https://www.jenkins.io/doc/book/installing/linux/
java --version
apt install openjdk-11-jre-headless
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/ | tee /etc/apt/sources.list.d/jenkins.list > /dev/null
apt-get update
apt install openjdk-17-jre
apt-get install jenkins
dnf install openjdk-11-jre-headless
wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
dnf upgrade
dnf install java-17-openjdk
dnf install Jenkins
systemctl daemon-reload
systemctl enable jenkins
systemctl restart Jenkins
Редактируем лимиты и добавляем секцию управления nano /etс/security/limits.conf nano /lib/systemd/system/jenkins.service
Environment="JENKINS_PORT=9000"
Environment="JAVA_OPTS=-Djava.awt.headless=true -Duser.timezone=Europe/Berlin -Dorg.apache.commons.jelly.tags.fmt.timeZone=Europe/Berlin -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -XX:+AlwaysPreTouch -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/jenkins/log -XX:+UseG1GC -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+DisableExplicitGC -XX:+UnlockDiagnosticVMOptions -XX:+UnlockExperimentalVMOptions -Xlog:gc*=info,gc+heap=debug,gc+ref*=debug,gc+ergo*=trace,gc+age*=trace:file=/var/lib/jenkins/gc.log:utctime,pid,level,tags:filecount=2,filesize=100M -Xms512m -Xmx8g"
systemctl daemon-reload
systemctl restart jenkins
server {
listen 80;
server_name _;
keepalive_timeout 0;
access_log off;
allow 127.0.0.1;
allow ::1;
deny all;
location ~ ^/(status|ping)$ {
fastcgi_param SCRIPT_FILENAME fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php-fpm/www.sock;
}
location /basic_status {
stub_status on;
}
}
server {
server_name jenkins.symfio.net;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9000/;
proxy_read_timeout 90;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/jenkins.symfio.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jenkins.symfio.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = jenkins.symfio.net) {
return 301 https://request_uri;
} # managed by Certbot
listen 80;
server_name jenkins.symfio.net 88.198.68.180;
return 404; # managed by Certbot
}
user jenkins;
worker_processes 8;
worker_rlimit_nofile 40000;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 8192;
multi_accept on;
use epoll;
}
http {
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/maps/webp.conf;
# proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m;
# proxy_temp_path /var/cache/nginx/tmp;
# fastcgi_cache_path /tmp/fcgi-cache/ levels=1:2 keys_zone=one:10m;
fastcgi_buffers 32 32k;
fastcgi_buffer_size 64k;
underscores_in_headers on;
default_type application/octet-stream;
log_format main '$remote_addr - remote_user \[time_local] "$request" '
'$status http_referer" '
'"http_x_forwarded_for"';
# access_log off;
# log_not_found off;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/nginx-error.log warn;
sendfile_max_chunk 128k;
postpone_output 1460;
types_hash_max_size 2048;
server_tokens off;
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_http_version 1.1;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript application/javascript
text/xml application/xml application/xml+rss text/javascript;
gzip_static on;
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
# Cache information about frequently accessed files
open_file_cache max=20000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
chunked_transfer_encoding on; # need for docker registry to avoid limits
# Adjust client timeouts
client_max_body_size 0; # need for docker registry to avoid limits
client_body_buffer_size 128k;
client_body_timeout 15;
client_header_timeout 15;
keepalive_timeout 20;
keepalive_requests 100000;
send_timeout 15;
sendfile on;
# tcp_nopush on;
# tcp_nodelay on;
#Adjust output buffers
reset_timedout_connection on;
server_names_hash_bucket_size 100;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/conf.d/maps/*.conf;
include /etc/nginx/conf.d/ssl/*.conf;
}
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
dnf install php-opcache -y
dnf install helm
dnf module reset ruby -y
yum install @ruby:3.0
ruby --version
curl -fsSL https://github.com/rbenv/rbenv-installer/raw/HEAD/bin/rbenv-installer | bash
echo 'export PATH="PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
source ~/.bashrc
rbenv -v
rbenv install -l
rbenv install 3.2.2
rbenv global 3.2.2
ruby --version
Генерируем сертификаты для jenkins.symfio.net
certbot run --nginx --register-unsafely-without-email
Копируем /var/lib/jenkins по ftp (лучше tar'ом сжать и потом скопировать и развернуть, иначе очень долго может быть - обилие мелких файлов - на целевом сервере было больше 1 миллиона и около 7 часов копирования).
Разархивировать
Проверка целостности архива
tar -tvzf jenkins.tar.gz >/dev/null && echo "Backup is good"
Копируем /var/www/html тоже tar'ом
Копируем /mnt/symfio-dev, /root/.npm /root/.gem /root/.docker также tar'ом
Монтируем /mnt/symfio-dev/uploads
168.119.251.210:/opt/nfs/symfio-dev-symfio-dev-uploads-pvc-79a12324-073d-48ed-aace-86852409e1fa /mnt/symfio-dev/uploads nfs defaults,timeo=900,retrans=5,_netdev 0 0
Делаем линки:
ln -s /var/lib/jenkins/workspace/ /wsp
ln -s /var/www/html/sy3/ /sy3
ln -s /var/www/html/ /www
ln -s /wsp/1_Deploy_Portal_DEV/ /p
ln -s /var/www/html/isa/ /isa
ln -s /var/lib/jenkins/ /home/jenkins
Не меняет порт, только выше, хотя тут тоже задается и opts для java
--httpPort=9000
Переносим все параметры запуска сюда (имеют больший приоритет, даже если в других конфигах другое)(Кирилл перенес)
[Service]
Environment="JAVA_OPTS=-Djava.awt.headless=true -Duser.timezone=Europe/Berlin -Dorg.apache.commons.jelly.tags.fmt.timeZone=Europe/Berlin -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' data:;" -XX:+AlwaysPreTouch -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/jenkins/log -XX:+UseG1GC -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+DisableExplicitGC -XX:+UnlockDiagnosticVMOptions -XX:+UnlockExperimentalVMOptions -Xlog:gc*=info,gc+heap=debug,gc+ref*=debug,gc+ergo*=trace,gc+age*=trace:file=/var/lib/jenkins/gc.log:utctime,pid,level,tags:filecount=2,filesize=100M -Xms512m -Xmx8g"
Environment="JENKINS_PORT=9000"
Environment="JENKINS_DEBUG_LEVEL=3"
Environment="JENKINS_OPTS=--sessionTimeout=10080 --sessionEviction=43200"
Environment="JENKINS_LOG=/var/log/jenkins/jenkins.log"
cat /proc/http://Jenkins.s043218.edu.slurm.io
cat /proc/67043/cmdline
nano /var/lib/jenkins/secrets/initialAdminPassword
Тут хранятся конфиги, плагины, задания
ls -la /var/lib/Jenkins
Установить плагин
Командная строка:
Плагин-менеджер
https://github.com/jenkinsci/plugin-installation-manager-tool
Настройка CSRF
Ошибка: No valid crumb was included in request
Реверс-прокси под nginx
https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-nginx/
Для авторизации подключается к БД sy-redmine по порту 10085 Если отвалилась авторизация, то проверяем, БД, коннект, сетевые проблемы к хосту/порту, настройки.
nano /var/lib/jenkins/config.xml
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
<securityRealm class="hudson.plugins.redmine.RedmineSecurityRealm" plugin="redmine@0.21">
<dbms>MySQL</dbms>
<dbServer>task.symfio.net</dbServer>
<databaseName>redmine_production</databaseName>
<port>10085</port>
<dbUserName>redmine</dbUserName>
Если все верно и работает, то пробуем переписать пароль и настройки к самой БД redmine. Чтобы зайти, ставим параметр useSecurity в false
<useSecurity>false</useSecurity>
Заходим в веб-интерфейс в Dashboard -> Manage Jenkins -> Security Проставляем: Security Realm