ECEntrics
/
janus-ci-cd
mirror of https://gitlab.com/ecentrics/janus-ci-cd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Init

master
Apostolos Fanakis 5 years ago
commit
93cdeafb47
11 changed files with 339 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      README.md
  2. 78
      docker-compose.yml
  3. 33
      jenkins/Dockerfile
  4. 9
      jenkins/downloads/jdk-7u76-linux-x64.tar.gz
  5. 9
      jenkins/downloads/jdk-8u131-linux-x64.tar.gz
  6. 29
      jenkins/groovy/java.groovy
  7. 1
      jenkins/pass
  8. 105
      jenkins/plugins.txt
  9. 52
      jenkins/security.groovy
  10. 1
      jenkins/user
  11. 10
      makefile

12
README.md
View File

@ -0,0 +1,12 @@
## Deployment
To deploy the Jenkins server use the commands:
```bash
make build
make run
```
To get the administrator password created use the command:
```bash
docker exec jenkins_master_1 cat /var/jenkins_home/secrets/initialAdminPassword
```

78
docker-compose.yml
View File

@ -0,0 +1,78 @@
version: '3.7'
services:
jenkins:
build: ./jenkins
container_name: jenkins
user: root
volumes:
- jenkins-log:/var/log/jenkins
- jenkins-data:/var/jenkins_home
- ./jenkins/downloads:/var/jenkins_home/downloads
- /var/run/docker.sock:/var/run/docker.sock
secrets:
- jenkins_admin_username
- jenkins_admin_password
environment:
- VIRTUAL_HOST=jenkins.mthmmy.tk
- VIRTUAL_PORT=8080
- LETSENCRYPT_HOST=jenkins.mthmmy.tk
- LETSENCRYPT_EMAIL=apotwohd@gmail.com
- SONARQUBE_HOST=127.0.0.1:9000
networks:
- janus-net
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
networks:
- janus-net
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
environment:
- DEFAULT_HOST=mthmmy.tk
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- dhparam:/etc/nginx/dhparam
- certs:/etc/nginx/certs:ro
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-proxy-le
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- dhparam:/etc/nginx/dhparam
- certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
networks:
- janus-net
sonarqube:
image: sonarqube
container_name: sonarqube
ports:
- "9000:9000"
networks:
- janus-net
expose:
- "9000"
secrets:
jenkins_admin_username:
file: ./jenkins/user
jenkins_admin_password:
file: ./jenkins/pass
volumes:
jenkins-data:
jenkins-log:
conf:
vhost:
html:
dhparam:
certs:
networks:
janus-net:
driver: bridge

33
jenkins/Dockerfile
View File

@ -0,0 +1,33 @@
FROM jenkinsci/blueocean
LABEL maintainer="apotwohd@gmail.com"
# Preps Jenkins directories
USER root
RUN mkdir /var/log/jenkins
RUN mkdir /var/cache/jenkins
RUN chown -R jenkins:jenkins /var/log/jenkins
RUN chown -R jenkins:jenkins /var/cache/jenkins
# Normally we should install docker inside container, but it seems to be working
# without it.
# ATENTION: version MUST be the same as host's docker installation!
ARG VERSION=18.09
RUN curl -fsSL https://get.docker.com -o get-docker.sh | sh
USER jenkins
# Security configuration script
COPY security.groovy /var/jenkins_home/init.groovy.d/security.groovy
# Automatically installs plugins
COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
# Adds scripts for tool installation
COPY groovy/* /usr/share/jenkins/ref/init.groovy.d/
# Sets defaults
# Gets rid of admin password setup
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Xmx8192m"
ENV JENKINS_OPTS="--handlerCountMax=300 --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war"

9
jenkins/downloads/jdk-7u76-linux-x64.tar.gz
View File

@ -0,0 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pub/funtoo/distfiles/oracle-java/jdk-7u76-linux-x64.tar.gz was not found on this server.</p>
<hr>
<address>Apache Server at ftp.osuosl.org Port 80</address>
</body></html>

9
jenkins/downloads/jdk-8u131-linux-x64.tar.gz
View File

@ -0,0 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pub/funtoo/distfiles/oracle-java/jdk-8u131-linux-x64.tar.gz was not found on this server.</p>
<hr>
<address>Apache Server at ftp.osuosl.org Port 80</address>
</body></html>

29
jenkins/groovy/java.groovy
View File

@ -0,0 +1,29 @@
import hudson.model.JDK
import hudson.tools.InstallSourceProperty
import hudson.tools.ZipExtractionInstaller
def descriptor = new JDK.DescriptorImpl();
def List<JDK> installations = []
javaTools=[['name':'jdk8', 'url':'file:/var/jenkins_home/downloads/jdk-8u131-linux-x64.tar.gz', 'subdir':'jdk1.8.0_131'],
['name':'jdk7', 'url':'file:/var/jenkins_home/downloads/jdk-7u76-linux-x64.tar.gz', 'subdir':'jdk1.7.0_76']]
javaTools.each { javaTool ->
println("Setting up tool: ${javaTool.name}")
def installer = new ZipExtractionInstaller(javaTool.label as String, javaTool.url as String, javaTool.subdir as String);
def jdk = new JDK(javaTool.name as String, null, [new InstallSourceProperty([installer])])
installations.add(jdk)
}
descriptor.setInstallations(installations.toArray(new JDK[installations.size()]))
descriptor.save()

1
jenkins/pass
View File

@ -0,0 +1 @@
passasdf

105
jenkins/plugins.txt
View File

@ -0,0 +1,105 @@
mailer
blueocean-pipeline-editor
blueocean-i18n
pipeline-model-declarative-agent
github-branch-source
workflow-support
durable-task
cloudbees-folder
workflow-cps-global-lib
token-macro
scm-api
jquery-detached
cloudbees-bitbucket-branch-source
pipeline-stage-tags-metadata
git-server
blueocean-dashboard
git
jdk-tool
pipeline-model-extensions
docker-commons
authentication-tokens
matrix-project
pipeline-github-lib
git-client
email-ext
blueocean
display-url-api
workflow-cps
blueocean-jwt
workflow-durable-task-step
ace-editor
lockable-resources
credentials-binding
blueocean-web
timestamper
plain-credentials
blueocean-commons
blueocean-autofavorite
blueocean-events
gradle
workflow-scm-step
credentials
handy-uri-templates-2-api
blueocean-pipeline-api-impl
discord-notifier
antisamy-markup-formatter
pipeline-rest-api
junit
workflow-basic-steps
pipeline-model-api
github-api
jira
pam-auth
apache-httpcomponents-client-4-api
blueocean-github-pipeline
pipeline-stage-step
ssh-slaves
branch-api
workflow-aggregator
blueocean-config
workflow-step-api
pubsub-light
blueocean-rest
script-security
blueocean-bitbucket-pipeline
blueocean-pipeline-scm-api
blueocean-git-pipeline
bouncycastle-api
momentjs
pipeline-input-step
workflow-multibranch
variant
structs
blueocean-rest-impl
subversion
mapdb-api
pipeline-stage-view
matrix-auth
workflow-job
mercurial
ssh-credentials
sse-gateway
pipeline-graph-analysis
ws-cleanup
jenkins-design-language
pipeline-model-definition
ant
handlebars
command-launcher
ldap
blueocean-personalization
resource-disposer
build-timeout
blueocean-display-url
pipeline-build-step
pipeline-milestone-step
workflow-api
favorite
jackson2-api
blueocean-core-js
docker-workflow
blueocean-jira
htmlpublisher
jsch
github

52
jenkins/security.groovy
View File

@ -0,0 +1,52 @@
#!groovy
/*
* This script is based on the one found here:
* https://gist.github.com/eddie-knight/8f0dcb7422cb98d112b5244ea7600372
*/
import jenkins.model.*
import hudson.security.*
import jenkins.security.s2m.AdminWhitelistRule
import hudson.security.csrf.DefaultCrumbIssuer
import jenkins.security.s2m.AdminWhitelistRule
def instance = Jenkins.getInstance()
// Automate Admin Setup & Plugin Installs
def user = new File("/run/secrets/jenkins_admin_username").text.trim()
def pass = new File("/run/secrets/jenkins_admin_password").text.trim()
// Create Admin User
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount(user, pass)
instance.setSecurityRealm(hudsonRealm)
// Set Auth to Full Control Once Logged In
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
instance.setAuthorizationStrategy(strategy)
// Lock Down Jenkins Security
instance.getInjector().getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false)
// Disable remoting
// We are not currently using Jenkins CLI
//instance.getDescriptor("jenkins.CLI").get().setEnabled(false)
// Enable Agent to master security subsystem
instance.injector.getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false);
// Disable jnlp
instance.setSlaveAgentPort(-1);
// CSRF Protection
instance.setCrumbIssuer(new DefaultCrumbIssuer(true))
// Disable old Non-Encrypted protocols
HashSet<String> newProtocols = new HashSet<>(instance.getAgentProtocols());
newProtocols.removeAll(Arrays.asList(
"JNLP3-connect", "JNLP2-connect", "JNLP-connect", "CLI-connect"
));
instance.setAgentProtocols(newProtocols);
instance.save()

1
jenkins/user
View File

@ -0,0 +1 @@
asdfasdf

10
makefile
View File

@ -0,0 +1,10 @@
build:
@docker-compose -p janus build;
run:
@docker-compose -p janus up -d
stop:
@docker-compose -p janus down
clean-data:
@docker-compose -p janus down -v
clean-images:
@docker rmi `docker images -q -f "dangling=true"`
Write Preview
Loading…
Cancel
Save