Refactor docker Jenkins installation.

The new installation procedure is based on the Jenkins tutorial in https://github.com/jenkins-docs/quickstart-tutorials
uhafner · Jul 4, 2024 · 4a50d43 · 4a50d43
1 parent 80ee35b
commit 4a50d43
Show file tree

Hide file tree

Showing 18 changed files with 740 additions and 278 deletions.
diff --git a/bin/jenkins.sh b/bin/jenkins.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-docker pull jenkins/jenkins:lts-alpine
+docker pull jenkins/jenkins:latest-jdk21
 
 docker compose build --pull
 

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,20 +1,72 @@
-version: "3"
+name: codingstyle
+
 services:
-  jenkins-controller:
+  jenkins:
+    container_name: jenkins
     build:
       context: docker/images/jenkins-controller
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - ./docker/volumes/jenkins-home:/var/jenkins_home:cached
+      - ./docker/volumes/jenkins-home:/var/jenkins_home # Mounts the local jenkins_home volume to the /var/jenkins_home path inside the container
+      - ./secrets/jcasc_token:/run/secrets/CASC_RELOAD_TOKEN:ro # Mounting the token as "container secret" makes it available in JCasc as the variable ${CASC_RELOAD_TOKEN}
+      - agent-ssh-dir:/ssh-dir # Mounts the shared volume agent-ssh-dir to a path inside the container
     ports:
       - 8081:8080   # Jenkins UI - HOST:CONTAINER
     environment:
       - TRY_UPGRADE_IF_NO_MARKER=true
-      - JAVA_OPTS= -Dstapler.jelly.noCache=true  -Dhudson.remoting.ClassFilter=com.google.common.collect.ImmutableListMultimap -DexecutableWar.jetty.disableCustomSessionIdCookieName=true -DexecutableWar.jetty.sessionIdCookieName=warnings-ng-devenv
+      - JAVA_OPTS= -Dstapler.jelly.noCache=true  -Dhudson.remoting.ClassFilter=com.google.common.collect.ImmutableListMultimap -DexecutableWar.jetty.disableCustomSessionIdCookieName=true -DexecutableWar.jetty.sessionIdCookieName=codingstyle
     user: ${CURRENT_UID}
     restart: unless-stopped
-  java11-agent:
-    build: ./docker/images/java11-agent
     depends_on:
-      - jenkins-controller
+      key-generator:
+        condition: service_completed_successfully # Depends on the successful completion of the sidekick_service
+    healthcheck:
+      test: ["CMD-SHELL", "[ -f /ssh-dir/conductor_ok ] || exit 1"]
+      # Checks if the conductor_ok file exists in the /ssh-dir path
+      interval: 5s
+      timeout: 10s
+      retries: 5
+
+  key-generator:
+    container_name: key-generator
+    build:
+      context: docker/images/key-generator
+    stdin_open: true
+    tty: true
+    # The entrypoint script generates the SSH keys and outputs them to the /ssh-dir directory.
+    entrypoint: sh -c "/usr/local/bin/keygen.sh /ssh-dir" # Runs the keygen.sh script and specifies the output directory
+    volumes:
+      - agent-ssh-dir:/ssh-dir # Mounts the agent-ssh-dir volume to the /ssh-dir path inside the container
+    # The healthcheck command checks if the conductor_ok file exists in the /ssh-dir directory.
+    healthcheck:
+      test: ["CMD-SHELL", "[ -f /ssh-dir/conductor_ok ] || exit 1"]
+      # Checks if the conductor_ok file exists in the /ssh-dir path
+      interval: 5s
+      timeout: 10s
+      retries: 5
+
+  java-agent:
+    container_name: java-agent
+    build: docker/images/java-agent
+    depends_on:
+      key-generator:
+        condition: service_completed_successfully # Depends on the successful completion of the sidekick_service
+      jenkins:
+        condition: service_started
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "[ -f /ssh-dir/conductor_ok ] || exit 1"]
+      # Checks if the conductor_ok file exists in the /ssh-dir path
+      interval: 5s
+      timeout: 10s
+      retries: 5
+    volumes:
+      - agent-ssh-dir:/home/jenkins/.ssh:ro # Mounts the agent-ssh-dir volume to the /home/jenkins/.ssh path inside the container as read-only
+      - ${HOME}/.m2/repository:/home/jenkins/.m2/repository # Mounts the local Maven repository to the /home/jenkins/.m2 path inside the container
+
+volumes:
+  agent-ssh-dir:
+    name: agent-ssh-dir # Creates a named volume called agent-ssh-dir
+  jenkins_home:
+    name: jenkins_home # Creates a named volume called jenkins_home
+    external: true
diff --git a/docker/images/java-agent/Dockerfile b/docker/images/java-agent/Dockerfile
@@ -0,0 +1,27 @@
+FROM jenkins/ssh-agent:latest-jdk21
+
+# Install prerequisites for Java and Maven
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends ca-certificates curl \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Maven
+ARG MAVEN_VERSION=3.9.8
+
+SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
+RUN curl -sS -L -O --output-dir /tmp/ --create-dirs  https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+    && printf "%s" "$(sha512sum /tmp/apache-maven-${MAVEN_VERSION}-bin.tar.gz)" | sha512sum -c - \
+    && curl -sS -L -O --output-dir /tmp/ --create-dirs  https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz.sha512 \
+    && printf "%s /tmp/apache-maven-${MAVEN_VERSION}-bin.tar.gz" "$(cat /tmp/apache-maven-${MAVEN_VERSION}-bin.tar.gz.sha512)" | sha512sum --check --status - \
+    && tar xzf "/tmp/apache-maven-${MAVEN_VERSION}-bin.tar.gz" -C /opt/ \
+    && rm "/tmp/apache-maven-${MAVEN_VERSION}-bin.tar.gz" \
+    && ln -s /opt/apache-maven-${MAVEN_VERSION} /opt/maven \
+    && ln -s /opt/maven/bin/mvn /usr/bin/mvn \
+    && mkdir -p /etc/profile.d \
+    && echo "export JAVA_HOME=$JAVA_HOME \n \
+             export M2_HOME=/opt/maven \n \
+             export PATH=${M2_HOME}/bin:${PATH}" > /etc/profile.d/maven.sh
+ENV M2_HOME="/opt/maven"
+ENV PATH="${M2_HOME}/bin/:${PATH}"
+RUN echo "PATH=${PATH}" >> /etc/environment && chown -R jenkins:jenkins "${JENKINS_AGENT_HOME}"
diff --git a/docker/images/java11-agent/Dockerfile b/docker/images/java11-agent/Dockerfile
diff --git a/docker/images/java11-agent/docker-entrypoint.sh b/docker/images/java11-agent/docker-entrypoint.sh
diff --git a/docker/images/java11-agent/unsafe b/docker/images/java11-agent/unsafe
diff --git a/docker/images/java11-agent/unsafe.pub b/docker/images/java11-agent/unsafe.pub
diff --git a/docker/images/jenkins-controller/Dockerfile b/docker/images/jenkins-controller/Dockerfile
@@ -1,17 +1,28 @@
-FROM jenkins/jenkins:lts-alpine
+# Prepare a Debian-based Docker image with several utilities installed to automatically generate SSH keys
+FROM jenkins/jenkins:latest-jdk21
 
-USER root
-RUN addgroup -g 102 docker
-RUN adduser jenkins docker
-RUN apk add libltdl
+# We switch back to the Jenkins user for the remaining operations.
 USER jenkins
 
-# Install plugins
+# We copy the jobs directory from our current directory to the Jenkins home directory in the image.
+COPY preconfigured-jobs /usr/share/jenkins/ref/jobs
+
+# We write the Jenkins version to the UpgradeWizard state file.
+# This prevents the Upgrade Wizard from showing up when Jenkins starts.
+RUN echo "${JENKINS_VERSION}" > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state
+
+# We copy a list of plugins to install to the Jenkins ref directory in the image.
 COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
+
+# We use the Jenkins plugin CLI to install the plugins listed in the plugins.txt file.
 RUN jenkins-plugin-cli --verbose -f /usr/share/jenkins/ref/plugins.txt
 
-# Create admin user and don't start the wizard
-RUN echo 2.0 > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state
+# We copy a pre-configured Jenkins configuration file to the Jenkins ref directory in the image.
+# This allows us to pre-configure Jenkins with our desired settings.
+COPY jenkins.yaml /usr/share/jenkins/ref/jenkins.yaml
+
+# Create an admin user and don't start the wizard
+RUN echo 2.x > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state
 ENV JENKINS_OPTS -Djenkins.install.runSetupWizard=false
 COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/basic-security.groovy