Jenkins 安装使用笔记
阅读原文时间:2023年07月10日阅读:3

系统要求

最低推荐配置:

  • 256MB可用内存

  • 1GB可用磁盘空间(作为一个容器docker运行jenkins的话推荐10GB)

为小团队推荐的硬件配置:

  • 1GB+可用内存

  • 50 GB+ 可用磁盘空间

软件配置:

  • Java 8—​无论是Java运行时环境(JRE)还是Java开发工具包(JDK)都可以。

安装前提:Java 的jdk已安装 (JAVA安装略)

# java -version
  java version "1.8.0_202"
    Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
  Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)

1 下载Jenkins的rpm包

https://jenkins.io/zh/download/

  • 2.164 (2019-02) and newer: Java 8 or Java 11
  • 2.54 (2017-04) and newer: Java 8
  • 1.612 (2015-05) and newer: Java 7

2 安装

# sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
# sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
# yum install jenkins

3 启动

# systemctl start jenkins

localdomain systemd[1]: Starting LSB: Jenkins Automation Server…
localdomain runuser[2534]: pam_unix(runuser:session): session opened for user jenkins by (uid=0)
localdomain jenkins[2529]: Starting Jenkins bash: /usr/bin/java: No such file or directory
localdomain jenkins[2529]: [FAILED]
localdomain systemd[1]: jenkins.service: control process exited, code=exited status=1
localdomain systemd[1]: Failed to start LSB: Jenkins Automation Server.
localdomain systemd[1]: Unit jenkins.service entered failed state.
localdomain systemd[1]: jenkins.service failed.

(java 文件找不到的情况下就会报错)

添加实际安装的路径

# echo $JAVA_HOME
/usr/java/jdk

# vi /etc/init.d/jenkins

…..

/usr/lib/jvm/java-11-openjdk-amd64
/usr/bin/java
/usr/java/jdk/bin/java
"

再次启动

# systemctl daemon-reload
# systemctl start jenkins
# systemctl status jenkins

  Active: active (running)

4 webui

http://ip:8080  (启动过程中可能会遇到等待)

可更换更新源加快速度

# vi /var/lib/jenkins/hudson.model.UpdateCenter.xml

把默认    https://updates.jenkins.io/update-center.json
替换成  http://mirror.xmission.com/jenkins/updates/update-center.json

官方镜像地址查询URL: http://mirrors.jenkins-ci.org/status.html

插件安装时候是使用了其他的配置文件。

/var/lib/jenkins/updates/default.json

其中

connectionCheckUrl":"http://www.google.com/" 换成 www.baidu.com

http://updates.jenkins-ci.org/download/ 根据情况该镜像

初始登录密码参考

# cat /var/lib/jenkins/secrets/initialAdminPassword

8712cd5562232302ca324213fd7416736a


git + ssh + shell 构建

前提:

A:Publish Over SSH 插件安装

SSH Server (Name/Hostname/Username/RemoteDirectory/Password) 连接测试 Success

B:Git 插件以及git2.x 安装完成

# git --version
git version 2.22.0

C:SHELL 构建
1 确认 jenkins 和目标服务器 全部已经安装 rsync
  目标服务器也添加了 jenkins 用户
  发布目录权限确认
 
2 jenkins 服务器
  # vi /etc/passwd   
  jenkins  /bin/false -> /bin/bash
 
3 jenkins 和目标服务器
  # visudo 需要sudo 的情况 (2选1) 免秘
  jenkins  ALL=(ALL)  NOPASSWD: /usr/bin/ssh, /usr/bin/rsync
  jenkins  ALL=(ALL)  NOPASSWD: ALL
 
3 jenkins 服务器
  # su jenkins

bash-4.1$ pwd
/var/lib/jenkins

bash-4.1$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa):
    Created directory '/var/lib/jenkins/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /var/lib/jenkins/.ssh/id_rsa.
    Your public key has been saved in /var/lib/jenkins/.ssh/id_rsa.pub.
    The key fingerprint is:
    19:18:1f:16:61:8d:94:eb:c8:ee:83:9f:11:c7:65:da jenkins@jenkins
    The key's randomart image is:

  ssh-copy-id -i ~/.ssh/id_rsa.pub jenkins@192.168.99.99
  或者手动copy内容到目标服务器 /home/jenkins/.ssh/authorized_keys

// [jenkis@jenkins-test] source ~/.bash_profile
// bash-4.2$ vi ~/.bash_profile
//  export PS1='[\u@\h \W]\$'

4 确认
目标服务器下 /home/jenkins/.ssh/authorized_keys 内容和
jenkins服务器 /var/lib/jenkins/.ssh/id_rsa.pub 内容一致

5 jenkins 服务器
  # systemctl restart jenkins

6 webui 添加自定义工程 > 环境构建 (执行shell)
  rsync -raz  --delete --progress * jenkins@192.168.9.99:/data/www/php-test/

7 立即构建 查看控制台输出
  + rsync -raz --delete --progress index.php jenkins@192.168.99.99:/ddata/www/php-test/
  sending incremental file list
  Finished: SUCCESS

如有错误根据内容处理


Nginx 反代

参考URL:https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy

1: Running Jenkins from a subdomain (like http://jenkins.domain.tld)

server {
listen 80;
server_name jenkins.domain.tld;
return 301 https://$host$request_uri;
}

server {
listen 80;
server_name jenkins.domain.tld;

location / {  
  proxy\_set\_header        Host $host:$server\_port;  
  proxy\_set\_header        X-Real-IP $remote\_addr;  
  proxy\_set\_header        X-Forwarded-For $proxy\_add\_x\_forwarded\_for;  
  proxy\_set\_header        X-Forwarded-Proto $scheme;

  # Fix the "It appears that your reverse proxy set up is broken" error.  
  proxy\_pass          http://127.0.0.1:8080;  
  proxy\_read\_timeout  90;

  proxy\_redirect      http://127.0.0.1:8080 https://jenkins.domain.tld;

  # Required for new HTTP-based CLI  
  proxy\_http\_version 1.1;  
  proxy\_request\_buffering off;  
  # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651  
  add\_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;  
}  复制

}

http://jenkins.domain.tld

2: Running from a subdomain with SSL

server {
listen 80;
server_name jenkins.domain.tld;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name jenkins.domain.tld;

ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://jenkins;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
}
}

https://jenkins.domain.tld

3: Running Jenkins from a folder with TLS encryption (like https://domain.tld/jenkins/)

In addition, you must ensure that Jenkins is configured to listen for requests to the /jenkins/ folder (e.g. http://10.0.0.100:8080/jenkins/ instead of http://10.0.0.100:8080/). Do that by adding the parameter --prefix=/jenkins to the Jenkins default start-up configuration file. On my system (Ubuntu 12.04 LTS) the configuration file is /etc/default/jenkins. For example, here's the full JENKINS_ARG parameter list (the only part I added was --prefix=/jenkins):

JENKINS_ARGS=**"**--webroot=/var/cache/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT **--prefix=/jenkins**"

注意:系统配置里面的 Jenkins Location 也改一下 http://xxx.xxx.xx.xx:8080/jenkins/ 

server {

# All your server and TLS/certificate settings are up here somewhere  
\[...\]

# Nginx configuration specific to Jenkins  
# Note that regex takes precedence, so use of "^~" ensures earlier evaluation  
location ^~ /jenkins/ {

    # Convert inbound WAN requests for https://domain.tld/jenkins/ to  
    # local network requests for http://10.0.0.100:8080/jenkins/  
    proxy\_pass http://10.0.0.100:8080/jenkins/;

    # Rewrite HTTPS requests from WAN to HTTP requests on LAN  
    proxy\_redirect http:// https://;

    # The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx  
    sendfile off;

    proxy\_set\_header   Host             $host:$server\_port;  
    proxy\_set\_header   X-Real-IP        $remote\_addr;  
    proxy\_set\_header   X-Forwarded-For  $proxy\_add\_x\_forwarded\_for;  
    proxy\_max\_temp\_file\_size 0;

    # This is the maximum upload size  
    client\_max\_body\_size       10m;  
    client\_body\_buffer\_size    128k;

    proxy\_connect\_timeout      90;  
    proxy\_send\_timeout         90;  
    proxy\_read\_timeout         90;

    proxy\_temp\_file\_write\_size 64k;

    # Required for new HTTP-based CLI  
    proxy\_http\_version 1.1;  
    proxy\_request\_buffering off;  
    proxy\_buffering off; # Required for HTTP-based CLI to work over SSL  复制

}

https://domain.tld/jenkins/


自动部署

1定时构建 (类似cron)

Examples:

TZ=Asia/Shanghai
# every fifteen minutes (perhaps at :07, :22, :37, :52)
H/15 * * * *
# every ten minutes in the first half of every hour (three times, perhaps at :04, :14, :24)
H(0-29)/10 * * * *
# once every two hours at 45 minutes past the hour starting at 9:45 AM and finishing at 3:45 PM every weekday.
45 9-16/2 * * 1-5
# once in every two hours slot between 9 AM and 5 PM every weekday (perhaps at 10:38 AM, 12:38 PM, 2:38 PM, 4:38 PM)
H H(9-16)/2 * * 1-5
# once a day on the 1st and 15th of every month except December
H H 1,15 1-11 *

2 触发远程构建 

先去登陆用户个人设置页面〉API Token 中生成新token

例如:  token-test    11e44f5bef0859fe8a2786092d228d233b

然后在触发器身份验证令牌中填入token:11e44f5bef0859fe8a2786092d228d233b

以后每次访问页面:https://jenkins.domain/job/PHP-DEPLOY/build?token=11e44f5bef0859fe8a2786092d228d233b

就会触发构建


邮件配置

● 安装发邮件的插件
● 配置管理员邮箱
● 配置发送邮箱
● 测试发送邮件
● 制作邮件模板
● 邮件触发机制设置    
    
1 安装发邮件的插件
Email Extension

2 配置管理员邮箱

系统设置 > 管理员邮件地址 admin@cnblog.xyz
注意A:最终发件邮箱地址和系统管理员邮件地址必须一致)  

3 系统配置发送邮箱

SMTP server : smtp.qiye.aliyun.com
Default user E-mail suffix : @cnblog.xyz
Use SMTP Authentication
User Name : admin@cnblog.xyz
Password : *********
Use SSL :  YES

SMTP port :  465
Default Content Type : html/txt (看实际情况)
Default Recipients :zhangsan@cnblog.xyz

4 测试发送邮件
注意B:有个内置的邮件配置可以发送测试邮件
发件邮箱地址和系统管理员邮件地址必须一致 否则报 440 mail

5 制作邮件模板 (略)

6 邮件触发机制设置
项目〉构建〉构建后操作 〉添加 Editable Email Notifacation
默认即可,成功收到邮件后根据实际需求调整或增加触发器
Triggers中默认 Failure / Sucesss TO Developers 可增加一下 Recipient List