jenkin
安装
Docker
- 由于国内有墙,可以提前下载好需要的镜像
bash
# docker in docker镜像,可以在容器内构建和推送 Docker 镜像
docker pull docker:dind
# jenkins镜像
docker pull jenkins/jenkins:2.452.3-jdk17- 定制化jenkins镜像
主要做了以下增强:
- 安装Blue Ocean插件:Blue Ocean插件提供了一个现代化、用户友好的Jenkins UI界面,使得构建、部署和流水线的管理更加直观和便捷。
- 安装Docker Workflow插件:Docker Workflow插件允许Jenkins在流水线中使用Docker容器。这对于构建、测试和部署容器化应用非常有用。它提供了对Docker命令的支持,使得在流水线中可以轻松地构建和运行Docker容器。
- 安装Docker CLI:这使得Jenkins能够直接在其运行环境中执行Docker命令,例如构建、运行和管理Docker容器。这对于CI/CD流水线非常重要,尤其是在需要构建和推送Docker镜像的场景中。
你也可以安装一些自己需求的额外组件,如mysql客户端(apt-get install -y mysql-client)
bash
cat <<EOF > Dockerfile
FROM jenkins/jenkins:2.452.3-jdk17
USER root
RUN apt-get update && apt-get install -y lsb-release
RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \
https://download.docker.com/linux/debian/gpg
RUN echo "deb [arch=$(dpkg --print-architecture) \
signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \
https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
RUN apt-get update && apt-get install -y docker-ce-cli
RUN apt-get update && apt-get install -y default-mysql-client less vim telnet net-tools
ENV LESSCHASRTSET=utf-8
USER jenkins
RUN jenkins-plugin-cli --plugins "blueocean docker-workflow"
EOF
docker build -t myjenkins-blueocean:2.452.3-1 .
# 可选:将制作好的镜像上传到阿里云下次备用
docker tag myjenkins-blueocean:2.452.3-1 registry.cn-shenzhen.aliyuncs.com/docker-mirror2/myjenkins-blueocean:2.452.3-1
docker push registry.cn-shenzhen.aliyuncs.com/docker-mirror2/myjenkins-blueocean:2.452.3-1- 启动
修改jenkins-data卷的属于为jenkins用户
bash
chown 1000:1000 ./volumes/jenkins-data
# 启动后可以通过这个命令,确认jenkin用户的uid是1000
docker compose exec jenkins-blueocean cat /etc/passwd方案一:使用docker命令启动
bash
# 创建桥接网络
docker network create jenkins
# 创建dockerInDocker镜像
docker run \
--name jenkins-docker \
--rm \
--detach \
--privileged \
--network jenkins \
--network-alias docker \
--env DOCKER_TLS_CERTDIR=/certs \
--volume ./volumes/jenkins-docker-certs:/certs/client \
--volume ./volumes/jenkins-data:/var/jenkins_home \
--publish 2376:2376 \
docker:dind \
--storage-driver overlay2
# 启动jenkins
docker run \
--name jenkins-blueocean \
--restart=on-failure \
--detach \
--network jenkins \
--env DOCKER_HOST=tcp://docker:2376 \
--env DOCKER_CERT_PATH=/certs/client \
--env DOCKER_TLS_VERIFY=1 \
--publish 8080:8080 \
--publish 50000:50000 \
--volume ./volumes/jenkins-data:/var/jenkins_home \
--volume ./volumes/jenkins-docker-certs:/certs/client:ro \
myjenkins-blueocean:2.452.3-1方案二:使用docker-compose启动
bash
cat <<EOF > docker-compose.yaml
services:
jenkins-docker:
image: docker:dind
privileged: true
environment:
- DOCKER_TLS_CERTDIR=/certs
volumes:
- ./volumes/jenkins-docker-certs:/certs/client
- ./volumes/jenkins-data:/var/jenkins_home
networks:
jenkins:
aliases:
- docker
ports:
- 2376:2376
command: --storage-driver overlay2
jenkins-blueocean:
image: myjenkins-blueocean:2.452.3-1
restart: on-failure
environment:
- DOCKER_HOST=tcp://docker:2376
- DOCKER_CERT_PATH=/certs/client
- DOCKER_TLS_VERIFY=1
volumes:
- ./volumes/jenkins-data:/var/jenkins_home
- ./volumes/jenkins-docker-certs:/certs/client:ro
networks:
- jenkins
ports:
- 8080:8080
- 50000:50000
/var/jenkins_home/log/jenkins.log
networks:
jenkins:
driver: bridge
EOF
docker compose up -d初始化
浏览器打开http://localhost:8080,看到以下页面后
进入jekins的目录查看密码:docker compose exec jenkins-blueocean cat /var/jenkins_home/secrets/initialAdminPassword
bash
docker compose exec jenkins-blueocean cat /var/jenkins_home/secrets/initialAdminPassword运维
常用操作
bash
# 查看初始密码
cat /var/jenkins_home/secrets/initialAdminPassword
# root身份进入容器
docker exec -u 0 -it <container_id_or_name> /bin/bash初始化白屏
可能由于代理的原因导致导致证书认证失败,可以进入插件设置页面:
http://localhost:8080/manage/pluginManager/advanced,将update site由https改成http
jenkins日志打印到文件
https://wiki.jenkins.io/display/JENKINS/Logging.html#Logging-Docker