Work on sonarqube, auto configuration, Add installation script, Add utility to update plugins

6 years ago · c7d9390579
10 changed files with 315 additions and 159 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 volumes/*/
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,78 +1,136 @@
 version: '3.7'
 services:
-  jenkins:
+  # Nginx reverse proxy container
-    build: ./jenkins
+  # Reference:
-    container_name: jenkins
+  # https://github.com/jwilder/nginx-proxy
-    user: root
+  nginx-proxy: # TODO: maybe split this to the two underlying images?
-    volumes:
+    image: jwilder/nginx-proxy
-      - jenkins-log:/var/log/jenkins
+    container_name: nginx-proxy
-      - jenkins-data:/var/jenkins_home
+    restart: always
      - ./jenkins/downloads:/var/jenkins_home/downloads
      - /var/run/docker.sock:/var/run/docker.sock
    secrets:
      - jenkins_admin_username
      - jenkins_admin_password
    environment:
-      - VIRTUAL_HOST=jenkins.mthmmy.tk
+      - DEFAULT_HOST=mthmmy.tk
-      - VIRTUAL_PORT=8080
+    labels:
-      - LETSENCRYPT_HOST=jenkins.mthmmy.tk
+        com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
-      - LETSENCRYPT_EMAIL=apotwohd@gmail.com
+    logging:
-      - SONARQUBE_HOST=127.0.0.1:9000
+      options:
        max-size: '4m'
        max-file: '10'
    networks:
      - janus-net
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    networks:
      - janus-net
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
-    environment:
+      - ./volumes/nginx/conf:/etc/nginx/conf.d
-      - DEFAULT_HOST=mthmmy.tk
+      - ./volumes/nginx/vhost:/etc/nginx/vhost.d
-      - conf:/etc/nginx/conf.d
+      - ./volumes/nginx/html:/usr/share/nginx/html
-      - vhost:/etc/nginx/vhost.d
+      - ./volumes/nginx/dhparam:/etc/nginx/dhparam
-      - html:/usr/share/nginx/html
+      - ./volumes/nginx/certs:/etc/nginx/certs:ro
-      - dhparam:/etc/nginx/dhparam
+
-      - certs:/etc/nginx/certs:ro
+  # Letsencrypt automated creation, renewal and use of Let's Encrypt certificates
  # Reference:
  # https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy-le
    restart: always
    depends_on:
      - nginx-proxy
    logging:
      options:
        max-size: '4m'
        max-file: '10'
    networks:
      - janus-net
    volumes:
-      - conf:/etc/nginx/conf.d
+      - ./volumes/nginx/conf:/etc/nginx/conf.d
-      - vhost:/etc/nginx/vhost.d
+      - ./volumes/nginx/vhost:/etc/nginx/vhost.d
-      - html:/usr/share/nginx/html
+      - ./volumes/nginx/html:/usr/share/nginx/html
-      - dhparam:/etc/nginx/dhparam
+      - ./volumes/nginx/dhparam:/etc/nginx/dhparam
-      - certs:/etc/nginx/certs:rw
+      - ./volumes/nginx/certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
  # Jenkins automation server, image bundled with Blue Ocean
  # Reference:
  # https://jenkins.io/doc/book/blueocean/
  jenkins:
    build: ./jenkins
    container_name: jenkins
    restart: always
    user: root
    environment:
-      - NGINX_PROXY_CONTAINER=nginx-proxy
+      - VIRTUAL_HOST=jenkins.mthmmy.tk
      - VIRTUAL_PORT=8080
      - LETSENCRYPT_HOST=jenkins.mthmmy.tk
      - LETSENCRYPT_EMAIL=apotwohd@gmail.com
      - SONARQUBE_HOST=127.0.0.1:9000
    secrets:
      - jenkins_admin_username
      - jenkins_admin_password
    networks:
      - janus-net
    volumes:
      - ./volumes/jenkins/log:/var/log/jenkins
      - jenkins-data:/var/jenkins_home
      - ./jenkins/downloads:/var/jenkins_home/downloads
      - /var/run/docker.sock:/var/run/docker.sock
  # Sonarqube continuous inspection of code quality
  # References:
  # https://docs.sonarqube.org/latest/
  # https://github.com/SonarSource/docker-sonarqube/tree/master/recipes
  sonarqube:
    image: sonarqube
    container_name: sonarqube
-    ports:
+    restart: always
-      - "9000:9000"
+    environment:
      - sonar.jdbc.username=sonar
      - sonar.jdbc.password=sonar
      - sonar.jdbc.url=jdbc:postgresql://sonar-db:5432/sonar
      - VIRTUAL_HOST=sonar.mthmmy.tk
      - VIRTUAL_PORT=9000
      - LETSENCRYPT_HOST=sonar.mthmmy.tk
      - LETSENCRYPT_EMAIL=apotwohd@gmail.com
    networks:
      - janus-net
-    expose:
+      - sonar-net
-      - "9000"
+    volumes:
-secrets:
+      - sonarqube_conf:/opt/sonarqube/conf
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_extensions:/opt/sonarqube/extensions
      - sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins
  sonar-db:
    image: postgres
    container_name: sonar-db
    restart: always
    environment: # TODO: figure out another way to pass the username and password
      - POSTGRES_USER=sonar
      - POSTGRES_PASSWORD=sonar
    volumes:
      - postgresql:/var/lib/postgresql
      - postgresql_data:/var/lib/postgresql/data
    networks:
      - sonar-net
 # Networks in use
 # TODO: maybe add/split to separate networks
 networks:
  janus-net:
    driver: bridge
  sonar-net:
    driver: bridge
 # Secrets in use
 secrets: # TODO: figure out a better way to do this
  jenkins_admin_username:
    file: ./jenkins/user
  jenkins_admin_password:
    file: ./jenkins/pass
 volumes:
  jenkins-data:
-  jenkins-log:
+  sonarqube_conf:
-  conf:
+  sonarqube_data:
-  vhost:
+  sonarqube_extensions:
-  html:
+  sonarqube_bundled-plugins:
-  dhparam:
+  postgresql:
-  certs:
+  postgresql_data:
 networks:
  janus-net:
    driver: bridge
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,44 @@
 #!/bin/bash
 # This script will:
 # 	- install docker
 # 	- make temporary changes to your system (vm.max_map_count, fs.file-max and other)
 # ATENTION: run this script as root (use sudo if needed)!
 # Checks for root privileges
 if [ "$EUID" -ne 0 ]
 	then echo "Please run as root."
 	exit 1
 fi
 # Checks if ports 80 and 443 are in use
 SHOULD_EXIT=0
 if [[ `lsof -i -P -n | grep LISTEN | grep '*:80 (LISTEN)'` ]]; then
 	PORT80USER=`lsof -i -P -n | grep LISTEN | grep '*:80 (LISTEN)' | awk '{ print $1 }'`
 	echo "Port 80 is in use by another program ($PORT80USER). Please free the port and try again."
 	SHOULD_EXIT=1
 fi
 if [[ `lsof -i -P -n | grep LISTEN | grep '*:443 (LISTEN)'` ]]; then
 	PORT443USER=`lsof -i -P -n | grep LISTEN | grep '*:443 (LISTEN)' | awk '{ print $1 }'`
 	echo "Port 443 is in use by another program ($PORT80USER). Please free the port and try again."
 	SHOULD_EXIT=1
 fi
 if [[ "$SHOULD_EXIT" = "1" ]]; then
 	echo "Exiting..."
 	exit 1
 fi
 # Installs docker using the get.docker.com method
 VERSION="18.09"
 curl -fsSL https://get.docker.com -o get-docker.sh | sh
 # Bellow settings are needed for Sonarqube to run on linux.
 # These settings are valid only for the session and are lost after reboot
 # TODO: make the changes permanent
 sysctl -w vm.max_map_count=262144
 sysctl -w fs.file-max=65536
 ulimit -n 65536
 ulimit -u 4096
--- a/jenkins/Dockerfile
+++ b/jenkins/Dockerfile
@ -8,16 +8,15 @@ RUN mkdir /var/cache/jenkins
 RUN chown -R jenkins:jenkins /var/log/jenkins
 RUN chown -R jenkins:jenkins /var/cache/jenkins
-# Normally we should install docker inside container, but it seems to be working
+# Installs docker inside container
 # without it.
 # ATENTION: version MUST be the same as host's docker installation!
 ARG VERSION=18.09
 RUN curl -fsSL https://get.docker.com -o get-docker.sh | sh
 USER jenkins
-# Security configuration script
+# Security configuration scripts
-COPY security.groovy /var/jenkins_home/init.groovy.d/security.groovy
+COPY configuration/* /var/jenkins_home/init.groovy.d/security.groovy
 # Automatically installs plugins
 COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
@ -29,5 +28,4 @@ COPY groovy/* /usr/share/jenkins/ref/init.groovy.d/
 # Sets defaults
 # Gets rid of admin password setup
 ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Xmx8192m"
 ENV JENKINS_OPTS="--handlerCountMax=300 --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war"
--- a/jenkins/configuration/github.groovy
+++ b/jenkins/configuration/github.groovy
@ -0,0 +1,37 @@
 import jenkins.model.*
 import com.cloudbees.plugins.credentials.*
 import com.cloudbees.plugins.credentials.common.*
 import com.cloudbees.plugins.credentials.domains.*
 import com.cloudbees.plugins.credentials.impl.*
 import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
 import org.jenkinsci.plugins.plaincredentials.*
 import org.jenkinsci.plugins.plaincredentials.impl.*
 import hudson.util.Secret
 import hudson.plugins.sshslaves.*
 import org.apache.commons.fileupload.*
 import org.apache.commons.fileupload.disk.*
 import java.nio.file.Files
 def env = System.getenv()
 GITHUB_TOKEN  = env['GITHUB_TOKEN']
 domain = Domain.global()
 store = Jenkins.instance.getExtensionList('com.cloudbees.plugins.credentials.SystemCredentialsProvider')[0].getStore()
 println("== multibranch-github-pipeline.groovy => Starting.")
 if ( GITHUB_TOKEN ) {
    println("== multibranch-github-pipeline.groovy => Adding token.")
    secretText = new StringCredentialsImpl(
            CredentialsScope.GLOBAL,
            "github-token",
            "This is the token used for Github source branch plugin",
            Secret.fromString(GITHUB_TOKEN)
    )
    store.addCredentials(domain, secretText)
    println("== multibranch-github-pipeline.groovy => token added.")
 }
 println("== multibranch-github-pipeline.groovy => Done.")
--- a/jenkins/configuration/security.groovy
+++ b/jenkins/configuration/security.groovy
--- a/jenkins/configuration/url.groovy
+++ b/jenkins/configuration/url.groovy
@ -0,0 +1,13 @@
 import jenkins.model.Jenkins
 def env = System.getenv()
 JENKINS_URL = env['JENKINS_URL']
 if (JENKINS_URL) {
  def location = Jenkins.instance.getDescriptor('jenkins.model.JenkinsLocationConfiguration')
  location.setUrl(JENKINS_URL)
  println("== 00_jenkins-init.groovy - Jenkins URL configured to " + Jenkins.instance.getRootUrl())
 } else {
  println("== 00_jenkins-init.groovy - Jenkins URL not configured. " + Jenkins.instance.getRootUrl())
 }
--- a/jenkins/plugins.txt
+++ b/jenkins/plugins.txt
@ -1,105 +1,106 @@
-mailer
+ace-editor
-blueocean-pipeline-editor
+ant
-blueocean-i18n
+antisamy-markup-formatter
-pipeline-model-declarative-agent
+apache-httpcomponents-client-4-api
-github-branch-source
+authentication-tokens
-workflow-support
+blueocean
-durable-task
+blueocean-autofavorite
-cloudbees-folder
+blueocean-bitbucket-pipeline
-workflow-cps-global-lib
+blueocean-commons
-token-macro
+blueocean-config
-scm-api
+blueocean-core-js
-jquery-detached
+blueocean-dashboard
-cloudbees-bitbucket-branch-source
+blueocean-display-url
-pipeline-stage-tags-metadata
+blueocean-events
-git-server
+blueocean-git-pipeline
-blueocean-dashboard
+blueocean-github-pipeline
-git
+blueocean-i18n
-jdk-tool
+blueocean-jira
-pipeline-model-extensions
+blueocean-jwt
-docker-commons
+blueocean-personalization
-authentication-tokens
+blueocean-pipeline-api-impl
-matrix-project
+blueocean-pipeline-editor
-pipeline-github-lib
+blueocean-pipeline-scm-api
-git-client
+blueocean-rest
-email-ext
+blueocean-rest-impl
-blueocean
+blueocean-web
-display-url-api
+bouncycastle-api
-workflow-cps
+branch-api
-blueocean-jwt
+build-timeout
-workflow-durable-task-step
+cloudbees-bitbucket-branch-source
-ace-editor
+cloudbees-folder
-lockable-resources
+command-launcher
-credentials-binding
+credentials
-blueocean-web
+credentials-binding
-timestamper
+discord-notifier
-plain-credentials
+display-url-api
-blueocean-commons
+docker-commons
-blueocean-autofavorite
+docker-workflow
-blueocean-events
+durable-task
-gradle
+email-ext
-workflow-scm-step
+favorite
-credentials
+git
-handy-uri-templates-2-api
+git-client
-blueocean-pipeline-api-impl
+git-server
-discord-notifier
+github
-antisamy-markup-formatter
+github-api
-pipeline-rest-api
+github-branch-source
-junit
+gradle
-workflow-basic-steps
+handlebars
-pipeline-model-api
+handy-uri-templates-2-api
-github-api
+htmlpublisher
-jira
+jackson2-api
-pam-auth
+jdk-tool
-apache-httpcomponents-client-4-api
+jenkins-design-language
-blueocean-github-pipeline
+jira
-pipeline-stage-step
+jquery-detached
-ssh-slaves
+jsch
-branch-api
+junit
-workflow-aggregator
+ldap
-blueocean-config
+lockable-resources
-workflow-step-api
+mailer
-pubsub-light
+mapdb-api
-blueocean-rest
+matrix-auth
-script-security
+matrix-project
-blueocean-bitbucket-pipeline
+mercurial
-blueocean-pipeline-scm-api
+momentjs
-blueocean-git-pipeline
+pam-auth
-bouncycastle-api
+pipeline-build-step
-momentjs
+pipeline-github-lib
-pipeline-input-step
+pipeline-graph-analysis
-workflow-multibranch
+pipeline-input-step
-variant
+pipeline-milestone-step
-structs
+pipeline-model-api
-blueocean-rest-impl
+pipeline-model-declarative-agent
-subversion
+pipeline-model-definition
-mapdb-api
+pipeline-model-extensions
-pipeline-stage-view
+pipeline-rest-api
-matrix-auth
+pipeline-stage-step
-workflow-job
+pipeline-stage-tags-metadata
-mercurial
+pipeline-stage-view
-ssh-credentials
+plain-credentials
-sse-gateway
+pubsub-light
-pipeline-graph-analysis
+resource-disposer
-ws-cleanup
+scm-api
-jenkins-design-language
+script-security
-pipeline-model-definition
+sonar
-ant
+sse-gateway
-handlebars
+ssh-credentials
-command-launcher
+ssh-slaves
-ldap
+structs
-blueocean-personalization
+subversion
-resource-disposer
+timestamper
-build-timeout
+token-macro
-blueocean-display-url
+variant
-pipeline-build-step
+workflow-aggregator
-pipeline-milestone-step
+workflow-api
-workflow-api
+workflow-basic-steps
-favorite
+workflow-cps
-jackson2-api
+workflow-cps-global-lib
-blueocean-core-js
+workflow-durable-task-step
-docker-workflow
+workflow-job
-blueocean-jira
+workflow-multibranch
-htmlpublisher
+workflow-scm-step
-jsch
+workflow-step-api
-github
+workflow-support
 ws-cleanup
--- a/utility-scripts/updateJenkinsPlugins.sh
+++ b/utility-scripts/updateJenkinsPlugins.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 docker exec -it jenkins ls /var/jenkins_home/plugins/ | grep -v jpi > "$DIR/../jenkins/plugins.txt"
--- a/volumes/.gitkeep
+++ b/volumes/.gitkeep