 libvorbis0a libvorbisenc2 lksctp-tools
  openjdk-7-jre-headless tzdata tzdata-java
Suggested packages:
  default-jre equivs cups-common liblcms2-utils pulseaudio icedtea-7-jre-jamvm
  libnss-mdns sun-java6-fonts fonts-dejavu-extra fonts-ipafont-gothic
  fonts-ipafont-mincho ttf-wqy-microhei ttf-wqy-zenhei ttf-indic-fonts-core
  ttf-telugu-fonts ttf-oriya-fonts ttf-kannada-fonts ttf-bengali-fonts
The following NEW packages will be installed:
  ca-certificates-java daemon default-jre-headless java-common jenkins
  libasyncns0 libavahi-client3 libavahi-common-data libavahi-common3 libcups2
  libflac8 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb
  libogg0 libpulse0 libsctp1 libsndfile1 libvorbis0a libvorbisenc2
  lksctp-tools openjdk-7-jre-headless tzdata-java
The following packages will be upgraded:
  tzdata
1 upgraded, 26 newly installed, 0 to remove and 26 not upgraded.
Need to get 106 MB of archives.
After this operation, 133 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y

Now Jenkins is installed

Check Installation

• Check jenkins status using init script
• Start Jenkins if it is not started
• Check status using init script ancd check processes and and tcp listeners
• Check HTTP interface

Status

/etc/init.d/jenkins status
Jenkins Continuous Integration Server is not running

Start Jenkins

/etc/init.d/jenkins  start
 * Starting Jenkins Continuous Integration Server jenkins                                                                                                                                                                                                                   [ OK ]

Status (after start)

/etc/init.d/jenkins status
Jenkins Continuous Integration Server is running with the pid 9332

Check Jenkins process

ps -auxfw | grep jenkins

root      9416  0.0  0.0  11748  2092 pts/3    S+   13:22   0:00                  \_ grep --color=auto jenkins
jenkins   9332  0.0  0.0  20032   196 ?        S    13:19   0:00 /usr/bin/daemon --name=jenkins --inherit --env=JENKINS_HOME=/var/lib/jenkins --output=/var/log/jenkins/jenkins.log --pidfile=/var/run/jenkins/jenkins.pid -- /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
jenkins   9333  9.7  5.3 1746604 165404 ?      Sl   13:19   0:21  \_ /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1

Pids are:

• 9332
• 9333

Check for ports opened by Jenkins pids

netstat  -ntpl  | grep -E "9332|9333"
tcp6       0      0 :::8080                 :::*                    LISTEN      9333/java
tcp6       0      0 :::39553                :::*                    LISTEN      9333/java
tcp6       0      0 :::38538                :::*                    LISTEN      9333/java

Check http interface

Open http://192.168.56.102:8080/

Configuration

Apache Proxy

For demo we DO NOT need use apache proxy, but for production installation we suggest to use apache or nginx
Configuration example:

<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	ServerName ci.company.com
	ServerAlias ci
	ProxyRequests Off
	<Proxy *>
		Order deny,allow
		Allow from all
	</Proxy>
	ProxyPreserveHost on
	ProxyPass / http://localhost:8080/ nocanon
	AllowEncodedSlashes NoDecode
</VirtualHost>

• localhost:8080 is default Jenkins http address, and can be changed.

Ldap integration

Jenkins has built-in LDAP support, so we need to create LDAP users and enable LDAP in Jenkins.

Create LDAP units, users and groups

Simplest way is manage LDAP from using command-line tools.

• add alias

alias ldapmodify="ldapmodify -D cn=admin,dc=demo -w r00tme"

• Create Organization Unit to store all CI/CD groups and users

in file cici_organization_unit

dn: ou=cicd,dc=demo
changetype: add
ou: CICD
objectClass: organizationalUnit
description: CICD OU for Jenkis/Gerrit groups and permissions

• Add OU to ldap

ldapmodify  < cici_organization_unit
adding new entry "ou=cicd,dc=demo"

• Create group in CICD OU

dn: cn=cicd  administrators,ou=cicd,dc=demo
changetype: add
cn: cicd_administrators
objectClass: posixGroup
gidNumber: 5000
description: CI/CD  administrators

ldapmodify < cicd_administrators
adding new entry "cn=cicd  administrators,ou=cicd,dc=demo"

• Create users (first user is me :) )

dn: cn=Max Mazur,ou=cicd,dc=demo
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 10000
gidNumber: 5000
cn: Max Mazur
ou: cicd
uid: mmaxur
givenName: Max
sn: Mazur
userPassword: {SSHA}5oLdx/TJdGrRb3Jaz/9JWuFsj59pPoPt
gecos: Max Mazur
mail: mmaxur@mirantis.com
homeDirectory: /var/null

Passwords are encoded with slappasswd tool:

# slappasswd
New password:
Re-enter new password:
{SSHA}5oLdx/TJdGrRb3Jaz/9JWuFsj59pPoPt

ldapmodify < mmaxur_user
adding new entry "cn=Max Mazur,ou=cicd,dc=demo"

• Check objects in ldap

Configure LDAP in Jenkins

• Open Jenkins HTTP interface: http://192.168.65.102:8080/
• Go to 'Manage Jenkins'

• Go to Global Security

• Configure LDAP options.

We configured LDAP on the same host as Jenkins, but in "real life" installations usually there is pre-installed corporate LDAP and you can ask for Corporate LDAP administrators for parameters.

• • LDAP Server: localhost means use our local demo LDAP server
  • User search base: ou=cicd,dc=demo means use cicd organization unit for users.
  • Group search filter: (& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup))) means search in different group objects. Our local LDAP supports only posixGroup
  • Manager DN/Manager Password: cn=admin,dc=demo / r00tme is pre-configured admin account.

• Reload page and log-in (now there is only one user: mmaxur)

Links

• https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+on+Ubuntu
• https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup