Jenkins配置相关
2.1 Jenkins工作原理
1. Jenkins分布式构建架构
Jenkins使用主/从架构来管理分布式构建。
- 主节点:处理调度构建作业,把构建分发到从节点来进行实际执行,监视从节点,并且记录和发布构建产物。
- 从节点:按照被告知的工作,即主节点分派的构建作业。配置可分为如下三种情况:
配置一个项目总是在特定的从节点运行
在某个特定类型的从节点运行
让Jenkins挑选下一个可用的从节点
一旦从节点实例运行,它就通过TCP/IP连接主实例进行通信。
2. Jenkins工作原理图
3. 部署方式:
- jenkins触发式构建:用于开发环境部署,开发人员push代码或者合并代码到gitlab项目的master分支,jenkins就部署代码到对应服务器。
- jenkins参数化构建:用于测试环境预上线环境部署,开发push代码或者合并代码到gitlab项目的master分支之后,并不会部署代码,而是需要登录到jenkins的web界面,点击构建按钮,传入对应的参数(比如参数需要构建的tag,需要部署的分支)然后才会部署。
- jenkins定时构建:用于APP自动打包,定时构建是在参数化构建的基础上添加的,开发人员可以登录jenkins手动传入tag进行打包,如果不手动打包,那么jenkins就每天凌晨从gitlab拉取最新的APP代码打包。
2.2 Jenkins词汇表
| 术语 | 说明 |
|---|---|
| Agent | Agent通常是一个机器或容器,它连接到Jenkins主机,并在主控器指导时执行任务。 |
| Artifact | 在Build或Pipeline 运行期间生成的不可变文件,该文件归档到Jenkins Master上以供用户随后检索。 |
| Build | 项目单次执行的结果 |
| Cloud | 提供动态代理 配置和分配的系统配置,例如由Azure VM Agents 或 Amazon EC2插件提供的配置和分配 。 |
| Core | 主要的Jenkins应用程序(jenkins.war)提供了 可以构建Plugins的基本Web UI,配置和基础。 |
| Downstream | 配置Pipeline或项目时被触发作为一个单独的Pipeline或项目的执行的一部分。 |
| Executor | 用于执行由节点上的Pipeline或项目定义的工作的插槽。节点可以具有零个或多个配置的执行器,其对应于在该节点上能够执行多少并发项目或Pipeline。 |
| Fingerprint | 考虑全局唯一性的哈希追踪跨多个Pipeline或项目的工件或其他实体 的使用 。 |
| Folder | 类似于文件系统上的文件夹的Pipeline和/或 项目 的组织容器。 |
| Item | Web UI中的实体对应于:Folder, Pipeline, or Project. |
| Job | 一个不推荐的术语,与项目同义。 |
| Label | 用于分组代理的用户定义的文本,通常具有类似的功能或功能。例如linux对于基于Linux的代理或 docker适用于支持Docker的代理。 |
| Master | 存储配置,加载插件以及为Jenkins呈现各种用户界面的中央协调过程。 |
| Node | 作为Jenkins环境的一部分并能够执行Pipeline或项目的机器。无论是the Master还是Agents都被认为是Nodes。 |
| Project | 用户配置的Jenkins应该执行的工作描述,如构建软件等。 |
| Pipeline | 用户定义的连续输送Pipeline模型,以便更多阅读本手册中的“ Pipeline”一章。 |
| Plugin | 与Jenkins Core分开提供的Jenkins功能扩展。 |
| Publisher | 完成发布报告,发送通知等的所有配置步骤后的构建的一部分。 |
| Stage | stage是Pipeline的一部分,用于定义整个Pipeline的概念上不同的子集,例如:“构建”,“测试”和“部署”,许多插件用于可视化或呈现Jenkins Pipeline状态/进度。 |
| Step | 单一任务从根本上讲,指的是Jenkins 在Pipeline或项目中做了什么。 |
| Trigger | 触发新Pipeline运行或构建的标准。 |
| Update Center | 托管插件和插件元数据的库存,以便在Jenkins内部进行插件安装。 |
| Upstream | 配置的Pipeline或项目,其触发单独的Pipeline或项目作为其执行的一部分。 |
| Workspace | Noede文件系统上的一次性目录, 可以由Pipeline或项目完成工作。在Build或 Pipeline运行完成后,工作区通常会保留原样,除非在Jenkins Master上已经设置了特定的Workspace清理策略。 |
2.3 Jenkins插件
Jenkins本身提供了一套插件的管理机制,这些插件允许可插拨形式存在。
1. 插件目录
[root@localhost ~]# ll /var/lib/jenkins/plugins/
total 103876
drwxr-xr-x. 4 root root 56 Feb 6 03:07 ant
drwxr-xr-x. 4 root root 56 Feb 6 03:02 antisamy-markup-formatter
-rw-r--r--. 1 root root 244157 Feb 6 03:02 antisamy-markup-formatter.jpi
-rw-r--r--. 1 root root 84600 Feb 6 03:07 ant.jpi
drwxr-xr-x. 4 root root 56 Feb 6 03:11 apache-httpcomponents-client-4-api
-rw-r--r--. 1 root root 1769912 Feb 6 03:11 apache-httpcomponents-client-4-api.jpi
drwxr-xr-x. 6 root root 77 Feb 6 03:07 bootstrap5-api
...
插件下载地址:http://updates.jenkins-ci.org/download/plugins/
并不建议手动下载插件,原因是安装某个插件可能依赖很多插件,不同版本的插件可能和jenkins本身版本不兼容
2. 安装插件
在插件管理的Available plugins搜索要安装的插件,例如gitlab,在Download progress中查看安装进度
可以选择下载完成后重启,或者手动重启
手动重启输入:192.168.70.183:8080/restart,即在端口后加上restart,选择是,即可重启
2.4 配置jenkins权限管理
基于角色的权限管理,先创建角色和用户,给角色授权,然后把用户管理到角色
1. 安装插件
Role-based#基于角色的认证策略
2. 创建新用户
Jenkins—系统管理—管理用户
例如,创建tom
3. 更改认证方式
Jenkins—系统管理—全局安全配置
默认创建的用户登录后可以做任何操作,取决于默认的认证授权方式。
授权策略 改为 Role-Based Strategy
4. 创建角色
Jenkins—系统管理–ManageandAssignRoles(管理和分配角色)
5. 添加角色
在Manage Roles中添加customer使用权限
6. 对角色分配权限
把tom关联到角色customer中
7. 普通用户登录
tom只有查看权限,无修改和构建权限
2.5 邮箱设置
1. 获取邮箱登录码
以QQ邮箱为例,获取邮箱授权码
2. 配置jenkins管理员邮箱
Jenkins—系统管理—系统设置:
3. 发件配置
邮箱设置需要注意以下几点:
1.此处的密码是
邮箱登录码
2.不勾选使用SSL协议
3.SMTP端口:25
如果勾选使用SSL协议,则端口为465
2.6 配置文件
1. /etc/sysconfig/jenkins
Jenkins默认配置文件为/etc/sysconfig/jenkins
个人环境中JENKINS_USER设置为root,避免由权限引起的异常。而生产环境中,官方建议使用jenkins账号
JENKINS_PORT默认为"8080",如果冲突,可以改为其他端口
[root@swarm-worker ~]# cat /etc/sysconfig/jenkins
## Path: Development/Jenkins
## Description: Jenkins Automation Server
## Type: string
## Default: "/var/lib/jenkins"
## ServiceRestart: jenkins
#
# Directory where Jenkins store its configuration and working
# files (checkouts, build reports, artifacts, ...).
#
JENKINS_HOME="/var/lib/jenkins"
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# Java executable to run Jenkins
# When left empty, we'll try to find the suitable Java.
#
JENKINS_JAVA_CMD=""
## Type: string
## Default: "jenkins"
## ServiceRestart: jenkins
#
# Unix user account that runs the Jenkins daemon
# Be careful when you change this, as you need to update
# permissions of $JENKINS_HOME and /var/log/jenkins,
# and if you have already run Jenkins, potentially other
# directories such as /var/cache/jenkins .
#
JENKINS_USER="root"
## Type: string
## Default: "false"
## ServiceRestart: jenkins
#
# Whether to skip potentially long-running chown at the
# $JENKINS_HOME location. Do not enable this, "true", unless
# you know what you're doing. See JENKINS-23273.
#
#JENKINS_INSTALL_SKIP_CHOWN="false"
## Type: string
## Default: "-Djava.awt.headless=true"
## ServiceRestart: jenkins
#
# Options to pass to java when running Jenkins.
#
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"
## Type: integer(0:65535)
## Default: 8080
## ServiceRestart: jenkins
#
# Port Jenkins is listening on.
# Set to -1 to disable
#
JENKINS_PORT="8080"
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# IP address Jenkins listens on for HTTP requests.
# Default is all interfaces (0.0.0.0).
#
JENKINS_LISTEN_ADDRESS=""
## Type: integer(0:65535)
## Default: ""
## ServiceRestart: jenkins
#
# HTTPS port Jenkins is listening on.
# Default is disabled.
#
JENKINS_HTTPS_PORT=""
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# Path to the keystore in JKS format (as created by the JDK 'keytool').
# Default is disabled.
#
JENKINS_HTTPS_KEYSTORE=""
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE.
# Default is disabled.
#
JENKINS_HTTPS_KEYSTORE_PASSWORD=""
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# IP address Jenkins listens on for HTTPS requests.
# Default is disabled.
#
JENKINS_HTTPS_LISTEN_ADDRESS=""
## Type: integer(0:65535)
## Default: ""
## ServiceRestart: jenkins
#
# HTTP2 port Jenkins is listening on.
# Default is disabled.
#
# Notice: HTTP2 support may require additional configuration, see Winstone
# documentation for more information.
#
JENKINS_HTTP2_PORT=""
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# IP address Jenkins listens on for HTTP2 requests.
# Default is disabled.
#
# Notice: HTTP2 support may require additional configuration, see Winstone
# documentation for more information.
#
JENKINS_HTTP2_LISTEN_ADDRESS=""
## Type: integer(1:9)
## Default: 5
## ServiceRestart: jenkins
#
# Debug level for logs -- the higher the value, the more verbose.
# 5 is INFO.
#
JENKINS_DEBUG_LEVEL="5"
## Type: yesno
## Default: no
## ServiceRestart: jenkins
#
# Whether to enable access logging or not.
#
JENKINS_ENABLE_ACCESS_LOG="no"
## Type: integer
## Default: 100
## ServiceRestart: jenkins
#
# Maximum number of HTTP worker threads.
#
JENKINS_HANDLER_MAX="100"
## Type: integer
## Default: 20
## ServiceRestart: jenkins
#
# Maximum number of idle HTTP worker threads.
#
JENKINS_HANDLER_IDLE="20"
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# Folder for additional jar files to add to the Jetty class loader.
# See Winstone documentation for more information.
# Default is disabled.
#
JENKINS_EXTRA_LIB_FOLDER=""
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# Pass arbitrary arguments to Jenkins.
# Full option list: java -jar jenkins.war --help
#
JENKINS_ARGS=""
2. JENKINS_ARGS
/etc/sysconfig/jenkins中JENKINS_ARGS对应参数:
Usage: java -jar jenkins.war [--option=value] [--option=value]
Options:
--webroot = folder where the WAR file is expanded into. Default is ${JENKINS_HOME}/war
--pluginroot = folder where the plugin archives are expanded into. Default is ${JENKINS_HOME}/plugins
(NOTE: this option does not change the directory where the plugin archives are stored)
--extractedFilesFolder = folder where extracted files are to be located. Default is the temp folder
--logfile = redirect log messages to this file
--enable-future-java = allows running with new Java versions which are not fully supported (class version 52 and above)
--javaHome = Override the JAVA_HOME variable
--toolsJar = The location of tools.jar. Default is JAVA_HOME/lib/tools.jar
--config = load configuration properties from here. Default is ./winstone.properties
--prefix = add this prefix to all URLs (eg http://localhost:8080/prefix/resource). Default is none
--commonLibFolder = folder for additional jar files. Default is ./lib
--extraLibFolder = folder for additional jar files to add to Jetty classloader
--logThrowingLineNo = show the line no that logged the message (slow). Default is false
--logThrowingThread = show the thread that logged the message. Default is false
--debug = set the level of debug msgs (1-9). Default is 5 (INFO level)
--httpPort = set the http listening port. -1 to disable, Default is 8080
--httpListenAddress = set the http listening address. Default is all interfaces
--httpKeepAliveTimeout = how long idle HTTP keep-alive connections are kept around (in ms; default 5000)?
--httpsPort = set the https listening port. -1 to disable, Default is disabled
--httpsListenAddress = set the https listening address. Default is all interfaces
--httpsKeepAliveTimeout = how long idle HTTPS keep-alive connections are kept around (in ms; default 5000)?
--httpsKeyStore = the location of the SSL KeyStore file. Default is ./winstone.ks
--httpsKeyStorePassword = the password for the SSL KeyStore file. Default is null
--httpsKeyManagerType = the SSL KeyManagerFactory type (eg SunX509, IbmX509). Default is SunX509
--httpsPrivateKey = this switch with --httpsCertificate can be used to run HTTPS with OpenSSL secret key
/ --httpsCertificate file and the corresponding certificate file
--httpsRedirectHttp = redirect http requests to https (requires both --httpPort and --httpsPort)
--http2Port = set the http2 listening port. -1 to disable, Default is disabled
--http2ListenAddress = set the http2 listening address. Default is all interfaces
--excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) (default is
// Exclude weak / insecure ciphers
"^.*_(MD5|SHA|SHA1)$",
// Exclude ciphers that don't support forward secrecy
"^TLS_RSA_.*$",
// The following exclusions are present to cleanup known bad cipher
// suites that may be accidentally included via include patterns.
// The default enabled cipher list in Java will not include these
// (but they are available in the supported list).
"^SSL_.*$",
"^.*_NULL_.*$",
"^.*_anon_.*$"
--controlPort = set the shutdown/control port. -1 to disable, Default disabled
--useJasper = enable jasper JSP handling (true/false). Default is false
--sessionTimeout = set the http session timeout value in minutes. Default to what webapp specifies, and then to 60 minutes
--sessionEviction = set the session eviction timeout for idle sessions in seconds. Default value is 180. -1 never evict, 0 evict on exit
--mimeTypes=ARG = define additional MIME type mappings. ARG would be EXT=MIMETYPE:EXT=MIMETYPE:...
(e.g., xls=application/vnd.ms-excel:wmf=application/x-msmetafile)
--requestHeaderSize=N = set the maximum size in bytes of the request header. Default is 8192.
--maxParamCount=N = set the max number of parameters allowed in a form submission to protect
against hash DoS attack (oCERT #2011-003). Default is 10000.
--useJmx = Enable Jetty Jmx
--qtpMaxThreadsCount = max threads number when using Jetty Queued Thread Pool
--jettyAcceptorsCount = Jetty Acceptors number
--jettySelectorsCount = Jetty Selectors number
--usage / --help = show this message
Security options:
--realmClassName = Set the realm class to use for user authentication. Defaults to ArgumentsRealm class
--argumentsRealm.passwd.<user> = Password for user <user>. Only valid for the ArgumentsRealm realm class
--argumentsRealm.roles.<user> = Roles for user <user> (comma separated). Only valid for the ArgumentsRealm realm class
--fileRealm.configFile = File containing users/passwds/roles. Only valid for the FileRealm realm class
Access logging:
--accessLoggerClassName = Set the access logger class to use for user authentication. Defaults to disabled
--simpleAccessLogger.format = The log format to use. Supports combined/common/resin/custom (SimpleAccessLogger only)
--simpleAccessLogger.file = The location pattern for the log file(SimpleAccessLogger only)
2.7 Jenkins分布式(slave)
在众多Job的场景下,单台jenkins master同时执行代码clone、编译、打包及构建,其性能可能会出现瓶颈从而会影响代码部署效率,影响jenkins官方提供了jenkins分布式构建,将众多job分散运行到不同的jenkins slave节点,大幅提高并行job的处理能力。
1.配置slave节点java环境
Slave服务器创建工作目录,如果slave需要执行编译job,则也需要配置java环境并且安装git、svn、maven等与master相同的基础运行环境,另外也要创建与master相同的数据目录,因为脚本中调用的路径只有相对一master的一个路径,此路径在master与各node节点必须保持一致。
#mkdir -p /var/lib/jenkins #创建数据目录
#jenkins home location
JENKINS_HOME=/var/lib/jenkins #工作目录配置与master保持一致
修改/etc/profile
[root@k8s-node-02 ~]# tail -5 /etc/profile
export HISTTIMEFORMAT="%F%T`whoami`"
export LANG="en_US.utf-8"
export JAVA_HOME=/usr/local/jdk
export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin
重启节点机
2. 添加slave节点
Jenkins—系统管理—节点管理—新建节点:
注意:
- 如果没有证书,可以选择不校验证书
3. 添加slave认证凭据
4. 节点日志
如果出现Error: A JNI error has occurred, please check your installation and try again问题,则表示master和salve的java版本不一致,调整到一致,即可解决
5. 节点状态
master为正常状态,Node-1时间不同步状态
如果对时间不敏感,可以忽略
6. 验证slave进程状态
[root@k8s-node-02 ~]# ps -ef|grep java
root 6309 6302 2 11:11 ? 00:00:06 java -jar remoting.jar -workDir /var/lib/jenkins -jar-cache /var/lib/jenkins/remoting/jarCache
root 9137 1452 0 11:16 pts/0 00:00:00 grep --color=auto java
3434
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
