分类
devops

Jenkins总结


Last Updated on 2022-11-09

目录

jenkins.war下载网站mirror

  • https://repo.huaweicloud.com/jenkins/war-stable/
  • https://mirrors.tuna.tsinghua.edu.cn/jenkins/war-stable/
  • https://mirrors.ustc.edu.cn/jenkins/war-stable/
  • https://mirrors.cloud.tencent.com/jenkins/war-stable/
  • https://opentuna.cn/jenkins/war-stable/

curl下载jenkins最新lts版本

curl -fsSL -O https://mirrors.ustc.edu.cn/jenkins/war-stable/$(curl -fsSL https://updates.jenkins.io/stable/latestCore.txt)/jenkins.war

或者直接

curl -fsSL -O https://opentuna.cn/jenkins/war-stable/latest/jenkins.war

下载slave.jar

下载地址 $JENKINS_URL/jnlpJars/slave.jar

下载agent.jar

下载地址 $JENKINS_URL/jnlpJars/agent.jar

下载jenkins-cli.jar

下载jenkins-plugin-manager.jar

curl -fsSL -O https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/2.11.1/jenkins-plugin-manager-2.11.1.jar

文档参考https://github.com/jenkinsci/plugin-installation-manager-tool#cli-options

jenkins系统参数(-D)

jenkins启动参数(options)

java -XX:+UnlockDiagnosticVMOptions -XX:+UnlockExperimentalVMOptions -XX:+PrintFlagsFinal  -version
java -jar jenkins.war --help

jenkins设置session超时

--sessionTimeout=1440 --sessionEviction=43200
  • https://stackoverflow.com/questions/26407541/increase-the-jenkins-login-timeout

jenkins插件update-center网站mirror

  • https://github.com/lework/jenkins-update-center

jenkins插件

Name ID url Step
Pipeline workflow-aggregator https://plugins.jenkins.io/workflow-aggregator/ https://www.jenkins.io/doc/pipeline/steps/workflow-basic-steps/
Pipeline: Node and Process workflow-durable-task-step https://plugins.jenkins.io/workflow-durable-task-step/ https://www.jenkins.io/doc/pipeline/steps/workflow-durable-task-step/
Pipeline Utility Steps pipeline-utility-steps https://plugins.jenkins.io/pipeline-utility-steps/ https://www.jenkins.io/doc/pipeline/steps/pipeline-utility-steps/
Email Extension email-ext https://plugins.jenkins.io/email-ext/ https://www.jenkins.io/doc/pipeline/steps/email-ext/
Maven Integration maven-plugin https://plugins.jenkins.io/maven-plugin/
Docker Pipeline docker-workflow https://plugins.jenkins.io/docker-workflow/ https://www.jenkins.io/doc/pipeline/steps/docker-workflow/
Git git https://plugins.jenkins.io/git/ https://www.jenkins.io/doc/pipeline/steps/git/
Kubernetes kubernetes https://plugins.jenkins.io/kubernetes/ https://www.jenkins.io/doc/pipeline/steps/kubernetes/
Kubernetes CLI kubernetes-cli https://plugins.jenkins.io/kubernetes-cli/ https://www.jenkins.io/doc/pipeline/steps/kubernetes-cli/
Role-based Authorization Strategy role-strategy https://plugins.jenkins.io/role-strategy/
Workspace Cleanup ws-cleanup https://plugins.jenkins.io/ws-cleanup/ https://www.jenkins.io/doc/pipeline/steps/ws-cleanup/
Folders cloudbees-folder https://plugins.jenkins.io/cloudbees-folder/
Configuration as Code configuration-as-code https://plugins.jenkins.io/configuration-as-code/

jenkins固定http端口

--httpListenAddress=0.0.0.0 --httpPort=8080

jenkins固定slaveagent端口

-Djenkins.model.Jenkins.slaveAgentPort=50000 -Djenkins.model.Jenkins.slaveAgentPortEnforce=true

jenkins内置环境变量

浏览器打开 $JENKINS_URL/env-vars.html

jenkins安装跳过初始化步骤

-Djenkins.install.runSetupWizard=false

jenkins Dcokerfile

  • https://github.com/jenkinsci/docker/blob/master/11/debian/buster/hotspot/Dockerfile
  • https://github.com/liumiaocn/easypack/tree/master/containers/alpine/jenkins
  • https://github.com/bitnami/bitnami-docker-jenkins
  • https://github.com/foxylion/docker-jenkins
  • https://github.com/cloudworkz/jenkins
  • https://github.com/timusus/jenkins-android
  • https://github.com/hbdesiato/docker-jenkins-docker
  • https://github.com/deskoh/jenkins-docker

jenkins agent Dockerfile

  • https://github.com/jenkinsci/docker-agent/tree/master/11/buster
  • https://github.com/jenkinsci/docker-inbound-agent

$JENKINS_HOME/plugins 和 /usr/share/jenkins/ref/plugins 目录区别

Installing prebuilt, custom plugins can be accomplished by copying the plugin HPI file into /usr/share/jenkins/ref/plugins/

$JENKINS_HOME/init.groovy.d/ 和 /usr/share/jenkins/ref/init.groovy.d 目录区别

Post initialization script (init hook)

# $REF (defaults to `/usr/share/jenkins/ref/`) contains all reference configuration we want
# to set on a fresh new installation. Use it to bundle additional plugins
# or config file with your custom jenkins Docker image.
RUN mkdir -p ${REF}/init.groovy.d
  • https://github.com/jenkinsci/docker/blob/master/README.md#installing-more-tools
  • https://www.jenkins.io/doc/book/managing/groovy-hook-scripts/

Jenkins批量备份job

#!/usr/bin/env bash

currentdir=$(dirname "$(readlink -fn "$0")")

JENKINS_SERVER="http://192.168.1.100:8080";
options="-s $JENKINS_SERVER -auth admin:123456"


if [ ! -f "$currentdir/jenkins-cli.jar" ]; then
    curl -fsSL -O $JENKINS_SERVER/jnlpJars/jenkins-cli.jar
fi

jobs=`java -jar jenkins-cli.jar $options  list-jobs`

for job in $jobs;do
    java -jar jenkins-cli.jar $options  get-job $job > $job-config.xml
done

命令行触发执行Jenkens job

#!/usr/bin/env bash

currentdir=$(dirname "$(readlink -fn "$0")")

JENKINS_SERVER="http://192.168.1.100:8080";
options="-s $JENKINS_SERVER -auth admin:123456"
if [ ! -f "$currentdir/jenkins-cli.jar" ]; then
    curl -fsSL -O $JENKINS_SERVER/jnlpJars/jenkins-cli.jar
fi

java -jar jenkins-cli.jar $options build <JOB>

jenkins 全局变量

浏览器打开$JENKINS_URL/pipeline-syntax/globals#env

jenkins共享库

  • https://github.com/devops-ws/jenkins-shared-library

jenkins pipeline语法速查

jenkins pipline step速查

<<DevOps流水线最佳实践>>出品Jenkins

jenkins utillities

curl获取jenkins当前LTS版本号

curl -fsSL https://updates.jenkins.io/stable/latestCore.txt

curl获取jenkins当前主线版本号

curl -fsSL https://updates.jenkins.io/current/latestCore.txt

jenkins master HA

  • https://github.com/endocode/jenkins-high-availability-example

kubesphere devops

  • https://github.com/kubesphere/devops-agent
  • https://github.com/kubesphere/ks-installer/tree/master/roles/ks-devops/jenkins/templates

environment section环境变量

pipeline {
    agent any
    environment {
        field = "SOME"
        N_PREFIX = "${env.HOME}/node"
        PATH = "${env.HOME}/node/bin:${env.PATH}"
        AN_ACCESS_KEY = credentials("my-predefined-secret-text")
        JENKINS_PATH = sh(script: 'pwd',returnStdout: true).trim()
    }
    stages {
        stage('Env') {
            steps {
                sh 'printenv'
            }
        }
    }
}

关闭jenkins提示”New version of Jenkins(2.298) is available for download”

Manage Jenkins => Configure System => Administrative monitors configuration

UnCheck “Jenkins Update Notification” and apply

  • https://stackoverflow.com/questions/44142638/how-to-disable-displaying-new-version-of-jenkins-2-62-is-available-for-downlo

building and release tools

工具 平台 网址
fastlane Automate building iOS and Android https://github.com/fastlane/fastlane
docker buildx https://github.com/docker/buildx

jenkins配置的几种方式

  • 界面手工配置
  • jenkins-cli.jar提供的命令行
  • curl操作jenkins API
  • JENKINS_JAVA_OPTIONS(-D)参数(如-Djenkins.install.runSetupWizard=false)
  • java -jar jenkins.war 命令行启动options(如 --httpPort=8080)
  • post initialization script(init hook)
  • Configuration as Code plugin

其中值得一提的是$JENKINS_HOME/init.groovy.d/目录的init hook非常好用,在做一些已知固定的配置时候,可以直接放到该目录下,jenkins会在启动阶段完成这些初始化,非常实用,比如设置账户密码、设置插件升级中心的地址、跳过安装步骤、关闭版本升级提醒、关闭使用统计上报等操作。相比$JENKINS_HOME/casc_configs/jenkins.yaml(Configuration as Code plugin)提供的配置方法,init hook是jenkins内置就支持的,不需要安装插件。

报错There were errors checking the update sites: Signature verification failed in update site

 报错There were errors checking the update sites: Signature verification failed in update site 'default' <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors<br> at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)<br> at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)<br> at java.base/java.security.cert.CertPathValidator.validate(Unknown Source)<br> at org.jvnet.hudson.crypto.CertificateUtil.validatePath(CertificateUtil.java:93)<br> at jenkins.util.JSONSignatureValidator.verifySignature(JSONSignatureValidator.java:89)<br> at hudson.model.UpdateSite.verifySignatureInternal(UpdateSite.java:274)<br> at hudson.model.UpdateSite.updateData(UpdateSite.java:237)<br> at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:217)<br> at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:212)<br> at hudson.PluginManager.checkUpdatesServer(PluginManager.java:1888)<br> at hudson.util.Retrier.start(Retrier.java:63)<br> at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1859)<br> at jenkins.DailyCheck.execute(DailyCheck.java:93)<br> at hudson.model.AsyncPeriodicWork.lambda$doRun$0(AsyncPeriodicWork.java:100)<br> at java.base/java.lang.Thread.run(Unknown Source)<br></pre>

解决办法1:

在启动参数加上-Dhudson.model.DownloadService.noSignatureCheck=true,由于使用了lework/jenkins-update-center提供的mirror,jenkins对下载地址进行了双向身份认证导致报错。

解决办法2:

mkdir $JENKINS_HOME/update-center-rootCAs
curl -fsSL -o  $JENKINS_HOME/update-center-rootCAs/update-center.crt https://cdn.jsdelivr.net/gh/lework/jenkins-update-center/rootCA/update-center.crt
chown jenkins.jenkins -R $JENKINS_HOME/update-center-rootCAs

报错Failed to add SSH key. Message [invalid privatekey

ERROR: Exception when publishing, exception message [Failed to add SSH key. Message [invalid privatekey: [B@3b9e40d6]]
## 解决方法
ssh-keygen -m PEM -t rsa -b 4096

参考

报错github.com: Permission denied (publickey).

stderr: git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

解决方法

增加Credentials,类型选择SSH Username with private key,Private key 填入id_rsa文件内容,并把id_rsa.pub添加到github.com服务器。

Warning: Permanently added ‘gitee.com,180.97.125.228’ (ECDSA) to the list of known hosts.

jenkinsctl

jcli

/sbin/insserv: No such file or directory

localhost:~ # systemctl enable jenkins
jenkins.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable jenkins
/sbin/insserv: No such file or directory

解决办法

zypper install -y insserv-compat

Jenkins批量导入job

#!/usr/bin/env bash

currentdir=$(dirname "$(readlink -fn "$0")")

JENKINS_SERVER="http://192.168.1.100:8080";
options="-s $JENKINS_SERVER -auth admin:123456"


if [ ! -f "$currentdir/jenkins-cli.jar" ]; then
    curl -fsSL -O $JENKINS_SERVER/jnlpJars/jenkins-cli.jar
fi

jobs=`ls *.xml`

for job in $jobs;do
    //TODO
    //extract JOBNAME from *xml filename first
    java -jar jenkins-cli.jar $options  create-job JOBNAME < $job
done

Jenkins获取已安装插件列表

$jenkins_url/manage/systemInfo

或者

#!/usr/bin/env bash

currentdir=$(dirname "$(readlink -fn "$0")")

JENKINS_SERVER="http://192.168.1.100:8080";
options="-s $JENKINS_SERVER -auth admin:123456"


if [ ! -f "$currentdir/jenkins-cli.jar" ]; then
    curl -fsSL -O $JENKINS_SERVER/jnlpJars/jenkins-cli.jar
fi
java -jar jenkins-cli.jar $options list-plugins | awk '{print $1}' |sort
ace-editor
ant
apache-httpcomponents-client-4-api
authentication-tokens
authorize-project
blueocean
blueocean-autofavorite
blueocean-bitbucket-pipeline
blueocean-commons
blueocean-config
blueocean-core-js
blueocean-dashboard
blueocean-display-url
blueocean-events
blueocean-github-pipeline
blueocean-git-pipeline
blueocean-i18n
blueocean-jwt
blueocean-personalization
blueocean-pipeline-api-impl
blueocean-pipeline-editor
blueocean-pipeline-scm-api
blueocean-rest
blueocean-rest-impl
blueocean-web
bootstrap4-api
bootstrap5-api
bouncycastle-api
branch-api
build-name-setter
caffeine-api
checks-api
cloudbees-bitbucket-branch-source
cloudbees-folder
command-launcher
commons-lang3-api
commons-text-api
config-file-provider
configuration-as-code
credentials
credentials-binding
dingding-notifications
display-url-api
docker-commons
docker-workflow
dotnet-sdk
durable-task
echarts-api
email-ext
extended-choice-parameter
favorite
font-awesome-api
generic-webhook-trigger
git
git-client
github
github-api
github-branch-source
github-checks
gitlab-plugin
git-parameter
git-server
golang
gradle
handlebars
handy-uri-templates-2-api
htmlpublisher
image-tag-parameter
instance-identity
ionicons-api
jackson2-api
jakarta-activation-api
jakarta-mail-api
javadoc
javax-activation-api
javax-mail-api
jaxb
jdk-tool
jenkins-design-language
jersey2-api
jjwt-api
jquery
jquery3-api
jsch
junit
kubernetes
kubernetes-cli
kubernetes-client-api
kubernetes-credentials
lockable-resources
mailer
mapdb-api
matrix-auth
matrix-project
maven-plugin
metrics
mina-sshd-api-common
mina-sshd-api-core
momentjs
nexus-artifact-uploader
nodejs
okhttp-api
parameterized-scheduler
pipeline-build-step
pipeline-graph-analysis
pipeline-groovy-lib
pipeline-input-step
pipeline-milestone-step
pipeline-model-api
pipeline-model-definition
pipeline-model-extensions
pipeline-rest-api
pipeline-stage-step
pipeline-stage-tags-metadata
pipeline-stage-view
pipeline-utility-steps
plain-credentials
plugin-util-api
popper2-api
popper-api
postbuild-task
publish-over
publish-over-ssh
pubsub-light
resource-disposer
role-strategy
scm-api
script-security
snakeyaml-api
sse-gateway
ssh-credentials
sshd
ssh-slaves
ssh-steps
structs
subversion
test-results-aggregator
token-macro
trilead-api
variant
workflow-aggregator
workflow-api
workflow-basic-steps
workflow-cps
workflow-durable-task-step
workflow-job
workflow-multibranch
workflow-scm-step
workflow-step-api
workflow-support
ws-cleanup

jenkins-cli.jar usage and commands

Usage: java -jar jenkins-cli.jar [-s URL] command [opts...] args...
Options:
 -s URL              : the server URL (defaults to the JENKINS_URL env var)
 -http               : use a plain CLI protocol over HTTP(S) (the default; mutually exclusive with -ssh)
 -webSocket          : like -http but using WebSocket (works better with most reverse proxies)
 -ssh                : use SSH protocol (requires -user; SSH port must be open on server, and user must have registered a public key)
 -i KEY              : SSH private key file used for authentication (for use with -ssh)
 -noCertificateCheck : bypass HTTPS certificate check entirely. Use with caution
 -noKeyAuth          : don't try to load the SSH authentication private key. Conflicts with -i
 -user               : specify user (for use with -ssh)
 -strictHostKey      : request strict host key checking (for use with -ssh)
 -logger FINE        : enable detailed logging from the client
 -auth [ USER:SECRET | @FILE ] : specify username and either password or API token (or load from them both from a file);
                                 for use with -http.
                                 Passing credentials by file is recommended.
                                 See https://www.jenkins.io/redirect/cli-http-connection-mode for more info and options.
 -bearer [ TOKEN | @FILE ]     : specify authentication using a bearer token (or load the token from file);
                                 for use with -http. Mutually exclusive with -auth.
                                 Passing credentials by file is recommended.
  add-job-to-view
    Adds jobs to view.
  apply-configuration
    Apply YAML configuration to instance
  build
    Builds a job, and optionally waits until its completion.
  cancel-quiet-down
    Cancel the effect of the "quiet-down" command.
  check-configuration
    Check YAML configuration to instance
  clear-queue
    Clears the build queue.
  connect-node
    Reconnect to a node(s)
  console
    Retrieves console output of a build.
  copy-job
    Copies a job.
  create-credentials-by-xml
    Create Credential by XML
  create-credentials-domain-by-xml
    Create Credentials Domain by XML
  create-job
    Creates a new job by reading stdin as a configuration XML file.
  create-node
    Creates a new node by reading stdin as a XML configuration.
  create-view
    Creates a new view by reading stdin as a XML configuration.
  declarative-linter
    Validate a Jenkinsfile containing a Declarative Pipeline
  delete-builds
    Deletes build record(s).
  delete-credentials
    Delete a Credential
  delete-credentials-domain
    Delete a Credentials Domain
  delete-job
    Deletes job(s).
  delete-node
    Deletes node(s)
  delete-view
    Deletes view(s).
  disable-job
    Disables a job.
  disable-plugin
    Disable one or more installed plugins.
  disconnect-node
    Disconnects from a node.
  enable-job
    Enables a job.
  enable-plugin
    Enables one or more installed plugins transitively.
  export-configuration
    Export jenkins configuration as YAML
  get-credentials-as-xml
    Get a Credentials as XML (secrets redacted)
  get-credentials-domain-as-xml
    Get a Credentials Domain as XML
  get-gradle
    List available gradle installations
  get-job
    Dumps the job definition XML to stdout.
  get-node
    Dumps the node definition XML to stdout.
  get-view
    Dumps the view definition XML to stdout.
  groovy
    Executes the specified Groovy script. 
  groovysh
    Runs an interactive groovy shell.
  help
    Lists all the available commands or a detailed description of single command.
  import-credentials-as-xml
    Import credentials as XML. The output of "list-credentials-as-xml" can be used as input here as is, the only needed change is to set the actual Secrets which are redacted in the output.
  install-plugin
    Installs a plugin either from a file, an URL, or from update center. 
  keep-build
    Mark the build to keep the build forever.
  list-changes
    Dumps the changelog for the specified build(s).
  list-credentials
    Lists the Credentials in a specific Store
  list-credentials-as-xml
    Export credentials as XML. The output of this command can be used as input for "import-credentials-as-xml" as is, the only needed change is to set the actual Secrets which are redacted in the output.
  list-credentials-context-resolvers
    List Credentials Context Resolvers
  list-credentials-providers
    List Credentials Providers
  list-jobs
    Lists all jobs in a specific view or item group.
  list-plugins
    Outputs a list of installed plugins.
  mail
    Reads stdin and sends that out as an e-mail.
  offline-node
    Stop using a node for performing builds temporarily, until the next "online-node" command.
  online-node
    Resume using a node for performing builds, to cancel out the earlier "offline-node" command.
  quiet-down
    Quiet down Jenkins, in preparation for a restart. Don’t start any builds.
  reload-configuration
    Discard all the loaded data in memory and reload everything from file system. Useful when you modified config files directly on disk.
  reload-jcasc-configuration
    Reload JCasC YAML configuration
  reload-job
    Reload job(s)
  remove-job-from-view
    Removes jobs from view.
  replay-pipeline
    Replay a Pipeline build with edited script taken from standard input
  restart
    Restart Jenkins.
  restart-from-stage
    Restart a completed Declarative Pipeline build from a given stage.
  safe-restart
    Safely restart Jenkins.
  safe-shutdown
    Puts Jenkins into the quiet mode, wait for existing builds to be completed, and then shut down Jenkins.
  session-id
    Outputs the session ID, which changes every time Jenkins restarts.
  set-build-description
    Sets the description of a build.
  set-build-display-name
    Sets the displayName of a build.
  shutdown
    Immediately shuts down Jenkins server.
  stop-builds
    Stop all running builds for job(s)
  update-credentials-by-xml
    Update Credentials by XML
  update-credentials-domain-by-xml
    Update Credentials Domain by XML
  update-job
    Updates the job definition XML from stdin. The opposite of the get-job command.
  update-node
    Updates the node definition XML from stdin. The opposite of the get-node command.
  update-view
    Updates the view definition XML from stdin. The opposite of the get-view command.
  version
    Outputs the current version.
  wait-node-offline
    Wait for a node to become offline.
  wait-node-online
    Wait for a node to become online.
  who-am-i
    Reports your credential and permissions.

jenkins镜像

more