This project aims at describing our CI using jenkins DSL Plugin.
It starts Jenkins with Git and DSL Plugins, fetch a git repository to retrieve the DSL configuration and finally make sure this DSL is run at start and on every changes.
That way, you just have to write your jobs in build-script
file and
your jenkins or any future jenkins will make them run.
We want our TLS keys to be in an other container. This allows us to publish our Jenkins stateless container, and to be able to easily change the TLS keys. Jenkins container will use the --volumes-from when run to access certificates.
-
First put your TLS keys in the $PWD/keys folder
You are expected to provide :
-
ca.pem : The CA of your server certificate
-
cert.pem : Your client certificate
-
key.pem : The key used to generate client certificate
To construct the key holding container :
$docker build -f DockerFileKeyContainer -t keys . $docker run -v /keys --name keys keys
To start a jenkins instance, you need to have a key container on the node you are launching jenkins. Then:
$docker build --tag myjenkins . $docker run -p 8080:8080 --volumes-from keys --env-file=./env.file --name jks myjenkins
If you forecast to use slaves with your master, you should also export the 50000 port, so the previous line should be:
$docker run -p 8080:8080 -p 50000:50000 --volumes-from keys --env-file=./env.file --name jks myjenkins
You have to modify the env.file file with the following parameters:
-
JENKINS_URL: is the external URL of your jenkins (ex. "http://ci-james.org:8080/")
-
GITHUB_TOKEN: is the token used to access the GitHub API (https://github.com/settings/tokens)
-
DOCKER_USER: is the Docker Hub user used to publish the build, see publishing section (ex. myuser)
If not given, publishing to Docker Hub will not be enabled. -
GITLAB_TOKEN: is the GitLab token used to trigger a job generating packages on packages.linagora.com.Docker.
If not given, packaging will not be enabled. -
DOCKER_PASSWORD: is the password of the Docker Hub user
Then, you can open it in your browser :
$firefox http://`docker inspect --format {{.NetworkSettings.IPAddress}} jks`:8080 or $firefox http://JENKINS_URL
You may need to start one (or several) Jenkins slave.
$docker build -f DockerfileSlave -t jenkins-slave . $docker run -d -v /var/run/docker.sock:/var/run/docker.sock --volumes-from=keys --rm --name jenkins-slave jenkins-slave -url <master-url> <secret> <host>
Where:
-
master-url: is the URL of your jenkins
-
secret: is the agent secret
-
host: is the agent name
This feature is only available when building the master branch.
You may want to publish the image produced by the build on a Docker Hub account. To achieve that, you have to provide a user name and its password in the env.file file.
You need some extra container for the jobs to run well.
If you want to use james deploy script, you need to have a docker container with the James TLS certificates. You may not want to publish a container with such sensitive content, or even commit it in a source code management system.
First copy James TLS certificate to the directory containing this README. Or you can generate them using :
$keytool -genkey -alias james -keyalg RSA -keystore keystore
Note
|
To generate James keystore this way, you need to have keytool installed. This tools comes from the JDK. |
Be sure that the password you provide matches with James configuration. You will find it in james-parent project, in the destination/conf directory. These files are 'imapserver.xml', 'pop3server.xml' and 'smtpserver.xml'. Edit them locally before launching james image build. Default value is set to 'james72laBalle').
Then, run these command to set up this container on nodes that will hosts James servers :
$docker build -f DockerFileKeystoreContainer -t keystore . $docker run -v /keys --name keystore keystore
If you change the workflow-job and would like to launch Jenkins build on new branch
Repositories point to your github repository Repositories point to your branch Script Path point to groovy script that you want to run