100 Days of DevOps — Day 60-Introduction to Jenkins

  • As Jenkins is written in Java you must need to install java to run Jenkins
#yum -y install java-1.8.0-openjdk.x86_64
  • To use this repository, run the following command:
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
# yum -y install jenkins
  • Start Jenkins Service
# systemctl start jenkins
  • Make sure it's available/enable after reboot
systemctl enable jenkins
  • Check the status of Jenkins Service
# systemctl status jenkins jenkins.service - LSB: Jenkins Automation ServerLoaded: loaded (/etc/rc.d/init.d/jenkins; bad; vendor preset: disabled)Active: active (running) since Thu 2019-04-11 23:15:26 UTC; 10s agoDocs: man:systemd-sysv-generator(8)CGroup: /system.slice/jenkins.service└─2310 /etc/alternatives/java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins....Apr 11 23:15:25 ip-172-31-31-68.us-west-2.compute.internal systemd[1]: Starting LSB: Jenkins Automation Server...Apr 11 23:15:25 ip-172-31-31-68.us-west-2.compute.internal runuser[2296]: pam_unix(runuser:session): session opened for user jenkins by (uid=0)Apr 11 23:15:26 ip-172-31-31-68.us-west-2.compute.internal jenkins[2291]: Starting Jenkins [  OK  ]Apr 11 23:15:26 ip-172-31-31-68.us-west-2.compute.internal systemd[1]: Started LSB: Jenkins Automation Server.
  • Now try to browse your Jenkins Server on http://<ip address>:8080
  • Cat the content of the file and paste it in the browser
# cat /var/lib/jenkins/secrets/initialAdminPassword
  • Install suggested plugins
  • Create user and you are all set to go
  • In some cases where you are running Jenkins in secure environment(where you have a port restriction, you will not be able to get to the instance), in these cases, we can run Jenkins behind Nginx which act as a reverse proxy
# yum install nginx
  • Go to the nginx configuration file /etc/nginx/nginx.conf
  • Here we are telling nginx(proxy_pass http://127.0.0.1), any connection request you are getting for root(/) on Port 80 forward it to 8080 port
# Start Nginx 
[root@ip-172-31-31-68 ~]# systemctl start nginx
#Enable Nginx[root@ip-172-31-31-68 ~]# systemctl enable nginxCreated symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.# Check Nginx Status[root@ip-172-31-31-68 ~]# systemctl status nginx nginx.service - The nginx HTTP and reverse proxy serverLoaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)Active: active (running) since Thu 2019-04-11 23:37:44 UTC; 10s agoMain PID: 3320 (nginx)CGroup: /system.slice/nginx.service├─3320 nginx: master process /usr/sbin/nginx└─3321 nginx: worker processApr 11 23:37:44 ip-172-31-31-68.us-west-2.compute.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...Apr 11 23:37:44 ip-172-31-31-68.us-west-2.compute.internal nginx[3314]: nginx: the configuration file /etc/nginx/nginx.conf syntax is okApr 11 23:37:44 ip-172-31-31-68.us-west-2.compute.internal nginx[3314]: nginx: configuration file /etc/nginx/nginx.conf test is successfulApr 11 23:37:44 ip-172-31-31-68.us-west-2.compute.internal systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argumentApr 11 23:37:44 ip-172-31-31-68.us-west-2.compute.internal systemd[1]: Started The nginx HTTP and reverse proxy server.
  • Now there is a small issue, if you click on Manage Jenkins, you will see this reverse proxy error
  • Go directly to this URL and copy paste all the content below proxy_pass
  • Restart Nginx service
# systemctl restart nginx
  • As Jenkins is up and running now, let’s check a few more things
# cat /etc/passwd|grep -i jenkinsjenkins:x:997:994:Jenkins Automation Server:/var/lib/jenkins:/bin/false
  • As you can see, default shell assign to Jenkins user is /bin/false which is too restrictive for us
# su - jenkinsLast failed login: Thu Apr 11 14:49:32 UTC 2019 from XXXXX on ssh:nottyThere was 1 failed login attempt since the last successful login.
  • /bin/false is just a binary that immediately exits, returning false, when it’s called, so when someone who has false as shell logs in, they’re immediately logged out when false exits.
  • To change the shell from /bin/false to /bin/bash
# usermod -s /bin/bash jenkins
  • Next step is to generate the ssh key which I can use to login to slave nodes or to the master server itself without supplying the password
# su - jenkinsLast login: Fri Apr 12 03:45:33 UTC 2019 on pts/0-bash-4.2$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa):Created directory '/var/lib/jenkins/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /var/lib/jenkins/.ssh/id_rsa.Your public key has been saved in /var/lib/jenkins/.ssh/id_rsa.pub.The key fingerprint is:SHA256:LhzQwpGzgDttHiNAIV27P2LKlo7CkfdWjd5mOLku2rU jenkins@ip-172-31-31-68.us-west-2.compute.internalThe key's randomart image is:+---[RSA 2048]----+|o=..o.           ||+ o.o+           ||.o .=o.          ||+ = .+           || =.o. . S        || o.. o = .       ||. o.+ B.=        ||.+oo.=.B.+       ||oo+.o.oE=        |+----[SHA256]-----+
  • Then go to
$ cd /var/lib/jenkins/.ssh/
$ cat id_rsa.pub >> authorized_keys (make sure permission for this file must be set to 644)
$ ssh localhost
Last login: Fri Apr 12 03:58:54 2019 from localhost
  • One more thing we can do is to allow Jenkins user to run any sudo command without entering the password
#As root user run visudo command and add the below entry
visudo
jenkins ALL=(ALL) NOPASSWD: ALL

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store