Code is available at local git server. That same server is also hosting multiple tomcat. Jenkins build should pull the git to collect code, prepare mysql DB, execute ant target, finally place the resultant war file at particular webapps folder. Apart from all these build specific tasks, jenkins should shutdown the associated tomcat before ant task and start it again after placing the war file in webapps
On debian, add the official jenkins repo and add signature .
wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add - echo "deb http://pkg.jenkins-ci.org/debian binary/" > /etc/apt/sources.list.d/jenkins.list apt-get update
Install jenkins and openjdk
apt-get install jenkins openjdk-8-jdk-headless
service jenkins start
Check by telnet. Jenkins’ default port is 8080 where Jetty a Java HTTP (Web) server runs.
Apache SSL enabled vhost as reverse proxy
Following apache modules must be activated
a2enmod proxy a2enmod proxy_html a2enmod headers
Below is the vhost configuration with non http to https redirection
<VirtualHost jenkins.simpsoft.local:80> ServerName jenkins.simpsoft.local ServerAdmin firstname.lastname@example.org Redirect permanent / https://jenkins.simpsoft.local/ </VirtualHost> <IfModule mod_ssl.c> <VirtualHost jenkins.simpsoft.local:443> ServerName jenkins.simpsoft.local SSLEngine On SSLCertificateFile /etc/apache2/SSLCert/apache.crt SSLCertificateKeyFile /etc/apache2/SSLCert/apache.key ServerAdmin webmaster@localhost ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ ProxyPassReverse / http://jenkins.simpsoft.local/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" </VirtualHost> </IfModule>
Creating SSL certificate is beyond the scope of this post but there are many tutorials on same.
We need to visit https://jenkins.simpsoft.local/ through browser and create an admin user.
Granular access control is possible through Project-based Matrix Authorization Strategy
admin user must have ALL access, non admin users should have at least read access.
Project creation and configuration
Let’s create a Free Style project BuildCommissionTool
Arrange Project access as below. Observe that sctuser is restricted and can’t modify configuration
Here the git repo can be accessed over file protocol (same server). Your might vary.
Our Build process is as below
Script with super user privilage must not ask password
For obvious reason, sudo must not ask password during build. We have /etc/sudoers.d/simpsoft_jenkins with following arrangement
jenkins ALL=NOPASSWD: /root/bin/jenkins_script/deploySCT, \ /root/bin/jenkins_script/SCTprepareDB
Single click Build in action
Project based Matrix Security in action