沪ICP备2021032517号-1

Jenkins

  |   0 评论   |   0 浏览

部署

yum -y install java

wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo

rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key

yum install jenkins  #先不要启动,需要先修改数据目录位置后再启动

rpm 包部署

下载地址

https://archives.jenkins-ci.org/redhat-stable/

rpm -ivh xxx.rpm

默认数据目录修改

vim /etc/sysconfig/jenkins

#JENKINS_HOME="/var/lib/jenkins"
JENKINS_HOME="/data/jenkins_data"

chown -R jenkins.jenkins /data/jenkins_data

添加一下环境变量,#如有上面修改。环境变量可不添加

JENKINS_HOME=/data/jenkins_data/
export JENKINS_HOME
source /etc/profile

获取密码

cat /var/lib/jenkins/secrets/initialAdminPassword

systemctl start jenkins

版本更新

提示更新时下载 war包 ,将

/usr/lib/jenkins/jenkins.war 备份、替换、重启即可

maven、java、Nodejs全局工具

Maven配置

/usr/local/maven/conf/settings.xml

image.png

/usr/local/maven

image.png

Java

/usr/local/openjdk-8/

image.png

路径填写完没有提示错误说明配置正确,这样就不需要每次容器部署jenkins后需要手动增加maven和java环境了

Nodejs

/usr/local/node

image.png

Kubernetes上部署jenkins

cat jenkins-deployment.yaml

apiVersion: v1
kind: Service
metadata:
  name: jenkins
  namespace: kube-system
spec:
  ports:
    - protocol: TCP
      name: web
      port: 8080
      targetPort: 8080
    - protocol: TCP
      name: agent
      port: 50000
      targetPort: 50000
  selector:
    app: jenkins
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: jenkins
  namespace: kube-system
spec:
  serviceName: "jenkins"
  replicas: 1
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      serviceAccountName: jenkins
      containers:
      - name: jenkins
        image: jenkins/jenkins:lts
        volumeMounts:
        - name: jenkins
          mountPath: /var/jenkins_home
  volumeClaimTemplates:
  - metadata:
      name: jenkins
      annotations:
        volume.beta.kubernetes.io/storage-class: course-nfs-storage
    spec:
      accessModes: [ "ReadWriteMany" ]
      resources:
        requests:
          storage: 20Gi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: jenkins
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: jenkins.ui
    http:
      paths:
      - path: /
        backend:
          serviceName: jenkins
          servicePort: web0

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  namespace: kube-system

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
rules:
  - apiGroups: ["extensions", "apps"]
    resources: ["deployments"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create","delete","get","list","patch","update","watch"]
  - apiGroups: [""]
    resources: ["pods/log"]
    verbs: ["get","list","watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: jenkins
    namespace: kube-system

上面的部署基使用了已有的PVC模板,因为需要对Jenkins数据进行持久化存储。PVC部分可参考本博客Kubernetes持久化存储部分

jenkins连接到Kubernetes

背景是我的jenkins通过上面jenkins.yaml方式部署在Kubernetes

先到插件中心搜索Kubernetes插件并安装

系统管理---系统设置---拉到最下选择“新增一个云”,选择Kubernetes

image.png

名称默认Kubernetes

Kubernetes地址:可不填

Kubernetes命名空间:可不填

Jenkins 地址:http://jenkins.app.svc.cluster.local:8080 #这里根据所在命名空间填写第二个字段所属的空间名

Jenkins 通道: jenkins.app.svc.cluster.local:50000 #前面不需要 http

其他项目默认即可

当您创建一个服务时,Kubernetes 会创建一个相应的DNS 条目

该条目的形式是 <service-name>.<namespace-name>.svc.cluster.local

注意 如提示如下错误:

Error: pods is forbidden: User "system:serviceaccount:default:default" cannot list resource "pods" in API group "" in the namespace "kube-system或default"

如果如上报错则是jenkins需要配置RBAC授权。参考上面 jenkins-deployment.yaml文件的写法即可

jenkins常用插件

jenkins和Kubernetes集成的话用到的插件有

Publish over SSH 用于配置连接服务器和向远程服务器推送文件

Kubernetes

NodeJS Plugin

官方插件地址

https://updates.jenkins.io/download/plugins/

job显示用户版本号

安装 user build vars plugin 插件即可

Rebuild 插件

Rebuild 插件可再次构建历史参数任务

Build With Parameters 参数化构建

Build With Parameters 插件

jeknis SSH 到远程主机设置

Jenkins解决Host key verification failed

报错原因

a.jenkins普通用户无法执行某些系统命令;
b.没有为jenkins用户生成过密钥对,也没有将他的公钥拷到目标服务器上.

解决办法:

  1. 在安装jenkins后,系统生成了jenkins这个普通用户,但是在/etc/passwd中,他的shell是/bin/false,所以他不能登录系统,也没有家目录;
    首先我们修改他的登录权限,将/bin/false改为/bin/bash,切换到jenkins用户,su - jenkins,他的终端显示为-bash-4.2$
jenkins:x:997:995:Jenkins Automation Server:/var/lib/jenkins:/bin/bash
  1. 生成jenkins用户密钥对
[root@bogon .ssh]# su - jenkins

-bash-4.2$ ssh-keygen -t rsa

-bash-4.2$ ssh-copy-id -i /var/lib/jenkins/.ssh/id_rsa.pub root@192.168.75.12
  1. 使用sudo提升普通用户权限
vim /etc/sudoers

root    ALL=(ALL)       ALL  # 原有的
jenkins ALL=(ALL)       NOPASSWD:/usr/bin/ssh,/usr/bin/rsync # 新增的

docker permission denied

jenkins 调用docker报错

/var/run/docker.sock: connect: permission denied

解决

usermod -a -G docker jenkins

这时候,重新jenkins构建依旧是不行的。需要刷新session。所以,需要重启jenkins。

Helm3 push Bug

image.png

unknown flag: --ca-file

解决:

1、添加jenkins用户免密sudo权限

vim /etc/sudoers

jenkins    ALL=(ALL)

2、helm推送命令前加 sudo

image.png