Jenkins 安装使用笔记

系统要求

最低推荐配置:

• 256MB可用内存

• 1GB可用磁盘空间(作为一个容器docker运行jenkins的话推荐10GB)

为小团队推荐的硬件配置:

• 1GB+可用内存

• 50 GB+ 可用磁盘空间

软件配置:

• Java 8—​无论是Java运行时环境（JRE）还是Java开发工具包（JDK）都可以。

安装前提：Java 的jdk已安装 （JAVA安装略）

＃ java -version
　　java version “1.8.0_202”
　   Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
　　Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)

1 下载Jenkins的rpm包

https://jenkins.io/zh/download/

• 2.164 (2019-02) and newer: Java 8 or Java 11
• 2.54 (2017-04) and newer: Java 8
• 1.612 (2015-05) and newer: Java 7

2 安装

# sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
# sudo rpm –import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
# yum install jenkins

3 启动

# systemctl start jenkins

localdomain systemd[1]: Starting LSB: Jenkins Automation Server…
localdomain runuser[2534]: pam_unix(runuser:session): session opened for user jenkins by (uid=0)
localdomain jenkins[2529]: Starting Jenkins bash: /usr/bin/java: No such file or directory
localdomain jenkins[2529]: [FAILED]
localdomain systemd[1]: jenkins.service: control process exited, code=exited status=1
localdomain systemd[1]: Failed to start LSB: Jenkins Automation Server.
localdomain systemd[1]: Unit jenkins.service entered failed state.
localdomain systemd[1]: jenkins.service failed.

(java 文件找不到的情况下就会报错)

添加实际安装的路径

# echo $JAVA_HOME
/usr/java/jdk

# vi /etc/init.d/jenkins

…..

/usr/lib/jvm/java-11-openjdk-amd64
/usr/bin/java
/usr/java/jdk/bin/java
“

再次启动

# systemctl daemon-reload
# systemctl start jenkins
# systemctl status jenkins

　　Active: active (running)

4 webui

http://ip:8080  (启动过程中可能会遇到等待)

可更换更新源加快速度

# vi /var/lib/jenkins/hudson.model.UpdateCenter.xml

把默认    <url>https://updates.jenkins.io/update-center.json</url>
替换成  <url>http://mirror.xmission.com/jenkins/updates/update-center.json</url>

官方镜像地址查询URL： http://mirrors.jenkins-ci.org/status.html

插件安装时候是使用了其他的配置文件。

/var/lib/jenkins/updates/default.json

其中

connectionCheckUrl”:”http://www.google.com/” 换成 www.baidu.com

http://updates.jenkins-ci.org/download/ 根据情况该镜像

初始登录密码参考

# cat /var/lib/jenkins/secrets/initialAdminPassword

8712cd5562232302ca324213fd7416736a

git + ssh + shell 构建

前提：

A：Publish Over SSH 插件安装

SSH Server (Name/Hostname/Username/RemoteDirectory/Password) 连接测试 Success

B：Git 插件以及git2.x 安装完成

# git –version
git version 2.22.0

C：SHELL 构建
1 确认 jenkins 和目标服务器 全部已经安装 rsync
  目标服务器也添加了 jenkins 用户
  发布目录权限确认
 
2 jenkins 服务器
  # vi /etc/passwd   
  jenkins  /bin/false -> /bin/bash
 
3 jenkins 和目标服务器
  # visudo 需要sudo 的情况 (2选1) 免秘
  jenkins  ALL=(ALL)  NOPASSWD: /usr/bin/ssh, /usr/bin/rsync
  jenkins  ALL=(ALL)  NOPASSWD: ALL
 
3 jenkins 服务器
  # su jenkins

bash-4.1$ pwd
/var/lib/jenkins

bash-4.1$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa):
    Created directory ‘/var/lib/jenkins/.ssh’.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /var/lib/jenkins/.ssh/id_rsa.
    Your public key has been saved in /var/lib/jenkins/.ssh/id_rsa.pub.
    The key fingerprint is:
    19:18:1f:16:61:8d:94:eb:c8:ee:83:9f:11:c7:65:da jenkins@jenkins
    The key’s randomart image is:

  ssh-copy-id -i ~/.ssh/id_rsa.pub jenkins@192.168.99.99
  或者手动copy内容到目标服务器 /home/jenkins/.ssh/authorized_keys

// [jenkis@jenkins-test] source ~/.bash_profile
// bash-4.2$ vi ~/.bash_profile
//  export PS1='[\u@\h \W]\$’

4 确认
目标服务器下 /home/jenkins/.ssh/authorized_keys 内容和
jenkins服务器 /var/lib/jenkins/.ssh/id_rsa.pub 内容一致

5 jenkins 服务器
  # systemctl restart jenkins

6 webui 添加自定义工程 > 环境构建 （执行shell）
  rsync -raz  –delete –progress * jenkins@192.168.9.99:/data/www/php-test/

7 立即构建 查看控制台输出
  + rsync -raz –delete –progress index.php jenkins@192.168.99.99:/ddata/www/php-test/
  sending incremental file list
  Finished: SUCCESS

如有错误根据内容处理

Nginx 反代

参考URL：https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy

1: Running Jenkins from a subdomain (like http://jenkins.domain.tld)

server {
    listen 80;
    server_name jenkins.domain.tld;
    return 301 https://$host$request_uri;
}server {
    listen 80;
    server_name jenkins.domain.tld;    location / {
      proxy_set_header        Host $host:$server_port;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;      # Fix the "It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://127.0.0.1:8080;
      proxy_read_timeout  90;      proxy_redirect      http://127.0.0.1:8080 https://jenkins.domain.tld;      # Required for new HTTP-based CLI
      proxy_http_version 1.1;
      proxy_request_buffering off;
      # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
      add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
    }
  }  

http://jenkins.domain.tld

2: Running from a subdomain with SSL

server {
  listen 80;
  server_name jenkins.domain.tld;
  return 301 https://$host$request_uri;
}server {
  listen 443 ssl;
  server_name jenkins.domain.tld;  ssl_certificate /etc/nginx/ssl/server.crt;
  ssl_certificate_key /etc/nginx/ssl/server.key;  location / {
    proxy_set_header        Host $host:$server_port;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_redirect http:// https://;
    proxy_pass              http://jenkins;
    # Required for new HTTP-based CLI
    proxy_http_version 1.1;
    proxy_request_buffering off;
    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
    # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
    add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
  }
}

https://jenkins.domain.tld

3: Running Jenkins from a folder with TLS encryption (like https://domain.tld/jenkins/)

In addition, you must ensure that Jenkins is configured to listen for requests to the /jenkins/ folder (e.g. http://10.0.0.100:8080/jenkins/ instead of http://10.0.0.100:8080/). Do that by adding the parameter –prefix=/jenkins to the Jenkins default start-up configuration file. On my system (Ubuntu 12.04 LTS) the configuration file is /etc/default/jenkins. For example, here’s the full JENKINS_ARG parameter list (the only part I added was –prefix=/jenkins):

JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --prefix=/jenkins"注意：系统配置里面的 Jenkins Location 也改一下 http://xxx.xxx.xx.xx:8080/jenkins/ 

server {    # All your server and TLS/certificate settings are up here somewhere
    [...]    # Nginx configuration specific to Jenkins
    # Note that regex takes precedence, so use of "^~" ensures earlier evaluation
    location ^~ /jenkins/ {        # Convert inbound WAN requests for https://domain.tld/jenkins/ to
        # local network requests for http://10.0.0.100:8080/jenkins/
        proxy_pass http://10.0.0.100:8080/jenkins/;        # Rewrite HTTPS requests from WAN to HTTP requests on LAN
        proxy_redirect http:// https://;        # The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
        sendfile off;        proxy_set_header   Host             $host:$server_port;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;        # This is the maximum upload size
        client_max_body_size       10m;
        client_body_buffer_size    128k;        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;        proxy_temp_file_write_size 64k;        # Required for new HTTP-based CLI
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off; # Required for HTTP-based CLI to work over SSL
  }

https://domain.tld/jenkins/

自动部署

1定时构建 （类似cron）

Examples:

TZ=Asia/Shanghai
# every fifteen minutes (perhaps at :07, :22, :37, :52)
H/15 * * * *
# every ten minutes in the first half of every hour (three times, perhaps at :04, :14, :24)
H(0-29)/10 * * * *
# once every two hours at 45 minutes past the hour starting at 9:45 AM and finishing at 3:45 PM every weekday.
45 9-16/2 * * 1-5
# once in every two hours slot between 9 AM and 5 PM every weekday (perhaps at 10:38 AM, 12:38 PM, 2:38 PM, 4:38 PM)
H H(9-16)/2 * * 1-5
# once a day on the 1st and 15th of every month except December
H H 1,15 1-11 *

2 触发远程构建 先去登陆用户个人设置页面〉API Token 中生成新token例如：  token-test    11e44f5bef0859fe8a2786092d228d233b

然后在触发器身份验证令牌中填入token：11e44f5bef0859fe8a2786092d228d233b

以后每次访问页面：https://jenkins.domain/job/PHP-DEPLOY/build?token=11e44f5bef0859fe8a2786092d228d233b

就会触发构建

邮件配置

● 安装发邮件的插件
● 配置管理员邮箱
● 配置发送邮箱
● 测试发送邮件
● 制作邮件模板
● 邮件触发机制设置    
    
1 安装发邮件的插件
Email Extension

2 配置管理员邮箱

系统设置 > 管理员邮件地址 admin@cnblog.xyz
注意A：最终发件邮箱地址和系统管理员邮件地址必须一致)  

3 系统配置发送邮箱

SMTP server : smtp.qiye.aliyun.com
Default user E-mail suffix : @cnblog.xyz
Use SMTP Authentication
User Name : admin@cnblog.xyz
Password : *********
Use SSL :  YESSMTP port :  465
Default Content Type : html/txt （看实际情况）
Default Recipients ：zhangsan@cnblog.xyz

4 测试发送邮件
注意B：有个内置的邮件配置可以发送测试邮件
发件邮箱地址和系统管理员邮件地址必须一致 否则报 440 mail

5 制作邮件模板 （略）

6 邮件触发机制设置
项目〉构建〉构建后操作 〉添加 Editable Email Notifacation
默认即可，成功收到邮件后根据实际需求调整或增加触发器
Triggers中默认 Failure / Sucesss TO Developers 可增加一下 Recipient List