This tutorial describes installing the latest version of ** Jenkins ** automation server on ** Alibaba Cloud ECS Ubuntu 16 **.
Alibaba Cloud Tech Share Author Liptan Biswas, Tech Share /techshare?spm=a2c65.11461447.0.0.789b4a54a4WRLd) is Alibaba Cloud's incentive program that encourages sharing of technical knowledge and best practices within the cloud community.
Jenkins is an open source self-hosted automation server. It is very popular among DevOps engineers for implementing continuous integration and continuous delivery in the software development life cycle. Written in Java, Jenkins provides out-of-box support for building Apache Ant, Maven, and sbt projects. You can also run Linux shell and Windows batch scripts. Multiple version control systems such as Git, Mercurial, Subversion, and CVS are fully supported by Jenkins. At least 1000 types of plugins are available to enhance the functionality of your application.
Builds in Jenkins can be triggered in several ways, such as scheduling a build at a specific time or calling the build URL after detecting a change in the source code of your version control system. When the build is triggered, Jenkins gets the source code from the repository and starts the build. The automated tests will be run and the output will be saved according to the settings provided. Jenkins can also deliver packages generated after a successful build.
This three-part tutorial will show you how to install Jenkins and show you how to use Jenkins for continuous integration and deployment.
Part 1 of this tutorial is up-to-date with the Ubuntu 16.04 64-bit Alibaba Cloud Elastic Computer Service (ECS) instance. Install the version of Jenkins Automation Server. Also, set up a secure Nginx reverse proxy to access your Jenkins instance. In Part 2, you'll create a sample Java web application as a Maven project. We will also proceed with the process of creating a build job in Jenkins. Finally, Part 3 of the tutorial automates the build process. You'll also learn how to use Jenkins for continuous delivery.
1, [Alibaba Cloud ECS](https://www.alibabacloud.com/product/ecs?spm=a2c65.11461447.0.0.789b4a54a4WRLd&biz_params=%7B%22intl%22:%22%7B%5C%22referralCode%5C%22 :% 5C% 22fmj2og% 5C% 22% 7D% 22% 7D) Ubuntu 16.04 64-bit is installed on the instance. 2. Firewall or security group rules configured to allow ports "80", "443". 3, For ECS instances Required domain name .alibabacloud.com/domain?spm=a2c65.11461447.0.0.789b4a54a4WRLd&biz_params=%7B%22intl%22:%22%7B%22referralCode%22:%22fmj2og%22%7D%22%7D).
The procedure for creating an instance and connecting to it is described in Quick Start Guide. "Please follow the. In this tutorial, you have already created an Alibaba instance and set "jenkins.example.com" to point to your Ubuntu instance. It is assumed that you are. After connecting to the instance via SSH, run the following command to update the repository cache and base system.
apt update && apt -y upgrade & apt -y autoremove
It is best to create a sudo user and run all commands instead of running all commands as the root user. Now let's create a sudo user. You can use any user name you like.
adduser aliyun
After creating the user, add it to the sudo group.
usermod -aG sudo aliyun
Now switch to the newly created user.
su - aliyun
Set the FQDN or Fully Qualified Domain Name as the host name of the server. Setting the host name is not mandatory, but Jenkins will display a warning message if the host name is not set correctly.
sudo hostnamectl set-hostname jenkins.example.com
Similarly, add the domain name to the / etc / hosts file.
echo "127.0.0.0.1 jenkins.example.com" | sudo tee -a /etc/hosts
Jenkins is written in Java and you may need to build Java applications in the future, so let's proceed with the Java Development Kit and JDK installation. Jenkins supports both Oracle Java 8 and OpenJDK 8. This tutorial installs Oracle Java version 8. Oracle Java is packed with both Java Runtime (JRE) and JDK. Add an Oracle Java PPA repository.
sudo apt install -y software-properties-common
sudo add-apt-repository --yes ppa:webupd8team/java
sudo apt update
Install Oracle Java 8.
sudo apt -y install oracle-java8-installer
You can check if Java is installed successfully by running the java -version command.
aliyun@jenkins:~$ java -version
java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)
Install the following packages and set the default path for java_home.
sudo apt -y install oracle-java8-set-default
You can now check if the JAVA_HOME variable is set by running echo $ JAVA_HOME. You may also need to log out and log back in to get the desired output.
aliyun@jenkins:~$ echo $JAVA_HOME
/usr/lib/jvm/java-8-oracle
Jenkins can be easily installed through a repository that the project itself actively maintains. By installing via the repository, you can easily upgrade in the future using the apt upgrade command directly. Import the key used to sign the package in the Jenkins repository. This will ensure that you have the correct packages installed.
wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -.
Create a new repository list file for Jenkins.
echo "deb https://pkg.jenkins.io/debian-stable binary/" | sudo tee /etc/apt/sources.list.d/jenkins.list
Install Jenkins.
sudo apt update
sudo apt -y install jenkins git
I'm installing Jenkins from a repository managed by the project, so I need to install the latest available version of the application. You need Git to run the Git plugin in Jenkins. To start Jenkins and have it start automatically at startup, run it.
sudo systemctl start jenkins
sudo systemctl enable jenkins
You can check the status of the service with the command systemctl status jenkins.
aliyun@jenkins:~$ sudo systemctl status jenkins
● jenkins.service - LSB: Start Jenkins at boot time
Loaded: loaded (/etc/init.d/jenkins; bad; vendor preset: enabled)
Active: active (exited) since Fri 2018-05-04 12:37:03 UTC; 35s ago
Docs: man:systemd-sysv-generator(8)
May 04 12:37:02 jenkins.liptan.tk systemd[1]: Starting LSB: Start Jenkins at boot time...
May 04 12:37:02 jenkins.liptan.tk jenkins[4787]: * Starting Jenkins Automation Server jenkins
To see the logs related to the Jenkins server itself, run the following command:
tail -f /var/log/jenkins/jenkins.log
The first launch of Jenkins will take a few minutes. If you see the following line in the output, your application is ready.
aliyun@jenkins:~$ tail -f /var/log/jenkins/jenkins.log
May 02, 2018 2:14:29 PM hudson.WebAppMain$3 run
INFO: Jenkins is fully up and running
You should now have Jenkins running on your server. Proceed with the Nginx installation so that you can easily access your Jenkins instance using your domain name.
Note: If your domain name is not configured to point to your Alibaba Cloud ECS instance, open port "808080" through the security group of your ECS instance and open [http://172.16.0.1:8080](http: / /172.16.0.1:8080/?spm=a2c65.11461447.0.0.789b4a54a4WRLd), 172.16.0.1 can access the Jenkins instance, which is the public IP address of the ECS instance. Skip the Nginx installation section and follow the tutorial from Final Setup.
Jenkins has a built-in web server for serving applications on port "808080", but it is not recommended to publish such a web server on the Internet in a production environment. In this tutorial, we will use Nginx as a reverse proxy to forward requests from clients to the Jenkins server. Setting up a reverse proxy with a domain name also improves instance accessibility, so you don't need to remember the instance's IP address.
Install the Nginx web server.
sudo apt -y install nginx
Start Nginx so that the server starts automatically at startup.
sudo systemctl start nginx
sudo systemctl enable nginx
It is also important to protect the web server with SSL / TLS encryption, as logins and other important data are sent from the client to the web server and vice versa. If the data exchanged is not encrypted, the data in the network can be stolen. This tutorial uses the Let's Encrypt CA's free SSL certificate. If you want to use more production-friendly and reliable SSL, Purchase SSL Certificate from Alibaba Cloud can.
Let's Encrypt provides "Certbot", a tool that makes it easy to request and generate certificates. Add the Certbot repository to your system and install Certbot.
sudo add-apt-repository --yes ppa:certbot/certbot
sudo apt update
sudo apt -y install certbot
In order for Certbot to verify ownership of a domain, it is important that the domain is pointed to an ECS instance. Otherwise, the domain certificate will not be generated and an error will be displayed. Use Certbot to request a certificate.
sudo certbot certonly --webroot -w /var/www/html -d jenkins.example.com
When the certificate is generated, you should see output similar to the following:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jenkins.example.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/jenkins.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/jenkins.example.com/privkey.pem
...
Create a cron job for automatic renewal before the certificate expires.
{ sudo crontab -l; echo '36 2 * * * * /usr/bin/certbot renew --post-hook "systemctl reload nginx"; } } | sudo crontab -l.
You can check if a cron job has been created by running the sudo crontab -l command.
aliyun@jenkins:~$ sudo crontab -l
36 2 * * * /usr/bin/certbot renew --post-hook "systemctl reload nginx"
Create a new Nginx server block for the Jenkins reverse proxy.
sudo nano /etc/nginx/sites-available/jenkins
Enter the following settings in the editor. Make sure to replace all occurrences of the example domain with the actual domain.
upstream jenkins {
keepalive 32;
server 127.0.0.1:8080;
}
server {
listen 80;
server_name jenkins.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name jenkins.example.com;
root /var/cache/jenkins/war/;
ssl_certificate /etc/letsencrypt/live/jenkins.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jenkins.example.com/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6].(?!.*SV1)";
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
ignore_invalid_headers off;
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /userContent {
root /var/lib/jenkins/;
if (!-f $request_filename){
rewrite (.*) /$1 last;
break;
}
sendfile on;
}
location @jenkins {
sendfile off;
proxy_pass http://jenkins;
proxy_redirect default;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_request_buffering off;
proxy_set_header Connection "";
}
location / {
if ($http_user_agent ~* '(iPhone|iPod)') {
rewrite ^/$ /view/iphone/ redirect;
}
try_files $uri @jenkins;
}
}
Activate the configuration file.
sudo ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/jenkins
You can check the configuration file for errors by running sudo nginx -t.
aliyun@jenkins:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart the Nginx web server for the configuration changes to take effect.
sudo systemctl restart nginx
We are using a Nginx reverse proxy to access Jenkins, so we no longer need access to port "8080". If you have enabled access to port "808080" in your firewall or ECS instance security group, you can safely remove it. To configure the Jenkins built-in server to listen only for connections from the local host, change the settings in the Jenkins default configuration file. Open the configuration file.
sudo nano /etc/default/jenkins
Find the following line at the end of the file:
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT”
Change the settings as follows.
HTTP_HOST=127.0.0.1
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=$HTTP_HOST"
Save the file and exit the editor. Run and restart your Jenkins instance.
sudo systemctl restart jenkins
The Jenkins built-in server will now only accept connections from the localhost. Only Nginx proxy can access it securely.
You can access your Jenkins instance from your favorite browser by visiting the URL https://jenkins.example.com.
During installation, Jenkins will generate an initial password. This initial password is required to complete the Jenkins setup from your browser. If you access your Jenkins instance from your browser, you'll see that you're asking for an admin password. Print the initial administrator password on the terminal.
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
You should see similar output.
aliyun@jenkins:~$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword
84ae7775fec245e69305c6db08389d69
Copy the password from your device and paste it into your browser.
If the initial password is successfully verified, Setup will ask for a plugin to install. Plugins can be easily managed from the Jenkins interface, so select the Install suggested plugins option here. This will install the most popular and useful plugins to extend the functionality of Jenkins.
At this stage, SETUP installs the recommended plug-in. It will be completed in a few minutes. The installation status of each plug-in is displayed.
If the plugin installation is successful, setup will ask you to create an administrator account. Enter the basic account details that Jenkins will ask.
Finally, you'll see a message that Jenkins is ready. Go to Login and log in with the administrator account you created earlier. The Jenkins dashboard is displayed.
This is the end. Alibaba Cloud ECS We have successfully installed a Jenkins automation server on Ubuntu 16.04. We also set up a Nginx reverse proxy and secured it with Let's Encrypt SSL. Now that your Jenkins instance is ready, you can move on to creating your first build job.
[Second half of the tutorial](https://community.alibabacloud.com/blog/ci%2Fcd-with-jenkins---part-2%3A-use-jenkins-for-continuous-integration_593720?spm=a2c65.11461447.0. In 0.789b4a54a4WRLd), we will create a sample web-based Java application as a Maven project. Also, configure Jenkins to work with JDK, Git and Maven. Finally, set up a Jenkin-based build project for the sample application and run the first build.
Recommended Posts