环境规划
bash
服务器:192.168.0.104
OS:Ubuntu 24.04 LTS
Jenkins 版本:2.x LTS
Java 版本:JDK 17
访问端口:8080一、系统初始化
bash
# 更新系统
sudo apt update && sudo apt upgrade -y
# 安装基础工具
sudo apt install -y curl wget git unzip vim net-tools
# 关闭防火墙(或开放 8080 端口)
sudo ufw disable
# 或者只开放端口
# sudo ufw allow 8080/tcp
# sudo ufw allow 50000/tcp
# 设置时区
sudo timedatectl set-timezone Asia/Shanghai
timedatectl status二、安装 JDK 17
Jenkins 运行依赖 Java,必须先安装 JDK。
bash
# 安装 OpenJDK 17
sudo apt install -y openjdk-17-jdk
# 验证
java -version
# 期望输出:openjdk version "17.x.x"
# 查看 JAVA_HOME
update-java-alternatives -l方式二:二进制安装 JDK
bash
# 下载 JDK 17(从华为镜像)
wget https://repo.huaweicloud.com/java/jdk/17.0.8+7/jdk-17.0.8_linux-x64_bin.tar.gz
# 解压
sudo mkdir -p /usr/local/java
sudo tar -xzf jdk-17.0.8_linux-x64_bin.tar.gz -C /usr/local/java/
# 配置环境变量
sudo tee /etc/profile.d/java.sh <<'EOF'
export JAVA_HOME=/usr/local/java/jdk-17.0.8
export PATH=$JAVA_HOME/bin:$PATH
EOF
source /etc/profile.d/java.sh
# 验证
java -version
echo $JAVA_HOME三、创建 Jenkins 用户
bash
# 创建 jenkins 系统用户(不允许登录)
sudo useradd -r -m -s /bin/bash -d /var/lib/jenkins jenkins
# 查看用户创建结果
id jenkins
ls /var/lib/jenkins四、下载 Jenkins 二进制包
bash
# 方式一:下载 jenkins.war(官方)
# Jenkins LTS 版本下载
sudo mkdir -p /opt/jenkins
cd /opt/jenkins
# 从清华镜像下载 LTS 版本
wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/war-stable/latest/jenkins.war
# 或者指定版本
# wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/war-stable/2.479.1/jenkins.war
# 验证文件
ls -lh jenkins.war五、配置 Jenkins
5.1 创建目录结构
bash
# 创建 Jenkins 主目录
sudo mkdir -p /var/lib/jenkins
sudo mkdir -p /var/log/jenkins
sudo mkdir -p /etc/jenkins
# 设置权限
sudo chown -R jenkins:jenkins /var/lib/jenkins
sudo chown -R jenkins:jenkins /var/log/jenkins
sudo chown -R jenkins:jenkins /opt/jenkins5.2 创建 Jenkins 配置文件
bash
sudo tee /etc/jenkins/jenkins.conf <<'EOF'
# Jenkins 配置文件
# Jenkins 主目录
JENKINS_HOME=/var/lib/jenkins
# Jenkins 监听端口
HTTP_PORT=8080
# Jenkins Agent 通信端口
AGENT_PORT=50000
# Java 路径
JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
# JVM 参数
JAVA_OPTS="-Xms512m -Xmx2g \
-Duser.timezone=Asia/Shanghai \
-Dhudson.model.DirectoryBrowserSupport.CSP= \
-Djenkins.install.runSetupWizard=true"
# Jenkins 运行用户
JENKINS_USER=jenkins
# Jenkins war 包路径
JENKINS_WAR=/opt/jenkins/jenkins.war
# 日志文件
JENKINS_LOG=/var/log/jenkins/jenkins.log
EOF5.3 创建 systemd 服务文件
bash
sudo tee /etc/systemd/system/jenkins.service <<'EOF'
[Unit]
Description=Jenkins Automation Server
Documentation=https://jenkins.io/
After=network.target
[Service]
Type=simple
User=jenkins
Group=jenkins
# 环境变量
Environment="JENKINS_HOME=/var/lib/jenkins"
Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64"
Environment="JAVA_OPTS=-Xms512m -Xmx2g -Duser.timezone=Asia/Shanghai"
# 启动命令
ExecStart=/usr/lib/jvm/java-17-openjdk-amd64/bin/java \
$JAVA_OPTS \
-jar /opt/jenkins/jenkins.war \
--httpPort=8080 \
--prefix=/jenkins \
--logfile=/var/log/jenkins/jenkins.log
# 工作目录
WorkingDirectory=/var/lib/jenkins
# 重启策略
Restart=on-failure
RestartSec=10
# 资源限制
LimitNOFILE=65536
LimitNPROC=32768
# 日志
StandardOutput=journal
StandardError=journal
SyslogIdentifier=jenkins
[Install]
WantedBy=multi-user.target
EOF六、启动 Jenkins
bash
# 重载 systemd
sudo systemctl daemon-reload
# 启用开机自启
sudo systemctl enable jenkins
# 启动 Jenkins
sudo systemctl start jenkins
# 查看状态
sudo systemctl status jenkins
sudo systemctl stop jenkins
# 实时查看日志
sudo journalctl -u jenkins -f
# 或
sudo tail -f /var/log/jenkins/jenkins.log七、获取初始管理员密码
bash
# 等待 Jenkins 完全启动(约 1-2 分钟)
# 看到如下日志说明启动完成:
# "Jenkins is fully up and running"
# 获取初始密码
sudo cat /var/lib/jenkins/secrets/initialAdminPassword八、访问 Jenkins
浏览器打开:http://192.168.0.104:8080/jenkins
bash
初始化步骤:
1. 输入初始管理员密码
2. 选择「安装推荐的插件」(如网络慢选「选择插件来安装」)
3. 创建管理员账号
4. 配置 Jenkins URL
5. 完成初始化九、配置 Jenkins 插件镜像加速
Jenkins 默认从国外下载插件,国内访问很慢,需要换源。
bash
# 停止 Jenkins
sudo systemctl stop jenkins
# 修改更新中心地址
sudo -u jenkins bash -c "
mkdir -p /var/lib/jenkins/updates
cat > /var/lib/jenkins/hudson.model.UpdateCenter.xml <<'EOF'
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
</site>
</sites>
EOF
"
# 启动 Jenkins
sudo systemctl start jenkins或者在 Jenkins 界面操作:
bash
Jenkins → 系统管理 → 插件管理 → 高级
升级站点 URL 改为:
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
https://mirrors.huaweicloud.com/jenkins/updates/update-center.json
→ 提交 → 立即检查
异常:命令行直接替换(最可靠)
# 先停止 Jenkins
sudo systemctl stop jenkins
# 直接下载 update-center.json 到本地
sudo -u jenkins wget -O /var/lib/jenkins/updates/default.json \
https://mirrors.huaweicloud.com/jenkins/updates/update-center.json
# 替换插件下载地址为国内源
sudo -u jenkins sed -i \
's|https://updates.jenkins.io/download|https://mirrors.huaweicloud.com/jenkins|g' \
/var/lib/jenkins/updates/default.json
sudo -u jenkins sed -i \
's|https://www.google.com|https://www.baidu.com|g' \
/var/lib/jenkins/updates/default.json
# 启动 Jenkins
sudo systemctl start jenkins
异常访问8080: 502
sudo vi /etc/haproxy/haproxy.cfg 追加
frontend jenkins_front
bind *:18080
mode http
option httplog
default_backend jenkins_back
backend jenkins_back
mode http
option httpchk GET /jenkins/login
server jenkins 127.0.0.1:8080 check
# 验证配置
sudo haproxy -c -f /etc/haproxy/haproxy.cfg
# 重启
sudo systemctl restart haproxy
sudo systemctl status haproxy | grep Active
访问:http://192.168.0.104:18080/jenkins/
# jenkins --> 系统管理 --> 插件管理 --> 可用插件
There were errors checking the update sites: Signature verification failed in update site 'default' </div><div><a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertificateExpiredException: NotAfter: Sun Feb 22 01:12:30 CST 2026<br> at java.base/sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)<br> at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:621)<br>
解决
update-center.json 里的签名证书已过期(2026年2月22日到期),Jenkins 拒绝加载。
# 停止 Jenkins
sudo systemctl stop jenkins
# 在 Jenkins 启动参数里添加跳过签名验证
sudo sed -i 's|ExecStart=.*java|& -Dhudson.model.DownloadService.noSignatureCheck=true|' \
/etc/systemd/system/jenkins.service
# 确认修改
sudo grep ExecStart /etc/systemd/system/jenkins.service
# 重载并启动
sudo systemctl daemon-reload
sudo systemctl start jenkins
sudo systemctl status jenkins | grep Active十、安装必要插件
进入 Jenkins → 插件管理 → 可选插件,搜索并安装:
配置gitlab的方法(1)
bash
CI/CD 相关:
├── Git Plugin # Git 操作 (可以不配置)
├── GitLab Plugin # GitLab Webhook (可以不配置)
├── Pipeline Plugin # 流水线
├── Pipeline Stage View # 流水线视图
├── Blue Ocean # 现代化 UI
构建相关:
├── Docker Pipeline # Docker 构建
├── Kubernetes Plugin # K8s 动态 Agent
├── Kubernetes CLI Plugin # kubectl 操作
工具相关:
├── Credentials Plugin # 凭据管理
├── Credentials Binding # 凭据绑定
└── Timestamper # 日志时间戳不配置gitlab插件的方法:(2)
bash
sudo systemctl stop jenkins
# 查看所有残留的 gitlab 插件
ls /var/lib/jenkins/plugins/ | grep -i gitlab
# 全部删除
sudo rm -f /var/lib/jenkins/plugins/gitlab*.jpi
sudo rm -f /var/lib/jenkins/plugins/gitlab*.hpi
sudo rm -rf /var/lib/jenkins/plugins/gitlab-logo/
sudo rm -rf /var/lib/jenkins/plugins/gitlab-kubernetes-credentials/
sudo rm -rf /var/lib/jenkins/plugins/gitlab-api/
sudo rm -rf /var/lib/jenkins/plugins/gitlab-branch-source/
sudo rm -rf /var/lib/jenkins/plugins/gitlab-plugin/
# 确认清理干净(应该无输出)
ls /var/lib/jenkins/plugins/ | grep -i gitlab
不使用gitConnection,使用用户名密码十一、配置 Maven(Java 项目构建)
bash
# 下载 Maven
wget https://mirrors.tuna.tsinghua.edu.cn/apache/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz
wget https://mirrors.huaweicloud.com/apache/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz
sudo tar -xzf apache-maven-3.9.6-bin.tar.gz -C /opt/
sudo ln -s /opt/apache-maven-3.9.6 /opt/maven
# 配置环境变量
sudo tee /etc/profile.d/maven.sh <<'EOF'
export MAVEN_HOME=/opt/maven
export PATH=$MAVEN_HOME/bin:$PATH
EOF
source /etc/profile.d/maven.sh
# 验证
mvn -version
# 配置阿里云 Maven 镜像
sudo mkdir -p /opt/maven/conf
sudo tee /opt/maven/conf/settings.xml <<'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<settings>
<mirrors>
<mirror>
<id>aliyunmaven</id>
<mirrorOf>*</mirrorOf>
<name>阿里云公共仓库</name>
<url>https://maven.aliyun.com/repository/public</url>
</mirror>
</mirrors>
</settings>
EOF在 Jenkins 中配置 Maven:
bash
Jenkins → 系统管理 → 全局工具配置 → Maven
名称:Maven-3.9.6
MAVEN_HOME:/opt/maven十二、配置 Docker(用于构建镜像)
bash
# 安装 Docker
sudo apt install -y docker.io
# 将 jenkins 用户加入 docker 组
sudo usermod -aG docker jenkins
# 重启 Jenkins 使权限生效
sudo systemctl restart jenkins
# 验证 jenkins 用户可用 docker
sudo -u jenkins docker version十三、配置 kubectl(用于部署到 K8s)
bash
# 下载 kubectl
curl -LO "https://dl.k8s.io/release/v1.35.0/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
# 验证
kubectl version --client
# 配置 kubeconfig(从 master-01 复制)
sudo mkdir -p /var/lib/jenkins/.kube
scp czh@192.168.0.105:~/.kube/config /tmp/kubeconfig
sudo cp /tmp/kubeconfig /var/lib/jenkins/.kube/config
sudo chown -R jenkins:jenkins /var/lib/jenkins/.kube
# 修改 apiserver 地址为 VIP
sudo sed -i 's|server:.*|server: https://192.168.0.112:6443|' \
/var/lib/jenkins/.kube/config
# 验证 Jenkins 用户可访问 K8s
sudo -u jenkins kubectl get nodes十四、创建 CI/CD 流水线
14.1 基础jenkins配置
bash
Credentials 添加凭据页面填写
当前页面填写 GitLab Personal Access Token 凭据:
Kind(类型):
选择 → GitLab Personal Access Token
Scope(范围):
Global
Token:
glpat-xxxxxxxxxxxxxxxxxxxx(粘贴你的 GitLab token)
ID:
gitlab-token
Description(描述):
GitLab Personal Access Token
→ 点击「Create」保存
第三步:配置 GitLab 连接 (可以不选)
凭据保存后,回到 GitLab 配置页面:
Jenkins → 系统管理 → 系统配置
→ 找到「GitLab」部分
填写:
Connection name:gitlab
GitLab host URL:http://192.168.0.104
Credentials:选择刚才创建的 gitlab-token
→ 点击「Test Connection」
→ 显示 Success 说明连接成功
→ 点击「保存」
=====================================
第四步:创建流水线任务
Jenkins 首页
→ 新建任务
→ 任务名称:nginx-demo-pipeline
→ 选择「流水线 Pipeline」
→ 点击「确定」14.2 在 Jenkins 创建任务
需要创建jenkinsfile
bash
Jenkins → 新建任务
名称:nginx-demo-pipeline
类型:流水线
→ 确定
构建触发器:
✅ Build when a change is pushed to GitLab
记录 Webhook URL 和 Secret Token
流水线:
定义:Pipeline script from SCM
SCM:Git
仓库 URL:http://192.168.0.104/root/nginx-demo.git
凭据:gitlab-credentials
分支:*/main
→ 保存14.3 Jenkinsfile 示例
bash
pipeline {
agent any
environment {
HARBOR_URL = '192.168.0.104:5000'
HARBOR_PROJECT = 'demo'
IMAGE_NAME = 'nginx-demo'
IMAGE_TAG = "${BUILD_NUMBER}"
FULL_IMAGE = "${HARBOR_URL}/${HARBOR_PROJECT}/${IMAGE_NAME}:${IMAGE_TAG}"
K8S_NAMESPACE = 'demo'
HARBOR_CREDS = credentials('harbor-credentials')
}
stages {
stage('拉取代码') {
steps {
checkout scm
sh 'git log --oneline -3'
}
}
stage('构建镜像') {
steps {
sh "docker build -t ${FULL_IMAGE} ."
}
}
stage('推送镜像') {
steps {
sh """
docker login ${HARBOR_URL} \
-u ${HARBOR_CREDS_USR} \
-p ${HARBOR_CREDS_PSW}
docker push ${FULL_IMAGE}
docker rmi ${FULL_IMAGE} || true
"""
}
}
stage('部署到 K8s') {
steps {
sh """
kubectl set image deployment/nginx-demo \
nginx=${FULL_IMAGE} \
-n ${K8S_NAMESPACE} || \
kubectl create deployment nginx-demo \
--image=${FULL_IMAGE} \
--replicas=3 \
-n ${K8S_NAMESPACE}
kubectl rollout status deployment/nginx-demo \
-n ${K8S_NAMESPACE} --timeout=120s
"""
}
}
}
post {
success { echo "✅ 部署成功!镜像:${FULL_IMAGE}" }
failure { echo "❌ 部署失败,请检查日志" }
always { cleanWs() }
}
}十五、常用运维命令
bash
# 启动/停止/重启
sudo systemctl start jenkins
sudo systemctl stop jenkins
sudo systemctl restart jenkins
sudo systemctl status jenkins
# 查看日志
sudo journalctl -u jenkins -f
sudo tail -200f /var/log/jenkins/jenkins.log
# 查看 Jenkins 版本
sudo -u jenkins java -jar /opt/jenkins/jenkins.war --version
# 备份 Jenkins 数据
sudo tar -czf jenkins-backup-$(date +%Y%m%d).tar.gz \
/var/lib/jenkins/
# 升级 Jenkins(替换 war 包)
sudo systemctl stop jenkins
sudo cp jenkins.war /opt/jenkins/jenkins.war
sudo chown jenkins:jenkins /opt/jenkins/jenkins.war
sudo systemctl start jenkins
# 查看端口占用
ss -tlnp | grep 8080
ss -tlnp | grep 50000十六、目录结构说明
bash
/opt/jenkins/
└── jenkins.war # Jenkins 主程序
/var/lib/jenkins/ # Jenkins 数据目录(JENKINS_HOME)
├── secrets/
│ └── initialAdminPassword # 初始管理员密码
├── plugins/ # 插件目录
├── jobs/ # 任务目录
├── workspace/ # 工作区
├── users/ # 用户数据
└── .kube/
└── config # K8s 访问配置
/var/log/jenkins/
└── jenkins.log # 日志文件
/etc/jenkins/
└── jenkins.conf # 配置文件
/etc/systemd/system/
└── jenkins.service # systemd 服务文件十七、 示例:
