Demo image for Jenkins Configuration-as-Code
This demo image shows how to establish full configuration-as-code in Jenkins with Docker, Pipeline, and Groovy Hook Scripts. It brings up environment which can be used to develop Jenkins Pipeline libraries locally and to evaluate Jenkins features like Ownership-Based Security.
❗ Warning! This image is not designed for production use. Use it at your own risk. Prototyping is in progress.
Features
Jenkins container starts with the following features:
- Authentication: Internal database with two users:
admin
anduser
- Passwords are same as user names
- Authorization:
- Ownership-Based Security, powered by Role Strategy and Ownership plugins
- Authorize Project is enabled by default
- Runs will authorize as users who triggered the build
Jobs and Folders
- 3 Folders on the root level: Production, Development, System. Folders offer different permissions to users
- Production and System folders implicitly load the ci.jenkins.io Pipeline Library
- Development folder contains sandbox folders where common users can create and test their jobs
- Each folder contains several reference Pipeline jobs
Nodes:
- Master node has a restricted access
- It is available only to System jobs started by the
admin
user, powered by Job Restrictions Plugin
- It is available only to System jobs started by the
- Extra agents with
linux
label are available from Docker Cloud, powered by Yet Another Docker Plugin - Master and agents offer the
mvn
andjdk8
tools
Extra UI Features:
- Two extra views, the default one shows only jobs owned by the user
- Locale is enforced to
en_US
by Locale Plugin - Security Inspector and Monitoring plugin offer extra information
Usage
Run image:
docker run --rm --name ci-jenkins-io-dev -v maven-repo:/root/.m2 -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000 onenashev/demo-jenkins-config-as-code
Jenkins will need to connect to the Docker host to run agents.
If you use Docker for Mac, use -Dio.jenkins.dev.host
and additional socat
image for forwarding.
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 2376:2375 bobrik/socat TCP4-LISTEN:2375,fork,reuseaddr UNIX-CONNECT:/var/run/docker.sock
Developing Pipeline libraries
In the Development folder there is a PipelineLib folder, which allows local building and testing of the library. This folder can be mapped to a local repository in order to develop the library without committing changes:
docker run --rm --name ci-jenkins-io-dev -v maven-repo:/root/.m2 -v ${MY_PIPELINE_LIBRARY_DIR}:/var/jenkins_home/pipeline-library -v ${MY_OTHER_PIPELINE_LIBS_DIRS}:/var/jenkins_home/pipeline-libs -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000 onenashev/demo-jenkins-config-as-code
Once started, you can just start editing the Pipeline library locally. On every job start the changes will be reflected in the directory without committing anything.
Debugging Master
In order to debug the master, use the -e DEBUG=true -p 5005:5005
when starting the container.
Jenkins will be suspended on the startup in such case.
Building images
Agents
Having a local agent build is a prerequisite for using the master
for high-speed builds with Maven repository caching.
For this purpose there is a custom Dockerfile in the /agent
folder.
cd agent && docker build -t onenashev/demo-jenkins-maven-builder .
Master
Build image:
docker build -t onenashev/demo-jenkins-config-as-code .