In centos:
If jenkins shows as offline use the below fix:
sudo nano /etc/firewalld/firewalld.conf
Change FirewallBackend=nftables to FirewallBackend=iptables
Restart firewall
sudo systemctl restart firewalld.service
Run terminal as root:
su -
Create Network:
Create a bridge network for Jenkins docker so that it can communicate to internet for downloading plugins
docker network create jenkins
Create Volume :
This creates a mapping between local file system and Jenkins container. So that jenkins can access local files like certificates from local file system inside the container.
Workspaces will be mapped to jenkins-data, so you can see all workspace folder content in the mapped local filesystem.
docker volume create jenkins-docker-certs
docker volume create jenkins-data
See the local file system mapped using the inspect command
docker volume inspect jenkins-docker-certs
Below is the output, and it shows which local file system is mapped to container.
so if we keep any file in “/var/lib/docker/volumes/jenkins-docker-certs/_data” container can access it
Run docker dind:
In order to execute Docker commands inside Jenkins nodes, download and run the docker:dind Docker image using the following docker container run command:
docker container run \
--name jenkins-docker \
--rm \
--detach \
--privileged \
--network jenkins \
--network-alias docker \
--env DOCKER_TLS_CERTDIR=/certs \
--volume jenkins-docker-certs:/certs/client \
--volume jenkins-data:/var/jenkins_home \
--publish 2376:2376 \
docker:dind
Run Jenkins blueocean container:
Here we are passing the network parameter –httpsPort to jenkins container and publishing it through the port 443
docker container run --name jenkins-blueocean --rm --detach --network jenkins --env DOCKER_HOST=tcp://docker:2376 --env DOCKER_CERT_PATH=/certs/client --env DOCKER_TLS_VERIFY=1 --publish 8080:8080 --publish 443:8443 --volume jenkins-data:/var/jenkins_home --volume jenkins-docker-certs:/certs/client:ro jenkinsci/blueocean --httpsPort=8443
Now navigate to : https://localhost:443/
Get the initialpassword:
First find the process id of jenkins container
below command shows all running containers
docker ps
Copy the process id and run the below command:
docker exec b13e069dacf8 cat /var/jenkins_home/secrets/initialAdminPassword
you will get the initialpassword
Note:
If you goto the /var/lib/docker/volumes/jenkins-docker-certs/_data you can see the container has default certificates, you can replace it with your own if you want to use self signed ceritfcates.
To run commands as root:
docker exec -u root -t -i b13e069dacf8/bin/bash
type exit to exit from the prompt
To run using locally created keystore:
Generate keystore:
Keytool is installed with jdk search “find -name keytool” if keytool is not found . ELse install jdk
sudo keytool -genkey -keyalg RSA -alias selfsigned -keystore /var/lib/docker/volumes/jenkins-docker-certs/_data/jenkins_keystore.jks -storepass mypassword -keysize 2048
THe kestore is generated in
/var/lib/docker/volumes/jenkins-docker-certs/_data
we are mapping this file system to /certs/client of the docker , so inside the docker container the key store is avalable at /certs/client
docker container run --name jenkins-blueocean --rm --detach --network jenkins --env DOCKER_HOST=tcp://docker:2376 --env DOCKER_CERT_PATH=/certs/client --env DOCKER_TLS_VERIFY=1 --publish 8080:8080 --publish 443:8443 --publish 50000:50000 --volume jenkins-data:/var/jenkins_home --volume jenkins-docker-certs:/certs/client:ro jenkinsci/blueocean --httpsPort=8443 --httpsKeyStorePassword=mypassword --httpsKeyStore=/certs/client/jenkins_keystore.jks
Learn with praveen 