Work on sonarqube, auto configuration, Add installation script, Add utility to update plugins

6 years ago · c7d9390579
10 changed files with 315 additions and 159 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 volumes/*/
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,78 +1,136 @@
 version: '3.7'
 services:
-  jenkins:
+  # Nginx reverse proxy container
-    build: ./jenkins
+  # Reference:
-    container_name: jenkins
+  # https://github.com/jwilder/nginx-proxy
-    user: root
+  nginx-proxy: # TODO: maybe split this to the two underlying images?
-    volumes:
+    image: jwilder/nginx-proxy
-      - jenkins-log:/var/log/jenkins
+    container_name: nginx-proxy
-      - jenkins-data:/var/jenkins_home
+    restart: always
      - ./jenkins/downloads:/var/jenkins_home/downloads
      - /var/run/docker.sock:/var/run/docker.sock
    secrets:
      - jenkins_admin_username
      - jenkins_admin_password
    environment:
-      - VIRTUAL_HOST=jenkins.mthmmy.tk
+      - DEFAULT_HOST=mthmmy.tk
-      - VIRTUAL_PORT=8080
+    labels:
-      - LETSENCRYPT_HOST=jenkins.mthmmy.tk
+        com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
-      - LETSENCRYPT_EMAIL=apotwohd@gmail.com
+    logging:
-      - SONARQUBE_HOST=127.0.0.1:9000
+      options:
        max-size: '4m'
        max-file: '10'
    networks:
      - janus-net
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    networks:
      - janus-net
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
-    environment:
+      - ./volumes/nginx/conf:/etc/nginx/conf.d
-      - DEFAULT_HOST=mthmmy.tk
+      - ./volumes/nginx/vhost:/etc/nginx/vhost.d
-      - conf:/etc/nginx/conf.d
+      - ./volumes/nginx/html:/usr/share/nginx/html
-      - vhost:/etc/nginx/vhost.d
+      - ./volumes/nginx/dhparam:/etc/nginx/dhparam
-      - html:/usr/share/nginx/html
+      - ./volumes/nginx/certs:/etc/nginx/certs:ro
-      - dhparam:/etc/nginx/dhparam
+
-      - certs:/etc/nginx/certs:ro
+  # Letsencrypt automated creation, renewal and use of Let's Encrypt certificates
  # Reference:
  # https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy-le
    restart: always
    depends_on:
      - nginx-proxy
    logging:
      options:
        max-size: '4m'
        max-file: '10'
    networks:
      - janus-net
    volumes:
-      - conf:/etc/nginx/conf.d
+      - ./volumes/nginx/conf:/etc/nginx/conf.d
-      - vhost:/etc/nginx/vhost.d
+      - ./volumes/nginx/vhost:/etc/nginx/vhost.d
-      - html:/usr/share/nginx/html
+      - ./volumes/nginx/html:/usr/share/nginx/html
-      - dhparam:/etc/nginx/dhparam
+      - ./volumes/nginx/dhparam:/etc/nginx/dhparam
-      - certs:/etc/nginx/certs:rw
+      - ./volumes/nginx/certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
  # Jenkins automation server, image bundled with Blue Ocean
  # Reference:
  # https://jenkins.io/doc/book/blueocean/
  jenkins:
    build: ./jenkins
    container_name: jenkins
    restart: always
    user: root
    environment:
-      - NGINX_PROXY_CONTAINER=nginx-proxy
+      - VIRTUAL_HOST=jenkins.mthmmy.tk
      - VIRTUAL_PORT=8080
      - LETSENCRYPT_HOST=jenkins.mthmmy.tk
      - LETSENCRYPT_EMAIL=apotwohd@gmail.com
      - SONARQUBE_HOST=127.0.0.1:9000
    secrets:
      - jenkins_admin_username
      - jenkins_admin_password
    networks:
      - janus-net
    volumes:
      - ./volumes/jenkins/log:/var/log/jenkins
      - jenkins-data:/var/jenkins_home
      - ./jenkins/downloads:/var/jenkins_home/downloads
      - /var/run/docker.sock:/var/run/docker.sock
  # Sonarqube continuous inspection of code quality
  # References:
  # https://docs.sonarqube.org/latest/
  # https://github.com/SonarSource/docker-sonarqube/tree/master/recipes
  sonarqube:
    image: sonarqube
    container_name: sonarqube
-    ports:
+    restart: always
-      - "9000:9000"
+    environment:
      - sonar.jdbc.username=sonar
      - sonar.jdbc.password=sonar
      - sonar.jdbc.url=jdbc:postgresql://sonar-db:5432/sonar
      - VIRTUAL_HOST=sonar.mthmmy.tk
      - VIRTUAL_PORT=9000
      - LETSENCRYPT_HOST=sonar.mthmmy.tk
      - LETSENCRYPT_EMAIL=apotwohd@gmail.com
    networks:
      - janus-net
-    expose:
+      - sonar-net
-      - "9000"
+    volumes:
-secrets:
+      - sonarqube_conf:/opt/sonarqube/conf
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_extensions:/opt/sonarqube/extensions
      - sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins
  sonar-db:
    image: postgres
    container_name: sonar-db
    restart: always
    environment: # TODO: figure out another way to pass the username and password
      - POSTGRES_USER=sonar
      - POSTGRES_PASSWORD=sonar
    volumes:
      - postgresql:/var/lib/postgresql
      - postgresql_data:/var/lib/postgresql/data
    networks:
      - sonar-net
 # Networks in use
 # TODO: maybe add/split to separate networks
 networks:
  janus-net:
    driver: bridge
  sonar-net:
    driver: bridge
 # Secrets in use
 secrets: # TODO: figure out a better way to do this
  jenkins_admin_username:
    file: ./jenkins/user
  jenkins_admin_password:
    file: ./jenkins/pass
 volumes:
  jenkins-data:
-  jenkins-log:
+  sonarqube_conf:
-  conf:
+  sonarqube_data:
-  vhost:
+  sonarqube_extensions:
-  html:
+  sonarqube_bundled-plugins:
-  dhparam:
+  postgresql:
-  certs:
+  postgresql_data:
 networks:
  janus-net:
    driver: bridge
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,44 @@
 #!/bin/bash
 # This script will:
 # 	- install docker
 # 	- make temporary changes to your system (vm.max_map_count, fs.file-max and other)
 # ATENTION: run this script as root (use sudo if needed)!
 # Checks for root privileges
 if [ "$EUID" -ne 0 ]
 	then echo "Please run as root."
 	exit 1
 fi
 # Checks if ports 80 and 443 are in use
 SHOULD_EXIT=0
 if [[ `lsof -i -P -n | grep LISTEN | grep '*:80 (LISTEN)'` ]]; then
 	PORT80USER=`lsof -i -P -n | grep LISTEN | grep '*:80 (LISTEN)' | awk '{ print $1 }'`
 	echo "Port 80 is in use by another program ($PORT80USER). Please free the port and try again."
 	SHOULD_EXIT=1
 fi
 if [[ `lsof -i -P -n | grep LISTEN | grep '*:443 (LISTEN)'` ]]; then
 	PORT443USER=`lsof -i -P -n | grep LISTEN | grep '*:443 (LISTEN)' | awk '{ print $1 }'`
 	echo "Port 443 is in use by another program ($PORT80USER). Please free the port and try again."
 	SHOULD_EXIT=1
 fi
 if [[ "$SHOULD_EXIT" = "1" ]]; then
 	echo "Exiting..."
 	exit 1
 fi
 # Installs docker using the get.docker.com method
 VERSION="18.09"
 curl -fsSL https://get.docker.com -o get-docker.sh | sh
 # Bellow settings are needed for Sonarqube to run on linux.
 # These settings are valid only for the session and are lost after reboot
 # TODO: make the changes permanent
 sysctl -w vm.max_map_count=262144
 sysctl -w fs.file-max=65536
 ulimit -n 65536
 ulimit -u 4096
--- a/jenkins/Dockerfile
+++ b/jenkins/Dockerfile
@ -8,16 +8,15 @@ RUN mkdir /var/cache/jenkins
 RUN chown -R jenkins:jenkins /var/log/jenkins
 RUN chown -R jenkins:jenkins /var/cache/jenkins
-# Normally we should install docker inside container, but it seems to be working
+# Installs docker inside container
 # without it.
 # ATENTION: version MUST be the same as host's docker installation!
 ARG VERSION=18.09
 RUN curl -fsSL https://get.docker.com -o get-docker.sh | sh
 USER jenkins
-# Security configuration script
+# Security configuration scripts
-COPY security.groovy /var/jenkins_home/init.groovy.d/security.groovy
+COPY configuration/* /var/jenkins_home/init.groovy.d/security.groovy
 # Automatically installs plugins
 COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
@ -29,5 +28,4 @@ COPY groovy/* /usr/share/jenkins/ref/init.groovy.d/
 # Sets defaults
 # Gets rid of admin password setup
 ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Xmx8192m"
 ENV JENKINS_OPTS="--handlerCountMax=300 --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war"
--- a/jenkins/configuration/github.groovy
+++ b/jenkins/configuration/github.groovy
@ -0,0 +1,37 @@
 import jenkins.model.*
 import com.cloudbees.plugins.credentials.*
 import com.cloudbees.plugins.credentials.common.*
 import com.cloudbees.plugins.credentials.domains.*
 import com.cloudbees.plugins.credentials.impl.*
 import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
 import org.jenkinsci.plugins.plaincredentials.*
 import org.jenkinsci.plugins.plaincredentials.impl.*
 import hudson.util.Secret
 import hudson.plugins.sshslaves.*
 import org.apache.commons.fileupload.*
 import org.apache.commons.fileupload.disk.*
 import java.nio.file.Files
 def env = System.getenv()
 GITHUB_TOKEN  = env['GITHUB_TOKEN']
 domain = Domain.global()
 store = Jenkins.instance.getExtensionList('com.cloudbees.plugins.credentials.SystemCredentialsProvider')[0].getStore()
 println("== multibranch-github-pipeline.groovy => Starting.")
 if ( GITHUB_TOKEN ) {
    println("== multibranch-github-pipeline.groovy => Adding token.")
    secretText = new StringCredentialsImpl(
            CredentialsScope.GLOBAL,
            "github-token",
            "This is the token used for Github source branch plugin",
            Secret.fromString(GITHUB_TOKEN)
    )
    store.addCredentials(domain, secretText)
    println("== multibranch-github-pipeline.groovy => token added.")
 }
 println("== multibranch-github-pipeline.groovy => Done.")
--- a/jenkins/configuration/security.groovy
+++ b/jenkins/configuration/security.groovy
--- a/jenkins/configuration/url.groovy
+++ b/jenkins/configuration/url.groovy
@ -0,0 +1,13 @@
 import jenkins.model.Jenkins
 def env = System.getenv()
 JENKINS_URL = env['JENKINS_URL']
 if (JENKINS_URL) {
  def location = Jenkins.instance.getDescriptor('jenkins.model.JenkinsLocationConfiguration')
  location.setUrl(JENKINS_URL)
  println("== 00_jenkins-init.groovy - Jenkins URL configured to " + Jenkins.instance.getRootUrl())
 } else {
  println("== 00_jenkins-init.groovy - Jenkins URL not configured. " + Jenkins.instance.getRootUrl())
 }
--- a/jenkins/plugins.txt
+++ b/jenkins/plugins.txt
@ -1,105 +1,106 @@
-mailer
+ace-editor
-blueocean-pipeline-editor
+ant
-blueocean-i18n
+antisamy-markup-formatter
-pipeline-model-declarative-agent
+apache-httpcomponents-client-4-api
 github-branch-source
 workflow-support
 durable-task
 cloudbees-folder
 workflow-cps-global-lib
 token-macro
 scm-api
 jquery-detached
 cloudbees-bitbucket-branch-source
 pipeline-stage-tags-metadata
 git-server
 blueocean-dashboard
 git
 jdk-tool
 pipeline-model-extensions
 docker-commons
 authentication-tokens
 matrix-project
 pipeline-github-lib
 git-client
 email-ext
 blueocean
 display-url-api
 workflow-cps
 blueocean-jwt
 workflow-durable-task-step
 ace-editor
 lockable-resources
 credentials-binding
 blueocean-web
 timestamper
 plain-credentials
 blueocean-commons
 blueocean-autofavorite
 blueocean-bitbucket-pipeline
 blueocean-commons
 blueocean-config
 blueocean-core-js
 blueocean-dashboard
 blueocean-display-url
 blueocean-events
-gradle
+blueocean-git-pipeline
-workflow-scm-step
+blueocean-github-pipeline
-credentials
+blueocean-i18n
-handy-uri-templates-2-api
+blueocean-jira
 blueocean-jwt
 blueocean-personalization
 blueocean-pipeline-api-impl
 blueocean-pipeline-editor
 blueocean-pipeline-scm-api
 blueocean-rest
 blueocean-rest-impl
 blueocean-web
 bouncycastle-api
 branch-api
 build-timeout
 cloudbees-bitbucket-branch-source
 cloudbees-folder
 command-launcher
 credentials
 credentials-binding
 discord-notifier
-antisamy-markup-formatter
+display-url-api
-pipeline-rest-api
+docker-commons
-junit
+docker-workflow
-workflow-basic-steps
+durable-task
-pipeline-model-api
+email-ext
 favorite
 git
 git-client
 git-server
 github
 github-api
 github-branch-source
 gradle
 handlebars
 handy-uri-templates-2-api
 htmlpublisher
 jackson2-api
 jdk-tool
 jenkins-design-language
 jira
 jquery-detached
 jsch
 junit
 ldap
 lockable-resources
 mailer
 mapdb-api
 matrix-auth
 matrix-project
 mercurial
 momentjs
 pam-auth
-apache-httpcomponents-client-4-api
+pipeline-build-step
-blueocean-github-pipeline
+pipeline-github-lib
 pipeline-graph-analysis
 pipeline-input-step
 pipeline-milestone-step
 pipeline-model-api
 pipeline-model-declarative-agent
 pipeline-model-definition
 pipeline-model-extensions
 pipeline-rest-api
 pipeline-stage-step
-ssh-slaves
+pipeline-stage-tags-metadata
-branch-api
+pipeline-stage-view
-workflow-aggregator
+plain-credentials
 blueocean-config
 workflow-step-api
 pubsub-light
-blueocean-rest
+resource-disposer
 scm-api
 script-security
-blueocean-bitbucket-pipeline
+sonar
-blueocean-pipeline-scm-api
+sse-gateway
-blueocean-git-pipeline
+ssh-credentials
-bouncycastle-api
+ssh-slaves
 momentjs
 pipeline-input-step
 workflow-multibranch
 variant
 structs
 blueocean-rest-impl
 subversion
-mapdb-api
+timestamper
-pipeline-stage-view
+token-macro
-matrix-auth
+variant
 workflow-aggregator
 workflow-api
 workflow-basic-steps
 workflow-cps
 workflow-cps-global-lib
 workflow-durable-task-step
 workflow-job
-mercurial
+workflow-multibranch
-ssh-credentials
+workflow-scm-step
-sse-gateway
+workflow-step-api
-pipeline-graph-analysis
+workflow-support
 ws-cleanup
 jenkins-design-language
 pipeline-model-definition
 ant
 handlebars
 command-launcher
 ldap
 blueocean-personalization
 resource-disposer
 build-timeout
 blueocean-display-url
 pipeline-build-step
 pipeline-milestone-step
 workflow-api
 favorite
 jackson2-api
 blueocean-core-js
 docker-workflow
 blueocean-jira
 htmlpublisher
 jsch
 github
--- a/utility-scripts/updateJenkinsPlugins.sh
+++ b/utility-scripts/updateJenkinsPlugins.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 docker exec -it jenkins ls /var/jenkins_home/plugins/ | grep -v jpi > "$DIR/../jenkins/plugins.txt"
--- a/volumes/.gitkeep
+++ b/volumes/.gitkeep