Jenkins安装
参考Debian Jenkins Packageshttps://pkg.origin.jenkins.io/debian-stable/
加Key
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
加仓库
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
更新索引,并安装依赖库,再安装jenkins
fontconfig openjdk-11-jre
sudo apt-get update
sudo apt-get install fontconfig openjdk-11-jre
sudo apt-get install jenkins
Jenkins服务运行
开启服务
sudo systemctl start jenkins
检查是否正在运行
sudo systemctl status jenkins
在浏览器种输入下面的URL,打开Jenkins,默认端口8080
http://your_server_ip_or_domain:8080
解锁Jenkins
第一次在浏览器中访问Jenkins时,您将被提示解锁Jenkins。初始admin密码可以在以下文件中找到:
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
复制密码到浏览器解锁Jenkins.
配置Jenkins:
按照说明设置Jenkins,可以根据需要安装插件和配置Jenkins。
运行Jenkins服务:
要确保Jenkins在启动时自动启动,并作为系统服务进行管理,请执行以下命令:
sudo systemctl enable jenkins
Jenkins启动排错
若启动失败,可以检查log,Java依赖库报错
启动时查看syslog,得知java版本不匹配
# tail -f /var/log/syslog
systemd[1]: Started Session 13 of user ute.
systemd[1]: Started Session 14 of user ute.
systemd[1]: Starting Jenkins Continuous Integration Server...
jenkins[5941]: jenkins: invalid Java version: java version "1.8.0_341"
jenkins[5941]: Java(TM) SE Runtime Environment (build 1.8.0_341-b10)
jenkins[5941]: Java HotSpot(TM) 64-Bit Server VM (build 25.341-b10, mixed mode)
systemd[1]: jenkins.service: Main process exited, code=exited,status=1/FAILURE
systemd[1]: jenkins.service: Failed with result 'exit-code'.
systemd[1]: Failed to start Jenkins Continuous Integration Server.
systemd[1]: jenkins.service: Service RestartSec=100ms expired,scheduling restart.
systemd[1]: jenkins.service: Scheduled restart job, restart counter is at 1.
systemd[1]: Stopped Jenkins Continuous Integration Server.
systemd[1]: Starting Jenkins Continuous Integration Server...
上面虽然已经安装最新的openjdk-11-jre,但是查看java版本仍然是老的版本
# java -version
java version "1.8.0_341"
Java(TM) SE Runtime Environment (build 1.8.0_341-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.341-b10, mixed mode)
执行update-alternatives --config java
# update-alternatives --config java
update-alternatives: warning: alternative /usr/lib/jvm/jre-8-oracle-x64/bin/java (part of link group java) doesn't exist; removing from list o f alternatives
update-alternatives: warning: /etc/alternatives/java is dangling; it will be updated with best choice
There is only one alternative in link group java (providing /usr/bin/java): /usr/lib/jvm/jre-8-oracle-x64/bin/java
Nothing to configure.
update-alternatives: warning: forcing reinstallation of alternative /usr/lib/jvm/jre-8-oracle-x64/bin/java because link group java is broken
update-alternatives: warning: current alternative /usr/lib/jvm/jre-8-oracle-x64/bin/java is unknown, switching to /usr/lib/jvm/java-11-openjdk -amd64/bin/java for link group java
# update-alternatives --config java
There is only one alternative in link group java (providing /usr/bin/java): /usr/lib/jvm/java-11-openjdk-amd64/bin/java
Nothing to configure.
# java -version
openjdk version "11.0.18" 2023-01-17
OpenJDK Runtime Environment (build 11.0.18+10-post-Debian-1deb10u1)
OpenJDK 64-Bit Server VM (build 11.0.18+10-post-Debian-1deb10u1, mixed mode, sharing)
或尝试检查默认Jenkins端口8080是否被占用:
# netstat -nltp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 1416/apache2
修改Jenkins默认端口
# vi /etc/default/jenkins
# defaults for Jenkins automation server
# pulled in from the init script; makes things easier.
NAME=jenkins
# arguments to pass to java
# Allow graphs etc. to work even when an X server is present
JAVA_ARGS="-Djava.awt.headless=true"
#JAVA_ARGS="-Xmx256m"
# make jenkins listen on IPv4 address
#JAVA_ARGS="-Djava.net.preferIPv4Stack=true"
PIDFILE=/var/run/$NAME/$NAME.pid
# user and group to be invoked as (default to jenkins)
JENKINS_USER=$NAME
JENKINS_GROUP=$NAME
# location of the jenkins war file
JENKINS_WAR=/usr/share/java/$NAME.war
# jenkins home location
JENKINS_HOME=/var/lib/$NAME
# set this to false if you don't want Jenkins to run by itself
# in this set up, you are expected to provide a servlet container
# to host jenkins.
RUN_STANDALONE=true
# log location. this may be a syslog facility.priority
JENKINS_LOG=/var/log/$NAME/$NAME.log
#JENKINS_LOG=daemon.info
# Whether to enable web access logging or not.
# Set to "yes" to enable logging to /var/log/$NAME/access_log
JENKINS_ENABLE_ACCESS_LOG="no"
# OS LIMITS SETUP
# comment this out to observe /etc/security/limits.conf
# this is on by default because http://github.com/jenkinsci/jenkins/commit/2fb288474e980d0e7ff9c4a3b768874835a3e92e
# reported that Ubuntu's PAM configuration doesn't include pam_limits.so, and as a result the # of file
# descriptors are forced to 1024 regardless of /etc/security/limits.conf
MAXOPENFILES=8192
# set the umask to control permission bits of files that Jenkins creates.
# 027 makes files read-only for group and inaccessible for others, which some security sensitive users
# might consider benefitial, especially if Jenkins runs in a box that's used for multiple purposes.
# Beware that 027 permission would interfere with sudo scripts that run on the master (JENKINS-25065.)
#
# Note also that the particularly sensitive part of $JENKINS_HOME (such as credentials) are always
# written without 'others' access. So the umask values only affect job configuration, build records,
# that sort of things.
#
# If commented out, the value from the OS is inherited, which is normally 022 (as of Ubuntu 12.04,
# by default umask comes from pam_umask(8) and /etc/login.defs
# UMASK=027
# port for HTTP connector (default 8080; disable with -1)
HTTP_PORT=8080
# servlet context, important if you want to use apache proxying
PREFIX=/$NAME
# arguments to pass to jenkins.
# full list available from java -jar jenkins.war --help
# --javaHome=$JAVA_HOME
# --httpListenAddress=$HTTP_HOST (default 0.0.0.0)
# --httpPort=$HTTP_PORT (default 8080; disable with -1)
# --httpsPort=$HTTP_PORT
# --argumentsRealm.passwd.$ADMIN_USER=[password]
# --argumentsRealm.roles.$ADMIN_USER=admin
# --webroot=~/.jenkins/war
# --prefix=$PREFIX
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT"
防火墙设置
解决:Jenkins本地浏览器可访问,但是其他主机无法访问
缺少Jenkins port
# /usr/sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpts:snmp:snmp-trap
ACCEPT udp -- anywhere anywhere udp dpts:snmp:snmp-trap
ACCEPT tcp -- anywhere anywhere tcp dpts:319:320
ACCEPT udp -- anywhere anywhere udp dpts:ptp-event:ptp-general
ACCEPT tcp -- anywhere anywhere tcp dpts:5900:5901
ACCEPT tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:10000
ACCEPT tcp -- anywhere anywhere tcp dpt:10010
ACCEPT udp -- anywhere anywhere udp dpt:10010
ACCEPT tcp -- anywhere anywhere tcp dpt:10020
ACCEPT udp -- anywhere anywhere udp dpt:10020
ACCEPT tcp -- anywhere anywhere tcp dpt:20000
ACCEPT udp -- anywhere anywhere udp dpt:20000
ACCEPT tcp -- anywhere anywhere tcp dpts:8880:8881
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
允许jenkins port(8888) 进出,并临时保存防火墙配置(重启失效)
# /usr/sbin/iptables -i eth0 -I INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
# /usr/sbin/iptables-save
永久保存防火墙配置,重启还在
# /usr/sbin/netfilter-persistent save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save
# /usr/sbin/netfilter-persistent reload
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start