2.1 系统要求与准备
硬件要求
最小配置:
- CPU:1核心
- 内存:512MB RAM
- 存储:1GB可用空间
- 网络:基本网络连接
推荐配置:
- CPU:2核心以上
- 内存:4GB RAM以上
- 存储:50GB可用空间(SSD推荐)
- 网络:高速网络连接
生产环境配置:
- CPU:4核心以上
- 内存:8GB RAM以上
- 存储:100GB以上(SSD)
- 网络:千兆网络
- 备份:定期备份策略
软件要求
Java环境:
- Java 11或更高版本(推荐OpenJDK)
- 支持的Java版本:11, 17, 21
- 不再支持Java 8
操作系统支持:
- Linux:Ubuntu 18.04+, CentOS 7+, RHEL 7+
- Windows:Windows 10+, Windows Server 2016+
- macOS:macOS 10.14+
- Docker:支持容器化部署
浏览器要求:
- Chrome 90+
- Firefox 88+
- Safari 14+
- Edge 90+
网络和防火墙配置
端口要求:
# Jenkins默认端口
8080/tcp # Web界面
50000/tcp # Agent连接端口(JNLP)
# 可选端口
8443/tcp # HTTPS(如果配置)
22/tcp # SSH Agent连接
防火墙配置示例:
# Ubuntu/Debian
sudo ufw allow 8080/tcp
sudo ufw allow 50000/tcp
# CentOS/RHEL
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=50000/tcp
sudo firewall-cmd --reload
2.2 Java环境安装
Linux环境Java安装
Ubuntu/Debian系统:
# 更新包列表
sudo apt update
# 安装OpenJDK 11
sudo apt install openjdk-11-jdk -y
# 验证安装
java -version
javac -version
# 配置JAVA_HOME
echo 'export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64' >> ~/.bashrc
echo 'export PATH=$PATH:$JAVA_HOME/bin' >> ~/.bashrc
source ~/.bashrc
CentOS/RHEL系统:
# 安装OpenJDK 11
sudo yum install java-11-openjdk-devel -y
# 或者使用dnf (CentOS 8+)
sudo dnf install java-11-openjdk-devel -y
# 验证安装
java -version
# 配置JAVA_HOME
echo 'export JAVA_HOME=/usr/lib/jvm/java-11-openjdk' >> ~/.bashrc
echo 'export PATH=$PATH:$JAVA_HOME/bin' >> ~/.bashrc
source ~/.bashrc
使用SDKMAN管理Java版本:
# 安装SDKMAN
curl -s "https://get.sdkman.io" | bash
source "$HOME/.sdkman/bin/sdkman-init.sh"
# 列出可用Java版本
sdk list java
# 安装特定版本
sdk install java 11.0.19-tem
sdk install java 17.0.7-tem
# 切换Java版本
sdk use java 11.0.19-tem
sdk default java 11.0.19-tem
Windows环境Java安装
下载和安装:
- 访问OpenJDK官网
- 下载适合的Windows版本
- 运行安装程序
- 配置环境变量
PowerShell配置:
# 设置JAVA_HOME环境变量
[Environment]::SetEnvironmentVariable("JAVA_HOME", "C:\Program Files\OpenJDK\jdk-11.0.19", "Machine")
# 添加到PATH
$path = [Environment]::GetEnvironmentVariable("PATH", "Machine")
[Environment]::SetEnvironmentVariable("PATH", "$path;%JAVA_HOME%\bin", "Machine")
# 验证安装
java -version
2.3 Jenkins安装方法
方法一:包管理器安装(推荐)
Ubuntu/Debian:
# 添加Jenkins仓库密钥
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
# 添加Jenkins仓库
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
# 更新包列表
sudo apt update
# 安装Jenkins
sudo apt install jenkins -y
# 启动Jenkins服务
sudo systemctl start jenkins
sudo systemctl enable jenkins
# 检查服务状态
sudo systemctl status jenkins
CentOS/RHEL:
# 添加Jenkins仓库
sudo wget -O /etc/yum.repos.d/jenkins.repo \
https://pkg.jenkins.io/redhat-stable/jenkins.repo
# 导入GPG密钥
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
# 安装Jenkins
sudo yum install jenkins -y
# 启动Jenkins服务
sudo systemctl start jenkins
sudo systemctl enable jenkins
# 检查服务状态
sudo systemctl status jenkins
方法二:WAR文件安装
下载和运行:
# 下载最新版本Jenkins WAR文件
wget https://get.jenkins.io/war-stable/latest/jenkins.war
# 创建Jenkins用户和目录
sudo useradd -m -s /bin/bash jenkins
sudo mkdir -p /var/lib/jenkins
sudo chown jenkins:jenkins /var/lib/jenkins
# 运行Jenkins
sudo -u jenkins java -jar jenkins.war --httpPort=8080 --prefix=/jenkins
# 或者指定JENKINS_HOME
sudo -u jenkins JENKINS_HOME=/var/lib/jenkins java -jar jenkins.war
创建systemd服务:
# 创建服务文件
sudo tee /etc/systemd/system/jenkins.service > /dev/null <<EOF
[Unit]
Description=Jenkins Automation Server
After=network.target
[Service]
Type=simple
User=jenkins
Group=jenkins
ExecStart=/usr/bin/java -jar /opt/jenkins/jenkins.war --httpPort=8080
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
# 重新加载systemd
sudo systemctl daemon-reload
sudo systemctl start jenkins
sudo systemctl enable jenkins
方法三:Docker容器安装
基本Docker运行:
# 拉取Jenkins镜像
docker pull jenkins/jenkins:lts
# 运行Jenkins容器
docker run -d \
--name jenkins \
-p 8080:8080 \
-p 50000:50000 \
-v jenkins_home:/var/jenkins_home \
jenkins/jenkins:lts
# 查看初始管理员密码
docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
Docker Compose配置:
# docker-compose.yml
version: '3.8'
services:
jenkins:
image: jenkins/jenkins:lts
container_name: jenkins
restart: unless-stopped
ports:
- "8080:8080"
- "50000:50000"
volumes:
- jenkins_home:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
environment:
- JENKINS_OPTS=--prefix=/jenkins
user: root
volumes:
jenkins_home:
driver: local
运行Docker Compose:
# 启动服务
docker-compose up -d
# 查看日志
docker-compose logs -f jenkins
# 停止服务
docker-compose down
方法四:Kubernetes部署
Helm Chart安装:
# 添加Jenkins Helm仓库
helm repo add jenkins https://charts.jenkins.io
helm repo update
# 创建命名空间
kubectl create namespace jenkins
# 安装Jenkins
helm install jenkins jenkins/jenkins \
--namespace jenkins \
--set controller.serviceType=LoadBalancer \
--set persistence.enabled=true \
--set persistence.size=20Gi
# 获取管理员密码
kubectl exec --namespace jenkins -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/additional/chart-admin-password && echo
YAML配置文件:
# jenkins-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
containers:
- name: jenkins
image: jenkins/jenkins:lts
ports:
- containerPort: 8080
- containerPort: 50000
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins-pvc
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: jenkins
spec:
selector:
app: jenkins
ports:
- name: web
port: 8080
targetPort: 8080
- name: agent
port: 50000
targetPort: 50000
type: LoadBalancer
2.4 初始配置
首次访问设置
1. 访问Jenkins Web界面:
http://your-server-ip:8080
2. 获取初始管理员密码:
# 包管理器安装
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
# WAR文件安装
cat $JENKINS_HOME/secrets/initialAdminPassword
# Docker安装
docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
3. 插件安装选择:
- 安装推荐插件:适合大多数用户
- 选择插件安装:自定义插件选择
推荐的基础插件:
# 版本控制
Git plugin
Subversion plugin
# 构建工具
Maven Integration plugin
Gradle plugin
Ant plugin
# 通知
Email Extension plugin
Slack Notification plugin
# 部署
Deploy to container plugin
SSH plugin
# 测试
JUnit plugin
Cobertura plugin
# 安全
LDAP plugin
Role-based Authorization Strategy
管理员用户创建
创建第一个管理员用户:
用户名:admin
密码:强密码(至少8位,包含大小写字母、数字、特殊字符)
确认密码:重复密码
全名:Jenkins Administrator
电子邮件:admin@company.com
实例配置
Jenkins URL配置:
# 生产环境示例
https://jenkins.company.com/
# 开发环境示例
http://jenkins-dev.company.com:8080/
# 本地开发
http://localhost:8080/
2.5 基本系统配置
全局安全配置
访问路径: Manage Jenkins → Configure Global Security
安全域配置:
// Jenkins自带用户数据库
security {
realm = 'HudsonPrivateSecurityRealm'
allowUsersToSignUp = false
}
// LDAP集成
security {
realm = 'LDAPSecurityRealm'
ldap {
server = 'ldap://ldap.company.com:389'
rootDN = 'dc=company,dc=com'
userSearchBase = 'ou=users'
userSearch = 'uid={0}'
groupSearchBase = 'ou=groups'
}
}
授权策略:
// 基于矩阵的安全
authorization {
strategy = 'GlobalMatrixAuthorizationStrategy'
permissions = [
'hudson.model.Hudson.Administer:admin',
'hudson.model.Hudson.Read:authenticated',
'hudson.model.Item.Build:developers',
'hudson.model.Item.Read:developers'
]
}
系统配置
访问路径: Manage Jenkins → Configure System
关键配置项:
Jenkins Location
Jenkins URL: https://jenkins.company.com/ System Admin e-mail address: admin@company.comGlobal properties
# 环境变量 JAVA_HOME=/usr/lib/jvm/java-11-openjdk MAVEN_HOME=/opt/maven GRADLE_HOME=/opt/gradle邮件通知
SMTP server: smtp.company.com Default user e-mail suffix: @company.com Use SMTP Authentication: ✓ User Name: jenkins@company.com Password: [password] Use SSL: ✓ SMTP Port: 465
工具配置
访问路径: Manage Jenkins → Global Tool Configuration
JDK配置:
Name: JDK-11
JAVA_HOME: /usr/lib/jvm/java-11-openjdk
Install automatically: ✗
Git配置:
Name: Default
Path to Git executable: /usr/bin/git
Install automatically: ✗
Maven配置:
Name: Maven-3.8
Maven_HOME: /opt/maven
Install automatically: ✓
Version: 3.8.6
Gradle配置:
Name: Gradle-7.6
Gradle_HOME: /opt/gradle
Install automatically: ✓
Version: 7.6
2.6 高级配置
HTTPS配置
生成SSL证书:
# 生成自签名证书(开发环境)
keytool -genkey -keyalg RSA -alias jenkins -keystore jenkins.jks -storepass password -keysize 2048
# 或使用Let's Encrypt(生产环境)
certbot certonly --standalone -d jenkins.company.com
Jenkins HTTPS配置:
# 修改Jenkins启动参数
sudo systemctl edit jenkins
# 添加以下内容
[Service]
Environment="JENKINS_OPTS=--httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/jenkins.jks --httpsKeyStorePassword=password"
# 重启服务
sudo systemctl restart jenkins
反向代理配置
Nginx配置:
# /etc/nginx/sites-available/jenkins
server {
listen 80;
server_name jenkins.company.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name jenkins.company.com;
ssl_certificate /etc/ssl/certs/jenkins.crt;
ssl_certificate_key /etc/ssl/private/jenkins.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
Apache配置:
# /etc/apache2/sites-available/jenkins.conf
<VirtualHost *:80>
ServerName jenkins.company.com
Redirect permanent / https://jenkins.company.com/
</VirtualHost>
<VirtualHost *:443>
ServerName jenkins.company.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/jenkins.crt
SSLCertificateKeyFile /etc/ssl/private/jenkins.key
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPassReverse / http://jenkins.company.com/
# Headers
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</VirtualHost>
性能调优
JVM参数优化:
# /etc/default/jenkins (Ubuntu/Debian)
# /etc/sysconfig/jenkins (CentOS/RHEL)
JAVA_ARGS="-Xmx4g -Xms2g -XX:+UseG1GC -XX:+UseStringDeduplication -XX:+DisableExplicitGC -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
# 系统属性
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true"
系统级优化:
# 增加文件描述符限制
echo "jenkins soft nofile 65536" >> /etc/security/limits.conf
echo "jenkins hard nofile 65536" >> /etc/security/limits.conf
# 优化网络参数
echo "net.core.somaxconn = 1024" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 1024" >> /etc/sysctl.conf
sysctl -p
2.7 备份和恢复
备份策略
完整备份脚本:
#!/bin/bash
# jenkins-backup.sh
JENKINS_HOME="/var/lib/jenkins"
BACKUP_DIR="/backup/jenkins"
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="jenkins_backup_${DATE}.tar.gz"
# 创建备份目录
mkdir -p $BACKUP_DIR
# 停止Jenkins服务
sudo systemctl stop jenkins
# 创建备份
tar -czf $BACKUP_DIR/$BACKUP_FILE \
--exclude="$JENKINS_HOME/workspace/*" \
--exclude="$JENKINS_HOME/logs/*" \
--exclude="$JENKINS_HOME/war/*" \
$JENKINS_HOME
# 启动Jenkins服务
sudo systemctl start jenkins
# 清理旧备份(保留30天)
find $BACKUP_DIR -name "jenkins_backup_*.tar.gz" -mtime +30 -delete
echo "Backup completed: $BACKUP_FILE"
增量备份脚本:
#!/bin/bash
# jenkins-incremental-backup.sh
JENKINS_HOME="/var/lib/jenkins"
BACKUP_DIR="/backup/jenkins/incremental"
DATE=$(date +%Y%m%d_%H%M%S)
# 重要配置文件备份
rsync -av --delete \
$JENKINS_HOME/config.xml \
$JENKINS_HOME/jobs/ \
$JENKINS_HOME/users/ \
$JENKINS_HOME/secrets/ \
$JENKINS_HOME/plugins/ \
$BACKUP_DIR/$DATE/
echo "Incremental backup completed: $DATE"
恢复过程
完整恢复:
#!/bin/bash
# jenkins-restore.sh
BACKUP_FILE="$1"
JENKINS_HOME="/var/lib/jenkins"
if [ -z "$BACKUP_FILE" ]; then
echo "Usage: $0 <backup_file>"
exit 1
fi
# 停止Jenkins服务
sudo systemctl stop jenkins
# 备份当前配置
mv $JENKINS_HOME $JENKINS_HOME.old
# 恢复备份
tar -xzf $BACKUP_FILE -C /
# 修复权限
sudo chown -R jenkins:jenkins $JENKINS_HOME
# 启动Jenkins服务
sudo systemctl start jenkins
echo "Restore completed from: $BACKUP_FILE"
自动化备份
Cron任务配置:
# 编辑crontab
sudo crontab -e
# 添加备份任务
# 每天凌晨2点执行完整备份
0 2 * * * /opt/scripts/jenkins-backup.sh
# 每4小时执行增量备份
0 */4 * * * /opt/scripts/jenkins-incremental-backup.sh
2.8 故障排除
常见问题
1. Jenkins无法启动
# 检查Java版本
java -version
# 检查端口占用
sudo netstat -tlnp | grep 8080
# 检查日志
sudo journalctl -u jenkins -f
tail -f /var/log/jenkins/jenkins.log
2. 内存不足
# 检查内存使用
free -h
top -p $(pgrep -f jenkins)
# 调整JVM参数
sudo systemctl edit jenkins
# 添加:Environment="JAVA_OPTS=-Xmx2g"
3. 权限问题
# 修复Jenkins目录权限
sudo chown -R jenkins:jenkins /var/lib/jenkins
sudo chmod -R 755 /var/lib/jenkins
# 检查SELinux状态(CentOS/RHEL)
getenforce
sudo setsebool -P httpd_can_network_connect 1
4. 插件问题
# 安全模式启动
java -Dhudson.Main.development=true -jar jenkins.war
# 禁用所有插件
touch $JENKINS_HOME/plugins/.disabled
# 手动删除问题插件
rm -rf $JENKINS_HOME/plugins/problematic-plugin*
日志分析
重要日志文件:
# 系统日志
/var/log/jenkins/jenkins.log
# 访问日志
$JENKINS_HOME/logs/
# 系统服务日志
journalctl -u jenkins
# 应用日志
$JENKINS_HOME/logs/tasks/
日志配置:
// 在Jenkins Script Console中执行
import java.util.logging.Logger
import java.util.logging.Level
// 设置日志级别
Logger.getLogger("hudson.model.Run").setLevel(Level.FINE)
Logger.getLogger("hudson.model.Build").setLevel(Level.FINE)
2.9 本章小结
本章详细介绍了Jenkins的安装部署和环境配置:
关键要点:
- 合理的硬件配置和Java环境是基础
- 多种安装方式适应不同场景需求
- 初始配置决定了后续使用体验
- 安全配置和性能优化不可忽视
- 备份恢复策略确保数据安全
最佳实践:
- 生产环境使用包管理器安装
- 配置HTTPS和反向代理
- 定期备份JENKINS_HOME
- 监控系统资源使用情况
- 建立故障排除流程
下一章预告:
下一章将介绍Jenkins的基本概念和术语,包括项目、构建、工作空间等核心概念的详细解释。
2.10 练习与思考
实践练习
基础安装
- 在虚拟机中安装Jenkins
- 完成初始配置向导
- 创建第一个管理员用户
高级配置
- 配置HTTPS访问
- 设置反向代理
- 优化JVM参数
备份恢复
- 编写备份脚本
- 测试恢复过程
- 配置自动化备份
思考题
- 在容器化环境中部署Jenkins有哪些优势和挑战?
- 如何设计Jenkins的高可用架构?
- 生产环境中应该如何监控Jenkins的健康状态?
- 如何平衡Jenkins的安全性和易用性?