From 2e92051157e0044aa4076bc491128f93802392d5 Mon Sep 17 00:00:00 2001 From: tom Date: Thu, 21 Sep 2017 07:57:03 +0200 Subject: [PATCH] Toolstack more complete --- README.md | 80 +++++++-- docker-compose.yml | 85 +++++----- docker-compose.yml.template | 72 ++++++++ jenkins-fat/Dockerfile | 43 ++--- jenkins-fat/neu 5 | 22 +++ jenkins-fat/plugins.txt | 124 +++++++------- jenkins-fat/plugins.txt_SAVE | 156 ++++++++++++++++++ jenkins-fat/ssl-config | 35 ++++ nginx-reverse/Dockerfile | 1 + nginx-reverse/nginx.conf | 22 ++- nginx-reverse/reverse-proxy.conf | 50 ++++-- preconfig/jenkins/config.xml | 39 +++++ .../filepath-filters.d/30-default.conf | 43 +++++ preconfig/jenkins/secrets/hudson.util.Secret | Bin 0 -> 272 bytes .../secrets/jenkins.model.Jenkins.crumbSalt | 1 + .../jenkins.security.ApiTokenProperty.seed | 1 + preconfig/jenkins/secrets/master.key | 1 + ...les.instance_identity.InstanceIdentity.KEY | Bin 0 -> 272 bytes .../slave-to-master-security-kill-switch | 1 + .../whitelisted-callables.d/default.conf | 29 ++++ preconfig/jenkins/users/admin/config.xml | 35 ++++ .../sonar}/sonar.properties | 0 prepareCompose.sh | 97 +++++++++++ sonarqube-custom/Dockerfile | 3 - 24 files changed, 789 insertions(+), 151 deletions(-) create mode 100644 docker-compose.yml.template create mode 100644 jenkins-fat/neu 5 create mode 100644 jenkins-fat/plugins.txt_SAVE create mode 100644 jenkins-fat/ssl-config create mode 100644 preconfig/jenkins/config.xml create mode 100644 preconfig/jenkins/secrets/filepath-filters.d/30-default.conf create mode 100644 preconfig/jenkins/secrets/hudson.util.Secret create mode 100644 preconfig/jenkins/secrets/jenkins.model.Jenkins.crumbSalt create mode 100644 preconfig/jenkins/secrets/jenkins.security.ApiTokenProperty.seed create mode 100644 preconfig/jenkins/secrets/master.key create mode 100644 preconfig/jenkins/secrets/org.jenkinsci.main.modules.instance_identity.InstanceIdentity.KEY create mode 100644 preconfig/jenkins/secrets/slave-to-master-security-kill-switch create mode 100644 preconfig/jenkins/secrets/whitelisted-callables.d/default.conf create mode 100644 preconfig/jenkins/users/admin/config.xml rename {sonarqube-custom => preconfig/sonar}/sonar.properties (100%) create mode 100755 prepareCompose.sh delete mode 100644 sonarqube-custom/Dockerfile diff --git a/README.md b/README.md index 7dbf50a..fde590d 100644 --- a/README.md +++ b/README.md @@ -1,39 +1,87 @@ ## docker-local-build-environment -### Tired of endless installation and configuration .... ?! - -My personal solution is a local Build Environment with Jenkins full of plugins and sonar; ready in 60sec. with a -lokal, personal, continous build enviroment (maybe in future releses I just call it lpcbe). +##### Tired of endless installation and configuration .... ?! +My personal solution is a local Build Environment with Jenkins (over 200 plugins), Gitlab, Sonar and Nexus; ready in a few minutes. +Your own lokal, personal, continous build enviroment (maybe in future releases I just call it lpcbe). +### System requirements +* At least 8GB Memory with 3GB Swap and 10GB Disk-Space +* docker version >= 17.06.0 +* docker-compose version >= 1.15.0 +## Installation Bring up your own build environment ... just do a ``` - git clone https://github.com/Springjunky/docker-local-build-environment.git + https://github.com/Springjunky/docker-local-build-environment.git cd docker-local-build-environment - docker-compose up -d + sudo ./prepareCompose.sh + docker-compose up --build -d docker-compose logs ``` -open your favorite browser (_not_ at localhost, use http\://\/jenkins +### The first startup takes a long time (especially gitlab), so be patient + +open your favorite browser (_not_ at localhost, use the $(hostname)/jenkins ) to prevent jenkins spit out "your reverse proxy is wrong") -and cut and paste the jenkins first startup access-token (see logfile of compose-startup). ### Ready ! -Now you are ready to go with a little continouse build environment and Sonar code-quality check. +Now you are ready to go with a little CI/CD Environment: +``` + Jenkins http:///jenkins + Sonar http:///sonar + Nexus http:///nexus + Gitlab http:///gitlab +``` +#### Security +... not really, its all http .. don't worry about it! It's only local communication + +### Logins and Passwords + +|Image | User | Password | +|---|---|---| +|Jenkins| admin| admin | +|Sonar|admin|admin| +|Nexus | admin | admin123 | +|Gitlab | root | choosen Password | + +## The Tools +### Jenkins + +* MAVEN_HOME is /opt/maven +* JAVA_HOME is /usr/lib/jvm/java-8-openjdk-amd64 +* Blue Ocean is installed and works perfect with a GitHUB Account, not GitLab ... sorry, this is Jenkins. + You need to be logged in to use Blue Ocean -* Jenkins resides under http\://\/jenkins -* Sonar resides under http\://\/sonar +### Giltab + +* the docker-registry is at port 5555 (and secured with an openssl certificate ..thats part of + prepareCompose.sh), just create a project in gitlab and click at the registry tab to show + how to login to the project registry and how to tag your images +* ssh cloning and pushing is at port 2222 + +#### Jenkins and Gitlab + +Gitlab is very very fast with new releases and sometimes the api has breaking changes. If something does not work take a look at the Jenkins Bugtracker. + +### Sonar +You need to install some rules (Administration - System - Update Center - Available - Serach: Java) + +### Nexus +Some ToDo for me described here +[Unsecure docker-registry in Nexus][1] +use GitLab as a secured registry -After docker ist up you only have to configure your tools in Jenkins .. And _yes_ docker-plugin in jenkins works (docker in docker, usefull but not recommended) ### My next steps -* Pump up the Image with latest docker, ansible, gitlab and Sonatype Nexus to get a _full_ CI/CD Environment -* move the personal DNS-Server outsite the docker-compose (ENV) at this time it is hardcode in the compose-file -* optimze Dockerfiles to use less number of layers during build - +* give you some more preconfiguratiom +* apply a gitlab runner +* apply git-lfs + + +[1]: https://support.sonatype.com/hc/en-us/articles/217542177-Using-Self-Signed-Certificates-with-Nexus-Repository-Manager-and-Docker-Daemon \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 2daa52e..4aa36c9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,27 +1,24 @@ -# This version maps -# Jenkins to http://your-host/jenkins -# Sonar to http://your-host/sonar -# If you want to change the mapping you have to do -# the following. -# Jenkins: Edit Dockerfile of Jenkinst (--prefix=/jenkins) at top -# Edit location in the reverse-proxy.conf -# Sonar: Edit sonar.properties in directory sonar.properties -# Edit location in the reverse-proxy.conf - +##################################### +# Don't touch this file is generated +# expecilly for: tom-VirtualBox +################################### +# +# Consider to Backup /home/tom/devstack-data +# version: "3" services: - ngnix: build: nginx-reverse ports: - - "80:80" - + - "80:80" #http:// + # SSH Bypassing into gitlab, if you want to change this edit nginx.conf also + - "2222:2222" #ssh port of gitlab (ssh://git@myhostname:2222/scott/foo.git) + - "5555:5555" #Gitlab Docker Registry do NOT use 5000, this is an internal PORT of the gitlab-ce Image jenkins-fat: build: jenkins-fat - # Change this if your lokal-DNS Server does not match, use to resolve your local host via local DNS dns: 192.168.178.1 volumes: - - jenkins_home:/var/jenkins_home + - /home/tom/devstack-data/jenkins:/var/jenkins_home - /var/run/docker.sock:/var/run/docker.sock sonar-db: image: postgres @@ -29,33 +26,47 @@ services: - POSTGRES_USER=sonar - POSTGRES_PASSWORD=sonar volumes: - - postgresql:/var/lib/postgresql + - /home/tom/devstack-data/sonar-db/postgresql:/var/lib/postgresql # This needs explicit mapping due to # https://github.com/docker-library/postgres/blob/4e48e3228a30763913ece952c611e5e9b95c8759/Dockerfile.template#L52 - - postgresql_data:/var/lib/postgresql/data - + - /home/tom/devstack-data/sonar-db/postgresql_data:/var/lib/postgresql/data sonar: - build: sonarqube-custom - # Change this if your lokal-DNS Server does not match, use to resolve your local host via local DNS + image: sonarqube dns: 192.168.178.1 environment: - SONARQUBE_JDBC_URL=jdbc:postgresql://sonar-db:5432/sonar volumes: - - sonarqube_conf:/opt/sonarqube/conf - - sonarqube_data:/opt/sonarqube/data - - sonarqube_extensions:/opt/sonarqube/extensions - - sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins - -#These are docker-volumes, reside in /var/lib/docker -# ... consider host-volumes if you want to have an easy backup -volumes: - sonarqube_conf: - sonarqube_data: - sonarqube_extensions: - sonarqube_bundled-plugins: - postgresql: - postgresql_data: - jenkins_home: - jenkins_home_docker: + - /home/tom/devstack-data/sonar/sonarqube_conf:/opt/sonarqube/conf + - /home/tom/devstack-data/sonar/sonarqube_data:/opt/sonarqube/data + - /home/tom/devstack-data/sonar/sonarqube_extensions:/opt/sonarqube/extensions + - /home/tom/devstack-data/sonar/sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins + gitlab: + image: 'gitlab/gitlab-ce:latest' + dns: 192.168.178.1 + environment: + GITLAB_OMNIBUS_CONFIG: | + external_url 'http://tom-VirtualBox/gitlab' + gitlab_rails['gitlab_shell_ssh_port'] = 2222 + # docker-registry config + registry_external_url 'https://tom-VirtualBox:5555' + registry_nginx['listen_port'] = 5555 + registry_nginx['listen_https'] = true + # SSL config just for the docker-registry need + nginx['ssl_certificate'] = "/etc/gitlab/ssl/tom-VirtualBox.crt" + nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/tom-VirtualBox.key" + registry_nginx['proxy_set_headers'] = { + "X-Forwarded-Proto" => "https", + "X-Forwarded-Ssl" => "on" + } + volumes: + - /home/tom/devstack-data/gitlab/config:/etc/gitlab + - /home/tom/devstack-data/gitlab/logs:/var/log/gitlab + - /home/tom/devstack-data/gitlab/data:/var/opt/gitlab + nexus: + image: sonatype/nexus3 + dns: 192.168.178.1 + environment: + - NEXUS_CONTEXT=nexus + volumes: + - /home/tom/devstack-data/nexus:/nexus-data - diff --git a/docker-compose.yml.template b/docker-compose.yml.template new file mode 100644 index 0000000..99c5b3d --- /dev/null +++ b/docker-compose.yml.template @@ -0,0 +1,72 @@ +##################################### +# Don't touch this file is generated +# expecilly for: HOSTNAME +################################### +# +# Consider to Backup BASE_DATA_DIR +# +version: "3" +services: + ngnix: + build: nginx-reverse + ports: + - "80:80" #http:// + # SSH Bypassing into gitlab, if you want to change this edit nginx.conf also + - "2222:2222" #ssh port of gitlab (ssh://git@myhostname:2222/scott/foo.git) + - "5555:5555" #Gitlab Docker Registry do NOT use 5000, this is an internal PORT of the gitlab-ce Image + jenkins-fat: + build: jenkins-fat + dns: DNS_SERVER + volumes: + - BASE_DATA_DIR/jenkins:/var/jenkins_home + - /var/run/docker.sock:/var/run/docker.sock + sonar-db: + image: postgres + environment: + - POSTGRES_USER=sonar + - POSTGRES_PASSWORD=sonar + volumes: + - BASE_DATA_DIR/sonar-db/postgresql:/var/lib/postgresql + # This needs explicit mapping due to + # https://github.com/docker-library/postgres/blob/4e48e3228a30763913ece952c611e5e9b95c8759/Dockerfile.template#L52 + - BASE_DATA_DIR/sonar-db/postgresql_data:/var/lib/postgresql/data + sonar: + image: sonarqube + dns: DNS_SERVER + environment: + - SONARQUBE_JDBC_URL=jdbc:postgresql://sonar-db:5432/sonar + volumes: + - BASE_DATA_DIR/sonar/sonarqube_conf:/opt/sonarqube/conf + - BASE_DATA_DIR/sonar/sonarqube_data:/opt/sonarqube/data + - BASE_DATA_DIR/sonar/sonarqube_extensions:/opt/sonarqube/extensions + - BASE_DATA_DIR/sonar/sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins + gitlab: + image: 'gitlab/gitlab-ce:latest' + dns: DNS_SERVER + environment: + GITLAB_OMNIBUS_CONFIG: | + external_url 'http://HOSTNAME/gitlab' + gitlab_rails['gitlab_shell_ssh_port'] = 2222 + # docker-registry config + registry_external_url 'https://HOSTNAME:5555' + registry_nginx['listen_port'] = 5555 + registry_nginx['listen_https'] = true + # SSL config just for the docker-registry need + nginx['ssl_certificate'] = "/etc/gitlab/ssl/HOSTNAME.crt" + nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/HOSTNAME.key" + registry_nginx['proxy_set_headers'] = { + "X-Forwarded-Proto" => "https", + "X-Forwarded-Ssl" => "on" + } + volumes: + - BASE_DATA_DIR/gitlab/config:/etc/gitlab + - BASE_DATA_DIR/gitlab/logs:/var/log/gitlab + - BASE_DATA_DIR/gitlab/data:/var/opt/gitlab + nexus: + image: sonatype/nexus3 + dns: DNS_SERVER + environment: + - NEXUS_CONTEXT=nexus + volumes: + - BASE_DATA_DIR/nexus:/nexus-data + diff --git a/jenkins-fat/Dockerfile b/jenkins-fat/Dockerfile index a0097d9..e1b8d04 100644 --- a/jenkins-fat/Dockerfile +++ b/jenkins-fat/Dockerfile @@ -4,24 +4,33 @@ ENV JAVA_VERSION=8 \ JAVA_UPDATE=131 \ JAVA_BUILD=11 \ JAVA_HOME="/usr/lib/jvm/default-jvm" + # update dpkg repositories and install tools + RUN apt-get update -RUN apt-get install -y openjdk-8-jdk -RUN apt-get install -y --no-install-recommends apt-utils -RUN apt-get install -y git -RUN apt-get install -y wget -RUN apt-get install -y curl -RUN apt-get install -y graphviz +#------------ Open JDK +RUN apt-get install -y openjdk-8-jdk +#------------ Tools f Jenkins and apt-get to use SSL Repositorys +RUN apt-get install -y --no-install-recommends apt-utils git wget curl graphviz \ + apt-transport-https ca-certificates software-properties-common +#------------ Docker +RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg > docker-public-key && apt-key add docker-public-key && rm docker-public-key +RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" +RUN apt-get update && apt-get install -y docker-ce +#------------ Docker Compose +RUN curl -o /usr/bin/docker-compose -L "https://github.com/docker/compose/releases/download/1.15.0/docker-compose-$(uname -s)-$(uname -m)" \ + && chmod +x /usr/bin/docker-compose ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64 # This is the line for the Jenkins prefix to set ... remember # to set the location in the reverse-proxy.conf ENV JENKINS_OPTS="--webroot=/var/cache/jenkins/war --prefix=/jenkins" - +ENV GIT_SSL_NO_VERIFY=1 #----------------------------------------------- # install Oracle Java if you want ... and # remove the line "RUN apt-get install -y openjdk-8-jdk" +# and uncomment the next lines # above ... but openjdk is pretty good ! #----------------------------------------------- #------------ Download @@ -40,14 +49,11 @@ RUN wget --no-verbose -O /tmp/apache-maven-3.2.5.tar.gz http://archive.apache.or # verify checksum RUN echo "b2d88f02bd3a08a9df1f0b0126ebd8dc /tmp/apache-maven-3.2.5.tar.gz" | md5sum -c # install maven -RUN tar xzf /tmp/apache-maven-3.2.5.tar.gz -C /opt/ -RUN ln -s /opt/apache-maven-3.2.5 /opt/maven -ENV MAVEN_HOME /opt/maven +RUN tar xzf /tmp/apache-maven-3.2.5.tar.gz -C /opt/ && ln -s /opt/apache-maven-3.2.5 /opt/maven +ENV MAVEN_HOME /opt/maven ENV PATH $MAVEN_HOME/bin:$JAVA_HOME/bin:$PATH -RUN apt-get update && apt-get install -y zip unzip -RUN rm -rf /opt/java/src.zip && rm -rf /tmp/$filename -RUN rm -f /tmp/apache-maven-3.2.5.tar.gz +RUN apt-get update && apt-get install -y zip unzip && rm -rf /opt/java/src.zip && rm -rf /tmp/$filename && rm -f /tmp/apache-maven-3.2.5.tar.gz #------------------------------ # install Jenkins #------------------------------ @@ -80,12 +86,12 @@ COPY init.groovy /usr/share/jenkins/ref/init.groovy.d/tcp-slave-agent-port.groov # jenkins version being bundled in this docker image ARG JENKINS_VERSION -ENV JENKINS_VERSION ${JENKINS_VERSION:-2.71} +ENV JENKINS_VERSION ${JENKINS_VERSION:-2.79} # jenkins.war checksum, download will be validated using it -ARG JENKINS_SHA=71b2b5ba6d7fca261325682639ba604b7b889e7e +ARG JENKINS_SHA=272e035475837b5e1c4efb84c8b65949e3f658a3 -# Can be used to customize where jenkins.war get downloaded from http://updates.jenkins-ci.org/download/war/2.57/jenkins.war +# Can be used to customize where jenkins.war get downloaded from http://updates.jenkins-ci.org/download/war/2.79/jenkins.war ARG JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/${JENKINS_VERSION}/jenkins-war-${JENKINS_VERSION}.war # could use ADD but this one does not check Last-Modified header neither does it allow to control checksum @@ -108,7 +114,6 @@ COPY jenkins.sh /usr/local/bin/jenkins.sh ENV JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.security.csrf.requestfield=crumb" - ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/jenkins.sh"] #----------------------------------------------- # get all Plugins from existing Jenins @@ -124,10 +129,6 @@ COPY install-plugins.sh /usr/local/bin/install-plugins.sh COPY plugins.txt /usr/share/jenkins/ref/ RUN /usr/local/bin/plugins.sh /usr/share/jenkins/ref/plugins.txt - - - - USER root RUN apt-get clean diff --git a/jenkins-fat/neu 5 b/jenkins-fat/neu 5 new file mode 100644 index 0000000..d89d6d2 --- /dev/null +++ b/jenkins-fat/neu 5 @@ -0,0 +1,22 @@ + +server { + listen 443 ssl; + + access_log on; + server_name ""; + ssl_certificate /etc/nginx/ssl/nginx.crt; # fügt Zertifikat hinzu + ssl_certificate_key /etc/nginx/ssl/nginx.key; # fügt privaten Schlüssel hinzu + + ssl on; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; + ssl_prefer_server_ciphers on; + + location ^~ /securejenkins/ { + + proxy_pass https://jenkins-fat:8080; + include /etc/nginx/conf.d/proxy-settings.conf; + } + +} diff --git a/jenkins-fat/plugins.txt b/jenkins-fat/plugins.txt index 4a4503c..2272c52 100644 --- a/jenkins-fat/plugins.txt +++ b/jenkins-fat/plugins.txt @@ -1,21 +1,23 @@ jobgenerator:1.22 -git:3.4.1 +git:3.5.1 pipeline-stage-step:2.2 -credentials:2.1.14 -structs:1.9 -workflow-cps:2.36.1 -git-changelog:1.50 +credentials:2.1.16 +mercurial:2.1 +structs:1.10 +workflow-cps:2.40 +git-changelog:1.52 nested-view:1.14 workflow-scm-step:2.6 ruby-runtime:0.12 docker-build-step:1.43 github-api:1.86 -analysis-core:1.90 +htmlpublisher:1.14 +analysis-core:1.92 custom-view-tabs:1.3 -github:1.27.0 +github:1.28.0 mailer:1.20 -gitlab-plugin:1.4.7 -pipeline-model-extensions:1.1.8 +gitlab-plugin:1.4.8 +pipeline-model-extensions:1.1.9 checkstyle:3.49 ws-cleanup:0.34 pubsub-light:1.12 @@ -24,133 +26,137 @@ dynamic-search-view:0.2.2 report-info:1.0 m2release:0.14.0 release:2.8 -blueocean-commons:1.1.5 +blueocean-commons:1.2.4 pipeline-build-step:2.5.1 -workflow-job:2.13 -config-file-provider:2.16.0 +workflow-job:2.14.1 +config-file-provider:2.16.3 dashboard-view:2.9.11 docker-slaves:1.0.7 -blueocean-display-url:2.0 +blueocean-display-url:2.1.0 greenballs:1.15 -cloudbees-folder:6.1.0 -pipeline-input-step:2.7 -blueocean-dashboard:1.1.5 +cloudbees-folder:6.1.2 +pipeline-input-step:2.8 +blueocean-dashboard:1.2.4 docker-commons:1.8 jdepend:1.2.4 icon-shim:2.0.3 bouncycastle-api:2.16.2 javadoc:1.4 -blueocean-i18n:1.1.5 +blueocean-i18n:1.2.4 workflow-aggregator:2.5 plain-credentials:1.4 subversion:2.9 metrics:3.1.2.10 maven-dependency-update-trigger:1.5 -dependency-check-jenkins-plugin:2.1.0 -git-parameter:0.8.0 +dependency-check-jenkins-plugin:2.1.1 +git-parameter:0.8.1 display-url-api:2.0 blueocean-autofavorite:1.0.0 git-server:1.7 timestamper:1.8.8 build-metrics:1.3 -workflow-cps-global-lib:2.8 +workflow-cps-global-lib:2.9 analysis-collector:1.52 -workflow-api:2.19 +workflow-api:2.20 jquery-detached:1.2.1 findbugs:4.71 extended-choice-parameter:0.76 -github-branch-source:2.2.2 +github-branch-source:2.2.3 pipeline-model-declarative-agent:1.1.1 -blueocean:1.1.5 +blueocean:1.2.4 junit-attachments:1.4.2 handlebars:1.1.1 -docker-workflow:1.12 -blueocean-pipeline-scm-api:1.1.5 -blueocean-rest:1.1.5 +docker-workflow:1.13 +blueocean-pipeline-scm-api:1.2.4 +blueocean-rest:1.2.4 maven-plugin:2.17 -ldap:1.16 +ldap:1.17 docker-custom-build-environment:1.6.5 github-organization-folder:1.6 pipeline-multibranch-defaults:1.1 build-view-column:0.3 -jquery:1.11.2-0 +jquery:1.11.2-1 dependencyanalyzer:0.7 jackson2-api:2.7.3 windows-slaves:1.3.1 JDK_Parameter_Plugin:1.0 -blueocean-config:1.1.5 -pipeline-stage-tags-metadata:1.1.8 -blueocean-pipeline-editor:0.2.0 +blueocean-config:1.2.4 +pipeline-stage-tags-metadata:1.1.9 +blueocean-pipeline-editor:1.2.4 rebuild:1.25 codecover:1.1 -blueocean-jwt:1.1.5 +blueocean-jwt:1.2.4 pipeline-github-lib:1.0 -blueocean-rest-impl:1.1.5 -blueocean-web:1.1.5 -pipeline-graph-analysis:1.4 +blueocean-rest-impl:1.2.4 +blueocean-web:1.2.4 +pipeline-graph-analysis:1.5 branch-api:2.0.11 matrix-auth:1.7 sonar:2.6.1 antisamy-markup-formatter:1.5 variant:1.1 sse-gateway:1.15 -scm-api:2.2.0 -ant:1.5 -email-ext:2.58 -blueocean-pipeline-api-impl:1.1.5 -credentials-binding:1.12 -git-client:2.4.6 +scm-api:2.2.2 +ant:1.7 +email-ext:2.60 +blueocean-pipeline-api-impl:1.2.4 +credentials-binding:1.13 +git-client:2.5.0 build-with-parameters:1.4 -blueocean-events:1.1.5 +blueocean-events:1.2.4 depgraph-view:0.11 favorite:2.3.0 -token-macro:2.1 +token-macro:2.3 mapdb-api:1.0.9.0 gitlab-hook:1.4.2 -blueocean-git-pipeline:1.1.5 +blueocean-git-pipeline:1.2.4 ansible:0.6.2 -script-security:1.29.1 -pipeline-model-definition:1.1.8 -workflow-durable-task-step:2.12 +script-security:1.34 +pipeline-model-definition:1.1.9 +workflow-durable-task-step:2.15 conditional-buildstep:1.3.6 workflow-step-api:2.12 momentjs:1.1.1 -pipeline-stage-view:2.8 +pipeline-stage-view:2.9 workflow-basic-steps:2.6 -ssh-slaves:1.20 +ssh-slaves:1.21 workflow-multibranch:2.16 -junit:1.20 +junit:1.21 +blueocean-jira:1.2.4 gitlab-oauth:1.0.9 jquery-ui:1.0.2 -blueocean-github-pipeline:1.1.5 +blueocean-github-pipeline:1.2.4 run-condition:1.0 build-timeout:1.18 downstream-buildview:1.9 gitlab-logo:1.0.3 -delivery-pipeline-plugin:1.0.3 +delivery-pipeline-plugin:1.0.5 ssh-credentials:1.13 pam-auth:1.3 +blueocean-bitbucket-pipeline:1.2.4 dockerhub-notification:2.2.0 authentication-tokens:1.3 docker-build-publish:1.3.2 -blueocean-personalization:1.1.5 -pipeline-rest-api:2.8 +jira:2.4.2 +blueocean-personalization:1.2.4 +pipeline-rest-api:2.9 pipeline-milestone-step:1.3.1 -job-dsl:1.64 +job-dsl:1.65 durable-task:1.14 parallel-test-executor:1.9 matrix-project:1.11 all-changes:1.5 global-build-stats:1.4 -resource-disposer:0.6 +resource-disposer:0.8 ace-editor:1.1 -cobertura:1.10 +cobertura:1.11 workflow-support:2.14 external-monitor-job:1.7 build-environment:1.6 async-http-client:1.7.24.1 +cloudbees-bitbucket-branch-source:2.2.3 build-monitor-plugin:1.12+build.201704111018 -pipeline-model-api:1.1.8 +pipeline-model-api:1.1.9 gradle:1.27.1 compact-columns:1.10 -parameterized-trigger:2.35.1 +parameterized-trigger:2.35.2 diff --git a/jenkins-fat/plugins.txt_SAVE b/jenkins-fat/plugins.txt_SAVE new file mode 100644 index 0000000..4a4503c --- /dev/null +++ b/jenkins-fat/plugins.txt_SAVE @@ -0,0 +1,156 @@ +jobgenerator:1.22 +git:3.4.1 +pipeline-stage-step:2.2 +credentials:2.1.14 +structs:1.9 +workflow-cps:2.36.1 +git-changelog:1.50 +nested-view:1.14 +workflow-scm-step:2.6 +ruby-runtime:0.12 +docker-build-step:1.43 +github-api:1.86 +analysis-core:1.90 +custom-view-tabs:1.3 +github:1.27.0 +mailer:1.20 +gitlab-plugin:1.4.7 +pipeline-model-extensions:1.1.8 +checkstyle:3.49 +ws-cleanup:0.34 +pubsub-light:1.12 +build-pipeline-plugin:1.5.7.1 +dynamic-search-view:0.2.2 +report-info:1.0 +m2release:0.14.0 +release:2.8 +blueocean-commons:1.1.5 +pipeline-build-step:2.5.1 +workflow-job:2.13 +config-file-provider:2.16.0 +dashboard-view:2.9.11 +docker-slaves:1.0.7 +blueocean-display-url:2.0 +greenballs:1.15 +cloudbees-folder:6.1.0 +pipeline-input-step:2.7 +blueocean-dashboard:1.1.5 +docker-commons:1.8 +jdepend:1.2.4 +icon-shim:2.0.3 +bouncycastle-api:2.16.2 +javadoc:1.4 +blueocean-i18n:1.1.5 +workflow-aggregator:2.5 +plain-credentials:1.4 +subversion:2.9 +metrics:3.1.2.10 +maven-dependency-update-trigger:1.5 +dependency-check-jenkins-plugin:2.1.0 +git-parameter:0.8.0 +display-url-api:2.0 +blueocean-autofavorite:1.0.0 +git-server:1.7 +timestamper:1.8.8 +build-metrics:1.3 +workflow-cps-global-lib:2.8 +analysis-collector:1.52 +workflow-api:2.19 +jquery-detached:1.2.1 +findbugs:4.71 +extended-choice-parameter:0.76 +github-branch-source:2.2.2 +pipeline-model-declarative-agent:1.1.1 +blueocean:1.1.5 +junit-attachments:1.4.2 +handlebars:1.1.1 +docker-workflow:1.12 +blueocean-pipeline-scm-api:1.1.5 +blueocean-rest:1.1.5 +maven-plugin:2.17 +ldap:1.16 +docker-custom-build-environment:1.6.5 +github-organization-folder:1.6 +pipeline-multibranch-defaults:1.1 +build-view-column:0.3 +jquery:1.11.2-0 +dependencyanalyzer:0.7 +jackson2-api:2.7.3 +windows-slaves:1.3.1 +JDK_Parameter_Plugin:1.0 +blueocean-config:1.1.5 +pipeline-stage-tags-metadata:1.1.8 +blueocean-pipeline-editor:0.2.0 +rebuild:1.25 +codecover:1.1 +blueocean-jwt:1.1.5 +pipeline-github-lib:1.0 +blueocean-rest-impl:1.1.5 +blueocean-web:1.1.5 +pipeline-graph-analysis:1.4 +branch-api:2.0.11 +matrix-auth:1.7 +sonar:2.6.1 +antisamy-markup-formatter:1.5 +variant:1.1 +sse-gateway:1.15 +scm-api:2.2.0 +ant:1.5 +email-ext:2.58 +blueocean-pipeline-api-impl:1.1.5 +credentials-binding:1.12 +git-client:2.4.6 +build-with-parameters:1.4 +blueocean-events:1.1.5 +depgraph-view:0.11 +favorite:2.3.0 +token-macro:2.1 +mapdb-api:1.0.9.0 +gitlab-hook:1.4.2 +blueocean-git-pipeline:1.1.5 +ansible:0.6.2 +script-security:1.29.1 +pipeline-model-definition:1.1.8 +workflow-durable-task-step:2.12 +conditional-buildstep:1.3.6 +workflow-step-api:2.12 +momentjs:1.1.1 +pipeline-stage-view:2.8 +workflow-basic-steps:2.6 +ssh-slaves:1.20 +workflow-multibranch:2.16 +junit:1.20 +gitlab-oauth:1.0.9 +jquery-ui:1.0.2 +blueocean-github-pipeline:1.1.5 +run-condition:1.0 +build-timeout:1.18 +downstream-buildview:1.9 +gitlab-logo:1.0.3 +delivery-pipeline-plugin:1.0.3 +ssh-credentials:1.13 +pam-auth:1.3 +dockerhub-notification:2.2.0 +authentication-tokens:1.3 +docker-build-publish:1.3.2 +blueocean-personalization:1.1.5 +pipeline-rest-api:2.8 +pipeline-milestone-step:1.3.1 +job-dsl:1.64 +durable-task:1.14 +parallel-test-executor:1.9 +matrix-project:1.11 +all-changes:1.5 +global-build-stats:1.4 +resource-disposer:0.6 +ace-editor:1.1 +cobertura:1.10 +workflow-support:2.14 +external-monitor-job:1.7 +build-environment:1.6 +async-http-client:1.7.24.1 +build-monitor-plugin:1.12+build.201704111018 +pipeline-model-api:1.1.8 +gradle:1.27.1 +compact-columns:1.10 +parameterized-trigger:2.35.1 diff --git a/jenkins-fat/ssl-config b/jenkins-fat/ssl-config new file mode 100644 index 0000000..c6a9913 --- /dev/null +++ b/jenkins-fat/ssl-config @@ -0,0 +1,35 @@ + server { + listen *:443 ssl; + + access_log on; + server_name ""; + ssl_certificate /etc/nginx/ssl/nginx.crt; # fügt Zertifikat hinzu + ssl_certificate_key /etc/nginx/ssl/nginx.key; # fügt privaten Schlüssel hinzu + ssl on; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; + ssl_prefer_server_ciphers on;## + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; + + # Same like ENV JENKINS_OPTS=.....--prefix=/jenkins in jenkins-fat/Jenkins-Dockerfile + location ^~/jenkins/ { + proxy_pass http://jenkins-fat:8080; + include /etc/nginx/conf.d/proxy-settings.conf; + } + location ^~/gitlab/ { + proxy_pass http://gitlab:80; + include /etc/nginx/conf.d/proxy-settings.conf; + } + location ^~/nexus/ { + proxy_pass http://nexus:8081; + } + # Same like sonar.web.context=/sonar in preconfig/sonar/sonar.properties + location ^~/sonar/ { + proxy_pass http://sonar:9000; + include /etc/nginx/conf.d/proxy-settings.conf; + } + } diff --git a/nginx-reverse/Dockerfile b/nginx-reverse/Dockerfile index d25ebea..1586a21 100644 --- a/nginx-reverse/Dockerfile +++ b/nginx-reverse/Dockerfile @@ -4,5 +4,6 @@ RUN rm /etc/nginx/conf.d/default.conf RUN rm /etc/nginx/nginx.conf COPY reverse-proxy.conf /etc/nginx/conf.d/reverse-proxy.conf +COPY nginx.* /etc/nginx/ssl/ COPY nginx.conf /etc/nginx/nginx.conf COPY proxy-settings.conf /etc/nginx/conf.d/proxy-settings.conf \ No newline at end of file diff --git a/nginx-reverse/nginx.conf b/nginx-reverse/nginx.conf index f687345..5f8760a 100644 --- a/nginx-reverse/nginx.conf +++ b/nginx-reverse/nginx.conf @@ -1,4 +1,4 @@ -# Docker docu says turn daemon off - but it produces errors if you do;the +# Docker doco says turn daemon off - but it produces errors if you do;the # NGINX Docker container now wires this in for you # daemon off; user nginx; @@ -18,9 +18,12 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_headers_hash_max_size 1024; + proxy_headers_hash_bucket_size 512; + default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + log_format main '$remote_addr - $remote_user [$time_local] "["servername:"$server_name"uri:"$request_uri] $request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; @@ -30,6 +33,7 @@ http { #tcp_nopush on; keepalive_timeout 65; + # Cope with large file uploads; needed to publish plugins, amongst other things. client_max_body_size 300m; @@ -49,3 +53,17 @@ http { # include sub-config files, especially the jenkins server include /etc/nginx/conf.d/*.conf; } + +# Stream Pass for Passtrough SSL Connections +stream { + server { + listen 5555; + proxy_pass gitlab:5555; + } + server { + listen 2222; + proxy_pass gitlab:22; + + } +} + diff --git a/nginx-reverse/reverse-proxy.conf b/nginx-reverse/reverse-proxy.conf index 4512d33..264fb21 100644 --- a/nginx-reverse/reverse-proxy.conf +++ b/nginx-reverse/reverse-proxy.conf @@ -1,19 +1,43 @@ +# Setting all teh prefixes is a crazy .. server { listen 80; - server_name ""; - + server_name "" ; access_log on; + + # Same like external_url 'http://HOSTNAME/gitlab' in docker-compose + location ^~/gitlab { + proxy_pass http://gitlab:80; + include /etc/nginx/conf.d/proxy-settings.conf; + } + + # Same like ENV JENKINS_OPTS=.....--prefix=/jenkins in jenkins-fat/Jenkins-Dockerfile + location ^~/jenkins { + proxy_pass http://jenkins-fat:8080; + include /etc/nginx/conf.d/proxy-settings.conf; + } + + # Same like NEXUS_CONTEXT=nexus in docker-compose + location ^~/nexus { + proxy_pass http://nexus:8081; + include /etc/nginx/conf.d/proxy-settings.conf; + } + + # Same like sonar.web.context=/sonar in preconfig/sonar/sonar.properties + location ^~/sonar { + proxy_pass http://sonar:9000; + include /etc/nginx/conf.d/proxy-settings.conf; + } + } + + + + + + + + + + - # Same like --prefix=/jenkins in Jenkins-Dockerfile - location ^~ /jenkins/ { - proxy_pass http://jenkins-fat:8080; - include /etc/nginx/conf.d/proxy-settings.conf; - } - # Same like sonar.web.context=/sonar in sonar.properties - location ^~ /sonar/ { - proxy_pass http://sonar:9000; - include /etc/nginx/conf.d/proxy-settings.conf; - } -} \ No newline at end of file diff --git a/preconfig/jenkins/config.xml b/preconfig/jenkins/config.xml new file mode 100644 index 0000000..9b770c8 --- /dev/null +++ b/preconfig/jenkins/config.xml @@ -0,0 +1,39 @@ + + + + 1.0 + 2 + NORMAL + true + + true + + + true + false + + false + + ${JENKINS_HOME}/workspace/${ITEM_FULLNAME} + ${ITEM_ROOTDIR}/builds + + + + + + 0 + + + + all + false + false + + + + all + 50000 + + + + \ No newline at end of file diff --git a/preconfig/jenkins/secrets/filepath-filters.d/30-default.conf b/preconfig/jenkins/secrets/filepath-filters.d/30-default.conf new file mode 100644 index 0000000..0905bd0 --- /dev/null +++ b/preconfig/jenkins/secrets/filepath-filters.d/30-default.conf @@ -0,0 +1,43 @@ +# GENERATED FILE. DO NOT MODIFY. +# +# This file is for Jenkins core developers to list what we think are the best filtering rules +# for apparently harmless accesses to files on the Jenkins master from slaves. +# +# To override these rules, place *.conf files by other names into this folder. Files are sorted +# before parsed, so using a lower number allows you to override what we have here. This file +# gets overwritten every time Jenkins starts. +# +# See https://jenkins.io/redirect/security-144 for more details. + +# This directory contains credentials, master encryption keys, and other sensitive information +# that slaves have absolutely no business with. +# Unless there are rules in other files allowing access to other portions of $JENKINS_HOME, +# this rule as it stands here has no effect, because anything left unspecified is rejected. +deny all /secrets($|/.*) + +# User content is publicly readable, so quite safe for slaves to read, too. +# (The xunit plugin is known to read from here.) +# https://jenkins.io/redirect/user-content-directory +allow read,stat /userContent($|/.*) + +# In the next rule we grant general access under build directories, so first we protect +# the actual build record that Jenkins core reads, which nothing should be touching. +deny all /build.xml +# Similarly for Pipeline build (WorkflowRun) metadata: +deny all /program.dat +deny all /workflow($|/.*) + +# Various plugins read/write files under build directories, so allow them all. +# - git 1.x writes changelog.xml from the slave (2.x writes from the master so need not be listed) +# - analysis-core and plugins based on it write reports to workspace-files/ +# - cobertura writes coverage.xml +# - violations writes violations.xml and other content under violations/ +# - dependency-check writes archive/artifacts.txt +# But not allowing deletion to prevent data loss and symlink to prevent jailbreaking. +allow create,mkdirs,read,stat,write /.+ + +# cobertura also writes out annotated sources to a dir under the job: +allow create,mkdirs,read,stat,write /jobs/.+/cobertura.* + +# all the other accesses that aren't specified here will be left up to other rules in this directory. +# if no rules in those other files matches, then the access will be rejected. diff --git a/preconfig/jenkins/secrets/hudson.util.Secret b/preconfig/jenkins/secrets/hudson.util.Secret new file mode 100644 index 0000000000000000000000000000000000000000..e4c9f84f486a1a407835dba7e47e188adda56453 GIT binary patch literal 272 zcmV+r0q_3d#Gi(uuNH26+I3;fXH=a~`tnv?j2`s3ao}uj=8qUAs<5w7L~95&^d`xo z+XfVXnB)OAOBasSKU4Wx@xypd4+^O4VjGyM zImDHbpAXR!_BE~YZz~I%iJNk-i}o4vIayQ;DL Wf|PuL1Ekm}+jpU#i8ez`)TV|1jEFA) literal 0 HcmV?d00001 diff --git a/preconfig/jenkins/secrets/jenkins.model.Jenkins.crumbSalt b/preconfig/jenkins/secrets/jenkins.model.Jenkins.crumbSalt new file mode 100644 index 0000000..a7f204d --- /dev/null +++ b/preconfig/jenkins/secrets/jenkins.model.Jenkins.crumbSalt @@ -0,0 +1 @@ + `LRTG4a J`R. \ No newline at end of file diff --git a/preconfig/jenkins/secrets/jenkins.security.ApiTokenProperty.seed b/preconfig/jenkins/secrets/jenkins.security.ApiTokenProperty.seed new file mode 100644 index 0000000..cc7f08a --- /dev/null +++ b/preconfig/jenkins/secrets/jenkins.security.ApiTokenProperty.seed @@ -0,0 +1 @@ + :.2+:},m-e:BD(w6CMԦ \ No newline at end of file diff --git a/preconfig/jenkins/secrets/master.key b/preconfig/jenkins/secrets/master.key new file mode 100644 index 0000000..6b0a02f --- /dev/null +++ b/preconfig/jenkins/secrets/master.key @@ -0,0 +1 @@ +19da5e497f843744fad7ccb80efa458e0920557484cd9c3d0d839cbfd59a84a97da57ed2b97124b88efe75d16ebdb1c1bc58fb9d808c2f8a3dccc2137057f6fb7353c35a05192c3f8c1934c2945e7b45499edace95fea577d00395e7dea65080b963d1f2957871006d1825ec8718500396a0c0b70af30610cce00e342f035406 \ No newline at end of file diff --git a/preconfig/jenkins/secrets/org.jenkinsci.main.modules.instance_identity.InstanceIdentity.KEY b/preconfig/jenkins/secrets/org.jenkinsci.main.modules.instance_identity.InstanceIdentity.KEY new file mode 100644 index 0000000000000000000000000000000000000000..c1f227f64f709bb153ba669ed40bea2b4514dec6 GIT binary patch literal 272 zcmV+r0q_169T-YvUfz&mr9A(y>U4L`H91!l1`iIBax)bupefPnCz}zw5N;**(&qb)Ll2!rNe|XJZW4Yc&1_{{c_hq$=K8 zNx_%|PrQN4N~s}T7yE>Agr#6ij)$wd2#VNZPsi<*SDMyPs&oD)Zwf?9KFkxpRLn-8 z0){A(Ia?6!$YMz932_U^ItG<{Nuv5>LUsj&)#_O5CiBCpODu}wj + + Jenkins Admin + + + {AQAAABAAAAAwKDjmjYtWHvzktNslPRHlgM3B33sXQRLTh3kRPAdRijm1YVRrsw0/KaHp319ZxfVAD6WupQJ1eh/zo4sxIrFSDw==} + + + + + + all + false + false + + + + + + + + + true + + + #jbcrypt:$2a$10$/qqbaRyyt5Fu5cEyFMrT4O2B0oRTDVgO5k81F9.iG8HS.PE63Lei2 + + + + authenticated + + 1505332796878 + + + \ No newline at end of file diff --git a/sonarqube-custom/sonar.properties b/preconfig/sonar/sonar.properties similarity index 100% rename from sonarqube-custom/sonar.properties rename to preconfig/sonar/sonar.properties diff --git a/prepareCompose.sh b/prepareCompose.sh new file mode 100755 index 0000000..468d068 --- /dev/null +++ b/prepareCompose.sh @@ -0,0 +1,97 @@ +#!/bin/bash + +if [ $(id -u) -gt 0 ] ;then + echo "Use sudo $0 " + exit 1 +fi + +echo "Prepare compose file and directorys" + +DNS_SERVER=192.168.178.1 +USER_DATA_DIR=$HOME/devstack-data +HOSTNAME=$(hostname) + +echo "########################################################################" +echo "Verify your DNS to resolve local hostname, I set it to ${DNS_SERVER} " +echo "in most cases this is the ip of your router (fritz-box) " +echo "if this is wrong the container network does not reach each other because" +echo "the \"routing \" ist out of container an back into with nginx :-) " +echo " and 8.8.8.8 (Google Nameserver) does not now your internal name " +echo "########################################################################" + +type openssl 2>/dev/null +if [ $? -eq 0 ] ; then + echo "openssl installed :-)" +else + echo "please install openssl first" + exit 1 +fi + +#---------------------------------- +echo "create need host-volumes" +mkdir -p $USER_DATA_DIR/sonar/sonarqube_conf +mkdir -p $USER_DATA_DIR/jenkins +mkdir -p $USER_DATA_DIR/gitlab/config/ssl +mkdir -p $USER_DATA_DIR/nexus +chown -R 200 $USER_DATA_DIR/nexus +#---------------------------------- + +echo "Create a self-signed certificate for your host: $HOSTNAME to " +if [ -f $USER_DATA_DIR/gitlab/config/ssl/$(hostname).key ]; then + FILE_NAME=$USER_DATA_DIR/gitlab/config/ssl/$(hostname).key-$(date +"%F-%H-%M-%S-%N") + cp $USER_DATA_DIR/gitlab/config/ssl/$(hostname).key $USER_DATA_DIR/gitlab/config/ssl/$(hostname).key-$(date +"%F-%H-%M-%S-%N") + echo "previous key saved as $FILE_NAME" +fi +if [ -f $USER_DATA_DIR/gitlab/config/ssl/$(hostname).crt ]; then + FILE_NAME=$USER_DATA_DIR/gitlab/config/ssl/$(hostname).crt-$(date +"%F-%H-%M-%S-%N") + cp $USER_DATA_DIR/gitlab/config/ssl/$(hostname).crt $USER_DATA_DIR/gitlab/config/ssl/$(hostname).crt-$(date +"%F-%H-%M-%S-%N") + echo "previous crt saved as $FILE_NAME" +fi + +# Key and Cert only need for the docker-registry to "save" push your images to gitlab +openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ + -keyout $USER_DATA_DIR/gitlab/config/ssl/$(hostname).key \ + -out $USER_DATA_DIR/gitlab/config/ssl/$(hostname).crt \ + -subj "/C=DE/ST=Home/L=Home/O=Local/OU=CI\/CD-Build-Stack/CN=$(hostname)" + +if [ $? -eq 0 ] ;then + echo "----------- Your certificate used by Gitlab docker-registry@${HOSTNAME} -------------------" + openssl x509 -in $USER_DATA_DIR/gitlab/config/ssl/$(hostname).crt -text | head -15 + echo "-------------------------------------------------------------------------------------------" +else + echo "NO CERT GENERATED " + exit 1 +fi + +if [ -f docker-compose.yml ]; then + FILE_NAME=docker-compose.yml-$(date +"%F-%H-%M-%S-%N") + cp docker-compose.yml $FILE_NAME + echo "previous docker-compose.yml saved as $FILE_NAME" +fi +# Copy preconfigs to host-volumes +# sonar.properties +if [ -f $USER_DATA_DIR/sonar/sonarqube_conf/sonar.properties ] ; then + echo "WARNING: $USER_DATA_DIR/sonar/sonarqube_conf/sonar.properties exists" + echo "make sure it has an sonar.web.context=/sonar entry" +else + cp preconfig/sonar/sonar.properties $USER_DATA_DIR/sonar/sonarqube_conf +fi + +#Copy predefined Jobs and Configs +cp -r preconfig/jenkins/* $USER_DATA_DIR/jenkins/ + +# Set the right volume-names, dns-server and hostname in docker-compose +sed s#BASE_DATA_DIR#${USER_DATA_DIR}#g docker-compose.yml.template > docker-compose.yml +sed -i s#DNS_SERVER#${DNS_SERVER}#g docker-compose.yml +sed -i s#HOSTNAME#${HOSTNAME}#g docker-compose.yml + +echo "docker-compose.yml created" +echo "run " +echo "docker-compose up --build -d " +echo "docker-compose logs -f" +echo "use the following URL" +BASE_URL="http://"$(hostname)"/" +echo "Jenkins: ${BASE_URL}jenkins" +echo "Sonar : ${BASE_URL}sonar" +echo "Nexus : ${BASE_URL}nexus" +echo "Gitlab : ${BASE_URL}gitlab" diff --git a/sonarqube-custom/Dockerfile b/sonarqube-custom/Dockerfile deleted file mode 100644 index dae0ee0..0000000 --- a/sonarqube-custom/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM sonarqube -COPY sonar.properties /opt/sonarqube/conf -