Jenkins安裝及插件管理

1.安裝Jenkins

1.1 方法一：配置yum源

sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
​
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
​
yum install jenkins
​

1.2 方法二：rpm安裝

#上面官網的鏡像源太慢，直接找一個國內的rpm包下載安裝
wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/redhat-stable/jenkins-2.222.3-1.1.noarch.rpm
​
yum -y install jenkins-2.222.3-1.1.noarch.rpm
#修改端口：8080換成8081
vim /etc/sysconfig/jenkins
​
#加入開機自啟
systemctl enable jenkins
#啟動jenkins
systemctl start jenkins

2.配置nginx反向代理

由於jenkins默認是監聽在8080端口上，這里我們使用域名方式來訪問jenkins；此時必須要配置nginx代理

2.1 配置yum倉庫

vim /etc/yum.repo.d/nginx.repo
​
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
​
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

2.2 安裝Nginx

#安裝yum-utils

yum -y install yum-utils

#開啟nginx主線版

yum-config-manager --enable nginx-mainline

#開始安裝

yum -y install nginx

2.3 配置

vim /etc/nginx/conf.d/jenkins.conf
server {
 listen       80;
 server_name jks1.linux.com;
​
 charset utf-8;
 access_log /var/log/nginx/jenkins1.access.log main;
​
 location / {
     proxy_pass       http://localhost:8080;
     proxy_set_header Host     $host;
     proxy_set_header X-Real-IP $remote_addr;
​
 }
​
}
​

2.3 檢查配置並啟動nginx

#檢查語法
nginx -t
#啟動
nginx

3.開始使用jenkins

3.1瀏覽器訪問jenkins

解鎖：

 

[root@jenkins-node1 ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
34ea994d187a408bb830555b6ee19868

下一步出現異常了,我的網絡是正常的，不管了，先跳過插件安裝

創建一個新管理用戶：

完成安裝：

3.2 插件管理

點擊左側菜單：Manage Jenkins > Manage Plugin

此時可以發現jenkins插件管理有異常：SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:

網上找資料說是改插件站點地址，把HTTPS改成HTTP；

上面點擊submit之后，再點擊checknow，jenkins會從更新站點同步json數據，此時需要等待一會兒；

同步完了之后會在/var/lib/jenkins/產生一個updates文件夾，下面有這樣兩個文件；

[root@jenkins-node1 ~]# cd /var/lib/jenkins/updates/
[root@jennkins-node1 updates]# ll
總用量 1908
-rw-r--r-- 1 jenkins jenkins 1943582 5月 11 10:38 default.json
-rw-r--r-- 1 jenkins jenkins   5350 5月 11 10:38 hudson.tasks.Maven.MavenInstaller
​

此處雖然沒有再報錯了；但是，安裝插件又會出現下面的異常：

從上面發現是證書路徑有問題，Jenkins是由Java開發的，證書是放在哪里的呢？於是我網上查找了一下，找到下面的資料：

第一步：下載這個SSLPoke.class文件：

wget https://confluence.atlassian.com/kb/files/779355358/779355357/1/1441897666313/SSLPoke.class
​

第二步：驗證你的ssl網站；此處網址替換成jenkins更新中心的站點，用https

[root@jenkins-node1 ~]# $JAVA_HOME/bin/java SSLPoke updates.jenkins.io 443
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
 at sun.security.validator.Validator.validate(Validator.java:260)
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
 at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:728)
 at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
 at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
 at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
 ... 15 more
​

確實是有問題；問題就是那個證書的問題，那么證書在哪里呢？我又找到了下面的資料

發現證書是在："%JAVA_HOME%\jre\lib\security\cacerts"

既然是證書路徑有問題，那么服務器上是否還有其他名為cacerts的證書？帶着疑問，我搜索了一下：

[root@jenkins-node1 ~]# find / -type f -name cacerts
/etc/pki/ca-trust/extracted/java/cacerts
/usr/local/jdk1.8.0_20/jre/lib/security/cacerts
​

發現確實有兩個文件，我想默認應該用的是這個/usr/local/jdk1.8.0_20/jre/lib/security/cacerts

於是我進行了以下操作：

[root@jenkins-node1 ~]# cd /usr/local/jdk1.8.0_20/jre/lib/security/
[root@jenkins-node1 security]# mv cacerts cacerts.bak
[root@jenkins-node1 security]# cp /etc/pki/ca-trust/extracted/java/cacerts ./
[root@jenkins-node1 ~]# $JAVA_HOME/bin/java SSLPoke updates.jenkins.io 443
Successfully connected

發現ssl已經驗證成功，於是我重啟了jenkins，把jenkins的站點從http改成https，然后點擊提交，點擊checknow發現問題已解決；大功告成！

除了拷貝cacerts文件，還有另外一個解決辦法，修改jenkins配置文件：vim /etc/sysconfig/jenkins

JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts"
​

重啟jenkins，把jenkins的更新站點從http改成https，然后點擊提交，點擊checknow發現也沒有任何異常；

3.3 修改插件更新站點為國內鏡像站點

#國內鏡像源華為和清華鏡像源速度比較快，我這里選擇使用清華源
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

修改/var/lib/jenkins/updates/default.json ,替換以下內容然后重啟jenkins

sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json 
​
sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json