docker安装jenkins
安装环境
# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
# docker --version
Docker version 19.03.12, build 48a66213fe
镜像版本选择
- jenkins/jenkins 为开发版
- jenkinsci/blueocean 官方推荐的捆绑了所有 Blue Ocean 插件的镜像
安装参考:
https://www.jenkins.io/doc/book/installing/#on-macos-and-linux
创建网络和卷,保存jenkins持久化数据
docker network create jenkins
docker volume create jenkins-docker-certs
docker volume create jenkins-data
为了在Jenkins节点内执行Docker命令,请使用以下docker 命令下载并运行Docker映像docker:dind :
docker run -d --restart always\
--name jenkins-docker \
--privileged \
--network jenkins \
--network-alias docker \
--env DOCKER_TLS_CERTDIR=/certs \
--volume jenkins-docker-certs:/certs/client \
--volume jenkins-data:/var/jenkins_home \
--publish 2376:2376 \
docker:dind
运行jenkins容器
docker run -d --restart always \
--name jenkins-blueocean \
--network jenkins \
--env DOCKER_HOST=tcp://docker:2376 \
--env DOCKER_CERT_PATH=/certs/client \
--env DOCKER_TLS_VERIFY=1 \
--env TZ=Asia/Shanghai \
--publish 8080:8080 \
--publish 50000:50000 \
--volume jenkins-data:/var/jenkins_home \
--volume jenkins-docker-certs:/certs/client:ro \
jenkinsci/blueocean
参数说明:
- –env DOCKER_HOST通过docker api连接到docker:dind执行docker命令
- –publish 50000:50000 : 多个基于 JNLP 的 Jenkins 代理程序与 jenkinsci/blueocean 容器交互必需设置。
查看初始化日志
docker logs -f jenkins-blueocean
初始化时jenkins可能一直卡在Please wait while Jenkins is getting ready to work
状态,并且下载jenkins插件异常缓慢,在初始化jenkins前执行以下操作,修改jenkins插件源为国内地址:
进入容器创建jenkins插件中心的ca证书
docker exec -it jenkins-blueocean sh
mkdir $JENKINS_HOME/update-center-rootCAs
cat > $JENKINS_HOME/update-center-rootCAs/jenkins-update-center-cn-root-ca.crt <<END
-----BEGIN CERTIFICATE-----
MIICcTCCAdoCCQD/jZ7AgrzJKTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJD
TjELMAkGA1UECAwCR0QxCzAJBgNVBAcMAlNaMQ4wDAYDVQQKDAV2aWhvbzEMMAoG
A1UECwwDZGV2MREwDwYDVQQDDAhkZW1vLmNvbTEjMCEGCSqGSIb3DQEJARYUYWRt
aW5AamVua2lucy16aC5jb20wHhcNMTkxMTA5MTA0MDA5WhcNMjIxMTA4MTA0MDA5
WjB9MQswCQYDVQQGEwJDTjELMAkGA1UECAwCR0QxCzAJBgNVBAcMAlNaMQ4wDAYD
VQQKDAV2aWhvbzEMMAoGA1UECwwDZGV2MREwDwYDVQQDDAhkZW1vLmNvbTEjMCEG
CSqGSIb3DQEJARYUYWRtaW5AamVua2lucy16aC5jb20wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAN+6jN8rCIjVkQ0Q7ZbJLk4IdcHor2WdskOQMhlbR0gOyb4g
RX+CorjDRjDm6mj2OohqlrtRxLGYxBnXFeQGU7wWjQHyfKDghtP51G/672lXFtzB
KXukHByHjtzrDxAutKTdolyBCuIDDGJmRk+LavIBY3/Lxh6f0ZQSeCSJYiyxAgMB
AAEwDQYJKoZIhvcNAQELBQADgYEAD92l26PoJcbl9GojK2L3pyOQjeeDm/vV9e3R
EgwGmoIQzlubM0mjxpCz1J73nesoAcuplTEps/46L7yoMjptCA3TU9FZAHNQ8dbz
a0vm4CF9841/FIk8tsLtwCT6ivkAi0lXGwhX0FK7FaAyU0nNeo/EPvDwzTim4XDK
9j1WGpE=
-----END CERTIFICATE-----
END
容器内修改update center地址为华为云地址,也可以改为清华大学或其他源地址
cp $JENKINS_HOME/hudson.model.UpdateCenter.xml{,.bak}
sed -i 's#https://updates.jenkins.io/update-center.json#https://mirrors.huaweicloud.com/jenkins/updates/update-center.json#g' \
$JENKINS_HOME/hudson.model.UpdateCenter.xml
国内常用jenkins插件源地址:
官方插件中心地址:
http://updates.jenkins-ci.org/update-center.json
清华大学镜像:
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
Jenkins 中文社区:
https://updates.jenkins-zh.cn/update-center.json
华为开源镜像站:
https://mirrors.huaweicloud.com/jenkins/updates/update-center.json
国内镜像源测速
https://github.com/lework/jenkins-update-center
重启docker服务
docker restart jenkins-blueocean
获取解锁密码
docker exec jenkins-blueocean cat /var/jenkins_home/secrets/initialAdminPassword
浏览器访问jenkins:http://192.168.93.9:8080/,然后根据安装向导安装推荐插件。
访问blueocean
jenkins-blueocean镜像默认安装了blueocean插件、java、git以及docker环境。
查看java版本
# docker exec -it jenkins-blueocean java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (IcedTea 3.12.0) (Alpine 8.212.04-r0)
OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)
查看git版本
# docker exec -it jenkins-blueocean git --version
git version 2.20.4
查看docker版本
[root@harbor ~]# docker exec -it jenkins-blueocean docker version
Client:
Version: 18.09.8-ce
API version: 1.39
Go version: go1.11.5
Git commit: 0dd43dd87fd530113bf44c9bba9ad8b20ce4637f
Built: Sat Jul 20 15:21:00 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:49:35 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
清理jenkins容器
docker rm -f jenkins-blueocean jenkins-docker
docker volume rm jenkins-data jenkins-docker-certs
docker-compose
docker-compose方式安装jenkins,创建docker-compose文件
# cat docker-compose.yml
version: "3"
services:
jenkins-docker:
image: docker:dind
container_name: jenkins-docker
restart: always
privileged: true
ports:
- "2376:2376"
networks:
jenkins:
aliases:
- docker
environment:
- DOCKER_TLS_CERTDIR=/certs
volumes:
- jenkins-docker-certs:/certs/client
- jenkins-data:/var/jenkins_home
jenkins-blueocean:
image: jenkinsci/blueocean
container_name: jenkins-blueocean
restart: always
depends_on:
- jenkins-docker
ports:
- "8080:8080"
- "50000:50000"
networks:
- jenkins
environment:
- DOCKER_HOST=tcp://docker:2376
- DOCKER_CERT_PATH=/certs/client
- DOCKER_TLS_VERIFY=1
- TZ=Asia/Shanghai
volumes:
- jenkins-docker-certs:/certs/client:ro
- jenkins-data:/var/jenkins_home
networks:
jenkins:
volumes:
jenkins-docker-certs:
jenkins-data:
运行容器
docker-compose up -d
查看容器运行状态
# docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------------------------
jenkins-blueocean /sbin/tini -- /usr/local/b ... Up 0.0.0.0:50000->50000/tcp, 0.0.0.0:8080->8080/tcp
jenkins-docker dockerd-entrypoint.sh Up 2375/tcp, 0.0.0.0:2376->2376/tcp
yum安装jenkins
官方文档:https://pkg.jenkins.io/redhat-stable/
可选择Jenkins长期支持版本或Jenkins每周版本进行安装。
长期支持版本
每12周从定期发布流中选择一个LTS(长期支持)发布作为该时间段的稳定发布。可以从redhat-stable
yum存储库安装。
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
sudo yum upgrade -y
sudo yum install -y jenkins java-1.8.0-openjdk-devel
每周发布版本
每周都会产生一个新版本,以向用户和插件开发人员提供错误修复和功能。可以从redhat
yum存储库安装。
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
sudo yum upgrade
sudo yum install -y jenkins java-1.8.0-openjdk-devel
使用国内rpm包安装
yum install -y java-11-openjdk-devel
yum install -y https://mirrors.huaweicloud.com/jenkins/redhat-stable/jenkins-2.235.3-1.1.noarch.rpm
修改jenkins配置文件以自定义端口
[root@localhost ~]# cat /etc/sysconfig/jenkins | grep JENKINS_PORT
JENKINS_PORT="8080"
启动jenkins服务
systemctl enable --now jenkins
国内插件源配置与docker方法相同,不再赘述。
jenkins添加slave节点
Jenkins的Agent大概分两种。
- 基于SSH,需要把Master的SSH公钥配置到所有的Agent宿主机上去。
- 基于JNLP,走HTTP协议,每个Agent需要配置一个独特的密码。
基于SSH的,可以由Master来启动;基于JNLP的,需要自己启动。
添加节点-JNLP
使用JNLP协议添加slave,jenkins配置固定slave通信端口。
1、选择全局安全配置—>代理—>TCP port for inbound agents—>指定端口 : 8182
2、选择节点管理—>新建固定节点
点击新增节点,当前节点处于离线状态,按照命令提示在对应节点安装并启动jenkins,以连接到master:
mkdir /opt/jenkins
curl http://192.168.93.9:8080/jnlpJars/agent.jar -o /opt/jenkins/agent.jar
简单启动脚本
cat > start-jenkins.sh <<EOF
nohup java -jar agent.jar -jnlpUrl http://192.168.93.9:8080/computer/build01/slave-agent.jnlp \
-secret 30704839c309fb4c06fa9068d3f2f1ae2bd771b8d0fbbf1946d5a7b7b56cf7a1 -workDir "/opt/jenkins/" &
EOF
sh start-jenkins.sh
使用systemd进行管理
在/opt/jenkins/jenkins-agent-env.sh中,写入以下环境变量:
cat > /opt/jenkins/jenkins-agent-env.sh <<EOF
JENKINS_URL=http://192.168.93.9:8080
JNLP_SECRET=61e4940b532cdcea761043f285365dd61c571ee9466202858ca82fdda882aab6
JENKINS_WORKDIR=/opt/jenkins
JENKINS_NODE=build01
EOF
新增文件/etc/systemd/system/jenkins-agent.service:
cat > /etc/systemd/system/jenkins-agent.service << 'EOF'
[Unit]
Description=Jenkins JNLP agent service
Documentation=https://www.jenkins.io/doc/
After=network.target
[Service]
Type=simple
EnvironmentFile=/opt/jenkins/jenkins-agent-env.sh
ExecStartPre=/usr/bin/curl --fail -s -o ${JENKINS_WORKDIR}/agent.jar ${JENKINS_URL}/jnlpJars/agent.jar
ExecStart=/usr/bin/java -jar ${JENKINS_WORKDIR}/agent.jar -jnlpUrl ${JENKINS_URL}/computer/${JENKINS_NODE}/slave-agent.jnlp -secret ${JNLP_SECRET} -workDir "${JENKINS_WORKDIR}"
ExecStop=/usr/bin/pkill -f 'java -jar ${JENKINS_WORKDIR}/agent.jar'
Restart=on-failure
RestartSec=30
[Install]
WantedBy=multi-user.target
EOF
配置完成后,可以通过systemctl
管理,实现开机自启。
systemctl daemon-reload
systemctl enable --now jenkins-agent.service
添加节点-SSH
选择系统管理,节点管理,新建节点
添加凭证:
master节点生成私钥和公钥,将公钥id_rsa.pub 拷贝到slave机器上,并且重命名authorized_keys,并给authorized_keys赋予执行权限
ssh-keygen
scp .ssh/id_rsa.pub 47.56.207.203:/root/.ssh/authorized_keys
chmod 700 authorized_keys
然后复制master上生成的私钥id_rsa内容到,Enter Directly
保存后查看状态
构建执行状态显示master和slave
调度任务到固定节点
在项目配置选项中选择限制项目的运行节点,标签表达式配置slave标签
slave节点需要安装git
yum install -y git
重新执行任务,控制台日志输出显示构建目录为slave节点:
Started by user admin
Running as SYSTEM
Building remotely on slave1 (slaves) in workspace /home/slave1/workspace/testjob