One 、Jenkins Installation and use

1. Install... On the server jdk

• Jenkins Need to rely on JDK, So install it first JDK1.8 , Installation directory is ：/usr/lib/jvm

yum install java-1.8.0-openjdk* -y

• obtain jenkins Installation package

 The download page ：https://jenkins.io/zh/download/ 
 The installation files ：jenkins-2.277.4-1.1.noarch.rpm

• Upload the installation package 192.168.66.101 The server , Installation

rpm -ivh jenkins-2.277.4-1.1.noarch.rpm

• modify Jenkins To configure

vim /etc/sysconfig/jenkins
 The modification is as follows ： Be careful ： If the user uses the default , You need to create... On the system jenkins user 
JENKINS_USER="root" 
JENKINS_PORT="8888"

• start-up Jenkins

systemctl start jenkins 

2. visit jenkins Website

• Open browser access http://192.168.74.8:8888
• 
  
• Get and input admin Account password

[[email protected] ~]#cat /var/lib/jenkins/secrets/initialAdminPassword

• Skip plug-in installation
  because Jenkins Plug ins need to connect to the default official website to download , Very slow , And it will fail , So let's skip the plug-in installation for now
  
  
• Add an administrator account , And enter Jenkins backstage
  
  

3.Jenkins Password forgetting processing

• Modify the profile security feature to disable

vim /var/lib/jenkins/config.xml
<useSecurity>false</useSecurity>   
// restart jenkins service 
systemctl restart jenkins
 You can directly log in and change your account and password 

 modify jenkins The user name and ID
vim /var/lib/jenkins/users/users.xml

4. Jenkins Plug-in management

Jenkins It doesn't provide many functions , We can use plug-ins to meet our needs . For example, from Gitlab Pull the code , Use Maven Build projects and other functions need to rely on plug-ins to complete .

It is suggested that jenkins Upgrade to the latest version first

modify Jenkins Plug in download address ,Jenkins The download speed of foreign official plug-in address is very slow , So it can be changed to the domestic plug-in address ：
Jenkins->Manage Jenkins->Manage Plugins, Click on Available
Modify in the server

cd /var/lib/jenkins/updates
sed -i 's/http:\/\/updates.jenkins- ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json

• Last ,Manage Plugins Click on Advanced, hold Update Site Change to the domestic plug-in download address

https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

• Sumbit after , Type in the browser ： http://192.168.74.8:8888/restart , restart Jenkins.

5. Download the Chinese plugin

Jenkins->Manage Jenkins->Manage Plugins, Click on Available, Search for "Chinese"

restart Jenkins after , Just see Jenkins It's sinicized , However, some menus may not be translated into Chinese successfully

Two 、Jenkins Use plug-ins to manage user permissions

• We can use Role-based Authorization Strategy Plug in to manage Jenkins User rights installation Role-based Authorization Strategy plug-in unit
  Jenkins->Manage Jenkins->Manage Plugins, Click on Available, Search for "role"
  

1. Enable global security configuration of permissions

A sign will appear after completion

Click in

Global roles（ Global role ）： Advanced users such as administrators can create global based roles
Project roles（ Project role ）： Roles for one or more projects
Slave roles（ Slave character ）： Node related permissions

2. Add the following three roles ：

baseRole： The role is global . This role needs to be bound Overall Below Read jurisdiction , To bind all users Set the most basic Jenkins Access right . Be careful ： If you do not bind this role to subsequent users , Report error ： user name is missing the Overall/Read permission
role1： This role is the project role . Use regular expression binding "apple.", It means you can only operate apple The opening project .
role2： This role is also a project role . binding "orange.", It means you can only operate orange The opening project .

3. Create user

Go to the system management page Manage Users

Create two users respectively ：jack and lisi

4. Assign roles to users

Enter the system management page Manage and Assign Roles, Click on Assign Roles

The binding rules are as follows ： kali Users are bound separately baseRole and role1 role jack Users are bound separately baseRole and role2 role

The result is ：
jack The user login , You can only see apple01 project lisi The user login , You can only see orange01 project

3、 ... and 、Jenkins Voucher management

Credentials can be used to store database passwords that need ciphertext protection 、Gitlab Password information 、Docker Private warehouse password, etc , In order to Jenkins It can interact with these third-party applications .

1. install Credentials Binding plug-in unit

To be in Jenkins Use the voucher management function , Need to install Credentials Binding plug-in unit

The vouchers that can be added are 5 Kind of ：

Common voucher types are ：Username with password（ User password ） and SSH Username with privatekey（SSH secret key ）

Next, use Git Tools to Gitlab Pull project source code as an example , demonstration Jenkins How to manage Gitlab Proof of .

2. install Git Plug ins and Git Tools

In order to make Jenkins Support from the Gitlab Pull source code , Need to install Git Plug in and in CentOS7 Installation on Git Tools .

On the server to install git

yum install git -y  install 
git --version  Check the version after installation 

4. User password type

4.1 Create Voucher

Jenkins-> voucher -> System -> Global credentials -> Add credentials

4.2 Test the availability of credentials

Create a FreeStyle project ： newly build Item->FreeStyle Project-> determine

• find " Source code management "->“Git”, stay Repository URL Copy Gitlab Projects in China URL
  
  
  Save configuration

4.3 Click on the building ”Build Now“ Start building projects

see /var/lib/jenkins/workspace/ Catalog , The discovery has come from Gitlab Successfully pulled the code to Jenkins in .

5.SSH Key type

SSH Secret free login diagram ：

5.1 Use root Users generate public and private keys

ssh-keygen -t rsa

• stay /root/.ssh/ The directory holds the public key and uses
  

id_rsa： Private key file 
id_rsa.pub： A public key file 
 use cat Command view 

5.2 Put the generated public key in Gitlab in

With root The account login gitlab-> Click on the picture ->Settings->SSH Keys
Copy just now id_rsa.pub Here's the content of the document , Click on "Add Key"

5.3Jenkins Add credentials to , Configure private key

stay Jenkins Add a new credential , The type is "SSH Username with private key", Copy the contents of the private file generated just now

5.4 Test the availability of credentials

newly build "test02" project -> Source code management ->Git, Use this time Gitlab Of SSH Connect , And choose SSH voucher

After construction, it succeeded