The so-called Jenkins

By admin, February 20, 2018

I’ve seem Jenkins as an useful interface for multiple systems monitoring and acting as usual as a Continuous Integration solution, and depending of the scripts, could start Continuous Delivery tools as well.

For starting using the current version (as of 02/2018), the following code snippets and links may well help you through your journey.

This article also contains configuration and procedures not related to Jenkins itself but related with its usage with Redis, PHP, Java, MySQL and Oracle under a CentOS 7 Environment.

 

Jenkins – Install in a CentOS 7
http://linuxtechlab.com/install-jenkins-on-centos-rhel-7/
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm –import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
yum install jenkins
This will start Jenkins and enable it to boot time
systemctl start jenkins
systemctl enable jenkins
From this point you should be able to access via http://your-ip:8080
If it is not working, check if there are firewall rules that are refraining access from other IPs.
netstat -tuplen
The command above will show you if the port you are running is listening
iptables -L -n
The command above will list all active rules for Iptables, if in use;
If you cannot see a rule that correspond to the entry we need, you may run
iptables -I INPUT -p tcp –dport 8080 -j ACCEPT
or
iptables -I INPUT 4 -p tcp –dport 8080 -j ACCEPT
Jenkins – Initial password inside  – /var/lib/jenkins/secrets/initialAdminPassword
Jenkins’ Plugins
As Jenkins will suggest basic plugins, we need also to add the used plugins in the existing jobs BEFORE importing them. So
1 – Accept the suggestions Jenkins do about installing a new plugin
2 – Install the additional plugins:
 – BuildNameUpdater
 – Triggerbuilder
 – Build-name-setter
 – Build TimeStamp
 – Release
 – Parameterized trigger
 – Run Condition
 – Rebuilder
 – Import Job
 – Export dynamic job data
Make sure you restart Jenkins
Create a sample job and add the host information to your GitHub or BitBucket account
This step is of utmost importance to get access to your remote repository, specially if accessing from a network which have VPN.
Your Jenkins server should have the right ~/.ssh/known_hosts setup.
You can do that accessing your server once, preferably the Jenkins user.
References:
https://stackoverflow.com/questions/40576718/bitbucket-host-key-authentication-failed
https://stackoverflow.com/questions/13138662/jenkins-fail-with-host-key-verification-failed
Follow this link instructions regarding generating a public key if you are not familiar to it.
$ssh-keygen
$exec ssh-agent bash
$ssh-add ~/.ssh/id_rsa
$git ls-remote -h git@bitbucket.org
Add your key to your user. In Bitbucket, access your avatar, settings, SSH keys, on the root of your projects directory if you want to give users global access. Copy the content of the key there:
$cat .ssh/id_rsa.pub
Test the connection
$ssh -T git@bitbucket.org
If there is an old hostname in the ~/.ssh/known_files , delete via
$ssh-keygen -R hostname
Even tough the Jenkins service does that for you, make sure your Jenkins user is OK and accessible:
You could try discover the user Jenkins is using for running the git creating a simple job that calls the script shell command whoami
After this, lets say that the user is jenkins. Even if this is a hidden user without a home directory, the following command will allow you to log on that and create the credentials for the good user
$su – -s /bin/bash jenkins
$ssh -T git@bitbucket.org
$ssh-keygen
$cd ~/.ssh
$cat id_rsa.pub
More in:
https://confluence.atlassian.com/bitbucket/set-up-an-ssh-key-728138079.html#SetupanSSHkey-ssh2
Copy Jobs plugin
https://wiki.jenkins.io/display/JENKINS/Job+Import+PluginGeneral Jenkins architecture
https://wiki.jenkins.io/display/JENKINS/Administering+Jenkins#AdministeringJenkins-Moving%2Fcopying%2Frenamingjobs

Jenkins – Copying directly the jobs among instances

A one-liner:
$ curl -s http://OLD_JENKINS/job/JOBNAME/config.xml | curl -X POST ‘http://NEW_JENKINS/createItem?name=JOBNAME‘ –header “Content-Type: application/xml” -d @-Authentication
$ curl -s http:///<USER>:<API_TOKEN>@OLD_JENKINS/job/JOBNAME/config.xml | curl -X POST ‘http:///<USER>:<API_TOKEN>@NEW_JENKINS/createItem?name=JOBNAME’ –header “Content-Type: application/xml” -d @-With Crumb, get crumb with:$ CRUMB_OLD=$(curl -s ‘http://<USER>:<API_TOKEN>@OLD_JENKINS/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,”:”,//crumb)’)$ CRUMB_NEW=$(curl -s ‘http://<USER>:<API_TOKEN>@NEW_JENKINS/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,”:”,//crumb)’)apply crumb with -H CRUMB:$ curl -s -H $CRUMB_OLD http:///<USER>:<API_TOKEN>@OLD_JENKINS/job/JOBNAME/config.xml | curl -X POST -H $CRUMB_NEW ‘http:///<USER>:<API_TOKEN>@NEW_JENKINS/createItem?name=JOBNAME’ –header “Content-Type: application/xml” -d @-Jenkins – dealing with credentialshttps://stackoverflow.com/questions/30704856/how-to-export-credentials-from-one-jenkins-instance-to-another
Jenkins – accessing github.com , bitbucket.com …ssh-keyscan -t rsa github.com >> ~/.ssh/known_hostsFor adding the key at Bitbucket side:ssh-keygen -t rsa -C “user.email”e.g (email@company.com)
orsimply ssh-keygenPick the content of the file rsa_pub and copyIn Bitbucket, go to settings of an admin user,  Find session “Security”->SSH Keys” and add the key content from clipboardhttps://stackoverflow.com/questions/13363553/git-error-host-key-verification-failed-when-connecting-to-remote-repository

THe following fires known hosts (local), and add bitbucket to be accessible

ssh -T git@github.com


Inside tough intranets

edit and put in ~/.ssh/config

Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

The following fires known hosts (local), and add bitbucket to be accessible
ssh -T git@github.com

Jenkins – basic

https://confluence.atlassian.com/bitbucket/set-up-additional-ssh-keys-271943168.html#SetupadditionalSSHkeys-ssh2

Jenkins might be a disk space offender – eating lots of space

A common burden in Jenkins is when it starts to leave old builds and logs under the workspace folder. If you have jobs that prepare whole instances, that may exhaust your hard drive soonner or latter.

The attached article shows some possible solutions to avoid that, including the well-known Jenkins plugin to manually solving the issue.

https://stackoverflow.com/questions/28683914/is-there-any-way-to-cleanup-jenkins-workspace

All in all, the important thing is knowing the size of each of workspace subfolders, specially the tmp folder:

du -a ./project/ | sort -n -r | head -n 10

and erase the tmp content when it is the case

rm ./project/tmp/* -rf

 

Keeping Jenkins easily updated

It can be reached through the following sequence of commands (it may vary depending on your system)

Create a new job with the following script

cd /tmp
rm -f jenkins.war.backup
cp /usr/lib/jenkins/jenkins.war /tmp/jenkins.war.backup
chmod 775 /tmp/jenkins.war.backup
rm -f /tmp/jenkins.war
wget http://mirrors.jenkins-ci.org/war/latest/jenkins.war

cp /tmp/jenkins.war /usr/lib/jenkins

After this, you could ask the user to run

AFTER FINISHING, RUN IT –> http://sugarcrmdev3.metro.ca:8080/safeRestart when logged

Or make it trigger by using the needed credentials.

However, the line in bold might fail due to access rights to the folder

** Important to notice the need to user run as sudo or open the directory accessible to users from groups. Any options should not be used in systems that can be accessed directly.

Improving the user

sudo visudo

add the line:

username ALL=(ALL) NOPASSWD:ALL

or for the wheel Centos 7 group – really not recommended

%wheel ALL=(ALL) NOPASSWD:ALL

Other (safer) alternative is to make the Jenkins group as sudoer and adjust the folder rights with chmod.

 

Installing Redis

 

Some scripts may require redis to work. Even though you should configure it adequately, here are the basic steps for the CentOS 7:

$sudo yum install epel-release

$sudo yum update

$sudo yum install redis

$sudo systemctl start redis

To automate start when the server restarts:

$sudo systemctl enable redis

For testing it, run

$redis-cli ping

Answer should be PONG

 

Also, you may need install redis service on your server:

$sudo pecl install redis

You may select igbinary no and lzf compression no as well, depending on what you have on your system.

Make sure that the php.ini has the following line:

extension=redis.so

It may be inside the /etc/php.d folder. You may create a file for putting it to run

$echo “extension=redis.so” > /etc/php.d/50-redis.ini

 

Enable ssh2 to work

 

ssh2 development libraries are needed in order to use the PHP pecl extensions:

$sudo yum install libssh2 libssh2-devel

$sudo pecl install -f ssh2

You need to add the command in the php.d dir:

$echo “extension=ssh2.so” > /etc/php.d/50-ssh2.ini

Restart to enable the new extension

$apachectl restart

 

For using a pure-PHP implementation

 

From the packagist website:

  1. Download the latest epel-release rpm from
    http://dl.fedoraproject.org/pub/epel/7/x86_64/
  2. Install epel-release rpm:
    # rpm -Uvh epel-release*rpm
  3. Install php-phpseclib-net-sftp rpm package:
    # yum install php-phpseclib-net-sftp
    
    

If this does not work, try installing the packages using PEAR:

$sudo pear install phpseclib/Net_SSH2

$sudo pear install phpseclib/Net_SFTP

Include in the script

Short for installing composer

cd yourproject
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"
php composer.phar install

 

Install the ssh2 via composer from your project folder:

$composer phpseclib

Authentication via ssh keys among servers of a same network

 

Most environments deploys or deal with different servers. This may create the need of logging in different servers. To do so without password authentication, you should create a key and adjust the server configuration accordingly:.

You can use your recently-created ssh key which is in your ~/.ssh folder.

It means the file id_rsa.pub

You may use the command ssh-copy-id if you have already configured or accessed the mentioned server:

$ssh-copy-id root@ip

Put the password of the server to be accessed.

Make sure you authorized the right user. If the Jenkins user is jenkins, them:

$su – -s /bin/bash jenkins

$ssh-copy-id root@ip

For further methods, check

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-centos7

 

Some useful GIT commands for investigating already connected instances

List all existing configurations

$git config –list

Basic commands settings:

$git config –global user.name “Name”

$git config –global user.email “name@email.com”

  • Notice the credential manager you are using.

https://git-scm.com/docs/gitcredentials

 

Virtualization tips – KVM

 

Some systems maybe under virtualized environments. That means if you need, lets say, update your disk size, this may well  be useful.

Virsh is a management user interface for most virtualization APIs such as QEMU, KVM, LXC, OpenVZ, VirtualBox and VMware ESX.

 

References:

These are some nice references regarding virtualization.

Installing under some distributions

https://computingforgeeks.com/install-kvm-on-centos-7-ubuntu-16-04-debian-9-sles-12-arch-linux/

Main commands – cheat sheet

https://computingforgeeks.com/virsh-commands-cheatsheet/