Jenkins 系列1 --- 安装与配置
一、概要
1. 环境
(1) Rocky Linux 9.1
(2) Git 2.39.3
(3) Jenkins 2.401.2
2. 硬件要求
(1) 底线要求
内存:256 MB
硬盘:1 GB
(2) 推荐要求
内存:4 GB
硬盘:50 GB
二、安装
1. 依赖
(1) OpenJDK
(2) Git
sudo dnf install git -y git --version
(3) Maven
https://www.cnblogs.com/eagle6688/p/17519572.html
(4) 仓库
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key sudo yum upgrade -y
2. 安装
sudo dnf install jenkins -y
3. 安装后
(1) 服务
sudo systemctl daemon-reload sudo systemctl enable jenkins sudo systemctl start jenkins systemctl status jenkins
(2) 防火墙
如果需要立即通过端口号访问Jenkins,则可以通过以下配置实现:
sudo firewall-cmd --permanent --add-port=8080/tcp sudo firewall-cmd --reload
4. HTTPS
(1) 生成证书和密钥
https://www.cnblogs.com/eagle6688/p/16974768.html
sudo mkdir -p /etc/ssl/private sudo mv jenkins.example.com.crt.pem /etc/ssl/certs sudo mv jenkins.example.com.key.pem /etc/ssl/private
(2) 创建日志目录
sudo mkdir -p /var/log/nginx/jenkins
(3) Nginx配置
a. 创建配置文件
sudo vi /etc/nginx/conf.d/jenkins.conf
b. 初始化
upstream jenkins { keepalive 32; # keepalive connections server 127.0.0.1:8080; # jenkins ip and port } # Required for Jenkins websocket agents map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; # Listen on port 80 for IPv4 requests server_name jenkins.example.com; rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen 443 ssl; listen [::]:443 ssl; server_name jenkins.example.com; root /var/run/jenkins/war/; access_log /var/log/nginx/jenkins.access.log; error_log /var/log/nginx/jenkins.error.log; ssl_certificate /etc/ssl/certs/jenkins.example.com.crt.pem; ssl_certificate_key /etc/ssl/private/jenkins.example.com.key.pem; ssl_session_timeout 1d; ssl_session_tickets on; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5'; ssl_prefer_server_ciphers on; # pass through headers from Jenkins that Nginx considers invalid ignore_invalid_headers off; location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" { rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last; } location /userContent { root /var/lib/jenkins/; if (!-f $request_filename) { rewrite (.*) /$1 last; break; } sendfile on; } location / { sendfile off; proxy_pass http://jenkins; proxy_redirect default; proxy_http_version 1.1; # Required for Jenkins websocket agents proxy_set_header Connection $connection_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_max_temp_file_size 0; #this is the maximum upload size client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; #该值控制Jenkins链接的超时时间,若Jenkins需要执行长时间的shell脚本,可适当增加该值。 proxy_buffering off; proxy_request_buffering off; # Required for HTTP CLI commands proxy_set_header Connection ""; # Clear for keepalive } }
c. 测试Nginx配置
sudo nginx -t
d. 权限
sudo usermod -aG jenkins nginx #将用户nginx加入到jenkins组中
e. 重启Nginx
sudo systemctl restart nginx
5. 解锁Jenkins
(1) 获取管理员密码
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
(2) 访问jenkins.example.com,填入初始密码
(3) 选择Install suggested plugins
(4) Suggested plugins列表:
(5) 创建第一个管理员账户
(6) 进入首页
三、配置
1. config.xml
(1) Jenkins配置文件位于:
/var/lib/jenkins/config.xml
(2) 初始化Jenkins之后,备份配置文件,以便还原:
sudo cp /var/lib/jenkins/config.xml /var/lib/jenkins/config.xml.bak
2. LDAP
注意:配置完LDAP后,在初始化阶段创建的用户admin将无法登录。
(1) 登录Jenkins,Dashboard->Manage Jenkins->Security
(2) 在Security Realm处选择LDAP:
(3) 配置必要项目
a. Server: LDAP服务器地址;
b. root DN: dc=example,dc=com;
c. User search base: ou=people,这个与root DN合并起来就是Jenkins搜索账号的地址;
d. Manager DN: 管理员DN;
e. Manager Password: 管理员密码;
配置结束后点击右下角的Test LDAP Settings进行测试:
全部成功后点击"Save"。
3. Maven Configuration
(1) 登录后,进入Dashboard->Manage Jenkins->Tools页面:
(2) 在Maven Configuration配置节下,分别配置"Default settings provider"和"Default global settings provider"为Maven的settings.xml路径:
(3) 找到页面最下方的Maven配置节,配置Maven的安装路径
4. JDK
(1) 查询JDK安装目录
rpm -qal|grep openjdk
(2) 配置JDK的路径,注意此处的路径有两个要求:
a. 路径以/bin的父级目录结束;
b. bin目录中存在javac程序,这就要求安装devel版本的JDK;
5. Git
(1) 查询Git安装目录
rpm -qal|grep git
(2) 配置Git目录
6. 构件清理
每次运行Pipeline都会产生应用包和其他一些临时文件,随着Build的次数增多,应用包和临时文件也会越积越多,这些文件很占用磁盘空间。
Jenkins提供了两个维度的自动清理功能来解决该问题,一是系统级别的配置,二是Pipeline级别的配置。
(1) 系统配置
a. 登录Jenkins,进入Dashboard->Manage Jenkins->System页面:
b. 找到"Global Build Discarders",配置"Days to keep builds" 或 "Max # of builds to keep"
四、参考
1. 官方
https://www.jenkins.io/doc/book/installing/linux/
https://www.jenkins.io/doc/book/installing/war-file/
https://www.jenkins.io/doc/book/managing/system-properties/
https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-nginx/
