Jenkins 2.0! Hello Enterprise
Jenkins2.0! Cool! What is it and can we use it in an Enterprise?
A while ago I started in the IT4IT department in my company.
We were just starting with Agile development and getting started on Continuous Delivery. A whole new concept within our Enterprise.
We hired consultants to help us getting started on automation of our software development proces and along the way we we pointed at this “butler” who can do stuff for us. Obviously this “butler” is Jenkins.
For those who don’t know who Jenkins is, you can read more about it on Jenkins.io.
So we decided we wanted to give it a go and we started with reading the webpages of Jenkins.io and some other tutorials on how to install this software.
For people who are not used of working within a Enterprise, we have a very closed environment with strick access limitations to the internet.
The first thing we noticed on RedHat and Debian based Operating Systems was that we needed to add the Jenkins repository using a wget
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
import the key file: sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key
and then using the package manager install the latest version of Jenkins: sudo yum install jenkins
The installation Manual even made a remark of a dependancy to install Java first.
sudo yum install java-1.7.0-openjdk
If we were in an open environment like AWS or Azure, or even our own VM this is working like a charm, but unfortunatly we are not.
An Enterprise has these security obligations and policies which it needs to comply to. (that doesn’t mean you can’t download software from the big bad internet I hear you saying) Well, before we start downloading software, we first want to look at the what we download first. Open Source is scary if you ask security people. “You don’t know if there are backdoors in the code”. Other arguments I stumbled across: “How can you make sure the code does what you expect it to do?”
Well the good thing about open source and the community behind it, is that everybody that contributes to the code, works on the same code base. So you can actually read the code and check it.
The source can be found on Github (for those who don’t know Github go check it on Github.com) https://github.com/jenkinsci/jenkins
As you can see you can actually see the commits, changes and the actual code. By now you might think, well who cares, we know this. but to confince traditional Managers and security people who do not know about the world of open source it is a real eye opener.
So what did we do?
We scanned the code with other software. We scanned the code with Fortify (by HP) and we scanned the code with SonarQube agains Java Rulesets we have written ourselfs. But if you do not have these tools available, there are companies who can do this for you at a cost.
so after we scanned the code and made sure that “it does what we want it to do” and “has no backdoors” we compiled it and stored it as an artifact in one of our repositories.
How to install Jenkins within an Enterprise?
we have this dependancies:
Minimum Recommended Configuration:
- Java 8
- 1GB+ free memory
- 50GB+ free disk space
so first install Java. most enterprise have applications that require Java so a simple yum install will do the trick.
sudo sudo yum install java
To be sure you have the correct version you can type
java -version
the output should be something simular to
java -version
java version "1.8.0_121" Java(TM) SE Runtime Environment (build 1.8.0_121-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode, sharing)
Which version? Stable release or Latest version?
as we depend on Jenkins, we want to make sure that is is stable. We don’t want future bugs to anoy us during our development so we tent to look at the latest stable release.
so we build the rpm using the enclosed spec file https://github.com/jenkinsci/packaging/tree/master/rpm/build
run the build script /.build.sh
and store the RPM in Artifactory (we will talk about Artifactory in another blog post)
but here’s the command I used: curl --user username:password --data-binary jenkins.xxx.rpm -X POST http://<artifactory URL>:<Port#>/artifactory/rpm/jenkins.xxx.rpm you might ask, why do you do this?
Well good question. We don’t use 1 server in an enterprise. We have several 1000 of servers in our production environment alone. We have over 500 teams developing code so 1 single Jenkins instance won’t do the trick.
We have to deploy Jenkins on multiple machines so we store the artifact so we do not have to do all this sourcecodescanning again if we deploy a new instance of Jenkins.
From this point it gets easy:
using: wget https://<Artifactory.url>/artifactory/rpm/jenkins.XXX.rpm
we download the RPM from our repository to the local machine
and we install it with: sudo yum localinstall jenins.xxx.rpm
So we have installed jenkins, now it is time to start it. systemctl start jenkins
systemctl enable jenkins
By now most of the tutorials will tell you to navigate to http://localhost:8080 and check if Jenkins is up and running
but this will never be the case in an enterprise.
- The localhost has an IP address given by the DNS Server
- we are not done yet.
To get your ip address simply type in ip addr
in this case I want to have the IP address of interface eth0. Mind you, in your enterprise the configuration can differ so please check if you have the correct interface.
ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether f0:de:f1:7b:6e:5f brd ff:ff:ff:ff:ff:ff
inet 10.0.0.3/24 brd 10.0.0.255 scope global global eth0
valid_lft 58682sec preferred_lft 58682sec
inet6 fe80::f2de:f1ff:fe7b:6e5f/64 scope link
valid_lft forever preferred_lft forever
As you can see the ip address of interface eth0 = 10.0.0.3
so the URL to navigate to will be http://10.0.0.3:8080
Jenkins will ask you through the webbrowser to get the admin password from the jenkins log. Admin password is created and stored in the log file
sudo cat /var/lib/jenkins/secrets/initialAdminPassword Run the below command to get the password
grep -A 5 password sudo cat /var/lib/jenkins/secrets/initialAdminPassword
copy and past the password into the browser and activate Jenkins
Congratulations. You have installed Jenkins on a redHat 7 machine within an enterprise.
Last but now least you will need to install some plugins. We will discuss this in a later topic.
In our next post we will cover the Life Cycle Management of Jenkins , security, ssl, it’s capabilities and the plugins. In a later blogpost we will talk about automating the deployment of Jenkins and it’s Plugins, Pipelines and many more subjects.
We hope you have enjoyed reading this post.