Single click deployment by jenkins



Code is available at local git server. That same server is also hosting multiple tomcat. Jenkins build should pull the git to collect code, prepare mysql DB, execute ant target, finally place the resultant war file at particular webapps folder. Apart from all these build specific tasks, jenkins should shutdown the associated tomcat before ant task and start it again after placing the war file in webapps

Jenkins installation

On debian, add the official jenkins repo and add signature .

wget -q -O - | sudo apt-key add -
echo "deb binary/" > /etc/apt/sources.list.d/jenkins.list
apt-get update

Install jenkins and openjdk

apt-get install jenkins  openjdk-8-jdk-headless

start jenkins

service jenkins start

Check by telnet.  Jenkins’ default port is 8080 where Jetty a Java HTTP (Web) server runs.


Apache SSL enabled vhost as reverse proxy

Following apache modules must be activated

a2enmod proxy 
a2enmod proxy_html
a2enmod headers

Below is the vhost configuration with non http to https redirection

<VirtualHost jenkins.simpsoft.local:80>
 ServerName jenkins.simpsoft.local
 ServerAdmin admin@simpsoft.local
 Redirect permanent / https://jenkins.simpsoft.local/

<IfModule mod_ssl.c>
<VirtualHost jenkins.simpsoft.local:443>
 ServerName jenkins.simpsoft.local
 SSLEngine On
 SSLCertificateFile /etc/apache2/SSLCert/apache.crt
 SSLCertificateKeyFile /etc/apache2/SSLCert/apache.key
 ServerAdmin webmaster@localhost
 ProxyRequests Off
 ProxyPreserveHost On
 AllowEncodedSlashes NoDecode
 <Proxy *>
 Order deny,allow
 Allow from all
 ProxyPass / http://localhost:8080/ nocanon
 ProxyPassReverse / http://localhost:8080/
 ProxyPassReverse / http://jenkins.simpsoft.local/
 RequestHeader set X-Forwarded-Proto "https"
 RequestHeader set X-Forwarded-Port "443"

Creating SSL certificate is beyond the scope of this post but there are many tutorials on same.

We need to visit https://jenkins.simpsoft.local/ through browser and create an admin user.

Jenkins security

Granular access control is possible through Project-based Matrix Authorization Strategy
admin user must have ALL access, non admin users should have at least read access.


Project creation and configuration

Let’s create a Free Style project BuildCommissionTool



Arrange Project access as below. Observe that sctuser is restricted and can’t modify configuration



Here the git repo can be accessed over file protocol (same server). Your might vary.



Our Build process is as below



Script with super user privilage must not ask password

For obvious reason, sudo must not ask password during build. We have /etc/sudoers.d/simpsoft_jenkins with following arrangement

jenkins ALL=NOPASSWD: /root/bin/jenkins_script/deploySCT, \

Single click Build in action



Project based Matrix Security in action

Selection_018Login as admin user

Selection_017Login as sctuser user



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s