Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create GlobalConfigFiles.xml #1

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

create GlobalConfigFiles.xml #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
358b64a
create GlobalConfigFiles.xml
darachcawley Oct 24, 2019
810c3bd
adding some more details to the readme
darachcawley Oct 24, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 17 additions & 14 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,14 @@
# Custom Jenkins Image
Create Custom Jenkins image using, Jenkins S2i Image
This is for creating a custom Jenkins image, on top of the Jenkins S2I builder image.
Its purpose is to get you up and running with a working Jenkins server, which is already mostly configurated and follows best practice. Once setup, you will be ready to create pipelines for your apps, using an existing shared library or pipelines covering Java and NodeJS.

## Architecture
![Jenkins custom image autobuild](https://github.com/rhappdev/assets/blob/master/custom_jenkins_image/custom_jenkins_autobuild.png)

## Setup

### Configuration files
[Jenkins S2i Image](https://github.com/openshift/jenkins) requires a folder structure:
![Tree structure](https://github.com/rhappdev/assets/blob/master/custom_jenkins_image/tree_structure.png)

### Create custom jenkins image
### Step 1 - Create custom jenkins image
This will generate your BuildConfig and Image Stream.
1. Login into oc CLI:
``` oc login <host>```
2. Add username
Expand All @@ -23,13 +21,14 @@ Create Custom Jenkins image using, Jenkins S2i Image
```oc new-build jenkins:2~https://github.com/rhappdev/custom-jenkins-image.git --name=custom-jenkins -e GIT_SSL_NO_VERIFY=true -e OVERRIDE_PV_CONFIG_WITH_IMAGE_CONFIG=true -e OVERRIDE_PV_PLUGINS_WITH_IMAGE_PLUGINS=true -n <projectName>```
6. Wait until the image is created.

### Create new jenkins app, using jenkins-persistent template
### Step 2 - Create new jenkins app, using jenkins-persistent template
This will create your Jenkins Server.
1. Use jenkins-persistent template:
```oc new-app jenkins-persistent -p JENKINS_IMAGE_STREAM_TAG=custom-jenkins:latest -p NAMESPACE=<projectName> -p MEMORY_LIMIT=4Gi -p VOLUME_CAPACITY=10Gi -n <namespace>```
2. Wait until the new pod is running.
3. Access the Jenkins URL and check if jenkins is configured with our initial configuration.

### Create web-hook for autobuild.
### Step 3 (optional) - Create web-hook for autobuild.
If we need to change something in the configuration, this will trigger a new build, and automatically redeploy our jenkins app.
1. Make sure that github webhook is enabled:
```oc describe bc/custom-jenkins -n <projectName>```
Expand All @@ -50,6 +49,12 @@ If not type the following:
* which events would you like to trigger this webhook?: Just the push event.
5. Now if you push something to the repo a new build will be triggered.

## Learn More

### Configuration files
[Jenkins S2i Image](https://github.com/openshift/jenkins) requires a folder structure:
![Tree structure](https://github.com/rhappdev/assets/blob/master/custom_jenkins_image/tree_structure.png)

### Jenkins permissions
Openshift login plugin lets you login to Jenkins with your account on an OpenShift installation using the flag OPENSHIFT_ENABLE_OAUTH when creating the app based on jenkins-persistent template (default to true).

Expand All @@ -61,8 +66,6 @@ hudson.model.Hudson.READ,
hudson.model.Item.READ
com.cloudbees.plugins.credentials.CredentialsProvider.VIEW



For the edit role, in addition to the permissions available to view:
hudson.model.Item.BUILD
hudson.model.Item.CONFIGURE
Expand All @@ -73,14 +76,14 @@ hudson.model.Item.WORKSPACE
hudson.scm.SCM.TAG
jenkins.model.Jenkins.RUN_SCRIPTS


> When this plugin manages authentication, the predefined admin user in the default Jenkins user database for the OpenShift Jenkins image is now ignored

> Permissions for users in Jenkins can be changed in OpenShift after those users are initially established in Jenkins. The OpenShift Login plugin polls the OpenShift API server for permissions and will update the permissions stored in Jenkins for each Jenkins user with the permissions retrieved from OpenShift. Technically speaking, you can change the permissions for a Jenkins user from the Jenkins UI as well, but those changes will be overwritten the next time the poll occurs.

## Best practises

### Shared Libraries
Apps tend to repeat the same steps when being built, that is why having a shared library with reusable pipelines is best practice.
To learn more about Shared Libraries, refer to this [Repo](https://github.com/rhappdev/shared-jenkins-pipelines/blob/master/sections/setup.md)

### Integration tests
Expand Down Expand Up @@ -116,15 +119,15 @@ skopeo copy --src-tls-verify=false --dest-tls-verify=false --src-creds openshift

### Store Credentials in Jenkins

To follow the best practises, don’t store the credentials in the Jenkinsfile, always try to retrieve the credentials from Jenkins.
To follow the best practises, don’t store the credentials in the Jenkinsfile, always try to retrieve the credentials from Jenkins. i.e. manually add them in Jenkins once deployed.

1. Create a username with password credential
2. Username: ```openshift```
3. Password: ```<TOKEN>```
4. Id: ```<desiredCredentialId>```
5. Description: ```<desiredDescription>```

### Do - Prefer stashing files to archiving
### Do - Prefer stashing files to archiving

If you just need to share files between stages and nodes of your pipeline, you should use stash/unstash instead of archive.
Stash and unstash are designed for sharing files, for example your application’s source code, between stages and nodes. Archives, on the other hand, are designed for longer term file storage (e.g., intermediate binaries from your builds).
Expand All @@ -143,7 +146,7 @@ withCredentials([usernamePassword(credentialsId: 'prod-sa', passwordVariable: 'p
}
```

### Don’t: Use input within a node block
### Don’t: Use input within a node block

The input element pauses pipeline execution to wait for an approval - either automated or manual. Naturally these approvals could take some time. The node element, on the other hand, acquires and holds a lock on a workspace and heavy weight Jenkins executor - an expensive resource to hold onto while pausing for input.

Expand Down
56 changes: 56 additions & 0 deletions configuration/org.jenkinsci.plugins.configfiles.GlobalConfigFiles.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
<?xml version='1.0' encoding='UTF-8'?>
<org.jenkinsci.plugins.configfiles.GlobalConfigFiles plugin="[email protected]">
<configs class="sorted-set">
<comparator class="org.jenkinsci.plugins.configfiles.GlobalConfigFiles$1"/>
<org.jenkinsci.plugins.configfiles.maven.GlobalMavenSettingsConfig>
<id>maven-settings</id>
<name>maven-settings</name>
<comment>maven-settings</comment>
<content>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;settings&gt;
&lt;mirrors&gt;
&lt;mirror&gt;
&lt;id&gt;Nexus&lt;/id&gt;
&lt;name&gt;Nexus Public Mirror&lt;/name&gt;
&lt;url&gt;http://nexus-dcawley-xpaas.apps.na311.openshift.opentlc.com/content/groups/public/&lt;/url&gt;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change the URL with a PLACEHOLDER

&lt;mirrorOf&gt;*&lt;/mirrorOf&gt;
&lt;/mirror&gt;
&lt;/mirrors&gt;
&lt;servers&gt;
&lt;server&gt;
&lt;id&gt;nexus&lt;/id&gt;
&lt;username&gt;xxxx&lt;/username&gt;
&lt;password&gt;xxxx&lt;/password&gt;
&lt;/server&gt;
&lt;server&gt;
&lt;id&gt;nexus-snapshots&lt;/id&gt;
&lt;username&gt;xxxx&lt;/username&gt;
&lt;password&gt;xxxx&lt;/password&gt;
&lt;/server&gt;
&lt;server&gt;
&lt;id&gt;nexus-releases&lt;/id&gt;
&lt;username&gt;xxxx&lt;/username&gt;
&lt;password&gt;xxxx&lt;/password&gt;
&lt;/server&gt;
&lt;/servers&gt;
&lt;/settings&gt;
</content>
<providerId>org.jenkinsci.plugins.configfiles.maven.GlobalMavenSettingsConfig</providerId>
<serverCredentialMappings>
<org.jenkinsci.plugins.configfiles.maven.security.ServerCredentialMapping>
<serverId>nexus</serverId>
<credentialsId>nexus</credentialsId>
</org.jenkinsci.plugins.configfiles.maven.security.ServerCredentialMapping>
<org.jenkinsci.plugins.configfiles.maven.security.ServerCredentialMapping>
<serverId>nexus-snapshots</serverId>
<credentialsId>nexus</credentialsId>
</org.jenkinsci.plugins.configfiles.maven.security.ServerCredentialMapping>
<org.jenkinsci.plugins.configfiles.maven.security.ServerCredentialMapping>
<serverId>nexus-releases</serverId>
<credentialsId>nexus</credentialsId>
</org.jenkinsci.plugins.configfiles.maven.security.ServerCredentialMapping>
</serverCredentialMappings>
<isReplaceAll>true</isReplaceAll>
</org.jenkinsci.plugins.configfiles.maven.GlobalMavenSettingsConfig>
</configs>
</org.jenkinsci.plugins.configfiles.GlobalConfigFiles>