diff --git a/README.md b/README.md index 8f5d504..e336b06 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,14 @@ # Custom Jenkins Image -Create Custom Jenkins image using, Jenkins S2i Image +This is for creating a custom Jenkins image, on top of the Jenkins S2I builder image. +Its purpose is to get you up and running with a working Jenkins server, which is already mostly configurated and follows best practice. Once setup, you will be ready to create pipelines for your apps, using an existing shared library or pipelines covering Java and NodeJS. ## Architecture ![Jenkins custom image autobuild](https://github.com/rhappdev/assets/blob/master/custom_jenkins_image/custom_jenkins_autobuild.png) ## Setup -### Configuration files -[Jenkins S2i Image](https://github.com/openshift/jenkins) requires a folder structure: -![Tree structure](https://github.com/rhappdev/assets/blob/master/custom_jenkins_image/tree_structure.png) - -### Create custom jenkins image +### Step 1 - Create custom jenkins image +This will generate your BuildConfig and Image Stream. 1. Login into oc CLI: ``` oc login ``` 2. Add username @@ -23,13 +21,14 @@ Create Custom Jenkins image using, Jenkins S2i Image ```oc new-build jenkins:2~https://github.com/rhappdev/custom-jenkins-image.git --name=custom-jenkins -e GIT_SSL_NO_VERIFY=true -e OVERRIDE_PV_CONFIG_WITH_IMAGE_CONFIG=true -e OVERRIDE_PV_PLUGINS_WITH_IMAGE_PLUGINS=true -n ``` 6. Wait until the image is created. -### Create new jenkins app, using jenkins-persistent template +### Step 2 - Create new jenkins app, using jenkins-persistent template +This will create your Jenkins Server. 1. Use jenkins-persistent template: ```oc new-app jenkins-persistent -p JENKINS_IMAGE_STREAM_TAG=custom-jenkins:latest -p NAMESPACE= -p MEMORY_LIMIT=4Gi -p VOLUME_CAPACITY=10Gi -n ``` 2. Wait until the new pod is running. 3. Access the Jenkins URL and check if jenkins is configured with our initial configuration. -### Create web-hook for autobuild. +### Step 3 (optional) - Create web-hook for autobuild. If we need to change something in the configuration, this will trigger a new build, and automatically redeploy our jenkins app. 1. Make sure that github webhook is enabled: ```oc describe bc/custom-jenkins -n ``` @@ -50,6 +49,12 @@ If not type the following: * which events would you like to trigger this webhook?: Just the push event. 5. Now if you push something to the repo a new build will be triggered. +## Learn More + +### Configuration files +[Jenkins S2i Image](https://github.com/openshift/jenkins) requires a folder structure: +![Tree structure](https://github.com/rhappdev/assets/blob/master/custom_jenkins_image/tree_structure.png) + ### Jenkins permissions Openshift login plugin lets you login to Jenkins with your account on an OpenShift installation using the flag OPENSHIFT_ENABLE_OAUTH when creating the app based on jenkins-persistent template (default to true). @@ -61,8 +66,6 @@ hudson.model.Hudson.READ, hudson.model.Item.READ com.cloudbees.plugins.credentials.CredentialsProvider.VIEW - - For the edit role, in addition to the permissions available to view: hudson.model.Item.BUILD hudson.model.Item.CONFIGURE @@ -73,7 +76,6 @@ hudson.model.Item.WORKSPACE hudson.scm.SCM.TAG jenkins.model.Jenkins.RUN_SCRIPTS - > When this plugin manages authentication, the predefined admin user in the default Jenkins user database for the OpenShift Jenkins image is now ignored > Permissions for users in Jenkins can be changed in OpenShift after those users are initially established in Jenkins. The OpenShift Login plugin polls the OpenShift API server for permissions and will update the permissions stored in Jenkins for each Jenkins user with the permissions retrieved from OpenShift. Technically speaking, you can change the permissions for a Jenkins user from the Jenkins UI as well, but those changes will be overwritten the next time the poll occurs. @@ -81,6 +83,7 @@ jenkins.model.Jenkins.RUN_SCRIPTS ## Best practises ### Shared Libraries +Apps tend to repeat the same steps when being built, that is why having a shared library with reusable pipelines is best practice. To learn more about Shared Libraries, refer to this [Repo](https://github.com/rhappdev/shared-jenkins-pipelines/blob/master/sections/setup.md) ### Integration tests @@ -116,7 +119,7 @@ skopeo copy --src-tls-verify=false --dest-tls-verify=false --src-creds openshift ### Store Credentials in Jenkins -To follow the best practises, don’t store the credentials in the Jenkinsfile, always try to retrieve the credentials from Jenkins. +To follow the best practises, don’t store the credentials in the Jenkinsfile, always try to retrieve the credentials from Jenkins. i.e. manually add them in Jenkins once deployed. 1. Create a username with password credential 2. Username: ```openshift``` @@ -124,7 +127,7 @@ To follow the best practises, don’t store the credentials in the Jenkinsfile, 4. Id: `````` 5. Description: `````` -### Do - Prefer stashing files to archiving +### Do - Prefer stashing files to archiving If you just need to share files between stages and nodes of your pipeline, you should use stash/unstash instead of archive. Stash and unstash are designed for sharing files, for example your application’s source code, between stages and nodes. Archives, on the other hand, are designed for longer term file storage (e.g., intermediate binaries from your builds). @@ -143,7 +146,7 @@ withCredentials([usernamePassword(credentialsId: 'prod-sa', passwordVariable: 'p } ``` -### Don’t: Use input within a node block +### Don’t: Use input within a node block The input element pauses pipeline execution to wait for an approval - either automated or manual. Naturally these approvals could take some time. The node element, on the other hand, acquires and holds a lock on a workspace and heavy weight Jenkins executor - an expensive resource to hold onto while pausing for input. diff --git a/configuration/org.jenkinsci.plugins.configfiles.GlobalConfigFiles.xml b/configuration/org.jenkinsci.plugins.configfiles.GlobalConfigFiles.xml new file mode 100644 index 0000000..bf63161 --- /dev/null +++ b/configuration/org.jenkinsci.plugins.configfiles.GlobalConfigFiles.xml @@ -0,0 +1,56 @@ + + + + + + maven-settings + maven-settings + maven-settings + <?xml version="1.0" encoding="UTF-8"?> +<settings> + <mirrors> + <mirror> + <id>Nexus</id> + <name>Nexus Public Mirror</name> + <url>http://nexus-dcawley-xpaas.apps.na311.openshift.opentlc.com/content/groups/public/</url> + <mirrorOf>*</mirrorOf> + </mirror> + </mirrors> + <servers> + <server> + <id>nexus</id> + <username>xxxx</username> + <password>xxxx</password> + </server> + <server> + <id>nexus-snapshots</id> + <username>xxxx</username> + <password>xxxx</password> + </server> + <server> + <id>nexus-releases</id> + <username>xxxx</username> + <password>xxxx</password> + </server> + </servers> +</settings> + + org.jenkinsci.plugins.configfiles.maven.GlobalMavenSettingsConfig + + + nexus + nexus + + + nexus-snapshots + nexus + + + nexus-releases + nexus + + + true + + +