安装Jenkins LTS
环境说明:
- 已安装Java环境,版本在8.0以上 (sudo yum install -y java-11-openjdk java-11-openjdk-devel)
- 如果是对接
kubernetes需要设置https协议
创建目录
sudo mkdir -p /opt/jenkins/{data,webroot,certs,bin}
sudo chown -R $(whoami). /opt/jenkins/
下载war包
curl -L https://mirrors.tuna.tsinghua.edu.cn/jenkins/war-stable/2.361.4/jenkins.war -o /opt/jenkins/jenkins.war
HTTP
创建脚本
# 启动脚本
cat <<-'EOF' | tee /opt/jenkins/bin/start.sh > /dev/null
#!/bin/bash
. /etc/profile
. ~/.bash_profile
cd `dirname $0`/..
location=`pwd`
nohup java \
-Djava.awt.headless=true \
-DJENKINS_HOME=./data \
-jar ${location}/jenkins.war \
--webroot=./webroot \
--httpPort=8081
--debug=5 \
--logfile=./all.log \
--prefix=/jenkins &> /dev/null &
echo $! > bin/jenkins.pid
echo start service with pid $!
EOF
# 停止脚本
cat <<-'EOF' | tee /opt/jenkins/bin/shutdown.sh > /dev/null
#!/bin/bash
cd `dirname $0`
cat jenkins.pid 2> /dev/null | xargs kill 2> /dev/null
if [ $? -ne 0 ];then
echo -e "\033[31m[ERROR]\033[0m Failed to stop or did not start the service ...\n"
else
echo shutdown service with `cat jenkins.pid`
fi
rm -rf jenkins.pid
EOF
chmod +x /opt/jenkins/bin/{start.sh,shutdown.sh}
参数说明
--prefix:设置子路径
--httpPort:设置http协议端口,当设置为-1时,表示使用https协议
--debug:日志级别
-DJENKINS_HOME:Jenkins主目录
-jar:jar包位置
--logfile:日志存放路径
--webroot:war包解压文件
放通防火墙
sudo firewall-cmd --zone=public --permanent --add-port=8081/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --zone=public --list-all
HTTPS
创建证书
创建 CRT 证书
# 建立一个openssl目录
mkdir -p ~/openssl && cd ~/openssl
# 生成CA私钥文件
openssl genrsa -out ca.key 2048
# 使用CA**生成CA x509证书文件。定义证书的有效性。
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/CN=jenkins-ca" -key ca.key -out ca.crt
# 创建服务器私钥
openssl genrsa -out server.key 2048
# 使用私钥生成CSR
openssl req -new -subj "/C=CN/ST=Guangdong/L=Guangzhou/CN=localhost" -key server.key -out server.csr
# 使用ca.key,ca.crt和server.csr生成服务器SSL证书
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650
CRT 证书转换 P12 证书
# 证书密码
pkc12_paaswd=123456
# 将CRT转换为PKCS12格式
openssl pkcs12 -export -passout "pass:${pkc12_paaswd}" \
-inkey server.key -in server.crt -certfile ca.crt \
-out jenkins.p12
# 将PKCS12转换为JKS格式
keytool -importkeystore \
-srckeystore jenkins.p12 -srcstoretype PKCS12 -srcstorepass "${pkc12_paaswd}" \
-deststoretype JKS -deststorepass "${pkc12_paaswd}" -destkeystore jenkins.jks
# 证书拷贝到安装目录
cp ~/openssl/jenkins.jks /opt/jenkins/certs/
创建脚本
# 启动脚本
cat <<-'EOF' | tee /opt/jenkins/bin/start.sh > /dev/null
#!/bin/bash
. /etc/profile
. ~/.bash_profile
cd `dirname $0`/..
location=`pwd`
nohup java \
-Djava.awt.headless=true \
-DJENKINS_HOME=./data \
-jar ${location}/jenkins.war \
--httpPort=-1 \
--httpsPort=8443 \
--prefix=/jenkins \
--webroot=./webroot \
--httpsKeyStorePassword=pkc12_paaswd \
--httpsKeyStore=./certs/jenkins.jks \
--handlerCountMax=100 \
--handlerCountMaxIdle=20 \
--debug=5 \
--logfile=./all.log &> /dev/null &
echo $! > bin/jenkins.pid
echo start service with pid $!
EOF
pkc12_paaswd=123456 # Jenkins证书密码
sed -i "s/pkc12_paaswd/${pkc12_paaswd}/g" /opt/jenkins/bin/start.sh
# 停止脚本
cat <<-'EOF' | tee /opt/jenkins/bin/shutdown.sh > /dev/null
#!/bin/bash
cd `dirname $0`
cat jenkins.pid 2> /dev/null | xargs kill 2> /dev/null
if [ $? -ne 0 ];then
echo -e "\033[31m[ERROR]\033[0m Failed to stop or did not start the service ...\n"
else
echo shutdown service with `cat jenkins.pid`
fi
rm -rf jenkins.pid
EOF
chmod +x /opt/jenkins/bin/{start.sh,shutdown.sh}
参数说明
--httpPort:设置http协议端口,当设置为-1时,表示使用http协议
-httpsPort:设置https协议端口
--httpsKeyStore:SSL KeyStore 文件的位置
--httpsKeyStorePassword:SSL KeyStore 文件的密码
放通防火墙
sudo firewall-cmd --zone=public --permanent --add-port=8443/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --zone=public --list-all
开机自启动
cat <<'EOF' | sudo tee -a /etc/rc.local > /dev/null
# 指定用户运行启动脚本,默认使用root用户启动的。
su ops -c "/opt/jenkins/bin/start.sh"
EOF
sudo chmod +x /etc/rc.local
官方文档:https://www.jenkins.io/
中文官方文档:https://www.jenkins.io/zh/doc/
浙公网安备 33010602011771号