CHAPTER 2 Jenkins配置相关

2.1 Jenkins工作原理

1. Jenkins分布式构建架构

Jenkins使用主/从架构来管理分布式构建。

  • 主节点:处理调度构建作业,把构建分发到从节点来进行实际执行,监视从节点,并且记录和发布构建产物。
  • 从节点:按照被告知的工作,即主节点分派的构建作业。配置可分为如下三种情况:
    配置一个项目总是在特定的从节点运行
    在某个特定类型的从节点运行
    让Jenkins挑选下一个可用的从节点

一旦从节点实例运行,它就通过TCP/IP连接主实例进行通信。

2. Jenkins工作原理图

在这里插入图片描述

3. 部署方式:

  • jenkins触发式构建:用于开发环境部署,开发人员push代码或者合并代码到gitlab项目的master分支,jenkins就部署代码到对应服务器。
  • jenkins参数化构建:用于测试环境预上线环境部署,开发push代码或者合并代码到gitlab项目的master分支之后,并不会部署代码,而是需要登录到jenkins的web界面,点击构建按钮,传入对应的参数(比如参数需要构建的tag,需要部署的分支)然后才会部署。
  • jenkins定时构建:用于APP自动打包,定时构建是在参数化构建的基础上添加的,开发人员可以登录jenkins手动传入tag进行打包,如果不手动打包,那么jenkins就每天凌晨从gitlab拉取最新的APP代码打包。

2.2 Jenkins词汇表

术语说明
AgentAgent通常是一个机器或容器,它连接到Jenkins主机,并在主控器指导时执行任务。
Artifact在Build或Pipeline 运行期间生成的不可变文件,该文件归档到Jenkins Master上以供用户随后检索。
Build项目单次执行的结果
Cloud提供动态代理 配置和分配的系统配置,例如由Azure VM Agents 或 Amazon EC2插件提供的配置和分配 。
Core主要的Jenkins应用程序(jenkins.war)提供了 可以构建Plugins的基本Web UI,配置和基础。
Downstream配置Pipeline或项目时被触发作为一个单独的Pipeline或项目的执行的一部分。
Executor用于执行由节点上的Pipeline或项目定义的工作的插槽。节点可以具有零个或多个配置的执行器,其对应于在该节点上能够执行多少并发项目或Pipeline。
Fingerprint考虑全局唯一性的哈希追踪跨多个Pipeline或项目的工件或其他实体 的使用 。
Folder类似于文件系统上的文件夹的Pipeline和/或 项目 的组织容器。
ItemWeb UI中的实体对应于:Folder, Pipeline, or Project.
Job一个不推荐的术语,与项目同义。
Label用于分组代理的用户定义的文本,通常具有类似的功能或功能。例如linux对于基于Linux的代理或 docker适用于支持Docker的代理。
Master存储配置,加载插件以及为Jenkins呈现各种用户界面的中央协调过程。
Node作为Jenkins环境的一部分并能够执行Pipeline或项目的机器。无论是the Master还是Agents都被认为是Nodes。
Project用户配置的Jenkins应该执行的工作描述,如构建软件等。
Pipeline用户定义的连续输送Pipeline模型,以便更多阅读本手册中的“ Pipeline”一章。
Plugin与Jenkins Core分开提供的Jenkins功能扩展。
Publisher完成发布报告,发送通知等的所有配置步骤后的构建的一部分。
Stagestage是Pipeline的一部分,用于定义整个Pipeline的概念上不同的子集,例如:“构建”,“测试”和“部署”,许多插件用于可视化或呈现Jenkins Pipeline状态/进度。
Step单一任务从根本上讲,指的是Jenkins 在Pipeline或项目中做了什么。
Trigger触发新Pipeline运行或构建的标准。
Update Center托管插件和插件元数据的库存,以便在Jenkins内部进行插件安装。
Upstream配置的Pipeline或项目,其触发单独的Pipeline或项目作为其执行的一部分。
WorkspaceNoede文件系统上的一次性目录, 可以由Pipeline或项目完成工作。在Build或 Pipeline运行完成后,工作区通常会保留原样,除非在Jenkins Master上已经设置了特定的Workspace清理策略。

2.3 Jenkins插件

Jenkins本身提供了一套插件的管理机制,这些插件允许可插拨形式存在。

1. 插件目录

[root@localhost ~]# ll /var/lib/jenkins/plugins/
total 103876
drwxr-xr-x. 4 root root       56 Feb  6 03:07 ant
drwxr-xr-x. 4 root root       56 Feb  6 03:02 antisamy-markup-formatter
-rw-r--r--. 1 root root   244157 Feb  6 03:02 antisamy-markup-formatter.jpi
-rw-r--r--. 1 root root    84600 Feb  6 03:07 ant.jpi
drwxr-xr-x. 4 root root       56 Feb  6 03:11 apache-httpcomponents-client-4-api
-rw-r--r--. 1 root root  1769912 Feb  6 03:11 apache-httpcomponents-client-4-api.jpi
drwxr-xr-x. 6 root root       77 Feb  6 03:07 bootstrap5-api
...

插件下载地址:http://updates.jenkins-ci.org/download/plugins/

并不建议手动下载插件,原因是安装某个插件可能依赖很多插件,不同版本的插件可能和jenkins本身版本不兼容

2. 安装插件

插件管理Available plugins搜索要安装的插件,例如gitlab,在Download progress中查看安装进度
在这里插入图片描述
可以选择下载完成后重启,或者手动重启
手动重启输入:192.168.70.183:8080/restart,即在端口后加上restart,选择是,即可重启

2.4 配置jenkins权限管理

基于角色的权限管理,先创建角色和用户,给角色授权,然后把用户管理到角色

1. 安装插件

Role-based#基于角色的认证策略

2. 创建新用户

Jenkins—系统管理—管理用户
例如,创建tom

3. 更改认证方式

Jenkins—系统管理—全局安全配置
默认创建的用户登录后可以做任何操作,取决于默认的认证授权方式。
授权策略 改为 Role-Based Strategy

4. 创建角色

Jenkins—系统管理–ManageandAssignRoles(管理和分配角色)
在这里插入图片描述

5. 添加角色

在Manage Roles中添加customer使用权限

6. 对角色分配权限

把tom关联到角色customer中
在这里插入图片描述

7. 普通用户登录

tom只有查看权限,无修改和构建权限
在这里插入图片描述

2.5 邮箱设置

1. 获取邮箱登录码

以QQ邮箱为例,获取邮箱授权码
在这里插入图片描述

2. 配置jenkins管理员邮箱

Jenkins—系统管理—系统设置:
在这里插入图片描述

3. 发件配置

邮箱设置需要注意以下几点:

1.此处的密码是邮箱登录码
2.不勾选使用SSL协议
3.SMTP端口:25

如果勾选使用SSL协议,则端口为465
在这里插入图片描述

2.6 配置文件

1. /etc/sysconfig/jenkins

Jenkins默认配置文件为/etc/sysconfig/jenkins

个人环境中JENKINS_USER设置为root,避免由权限引起的异常。而生产环境中,官方建议使用jenkins账号
JENKINS_PORT默认为"8080",如果冲突,可以改为其他端口

[root@swarm-worker ~]# cat /etc/sysconfig/jenkins
## Path:        Development/Jenkins
## Description: Jenkins Automation Server
## Type:        string
## Default:     "/var/lib/jenkins"
## ServiceRestart: jenkins
#
# Directory where Jenkins store its configuration and working
# files (checkouts, build reports, artifacts, ...).
#
JENKINS_HOME="/var/lib/jenkins"

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Java executable to run Jenkins
# When left empty, we'll try to find the suitable Java.
#
JENKINS_JAVA_CMD=""

## Type:        string
## Default:     "jenkins"
## ServiceRestart: jenkins
#
# Unix user account that runs the Jenkins daemon
# Be careful when you change this, as you need to update
# permissions of $JENKINS_HOME and /var/log/jenkins,
# and if you have already run Jenkins, potentially other
# directories such as /var/cache/jenkins .
#
JENKINS_USER="root"

## Type:        string
## Default: "false"
## ServiceRestart: jenkins
#
# Whether to skip potentially long-running chown at the
# $JENKINS_HOME location. Do not enable this, "true", unless
# you know what you're doing. See JENKINS-23273.
#
#JENKINS_INSTALL_SKIP_CHOWN="false"

## Type: string
## Default:     "-Djava.awt.headless=true"
## ServiceRestart: jenkins
#
# Options to pass to java when running Jenkins.
#
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"

## Type:        integer(0:65535)
## Default:     8080
## ServiceRestart: jenkins
#
# Port Jenkins is listening on.
# Set to -1 to disable
#
JENKINS_PORT="8080"

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# IP address Jenkins listens on for HTTP requests.
# Default is all interfaces (0.0.0.0).
#
JENKINS_LISTEN_ADDRESS=""

## Type:        integer(0:65535)
## Default:     ""
## ServiceRestart: jenkins
#
# HTTPS port Jenkins is listening on.
# Default is disabled.
#
JENKINS_HTTPS_PORT=""

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Path to the keystore in JKS format (as created by the JDK 'keytool').
# Default is disabled.
#
JENKINS_HTTPS_KEYSTORE=""

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE.
# Default is disabled.
#
JENKINS_HTTPS_KEYSTORE_PASSWORD=""

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# IP address Jenkins listens on for HTTPS requests.
# Default is disabled.
#
JENKINS_HTTPS_LISTEN_ADDRESS=""

## Type:        integer(0:65535)
## Default:     ""
## ServiceRestart: jenkins
#
# HTTP2 port Jenkins is listening on.
# Default is disabled.
#
# Notice: HTTP2 support may require additional configuration, see Winstone
# documentation for more information.
#
JENKINS_HTTP2_PORT=""

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# IP address Jenkins listens on for HTTP2 requests.
# Default is disabled.
#
# Notice: HTTP2 support may require additional configuration, see Winstone
# documentation for more information.
#
JENKINS_HTTP2_LISTEN_ADDRESS=""

## Type:        integer(1:9)
## Default:     5
## ServiceRestart: jenkins
#
# Debug level for logs -- the higher the value, the more verbose.
# 5 is INFO.
#
JENKINS_DEBUG_LEVEL="5"

## Type:        yesno
## Default:     no
## ServiceRestart: jenkins
#
# Whether to enable access logging or not.
#
JENKINS_ENABLE_ACCESS_LOG="no"

## Type:        integer
## Default:     100
## ServiceRestart: jenkins
#
# Maximum number of HTTP worker threads.
#
JENKINS_HANDLER_MAX="100"

## Type:        integer
## Default:     20
## ServiceRestart: jenkins
#
# Maximum number of idle HTTP worker threads.
#
JENKINS_HANDLER_IDLE="20"

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Folder for additional jar files to add to the Jetty class loader.
# See Winstone documentation for more information.
# Default is disabled.
#
JENKINS_EXTRA_LIB_FOLDER=""

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Pass arbitrary arguments to Jenkins.
# Full option list: java -jar jenkins.war --help
#
JENKINS_ARGS=""

2. JENKINS_ARGS

/etc/sysconfig/jenkinsJENKINS_ARGS对应参数:

Usage: java -jar jenkins.war [--option=value] [--option=value]

Options:
   --webroot                = folder where the WAR file is expanded into. Default is ${JENKINS_HOME}/war
   --pluginroot             = folder where the plugin archives are expanded into. Default is ${JENKINS_HOME}/plugins
                              (NOTE: this option does not change the directory where the plugin archives are stored)
   --extractedFilesFolder   = folder where extracted files are to be located. Default is the temp folder
   --logfile                = redirect log messages to this file
   --enable-future-java     = allows running with new Java versions which are not fully supported (class version 52 and above)
   --javaHome               = Override the JAVA_HOME variable
   --toolsJar               = The location of tools.jar. Default is JAVA_HOME/lib/tools.jar
   --config                 = load configuration properties from here. Default is ./winstone.properties
   --prefix                 = add this prefix to all URLs (eg http://localhost:8080/prefix/resource). Default is none
   --commonLibFolder        = folder for additional jar files. Default is ./lib

   --extraLibFolder         = folder for additional jar files to add to Jetty classloader

   --logThrowingLineNo      = show the line no that logged the message (slow). Default is false
   --logThrowingThread      = show the thread that logged the message. Default is false
   --debug                  = set the level of debug msgs (1-9). Default is 5 (INFO level)

   --httpPort               = set the http listening port. -1 to disable, Default is 8080
   --httpListenAddress      = set the http listening address. Default is all interfaces
   --httpKeepAliveTimeout   = how long idle HTTP keep-alive connections are kept around (in ms; default 5000)?
   --httpsPort              = set the https listening port. -1 to disable, Default is disabled
   --httpsListenAddress     = set the https listening address. Default is all interfaces
   --httpsKeepAliveTimeout  = how long idle HTTPS keep-alive connections are kept around (in ms; default 5000)?
   --httpsKeyStore          = the location of the SSL KeyStore file. Default is ./winstone.ks
   --httpsKeyStorePassword  = the password for the SSL KeyStore file. Default is null
   --httpsKeyManagerType    = the SSL KeyManagerFactory type (eg SunX509, IbmX509). Default is SunX509
   --httpsPrivateKey        = this switch with --httpsCertificate can be used to run HTTPS with OpenSSL secret key
     / --httpsCertificate     file and the corresponding certificate file
   --httpsRedirectHttp      = redirect http requests to https (requires both --httpPort and --httpsPort)
   --http2Port              = set the http2 listening port. -1 to disable, Default is disabled
   --http2ListenAddress     = set the http2 listening address. Default is all interfaces
   --excludeCipherSuites    = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) (default is
                           // Exclude weak / insecure ciphers
                           "^.*_(MD5|SHA|SHA1)$",
                           // Exclude ciphers that don't support forward secrecy
                           "^TLS_RSA_.*$",
                           // The following exclusions are present to cleanup known bad cipher
                           // suites that may be accidentally included via include patterns.
                           // The default enabled cipher list in Java will not include these
                           // (but they are available in the supported list).
                           "^SSL_.*$",
                           "^.*_NULL_.*$",
                           "^.*_anon_.*$"
   --controlPort            = set the shutdown/control port. -1 to disable, Default disabled

   --useJasper              = enable jasper JSP handling (true/false). Default is false
   --sessionTimeout         = set the http session timeout value in minutes. Default to what webapp specifies, and then to 60 minutes
   --sessionEviction        = set the session eviction timeout for idle sessions in seconds. Default value is 180. -1 never evict, 0 evict on exit
   --mimeTypes=ARG          = define additional MIME type mappings. ARG would be EXT=MIMETYPE:EXT=MIMETYPE:...
                              (e.g., xls=application/vnd.ms-excel:wmf=application/x-msmetafile)
   --requestHeaderSize=N    = set the maximum size in bytes of the request header. Default is 8192.
   --maxParamCount=N        = set the max number of parameters allowed in a form submission to protect
                              against hash DoS attack (oCERT #2011-003). Default is 10000.
   --useJmx                 = Enable Jetty Jmx
   --qtpMaxThreadsCount     = max threads number when using Jetty Queued Thread Pool
   --jettyAcceptorsCount    = Jetty Acceptors number
   --jettySelectorsCount    = Jetty Selectors number
   --usage / --help         = show this message
 Security options:
   --realmClassName               = Set the realm class to use for user authentication. Defaults to ArgumentsRealm class

   --argumentsRealm.passwd.<user> = Password for user <user>. Only valid for the ArgumentsRealm realm class
   --argumentsRealm.roles.<user>  = Roles for user <user> (comma separated). Only valid for the ArgumentsRealm realm class

   --fileRealm.configFile         = File containing users/passwds/roles. Only valid for the FileRealm realm class

 Access logging:
   --accessLoggerClassName        = Set the access logger class to use for user authentication. Defaults to disabled
   --simpleAccessLogger.format    = The log format to use. Supports combined/common/resin/custom (SimpleAccessLogger only)
   --simpleAccessLogger.file      = The location pattern for the log file(SimpleAccessLogger only)

2.7 Jenkins分布式(slave)

在众多Job的场景下,单台jenkins master同时执行代码clone、编译、打包及构建,其性能可能会出现瓶颈从而会影响代码部署效率,影响jenkins官方提供了jenkins分布式构建,将众多job分散运行到不同的jenkins slave节点,大幅提高并行job的处理能力。

1.配置slave节点java环境

Slave服务器创建工作目录,如果slave需要执行编译job,则也需要配置java环境并且安装git、svn、maven等与master相同的基础运行环境,另外也要创建与master相同的数据目录,因为脚本中调用的路径只有相对一master的一个路径,此路径在master与各node节点必须保持一致。

#mkdir -p /var/lib/jenkins 	#创建数据目录
#jenkins home location
JENKINS_HOME=/var/lib/jenkins	#工作目录配置与master保持一致

修改/etc/profile

[root@k8s-node-02 ~]# tail -5 /etc/profile
export HISTTIMEFORMAT="%F%T`whoami`"
export LANG="en_US.utf-8"
export JAVA_HOME=/usr/local/jdk
export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin

重启节点机

2. 添加slave节点

Jenkins—系统管理—节点管理—新建节点:
注意:

  • 如果没有证书,可以选择不校验证书

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

3. 添加slave认证凭据

在这里插入图片描述

4. 节点日志

在这里插入图片描述
如果出现Error: A JNI error has occurred, please check your installation and try again问题,则表示master和salve的java版本不一致,调整到一致,即可解决

5. 节点状态

master为正常状态,Node-1时间不同步状态
如果对时间不敏感,可以忽略
在这里插入图片描述

6. 验证slave进程状态

[root@k8s-node-02 ~]# ps -ef|grep java
root       6309   6302  2 11:11 ?        00:00:06 java -jar remoting.jar -workDir /var/lib/jenkins -jar-cache /var/lib/jenkins/remoting/jarCache
root       9137   1452  0 11:16 pts/0    00:00:00 grep --color=auto java
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值