This repo is used to build a customized OpenShift Jenkins 2 image with source to image (S2I). The base OpenShift Jenkins S2I can be found at registry.access.redhat.com/openshift3/jenkins-2-rhel7. The resulting image is a Jenkins master, and should be used in a master / slaves architecture. This image is configured to provide slaves as k8s pods via the k8s Jenkins plugin. Thus, this repo doesn't define any build tools or the like, as they are the responsibility of the slaves.
With s2i installed; you can run the following to build and test your changes to the S2I locally.
s2i build --loglevel 5 jenkins-master openshift/jenkins-2-centos7 jenkins-s2i:latestThe directory structure is dictated by OpenShift Jenkins S2I image. In particular:
- plugins.txt is used to install plugins during the S2I build. If you want the details, here is the S2I assemble script, which calls the install jenkins plugins script.
- files in the configuration directory will have comments describing exactly what they do
Handy oneliner to get the right format for the plugins in jenkins after an update:
Jenkins.instance.pluginManager.plugins.each{
plugin ->
println ("${plugin.getShortName()}:${plugin.getVersion()}")
}To Integrate with slack follow the steps at https://github.com/jenkinsci/slack-plugin. Particularly, create a webhook at https://customteamname.slack.com/services/new/jenkins-ci. After the webhook setup is complete at slack, record and add the below environmental variables. You can retrieve the values on your slack dashboard. Make sure you are logged into the correct team.
- The base url as
SLACK_BASE_URL - The slack room you selected as the default slack channel as
SLACK_ROOM - A jenkins credential needs to be created. Use the id of the credential for the environmental variable
SLACK_TOKEN_CREDENTIAL_ID. When creating this credential in OpenShift, create a secret that syncs withe jenkins and uses the key secrettext. The namespace will automatically be prepended to the credential name. For example, if you create a secret namedslack-tokenin the namespacejenkinsthen this variable would beslack-tokenand jenkins will look for the sync'd credentialjenkins-slack-token. - Optionally, you can add your slack team name with the variable
SLACK_TEAM
Here is an example of the slack token credential secret created in OpenShift
kind: Secret
type: Opaque
metadata:
labels:
credential.sync.jenkins.openshift.io: 'true'
build: "jenkins"
app: "jenkins"
name: "slack-token"
stringData:
secrettext: "super-secret-token"
By default the deployment will attempt to connect to SonarQube and configure its setup including an authentication token. The default url is http://sonarqube:9000. This can be overriden adding an environment variable named SONARQUBE_URL. To disable SonarQube entirely set an environment variable named DISABLE_SONAR with any value.
Inject the git credentials to Jenkins-s2i when it is being built by editing configuration/init.groovy.d/configure-credentials.groovy or by exposing a new environment Variable to the Jenkins deployment tempate.
A DSL Seed job is included in the s2i. The purpose of this job is to automatically generate multi branc pipelines for each project in a given GitLab namespace that has a Jenkinsfile. To set this up, configure the Deployment Config for your Jenkins with the following ENVIRONMENT variables or just edit the configuration/jobs/seed-multibranch-pipelines/config.xml file. If you don't want or need this job, just delete it from the configuration/jobs directory.
GITLAB_HOST is the Http address of the GitLab Project eg 'https://gitlab.apps.proj.example.com'
GITLAB_TOKEN is the GitLab API token to access repos and projects eg 'token123'
GITLAB_GROUP_NAME is the GitLab group name where projects are stored eg 'rht-labs'
An optional shared global library can be used to add method calls to pipelines which can help to simplify and organize a pipeline. The global library will be implicitly available to all pipelines.
To configure a library environment variables need to be made available to your image. In OCP, add environment variables to your deployment config. The following variables can be set
- SHARED_LIB_REPO - If this variable is set then the deployment will attempt to configure a shared global library. This value should reference a git repository. If this value is not set, no shared global library will be set.
- SHARED_LIB_REF - A value that that points to a git reference such as a branch or tag of a repository. The default value is
master - SHARED_LIB_NAME - A name for the library. It can be anything.
- SHARED_LIB_SECRET - If the git repo is private, this value should be a reference to a secret available to the project. If this value is not set, it is assumed that the git repo is publicly available. This value assumes a deployment on openshift so it prepends that value of the namespace to the secret.
There are some helpers to get configuration out of a running Jenkins.