Demo image for Jenkins Configuration-as-Code

This demo image shows how to establish full configuration-as-code in Jenkins with Docker, Pipeline, and Groovy Hook Scripts. It brings up environment which can be used to develop Jenkins Pipeline libraries locally and to evaluate Jenkins features like Ownership-Based Security.

❗ Warning! This image is not designed for production use. Use it at your own risk. Prototyping is in progress.

Features

Jenkins container starts with the following features:

Authentication: Internal database with two users: admin and user
- Passwords are same as user names
Authorization:
- Ownership-Based Security, powered by Role Strategy and Ownership plugins
- Authorize Project is enabled by default
  - Runs will authorize as users who triggered the build

Jobs and Folders

3 Folders on the root level: Production, Development, System. Folders offer different permissions to users
Production and System folders implicitly load the ci.jenkins.io Pipeline Library
Development folder contains sandbox folders where common users can create and test their jobs
Each folder contains several reference Pipeline jobs

Nodes:

Master node has a restricted access
- It is available only to System jobs started by the admin user, powered by Job Restrictions Plugin
Extra agents with linux label are available from Docker Cloud, powered by Yet Another Docker Plugin
Master and agents offer the mvn and jdk8tools

Extra UI Features:

Two extra views, the default one shows only jobs owned by the user
Locale is enforced to en_US by Locale Plugin
Security Inspector and Monitoring plugin offer extra information

Usage

Run image:

docker run --rm --name ci-jenkins-io-dev -v maven-repo:/root/.m2 -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000 onenashev/demo-jenkins-config-as-code

Jenkins will need to connect to the Docker host to run agents. If you use Docker for Mac, use -Dio.jenkins.dev.host and additional socat image for forwarding.

docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 2376:2375 bobrik/socat TCP4-LISTEN:2375,fork,reuseaddr UNIX-CONNECT:/var/run/docker.sock

Developing Pipeline libraries

In the Development folder there is a PipelineLib folder, which allows local building and testing of the library. This folder can be mapped to a local repository in order to develop the library without committing changes:

docker run --rm --name ci-jenkins-io-dev -v maven-repo:/root/.m2 -v ${MY_PIPELINE_LIBRARY_DIR}:/var/jenkins_home/pipeline-library -v ${MY_OTHER_PIPELINE_LIBS_DIRS}:/var/jenkins_home/pipeline-libs -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000  onenashev/demo-jenkins-config-as-code

Once started, you can just start editing the Pipeline library locally. On every job start the changes will be reflected in the directory without committing anything.

Debugging Master

In order to debug the master, use the -e DEBUG=true -p 5005:5005 when starting the container. Jenkins will be suspended on the startup in such case.

Building images

Agents

Having a local agent build is a prerequisite for using the master for high-speed builds with Maven repository caching. For this purpose there is a custom Dockerfile in the /agent folder.

cd agent && docker build -t onenashev/demo-jenkins-maven-builder .

Master

Build image:

docker build -t onenashev/demo-jenkins-config-as-code .

anton-kasperovich / demo-jenkins-config-as-code