Jenkins: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
| (не показано 17 промежуточных версий этого же участника) | |||
| Строка 3: | Строка 3: | ||
[[Категория:CICD]] |
[[Категория:CICD]] |
||
=Jenkins= |
=Jenkins= |
||
| + | <B>Это часть лекции CI/CD за один день, |
||
| + | * основная статья - http://wiki.sirmax.noname.com.ua/index.php/CI_CD_1_day |
||
| + | </B> |
||
| + | |||
Jenkins is the leading open source automation server. |
Jenkins is the leading open source automation server. |
||
Jenkins provides hundreds of plugins to support building, deploying and automating any project. |
Jenkins provides hundreds of plugins to support building, deploying and automating any project. |
||
| Строка 77: | Строка 81: | ||
<B>Now Jenkins is installed</B> |
<B>Now Jenkins is installed</B> |
||
==Check Installation== |
==Check Installation== |
||
| − | * Check jenkins status |
+ | * Check jenkins status using init script |
* Start Jenkins if it is not started |
* Start Jenkins if it is not started |
||
* Check status using init script ancd check processes and and tcp listeners |
* Check status using init script ancd check processes and and tcp listeners |
||
* Check HTTP interface |
* Check HTTP interface |
||
| + | ===Status=== |
||
<PRE> |
<PRE> |
||
/etc/init.d/jenkins status |
/etc/init.d/jenkins status |
||
Jenkins Continuous Integration Server is not running |
Jenkins Continuous Integration Server is not running |
||
</PRE> |
</PRE> |
||
| + | ===Start Jenkins=== |
||
<PRE> |
<PRE> |
||
/etc/init.d/jenkins start |
/etc/init.d/jenkins start |
||
* Starting Jenkins Continuous Integration Server jenkins [ OK ] |
* Starting Jenkins Continuous Integration Server jenkins [ OK ] |
||
</PRE> |
</PRE> |
||
| + | ===Status (after start)=== |
||
| − | |||
<PRE> |
<PRE> |
||
/etc/init.d/jenkins status |
/etc/init.d/jenkins status |
||
| Строка 95: | Строка 101: | ||
</PRE> |
</PRE> |
||
| − | Check Jenkins process |
+ | ===Check Jenkins process=== |
<PRE> |
<PRE> |
||
ps -auxfw | grep jenkins |
ps -auxfw | grep jenkins |
||
| Строка 108: | Строка 114: | ||
* 9333 |
* 9333 |
||
| − | Check for ports opened by Jenkins pids |
+ | ===Check for ports opened by Jenkins pids=== |
<PRE> |
<PRE> |
||
netstat -ntpl | grep -E "9332|9333" |
netstat -ntpl | grep -E "9332|9333" |
||
| Строка 116: | Строка 122: | ||
</PRE> |
</PRE> |
||
| − | Check http interface |
+ | ===Check http interface=== |
| + | Open http://192.168.56.102:8080/ |
||
| + | <BR> |
||
| + | [[Изображение:Jenkins1.png|600px]] |
||
<BR> |
<BR> |
||
| − | [[Изображение:Jenkins.png|600px]] |
||
| − | </BR> |
||
==Configuration== |
==Configuration== |
||
| Строка 144: | Строка 151: | ||
===Ldap integration=== |
===Ldap integration=== |
||
| − | Jenkins has built-in LDAP support, so we need to create LDAP users and enable LDAP in Jenkins |
+ | Jenkins has built-in LDAP support, so we need to create LDAP users and enable LDAP in Jenkins. |
| − | ====Create LDAP users==== |
+ | ====Create LDAP units, users and groups==== |
| + | Simplest way is manage LDAP from using command-line tools. |
||
| + | * add alias |
||
| + | alias ldapmodify="ldapmodify -D cn=admin,dc=demo -w r00tme" |
||
| + | |||
| + | * Create Organization Unit to store all CI/CD groups and users |
||
| + | in file cici_organization_unit |
||
| + | <PRE> |
||
| + | dn: ou=cicd,dc=demo |
||
| + | changetype: add |
||
| + | ou: CICD |
||
| + | objectClass: organizationalUnit |
||
| + | description: CICD OU for Jenkis/Gerrit groups and permissions |
||
| + | </PRE> |
||
| + | * Add OU to ldap |
||
| + | <PRE> |
||
| + | ldapmodify < cici_organization_unit |
||
| + | adding new entry "ou=cicd,dc=demo" |
||
| + | </PRE> |
||
| + | |||
| + | * Create group in CICD OU |
||
| + | |||
| + | <PRE> |
||
| + | dn: cn=cicd administrators,ou=cicd,dc=demo |
||
| + | changetype: add |
||
| + | cn: cicd_administrators |
||
| + | objectClass: posixGroup |
||
| + | gidNumber: 5000 |
||
| + | description: CI/CD administrators |
||
| + | </PRE> |
||
| + | |||
| + | <PRE> |
||
| + | ldapmodify < cicd_administrators |
||
| + | adding new entry "cn=cicd administrators,ou=cicd,dc=demo" |
||
| + | </PRE> |
||
| + | |||
| + | * Create users (first user is me :) ) |
||
| + | <PRE> |
||
| + | dn: cn=Max Mazur,ou=cicd,dc=demo |
||
| + | changetype: add |
||
| + | objectClass: top |
||
| + | objectClass: person |
||
| + | objectClass: organizationalPerson |
||
| + | objectClass: inetOrgPerson |
||
| + | objectClass: posixAccount |
||
| + | objectClass: shadowAccount |
||
| + | uidNumber: 10000 |
||
| + | gidNumber: 5000 |
||
| + | cn: Max Mazur |
||
| + | ou: cicd |
||
| + | uid: mmaxur |
||
| + | givenName: Max |
||
| + | sn: Mazur |
||
| + | userPassword: {SSHA}5oLdx/TJdGrRb3Jaz/9JWuFsj59pPoPt |
||
| + | gecos: Max Mazur |
||
| + | mail: mmaxur@mirantis.com |
||
| + | homeDirectory: /var/null |
||
| + | </PRE> |
||
| + | |||
| + | Passwords are encoded with <B>slappasswd</B> tool: |
||
| + | |||
| + | <PRE> |
||
| + | # slappasswd |
||
| + | New password: |
||
| + | Re-enter new password: |
||
| + | {SSHA}5oLdx/TJdGrRb3Jaz/9JWuFsj59pPoPt |
||
| + | </PRE> |
||
| + | |||
| + | <PRE> |
||
| + | ldapmodify < mmaxur_user |
||
| + | adding new entry "cn=Max Mazur,ou=cicd,dc=demo" |
||
| + | </PRE> |
||
| + | |||
| + | * Check objects in ldap |
||
| + | <BR> |
||
| + | [[Изображение:Jenkins2.png|600px]] |
||
| + | <BR> |
||
| + | |||
====Configure LDAP in Jenkins==== |
====Configure LDAP in Jenkins==== |
||
| − | ====Test LDAP==== |
||
| + | * Open Jenkins HTTP interface: http://192.168.65.102:8080/ |
||
| + | * Go to 'Manage Jenkins' |
||
| + | <BR> |
||
| + | [[Изображение:Jenkins3.png|600px]] |
||
| + | <BR> |
||
| + | * Go to Global Security |
||
| + | <BR> |
||
| + | [[Изображение:Jenkins4.png|600px]] |
||
| + | <BR> |
||
| − | + | *Configure LDAP options. |
|
| + | We configured LDAP on the same host as Jenkins, but in "real life" installations usually there is pre-installed corporate LDAP and you can ask for Corporate LDAP administrators for parameters. |
||
| + | |||
| + | ** LDAP Server: <B>localhost</B> means use our local demo LDAP server |
||
| + | ** User search base: <B>ou=cicd,dc=demo</B> means use <B>cicd</B> organization unit for users. |
||
| + | ** Group search filter: <B>(& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup)))</B> means search in different group objects. Our local LDAP supports only <B>posixGroup</B> |
||
| + | ** Manager DN/Manager Password: <B>cn=admin,dc=demo</B> / <B> r00tme</B> is pre-configured admin account. |
||
| + | |||
| + | <BR> |
||
| + | [[Изображение:Jenkins5.png|600px]] |
||
| + | <BR> |
||
| + | |||
| + | |||
| + | * Reload page and log-in (now there is only one user: mmaxur) |
||
| + | <BR> |
||
| + | [[Изображение:Jenkins6.png|600px]] |
||
| + | <BR> |
||
==Links== |
==Links== |
||
Текущая версия на 14:47, 17 августа 2016
Jenkins
Это часть лекции CI/CD за один день,
- основная статья - http://wiki.sirmax.noname.com.ua/index.php/CI_CD_1_day
Jenkins is the leading open source automation server. Jenkins provides hundreds of plugins to support building, deploying and automating any project.
Assumptions
- Server IP: 192.168.56.102
- Server Name: cicd
- Root DN: demo
- Any password (for all users): r00tme
- OS: Ubunti 14.04
- All software use default tcp/udp ports if it possible
Installation
Add key:
wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add - OK
Add link to Jenkins Ubuntu repo:
sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'
Update repos:
sudo apt-get update
Check in which repo Jenkins package is located. We need this step to be sure we will install Jenkins from correct repo.
apt-cache policy jenkins
jenkins:
Installed: (none)
Candidate: 1.654
Version table:
1.654 0
500 http://pkg.jenkins-ci.org/debian/ binary/ Packages
Install Jenkins:
# sudo apt-get install jenkins
Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: ca-certificates-java daemon default-jre-headless java-common libasyncns0 libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libflac8 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libogg0 libpulse0 libsctp1 libsndfile1 libvorbis0a libvorbisenc2 lksctp-tools openjdk-7-jre-headless tzdata tzdata-java Suggested packages: default-jre equivs cups-common liblcms2-utils pulseaudio icedtea-7-jre-jamvm libnss-mdns sun-java6-fonts fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho ttf-wqy-microhei ttf-wqy-zenhei ttf-indic-fonts-core ttf-telugu-fonts ttf-oriya-fonts ttf-kannada-fonts ttf-bengali-fonts The following NEW packages will be installed: ca-certificates-java daemon default-jre-headless java-common jenkins libasyncns0 libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libflac8 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libogg0 libpulse0 libsctp1 libsndfile1 libvorbis0a libvorbisenc2 lksctp-tools openjdk-7-jre-headless tzdata-java The following packages will be upgraded: tzdata 1 upgraded, 26 newly installed, 0 to remove and 26 not upgraded. Need to get 106 MB of archives. After this operation, 133 MB of additional disk space will be used. Do you want to continue? [Y/n] Y
Now Jenkins is installed
Check Installation
- Check jenkins status using init script
- Start Jenkins if it is not started
- Check status using init script ancd check processes and and tcp listeners
- Check HTTP interface
Status
/etc/init.d/jenkins status Jenkins Continuous Integration Server is not running
Start Jenkins
/etc/init.d/jenkins start * Starting Jenkins Continuous Integration Server jenkins [ OK ]
Status (after start)
/etc/init.d/jenkins status Jenkins Continuous Integration Server is running with the pid 9332
Check Jenkins process
ps -auxfw | grep jenkins root 9416 0.0 0.0 11748 2092 pts/3 S+ 13:22 0:00 \_ grep --color=auto jenkins jenkins 9332 0.0 0.0 20032 196 ? S 13:19 0:00 /usr/bin/daemon --name=jenkins --inherit --env=JENKINS_HOME=/var/lib/jenkins --output=/var/log/jenkins/jenkins.log --pidfile=/var/run/jenkins/jenkins.pid -- /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1 jenkins 9333 9.7 5.3 1746604 165404 ? Sl 13:19 0:21 \_ /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
Pids are:
- 9332
- 9333
Check for ports opened by Jenkins pids
netstat -ntpl | grep -E "9332|9333" tcp6 0 0 :::8080 :::* LISTEN 9333/java tcp6 0 0 :::39553 :::* LISTEN 9333/java tcp6 0 0 :::38538 :::* LISTEN 9333/java
Check http interface
Open http://192.168.56.102:8080/
Configuration
Apache Proxy
For demo we DO NOT need use apache proxy, but for production installation we suggest to use apache or nginx
Configuration example:
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName ci.company.com ServerAlias ci ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost on ProxyPass / http://localhost:8080/ nocanon AllowEncodedSlashes NoDecode </VirtualHost>
- localhost:8080 is default Jenkins http address, and can be changed.
Ldap integration
Jenkins has built-in LDAP support, so we need to create LDAP users and enable LDAP in Jenkins.
Create LDAP units, users and groups
Simplest way is manage LDAP from using command-line tools.
- add alias
alias ldapmodify="ldapmodify -D cn=admin,dc=demo -w r00tme"
- Create Organization Unit to store all CI/CD groups and users
in file cici_organization_unit
dn: ou=cicd,dc=demo changetype: add ou: CICD objectClass: organizationalUnit description: CICD OU for Jenkis/Gerrit groups and permissions
- Add OU to ldap
ldapmodify < cici_organization_unit adding new entry "ou=cicd,dc=demo"
- Create group in CICD OU
dn: cn=cicd administrators,ou=cicd,dc=demo changetype: add cn: cicd_administrators objectClass: posixGroup gidNumber: 5000 description: CI/CD administrators
ldapmodify < cicd_administrators adding new entry "cn=cicd administrators,ou=cicd,dc=demo"
- Create users (first user is me :) )
dn: cn=Max Mazur,ou=cicd,dc=demo
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 10000
gidNumber: 5000
cn: Max Mazur
ou: cicd
uid: mmaxur
givenName: Max
sn: Mazur
userPassword: {SSHA}5oLdx/TJdGrRb3Jaz/9JWuFsj59pPoPt
gecos: Max Mazur
mail: mmaxur@mirantis.com
homeDirectory: /var/null
Passwords are encoded with slappasswd tool:
# slappasswd
New password:
Re-enter new password:
{SSHA}5oLdx/TJdGrRb3Jaz/9JWuFsj59pPoPt
ldapmodify < mmaxur_user adding new entry "cn=Max Mazur,ou=cicd,dc=demo"
- Check objects in ldap
Configure LDAP in Jenkins
- Open Jenkins HTTP interface: http://192.168.65.102:8080/
- Go to 'Manage Jenkins'
- Go to Global Security
- Configure LDAP options.
We configured LDAP on the same host as Jenkins, but in "real life" installations usually there is pre-installed corporate LDAP and you can ask for Corporate LDAP administrators for parameters.
- LDAP Server: localhost means use our local demo LDAP server
- User search base: ou=cicd,dc=demo means use cicd organization unit for users.
- Group search filter: (& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup))) means search in different group objects. Our local LDAP supports only posixGroup
- Manager DN/Manager Password: cn=admin,dc=demo / r00tme is pre-configured admin account.
- Reload page and log-in (now there is only one user: mmaxur)
