KANCHANA's BLOG: Installing Jenkins in GCP instance centos 7

Create a new instance for jenkins as previous instance is loaded with git, maven, nexus,sonar.

ssh to jenkins instance

sudo yum -y install maven --> This iwll install java, javac as they are dependencies for maven
javac -version
$yum -y install java-1.8.0
$java -version
$yum -y install java-1.8.0-devel
java -version
mvn --version
sudo yum -y install git
From https://pkg.jenkins.io/redhat/ copy the commands and change stable after redhat, as redhat will install latest version but redhat-stable installs stable version which we should use.
sudo yum -y install wget
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
sudo yum -y install jenkins
sudo yum -y install net-tools
sudo netstat -ntpl ---> jenkins run on port 8080 by default
http://104.154.241.244:8080 --> This Ip is google cloud instance IP
copy the location it shows in page and check for the password in ssh
[LENOVO@jenkins ~]$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword
f8d92922b1884e5395502ea0e180a1b3
Login the url with the above password
Once logged in install suggested plugins (always we should use suggest plugins)
Give credentials Username: kanchana Password: Siddu_2016
How to create a sample Job-->Connect to github which has a website info and run it
https://github.com/ravi2krishna/food --> This has the website related to food.
all jobs are listed under in the instance.
/var/lib/jenkins/jobs
[LENOVO@jenkins ~]$ sudo ls /var/lib/jenkins/jobs
websiteTest
We created a Job called "websireTest" in jenkins which is displayed in instance.
Error when we run the build.

+ sudo yum -y install httpd

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

sudo: no tty present and no askpass program specified
Build step 'Execute shell' marked build as failure
Finished: FAILURE

jenkins is trying to run the above command as root but jenkins is not in root

[LENOVO@jenkins ~]$ id jenkins
uid=996(jenkins) gid=993(jenkins) groups=993(jenkins)

We have to add jenkins to google-sudoers to run the sudo command as we are using GCP

[LENOVO@jenkins ~]$ id LENOVO --> 
uid=1000(LENOVO) gid=1001(LENOVO) groups=1001(LENOVO),4(adm),39(video),40(dip),1000(google-sudoers)

jenkins is a system user which is created when we install particular applications

/cat /etc/passwd

[LENOVO@jenkins ~]$ sudo usermod -aG google-sudoers jenkins
[LENOVO@jenkins ~]$ id jenkins
uid=996(jenkins) gid=993(jenkins) groups=993(jenkins),1000(google-sudoers)
[LENOVO@jenkins ~]$

tty is missing which is login console

cat /etc/passwd --> check for tty there should be some console like /bin/bash to execute the commands.

jenkins:x:996:993:Jenkins Automation Server:/var/lib/jenkins:/bin/false

/bin/false which means there is no console details like /bin/bash

change it as below

jenkins:x:996:993:Jenkins Automation Server:/var/lib/jenkins:/bin/bash
Restart jenkins before building job again

[LENOVO@jenkins ~]$ sudo systemctl restart jenkins
[LENOVO@jenkins ~]$

Build the job now, it will be successful

To check the website go to url and give the Ip address in URL

104.154.241.244

use Build triggers to run the job continuously Give * * * * * to run the job every minute

If the web page is changed in github, the changed information should be displayed in url when refreshed as we scheduled the job.
But here the job failed, as the folder /var/www/html is not empty.

+ sudo git clone https://github.com/ravi2krishna/food.git /var/www/html
fatal: destination path '/var/www/html' already exists and is not an empty directory.
Build step 'Execute shell' marked build as failure
Finished: FAILURE

Even after removing the files in /var/html/git it is still failing because there is .git

ls -a

When the build triggers again, now the website is changed

If something is changed in the index.html file in git , the schedule in jenkins is running and the change can be seen in the url when refreshed.

Working with plugins

Go to Manage jenkins page

All the users in the jenkins will have access to all the projects which is not secure.

To avoid this we have to install a plugin called "Role based authorization stratergy plugin".

Initially in the "Configure Global security" of Manage jenkins shows " Logged-in users can do anything" enabled.

Go to Manage Jenkins and click on Manage Plugins. Go to "Available" tab and search for "Role based authorization strategy plugin", install it without restart

Now in "Global security" you will have a new option called "Role-Based Strategy ", enable it.

How to Create Users and Assign roles.

Go to Manage jenkins and manage users.

Create a dev1 user and one tester1 user.

Now create 2 Jobs with names devproject and testproject one is for dev and one is for tester

Go to Manage and Assign roles in Manage Jenkins .

We have to assign roles to the users like

A dev user should see and build only devproject and a tester should see and build only testproject.

"Mange and Assign roles" option in Manage jenkins will be installed when Role based authorization strategy plugin is installed.

pattern --? anything that starts with dev

MASTER & SLAVE (Distributed Builds)

Master --Only administrative tasks like creating tasks, manage plugins, users...

Slave or nodes ---Will build the jobs .....all the processing will be done in this machine

Suppose there are 5 machines in which 3 are dev machines and 2 are QA machinses

There will be one more machine which defines when thre is a dev job go to dev machines which used cpu and RAM of dev machine

Load on main machine is just to create jobs

Java + maven + github should be there are all main and dev machines

QA machines should have java + maven + git +junit +selenium +

All installations on thesse machines can be done using CHEF using cookbook

MASTER & SLAVE CONFIGURATION

Configuring Master

Make hand shake between Master & slaves (Nodes) , means public and private keys and add it in
Hand shake is required as Jenkins master runs the job on nodes
JAva must be installed on all nodes if master needs to communicate with master.
Before making hand shake make sure to have a user which can access other hosts

On Master:

Give the jenkins user login access [/etc/passwd]
Add jenkins t, sudoers file (T0 access other nodes need sudo control)

usermod -aG <group name> jenkins
visudo

Restart master as group is chanaged
Generate key-pair using ssh-keygen (this pub key should be saved in nodes)--Login in with jenkins user and generate ssh (sudo su jenkins , need to go to that cd /var/lib/jenkins)

On Node/Slave:

Create jenkins user (to isolate all the settings of other users) sudo useradd jenkins
Add jenkins to sudoers file (This jenkins user should run all the tasks so need sudo permission)
Add public key of jenkins master in authorized keys file
Install java and javac

All the above 4 steps are same for all nodes.

For web application install webserver, git

Pwd and PWD less authentication.where we will chnage the password for that user

sudo vi /etc/ssh/sshd_config

From Master

bash-4.2$ ssh jenkins@35.192.151.201

The authenticity of host '35.192.151.201 (35.192.151.201)' can't be established.
ECDSA key fingerprint is SHA256:NHi2lURoCIHQT1OW4SlD68HPk0eoRAOKj3Fwkwwv8Ms.
ECDSA key fingerprint is MD5:48:2c:0f:e2:ee:e7:e7:49:4f:c8:05:d9:be:cb:a0:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '35.192.151.201' (ECDSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
bash-4.2$ vim /var/log/secure
bash-4.2$ sudo vim /var/log/secure
bash-4.2$

bash-4.2$ ssh -v jenkins@35.192.151.201

When ever we are making SSH connection u700 permission should be there

.ssh 700

authorizeed_keys 600

Wednesday, November 8, 2017

Installing Jenkins in GCP instance centos 7

Working with plugins

1 comment: