Toolstack more complete

README.md

@@ -1,39 +1,87 @@
 ## docker-local-build-environment
 
-### Tired of endless installation and configuration .... ?! 
-
-My personal solution is a local Build Environment with Jenkins full of plugins and sonar; ready in 60sec. with a
-lokal, personal, continous build enviroment (maybe in future releses I just call it lpcbe).
+##### Tired of endless installation and configuration .... ?! 
 
+My personal solution is a local Build Environment with Jenkins (over 200 plugins), Gitlab, Sonar and Nexus; ready in a few minutes.
+Your own lokal, personal, continous build enviroment (maybe in future releases I just call it lpcbe).
 
+### System requirements
+* At least 8GB Memory with 3GB Swap and 10GB Disk-Space
+* docker version >= 17.06.0
+* docker-compose version >= 1.15.0
 
+## Installation
 Bring up your own build environment ... just do a
 ```
-   git clone https://github.com/Springjunky/docker-local-build-environment.git
+   https://github.com/Springjunky/docker-local-build-environment.git
    cd docker-local-build-environment
-   docker-compose up -d
+   sudo ./prepareCompose.sh 
+   docker-compose up --build -d
    docker-compose logs 
 ```
-open your favorite browser (_not_ at localhost, use http\://\<your-fq-hostname\>/jenkins 
+### The first startup takes a long time (especially gitlab), so be patient
+
+open your favorite browser (_not_ at localhost, use the $(hostname)/jenkins ) 
 to prevent jenkins spit out "your reverse proxy is wrong")
-and cut and paste the jenkins first startup access-token (see logfile of compose-startup).
 
 ### Ready !
 
-Now you are ready to go with a little continouse build environment and Sonar code-quality check.
+Now you are ready to go with a little CI/CD Environment:
+```
+ Jenkins  http://<your-host-name>/jenkins
+ Sonar  http://<your-host-name>/sonar
+ Nexus  http://<your-host-name>/nexus
+ Gitlab  http://<your-host-name>/gitlab
+```
+#### Security
+... not really, its all http .. don't worry about it! It's only local communication
+
+### Logins and Passwords
+
+|Image  |  User  |  Password |
+|---|---|---|
+|Jenkins| admin| admin |
+|Sonar|admin|admin|
+|Nexus   | admin | admin123 |
+|Gitlab  | root  | choosen Password |
+
+## The Tools
+### Jenkins
+
+* MAVEN_HOME is /opt/maven
+* JAVA_HOME is /usr/lib/jvm/java-8-openjdk-amd64
+* Blue Ocean is installed and works perfect with a GitHUB Account, not GitLab ... sorry, this is Jenkins.
+  You need to be logged in to use Blue Ocean
 
-* Jenkins resides under http\://\<your-host-name\>/jenkins
-* Sonar resides under http\://\<your-host-name\>/sonar
+###  Giltab
+
+* the docker-registry is at port 5555 (and secured with an openssl certificate ..thats part of 
+  prepareCompose.sh), just create a project in gitlab and click at the  registry tab to show 
+  how to login to the project registry and how to tag your images
+* ssh cloning and pushing is at port 2222
+
+#### Jenkins and Gitlab
+
+Gitlab is very very fast with new releases and sometimes the api has breaking changes. If something does not work take a look at the Jenkins Bugtracker.
+
+### Sonar
+You need to install some rules (Administration - System - Update Center - Available - Serach: Java)
+
+### Nexus
+Some ToDo for me described here
+[Unsecure docker-registry in Nexus][1]
+use GitLab as a secured registry
 
-After docker ist up you only have to configure your tools in Jenkins
 ..
 And _yes_ docker-plugin in jenkins works (docker in docker, usefull but not recommended)
 
 
 ### My next steps
 
-* Pump up the Image with latest docker, ansible, gitlab and Sonatype Nexus to get a _full_ CI/CD Environment
-* move the personal DNS-Server outsite the docker-compose (ENV) at this time it is hardcode in the compose-file
-* optimze Dockerfiles to use less number of layers during build
-
+* give you some more preconfiguratiom
+* apply a gitlab runner
+* apply git-lfs
+
+
 
+[1]: https://support.sonatype.com/hc/en-us/articles/217542177-Using-Self-Signed-Certificates-with-Nexus-Repository-Manager-and-Docker-Daemon

docker-compose.yml

@@ -1,61 +1,72 @@
-# This version maps 
-# Jenkins to http://your-host/jenkins 
-# Sonar to   http://your-host/sonar
-# If you want to change the mapping you have to do
-# the following.
-# Jenkins: Edit Dockerfile of Jenkinst (--prefix=/jenkins) at top
-#          Edit location in the reverse-proxy.conf 
-# Sonar:   Edit sonar.properties in directory sonar.properties
-#          Edit location in the reverse-proxy.conf  
-
+#####################################
+# Don't touch this file is generated 
+# expecilly for: tom-VirtualBox
+###################################
+#
+# Consider to Backup  /home/tom/devstack-data
+#
 version: "3"
 services: 
-
   ngnix:
      build: nginx-reverse
      ports: 
-       - "80:80"
-
+       - "80:80"       #http:// 
+       # SSH Bypassing into gitlab, if you want to change this edit nginx.conf also
+       - "2222:2222"   #ssh port of gitlab (ssh://git@myhostname:2222/scott/foo.git)
+       - "5555:5555"   #Gitlab Docker Registry do NOT use 5000, this is an internal PORT of the gitlab-ce Image
   jenkins-fat:
     build: jenkins-fat
-    # Change this if your lokal-DNS Server does not match, use to resolve your local host via local DNS
     dns: 192.168.178.1
     volumes:
-      - jenkins_home:/var/jenkins_home 
+      - /home/tom/devstack-data/jenkins:/var/jenkins_home 
       - /var/run/docker.sock:/var/run/docker.sock
   sonar-db:
     image: postgres
     environment:
       - POSTGRES_USER=sonar
       - POSTGRES_PASSWORD=sonar
     volumes:
-      - postgresql:/var/lib/postgresql
+      - /home/tom/devstack-data/sonar-db/postgresql:/var/lib/postgresql
       # This needs explicit mapping due to 
       # https://github.com/docker-library/postgres/blob/4e48e3228a30763913ece952c611e5e9b95c8759/Dockerfile.template#L52
-      - postgresql_data:/var/lib/postgresql/data
-
+      - /home/tom/devstack-data/sonar-db/postgresql_data:/var/lib/postgresql/data
   sonar:
-    build: sonarqube-custom
-    # Change this if your lokal-DNS Server does not match,  use to resolve your local host via local DNS
+    image: sonarqube
     dns: 192.168.178.1
     environment:
       - SONARQUBE_JDBC_URL=jdbc:postgresql://sonar-db:5432/sonar
     volumes:
-      - sonarqube_conf:/opt/sonarqube/conf
-      - sonarqube_data:/opt/sonarqube/data
-      - sonarqube_extensions:/opt/sonarqube/extensions
-      - sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins
-
-#These are docker-volumes, reside in /var/lib/docker
-# ... consider host-volumes if you want to have an easy backup
-volumes:
-  sonarqube_conf:
-  sonarqube_data:
-  sonarqube_extensions:
-  sonarqube_bundled-plugins:
-  postgresql:
-  postgresql_data:
-  jenkins_home:
-  jenkins_home_docker:
+      - /home/tom/devstack-data/sonar/sonarqube_conf:/opt/sonarqube/conf
+      - /home/tom/devstack-data/sonar/sonarqube_data:/opt/sonarqube/data
+      - /home/tom/devstack-data/sonar/sonarqube_extensions:/opt/sonarqube/extensions
+      - /home/tom/devstack-data/sonar/sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins
+  gitlab:
+    image: 'gitlab/gitlab-ce:latest'
+    dns: 192.168.178.1
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'http://tom-VirtualBox/gitlab'
+        gitlab_rails['gitlab_shell_ssh_port'] = 2222
+        # docker-registry config
+        registry_external_url 'https://tom-VirtualBox:5555'
+        registry_nginx['listen_port'] = 5555
+        registry_nginx['listen_https'] = true
+        # SSL config just for the docker-registry need
+        nginx['ssl_certificate'] = "/etc/gitlab/ssl/tom-VirtualBox.crt"
+        nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/tom-VirtualBox.key"
+        registry_nginx['proxy_set_headers'] = {
+        "X-Forwarded-Proto" => "https",
+        "X-Forwarded-Ssl" => "on"
+        }
+    volumes:
+      - /home/tom/devstack-data/gitlab/config:/etc/gitlab
+      - /home/tom/devstack-data/gitlab/logs:/var/log/gitlab
+      - /home/tom/devstack-data/gitlab/data:/var/opt/gitlab
+  nexus:
+    image: sonatype/nexus3
+    dns: 192.168.178.1
+    environment:
+      - NEXUS_CONTEXT=nexus
+    volumes:
+      - /home/tom/devstack-data/nexus:/nexus-data   
 
-

docker-compose.yml.template

@@ -0,0 +1,72 @@
+#####################################
+# Don't touch this file is generated 
+# expecilly for: HOSTNAME
+###################################
+#
+# Consider to Backup  BASE_DATA_DIR
+#
+version: "3"
+services: 
+  ngnix:
+     build: nginx-reverse
+     ports: 
+       - "80:80"       #http:// 
+       # SSH Bypassing into gitlab, if you want to change this edit nginx.conf also
+       - "2222:2222"   #ssh port of gitlab (ssh://git@myhostname:2222/scott/foo.git)
+       - "5555:5555"   #Gitlab Docker Registry do NOT use 5000, this is an internal PORT of the gitlab-ce Image
+  jenkins-fat:
+    build: jenkins-fat
+    dns: DNS_SERVER
+    volumes:
+      - BASE_DATA_DIR/jenkins:/var/jenkins_home 
+      - /var/run/docker.sock:/var/run/docker.sock
+  sonar-db:
+    image: postgres
+    environment:
+      - POSTGRES_USER=sonar
+      - POSTGRES_PASSWORD=sonar
+    volumes:
+      - BASE_DATA_DIR/sonar-db/postgresql:/var/lib/postgresql
+      # This needs explicit mapping due to 
+      # https://github.com/docker-library/postgres/blob/4e48e3228a30763913ece952c611e5e9b95c8759/Dockerfile.template#L52
+      - BASE_DATA_DIR/sonar-db/postgresql_data:/var/lib/postgresql/data
+  sonar:
+    image: sonarqube
+    dns: DNS_SERVER
+    environment:
+      - SONARQUBE_JDBC_URL=jdbc:postgresql://sonar-db:5432/sonar
+    volumes:
+      - BASE_DATA_DIR/sonar/sonarqube_conf:/opt/sonarqube/conf
+      - BASE_DATA_DIR/sonar/sonarqube_data:/opt/sonarqube/data
+      - BASE_DATA_DIR/sonar/sonarqube_extensions:/opt/sonarqube/extensions
+      - BASE_DATA_DIR/sonar/sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins
+  gitlab:
+    image: 'gitlab/gitlab-ce:latest'
+    dns: DNS_SERVER
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'http://HOSTNAME/gitlab'
+        gitlab_rails['gitlab_shell_ssh_port'] = 2222
+        # docker-registry config
+        registry_external_url 'https://HOSTNAME:5555'
+        registry_nginx['listen_port'] = 5555
+        registry_nginx['listen_https'] = true
+        # SSL config just for the docker-registry need
+        nginx['ssl_certificate'] = "/etc/gitlab/ssl/HOSTNAME.crt"
+        nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/HOSTNAME.key"
+        registry_nginx['proxy_set_headers'] = {
+        "X-Forwarded-Proto" => "https",
+        "X-Forwarded-Ssl" => "on"
+        }
+    volumes:
+      - BASE_DATA_DIR/gitlab/config:/etc/gitlab
+      - BASE_DATA_DIR/gitlab/logs:/var/log/gitlab
+      - BASE_DATA_DIR/gitlab/data:/var/opt/gitlab
+  nexus:
+    image: sonatype/nexus3
+    dns: DNS_SERVER
+    environment:
+      - NEXUS_CONTEXT=nexus
+    volumes:
+      - BASE_DATA_DIR/nexus:/nexus-data   
+

jenkins-fat/Dockerfile

@@ -4,24 +4,33 @@ ENV JAVA_VERSION=8 \
     JAVA_UPDATE=131 \
     JAVA_BUILD=11 \
     JAVA_HOME="/usr/lib/jvm/default-jvm"
+
 # update dpkg repositories and install tools
+
 RUN apt-get update 
-RUN apt-get install -y openjdk-8-jdk 
-RUN apt-get install -y --no-install-recommends apt-utils
-RUN apt-get install -y git 
-RUN apt-get install -y wget
-RUN apt-get install -y curl
-RUN apt-get install -y graphviz
+#------------ Open JDK
+RUN apt-get install -y openjdk-8-jdk
+#------------ Tools f Jenkins and apt-get to use SSL Repositorys
+RUN apt-get install -y --no-install-recommends apt-utils git wget curl graphviz \
+    apt-transport-https ca-certificates software-properties-common
+#------------ Docker
+RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg > docker-public-key && apt-key add docker-public-key && rm docker-public-key
+RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+RUN apt-get update && apt-get install -y docker-ce
+#------------ Docker Compose
+RUN curl -o /usr/bin/docker-compose -L "https://github.com/docker/compose/releases/download/1.15.0/docker-compose-$(uname -s)-$(uname -m)" \
+    && chmod +x /usr/bin/docker-compose
 
 ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
 
 # This is the line for the Jenkins prefix to set ... remember
 # to set the location in the  reverse-proxy.conf
 ENV JENKINS_OPTS="--webroot=/var/cache/jenkins/war --prefix=/jenkins"
-
+ENV GIT_SSL_NO_VERIFY=1
 #-----------------------------------------------
 #  install Oracle Java if you want ... and 
 #  remove the line "RUN apt-get install -y openjdk-8-jdk"
+# and uncomment the next lines
 #  above ... but openjdk is pretty good ! 
 #-----------------------------------------------
 #------------ Download
@@ -40,14 +49,11 @@ RUN wget --no-verbose -O /tmp/apache-maven-3.2.5.tar.gz http://archive.apache.or
 # verify checksum
 RUN echo "b2d88f02bd3a08a9df1f0b0126ebd8dc /tmp/apache-maven-3.2.5.tar.gz" | md5sum -c
 # install maven
-RUN tar xzf /tmp/apache-maven-3.2.5.tar.gz -C /opt/
-RUN ln -s /opt/apache-maven-3.2.5 /opt/maven
-ENV MAVEN_HOME /opt/maven
+RUN tar xzf /tmp/apache-maven-3.2.5.tar.gz -C /opt/ && ln -s /opt/apache-maven-3.2.5 /opt/maven
+ENV MAVEN_HOME /opt/maven 
 ENV PATH $MAVEN_HOME/bin:$JAVA_HOME/bin:$PATH
 
-RUN apt-get update && apt-get install -y  zip unzip
-RUN rm -rf /opt/java/src.zip && rm -rf /tmp/$filename 
-RUN rm -f /tmp/apache-maven-3.2.5.tar.gz
+RUN apt-get update && apt-get install -y  zip unzip && rm -rf /opt/java/src.zip && rm -rf /tmp/$filename && rm -f /tmp/apache-maven-3.2.5.tar.gz
 #------------------------------
 # install Jenkins
 #------------------------------
@@ -80,12 +86,12 @@ COPY init.groovy /usr/share/jenkins/ref/init.groovy.d/tcp-slave-agent-port.groov
 
 # jenkins version being bundled in this docker image 
 ARG JENKINS_VERSION
-ENV JENKINS_VERSION ${JENKINS_VERSION:-2.71}
+ENV JENKINS_VERSION ${JENKINS_VERSION:-2.79}
 
 # jenkins.war checksum, download will be validated using it
-ARG JENKINS_SHA=71b2b5ba6d7fca261325682639ba604b7b889e7e
+ARG JENKINS_SHA=272e035475837b5e1c4efb84c8b65949e3f658a3
 
-# Can be used to customize where jenkins.war get downloaded from http://updates.jenkins-ci.org/download/war/2.57/jenkins.war
+# Can be used to customize where jenkins.war get downloaded from http://updates.jenkins-ci.org/download/war/2.79/jenkins.war
 ARG JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/${JENKINS_VERSION}/jenkins-war-${JENKINS_VERSION}.war
 
 # could use ADD but this one does not check Last-Modified header neither does it allow to control checksum 
@@ -108,7 +114,6 @@ COPY jenkins.sh /usr/local/bin/jenkins.sh
 
 ENV JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.security.csrf.requestfield=crumb"
 
-
 ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/jenkins.sh"]
 #-----------------------------------------------
 # get all Plugins from existing Jenins
@@ -124,10 +129,6 @@ COPY install-plugins.sh /usr/local/bin/install-plugins.sh
 COPY plugins.txt /usr/share/jenkins/ref/
 RUN /usr/local/bin/plugins.sh /usr/share/jenkins/ref/plugins.txt
 
-
-
-
-
 USER root
 
 RUN apt-get clean