Single click deployment by jenkins

Standard

Scenario

Code is available at local git server. That same server is also hosting multiple tomcat. Jenkins build should pull the git to collect code, prepare mysql DB, execute ant target, finally place the resultant war file at particular webapps folder. Apart from all these build specific tasks, jenkins should shutdown the associated tomcat before ant task and start it again after placing the war file in webapps

Jenkins installation

On debian, add the official jenkins repo and add signature .

wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
echo "deb http://pkg.jenkins-ci.org/debian binary/" > /etc/apt/sources.list.d/jenkins.list
apt-get update

Install jenkins and openjdk

apt-get install jenkins  openjdk-8-jdk-headless

start jenkins

service jenkins start

Check by telnet.  Jenkins’ default port is 8080 where Jetty a Java HTTP (Web) server runs.

Selection_009

Apache SSL enabled vhost as reverse proxy

Following apache modules must be activated

a2enmod proxy 
a2enmod proxy_html
a2enmod headers

Below is the vhost configuration with non http to https redirection

<VirtualHost jenkins.simpsoft.local:80>
 ServerName jenkins.simpsoft.local
 ServerAdmin admin@simpsoft.local
 Redirect permanent / https://jenkins.simpsoft.local/
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost jenkins.simpsoft.local:443>
 ServerName jenkins.simpsoft.local
 SSLEngine On
 SSLCertificateFile /etc/apache2/SSLCert/apache.crt
 SSLCertificateKeyFile /etc/apache2/SSLCert/apache.key
 ServerAdmin webmaster@localhost
 ProxyRequests Off
 ProxyPreserveHost On
 AllowEncodedSlashes NoDecode
 <Proxy *>
 Order deny,allow
 Allow from all
 </Proxy>
 ProxyPass / http://localhost:8080/ nocanon
 ProxyPassReverse / http://localhost:8080/
 ProxyPassReverse / http://jenkins.simpsoft.local/
 RequestHeader set X-Forwarded-Proto "https"
 RequestHeader set X-Forwarded-Port "443"
</VirtualHost>
</IfModule>

Creating SSL certificate is beyond the scope of this post but there are many tutorials on same.

We need to visit https://jenkins.simpsoft.local/ through browser and create an admin user.

Jenkins security

Granular access control is possible through Project-based Matrix Authorization Strategy
admin user must have ALL access, non admin users should have at least read access.

Selection_010

Project creation and configuration

Let’s create a Free Style project BuildCommissionTool

2016-05-31-120751_638x531_scrot

 

Arrange Project access as below. Observe that sctuser is restricted and can’t modify configuration

Selection_011

 

Here the git repo can be accessed over file protocol (same server). Your might vary.

Selection_012

 

Our Build process is as below

Selection_013

Selection_014

Script with super user privilage must not ask password

For obvious reason, sudo must not ask password during build. We have /etc/sudoers.d/simpsoft_jenkins with following arrangement

jenkins ALL=NOPASSWD: /root/bin/jenkins_script/deploySCT, \
/root/bin/jenkins_script/SCTprepareDB

Single click Build in action

Selection_015

Selection_020

Project based Matrix Security in action

Selection_018Login as admin user

Selection_017Login as sctuser user

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s