惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
Last Week in AI
Last Week in AI
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
H
Help Net Security
F
Fortinet All Blogs
MyScale Blog
MyScale Blog
宝玉的分享
宝玉的分享
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 司徒正美
量子位
N
Netflix TechBlog - Medium
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
Recorded Future
Recorded Future
博客园 - 三生石上(FineUI控件)
Vercel News
Vercel News
aimingoo的专栏
aimingoo的专栏
I
InfoQ
Microsoft Security Blog
Microsoft Security Blog
Scott Helme
Scott Helme
The Last Watchdog
The Last Watchdog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
AI
AI
WordPress大学
WordPress大学
Security Archives - TechRepublic
Security Archives - TechRepublic
Google Online Security Blog
Google Online Security Blog
U
Unit 42
V2EX - 技术
V2EX - 技术
MongoDB | Blog
MongoDB | Blog
Schneier on Security
Schneier on Security
博客园 - Franky
H
Heimdal Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Jina AI
Jina AI
W
WeLiveSecurity
P
Privacy & Cybersecurity Law Blog
Cloudbric
Cloudbric
B
Blog RSS Feed
N
News | PayPal Newsroom
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
I
Intezer
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
罗磊的独立博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
雷峰网
雷峰网

博客园 - 白马黑衣

网络安全3 - Easy RSA重新签发客户端证书 RHEL - 笔记本合盖不休眠 RHEL - yum cache JFrog Artifactory 系列6 --- 其他配置 Node.js - 配置npm Rocky Linux 升级失败 Nginx 系列2 --- 配置 Linux --- firewalld 2 - nfttables Linux - DNS Apache HTTP Server 关闭SELinux RHEL - 设置hostname和IP地址 Linux --- 查看PID 判断端口是否已经被占用 Maven 常用命令 Jenkins 系列3 --- pipeline Git自签名证书的验证 iptables Jenkins 系列2 --- Node/Agent
Jenkins 系列1 --- 安装与配置
白马黑衣 · 2023-07-09 · via 博客园 - 白马黑衣

一、概要

1. 环境

(1) Rocky Linux 9.1

(2) Git 2.39.3

(3) Jenkins 2.401.2

2. 硬件要求

(1) 底线要求

内存:256 MB

硬盘:1 GB

(2) 推荐要求

内存:4 GB

硬盘:50 GB

二、安装

1. 依赖

(1) OpenJDK

CentOS 安装 OpenJDK

(2) Git

sudo dnf install git -y
git --version

(3) Maven

https://www.cnblogs.com/eagle6688/p/17519572.html

(4) 仓库

sudo wget -O /etc/yum.repos.d/jenkins.repo  https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
sudo yum upgrade -y

2. 安装

sudo dnf install jenkins -y

3. 安装后

(1) 服务

sudo systemctl daemon-reload
sudo systemctl enable jenkins
sudo systemctl start jenkins
systemctl status jenkins

(2) 防火墙

如果需要立即通过端口号访问Jenkins,则可以通过以下配置实现:

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

4. HTTPS

(1) 生成证书和密钥

https://www.cnblogs.com/eagle6688/p/16974768.html

sudo mkdir -p /etc/ssl/private
sudo mv jenkins.example.com.crt.pem /etc/ssl/certs
sudo mv jenkins.example.com.key.pem /etc/ssl/private

(2) 创建日志目录

sudo mkdir -p /var/log/nginx/jenkins

(3) Nginx配置

a. 创建配置文件

sudo vi /etc/nginx/conf.d/jenkins.conf

b. 初始化

upstream jenkins {
    keepalive 32; # keepalive connections
    server 127.0.0.1:8080; # jenkins ip and port
}

# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80; # Listen on port 80 for IPv4 requests
    server_name jenkins.example.com;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name jenkins.example.com;

    root /var/run/jenkins/war/;
    access_log /var/log/nginx/jenkins.access.log;
    error_log /var/log/nginx/jenkins.error.log;

    ssl_certificate /etc/ssl/certs/jenkins.example.com.crt.pem;
    ssl_certificate_key /etc/ssl/private/jenkins.example.com.key.pem;
    ssl_session_timeout 1d;
    ssl_session_tickets on;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
    ssl_prefer_server_ciphers on;

    # pass through headers from Jenkins that Nginx considers invalid
    ignore_invalid_headers off;

    location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
        rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
    }

    location /userContent {
        root /var/lib/jenkins/;

        if (!-f $request_filename) {
            rewrite (.*) /$1 last;
            break;
        }

        sendfile on;
    }

    location / {
        sendfile off;
        proxy_pass http://jenkins;
        proxy_redirect default;
        proxy_http_version 1.1;

        # Required for Jenkins websocket agents
        proxy_set_header   Connection        $connection_upgrade;
        proxy_set_header   Upgrade           $http_upgrade;

        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_max_temp_file_size 0;

        #this is the maximum upload size
        client_max_body_size       10m;
        client_body_buffer_size    128k;

        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90; #该值控制Jenkins链接的超时时间,若Jenkins需要执行长时间的shell脚本,可适当增加该值。
        proxy_buffering            off;
        proxy_request_buffering    off; # Required for HTTP CLI commands
        proxy_set_header Connection ""; # Clear for keepalive
    }
}

c. 测试Nginx配置

d. 权限

sudo usermod -aG jenkins nginx #将用户nginx加入到jenkins组中

e. 重启Nginx

sudo systemctl restart nginx

5. 解锁Jenkins

(1) 获取管理员密码

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

(2) 访问jenkins.example.com,填入初始密码

(3) 选择Install suggested plugins

(4) Suggested plugins列表:

(5) 创建第一个管理员账户

(6) 进入首页

三、配置

1. config.xml

(1) Jenkins配置文件位于:

/var/lib/jenkins/config.xml

(2) 初始化Jenkins之后,备份配置文件,以便还原:

sudo cp /var/lib/jenkins/config.xml /var/lib/jenkins/config.xml.bak

2. LDAP

注意:配置完LDAP后,在初始化阶段创建的用户admin将无法登录。

(1) 登录Jenkins,Dashboard->Manage Jenkins->Security

(2) 在Security Realm处选择LDAP:

(3) 配置必要项目

a. Server: LDAP服务器地址;

b. root DN: dc=example,dc=com;

c. User search base: ou=people,这个与root DN合并起来就是Jenkins搜索账号的地址;

d. Manager DN: 管理员DN;

e. Manager Password: 管理员密码;

配置结束后点击右下角的Test LDAP Settings进行测试:

全部成功后点击"Save"。

3. Maven Configuration 

(1) 登录后,进入Dashboard->Manage Jenkins->Tools页面:

(2) 在Maven Configuration配置节下,分别配置"Default settings provider"和"Default global settings provider"为Maven的settings.xml路径:

(3) 找到页面最下方的Maven配置节,配置Maven的安装路径

4. JDK

(1) 查询JDK安装目录

(2) 配置JDK的路径,注意此处的路径有两个要求:

a. 路径以/bin的父级目录结束;

b. bin目录中存在javac程序,这就要求安装devel版本的JDK;

5. Git

(1) 查询Git安装目录

(2) 配置Git目录

6. 构件清理

每次运行Pipeline都会产生应用包和其他一些临时文件,随着Build的次数增多,应用包和临时文件也会越积越多,这些文件很占用磁盘空间。

Jenkins提供了两个维度的自动清理功能来解决该问题,一是系统级别的配置,二是Pipeline级别的配置。

(1) 系统配置

a. 登录Jenkins,进入Dashboard->Manage Jenkins->System页面:

b. 找到"Global Build Discarders",配置"Days to keep builds" 或 "Max # of builds to keep"

四、参考

1. 官方

https://www.jenkins.io/doc/book/installing/linux/

https://www.jenkins.io/doc/book/installing/war-file/

https://www.jenkins.io/doc/book/managing/system-properties/

https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-nginx/

https://www.jenkins.io/doc/book/using/using-agents/