Jenkins安装及插件管理
1.安装Jenkins
1.1 方法一:配置yum源
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
yum install jenkins
1.2 方法二:rpm安装
#上面官网的镜像源太慢,直接找一个国内的rpm包下载安装
wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/redhat-stable/jenkins-2.222.3-1.1.noarch.rpm
yum -y install jenkins-2.222.3-1.1.noarch.rpm
#修改端口:8080换成8081
vim /etc/sysconfig/jenkins
#加入开机自启
systemctl enable jenkins
#启动jenkins
systemctl start jenkins
2.配置nginx反向代理
由于jenkins默认是监听在8080端口上,这里我们使用域名方式来访问jenkins;此时必须要配置nginx代理
2.1 配置yum仓库
vim /etc/yum.repo.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
2.2 安装Nginx
#安装yum-utils
yum -y install yum-utils
#开启nginx主线版
yum-config-manager --enable nginx-mainline
#开始安装
yum -y install nginx
2.3 配置
vim /etc/nginx/conf.d/jenkins.conf
server {
listen 80;
server_name jks1.linux.com;
charset utf-8;
access_log /var/log/nginx/jenkins1.access.log main;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
2.3 检查配置并启动nginx
#检查语法
nginx -t
#启动
nginx
3.开始使用jenkins
3.1浏览器访问jenkins
解锁:
[root@jenkins-node1 ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
34ea994d187a408bb830555b6ee19868
下一步出现异常了,我的网络是正常的,不管了,先跳过插件安装
创建一个新管理用户:
完成安装:
3.2 插件管理
点击左侧菜单:Manage Jenkins > Manage Plugin
此时可以发现jenkins插件管理有异常:SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
网上找资料说是改插件站点地址,把HTTPS改成HTTP;
上面点击submit之后,再点击checknow,jenkins会从更新站点同步json数据,此时需要等待一会儿;
同步完了之后会在/var/lib/jenkins/产生一个updates文件夹,下面有这样两个文件;
[root@jenkins-node1 ~]# cd /var/lib/jenkins/updates/
[root@jennkins-node1 updates]# ll
总用量 1908
-rw-r--r-- 1 jenkins jenkins 1943582 5月 11 10:38 default.json
-rw-r--r-- 1 jenkins jenkins 5350 5月 11 10:38 hudson.tasks.Maven.MavenInstaller
此处虽然没有再报错了;但是,安装插件又会出现下面的异常:
从上面发现是证书路径有问题,Jenkins是由Java开发的,证书是放在哪里的呢?于是我网上查找了一下,找到下面的资料:
第一步:下载这个SSLPoke.class文件:
wget https://confluence.atlassian.com/kb/files/779355358/779355357/1/1441897666313/SSLPoke.class
第二步:验证你的ssl网站;此处网址替换成jenkins更新中心的站点,用https
[root@jenkins-node1 ~]# $JAVA_HOME/bin/java SSLPoke updates.jenkins.io 443
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:728)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 15 more
确实是有问题;问题就是那个证书的问题,那么证书在哪里呢?我又找到了下面的资料
发现证书是在:"%JAVA_HOME%\jre\lib\security\cacerts"
既然是证书路径有问题,那么服务器上是否还有其他名为cacerts的证书?带着疑问,我搜索了一下:
[root@jenkins-node1 ~]# find / -type f -name cacerts
/etc/pki/ca-trust/extracted/java/cacerts
/usr/local/jdk1.8.0_20/jre/lib/security/cacerts
发现确实有两个文件,我想默认应该用的是这个/usr/local/jdk1.8.0_20/jre/lib/security/cacerts
于是我进行了以下操作:
[root@jenkins-node1 ~]# cd /usr/local/jdk1.8.0_20/jre/lib/security/
[root@jenkins-node1 security]# mv cacerts cacerts.bak
[root@jenkins-node1 security]# cp /etc/pki/ca-trust/extracted/java/cacerts ./
[root@jenkins-node1 ~]# $JAVA_HOME/bin/java SSLPoke updates.jenkins.io 443
Successfully connected
发现ssl已经验证成功,于是我重启了jenkins,把jenkins的站点从http改成https,然后点击提交,点击checknow发现问题已解决;大功告成!
除了拷贝cacerts文件,还有另外一个解决办法,修改jenkins配置文件:vim /etc/sysconfig/jenkins
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts"
重启jenkins,把jenkins的更新站点从http改成https,然后点击提交,点击checknow发现也没有任何异常;
3.3 修改插件更新站点为国内镜像站点
#国内镜像源华为和清华镜像源速度比较快,我这里选择使用清华源
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
修改/var/lib/jenkins/updates/default.json ,替换以下内容然后重启jenkins
sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json
sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json
