Skip to content

Instantly share code, notes, and snippets.

@dalmosantos
Last active September 29, 2020 19:37
Show Gist options
  • Save dalmosantos/094596b0e82741d142b1e598ddd07be5 to your computer and use it in GitHub Desktop.
Save dalmosantos/094596b0e82741d142b1e598ddd07be5 to your computer and use it in GitHub Desktop.
Base Images Amazon Linux
FROM amazonlinux:2.0.20200722.0 AS builder
USER root
WORKDIR /tmp
RUN yum repolist && yum update -y && \
yum install -y --setopt=tsflags=nodocs httpd-devel tar gcc gcc-c++ perl make libtool hostname nss_wrapper gettext jq curl bind-utils httpd mod_ssl openssl && \
# Install mod_jk
curl -SL http://mirror.nbtelecom.com.br/apache/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz -o tomcat-connectors-1.2.48-src.tar.gz && \
tar -xzf tomcat-connectors-1.2.48-src.tar.gz && \
cd tomcat-connectors-1.2.48-src/native/ && \
./configure --with-apxs=/bin/apxs && \
make && \
libtool --finish /usr/lib64/httpd/modules/ && \
make install && \
ls -ltr /usr/lib64/httpd/modules/
FROM amazonlinux:2.0.20200722.0
USER root
WORKDIR /usr/lib64/httpd/modules/
RUN yum repolist && yum update -y && \
yum install -y --setopt=tsflags=nodocs tar yum-utils nss_wrapper gettext jq curl bind-utils httpd-tools httpd mod_ssl openssl && \
# Configure SSL
# Fix SSL 'SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty'
# Fix SSL 'SSLCertificateKeyFile: file '/etc/pki/tls/private/localhost.key' does not exist or is empty'
openssl req -x509 -nodes -days 365 -subj "/C=BR/ST=Sao Paulo/L=Sao Paulo/O=Itau Unibanco CA/CN=CA CERTIFICATE" -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt && \
# Set output logs
ln -sf /dev/stdout /var/log/httpd/access.log && \
ln -sf /dev/stderr /var/log/httpd/error.log && \
# Clean packages and disable yum repo
yum clean all && \
yum-config-manager --disable \* && \
rm -rf /var/lib/yum/yumdb && \
rm -rf /var/lib/yum/history && \
rm -rf /var/cache/yum /tmp/* /var/log/*log
COPY --from=builder /usr/lib64/httpd/modules/mod_jk.so .
EXPOSE 80 443
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
#====================================
# Amazon Linux - OpenJDK8
#====================================
FROM amazonlinux:2.0.20200722.0
# User root user to install software
USER root
# Install Essentials
RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
yum repolist && \
yum update -y && \
yum install -y epel-release && \
yum install --setopt=tsflags=nodocs -y yum-utils openssl unzip jq \
java-1.8.0-openjdk-devel xmlstarlet saxon augeas bsdtar && \
echo "securerandom.source=file:/dev/urandom" >> /usr/lib/jvm/jre/lib/security/java.security && \
echo export JAVA_HOME="/`alternatives --display java | grep best | cut -d "/" -f 2-6`" >> /etc/environment && \
# Clean packages and disable yum repo
yum clean all && \
yum-config-manager --disable \* && \
rm -rf /var/lib/yum/yumdb && \
rm -rf /var/lib/yum/history && \
rm -rf /var/cache/yum /tmp/* /var/log/*log
# Set the JAVA_HOME variable to make it clear where Java is located
ENV JAVA_HOME /etc/alternatives/jre
FROM jenkins/jenkins:lts-slim
USER root
ARG DEBIAN_FRONTEND=noninteractive
# Install Essentials
RUN mkdir -p /usr/share/man/man1 && \
apt-get update ; apt-get upgrade -y && \
# Install Packages
apt-get install --no-install-recommends -y cpio groff less rpm2cpio jq zip unzip vim-tiny sshpass git && \
# Install maven
mkdir -p /usr/share/maven /usr/share/maven/ref && \
curl -fsSL -o /tmp/apache-maven.tar.gz https://apache.osuosl.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz && \
tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 && \
rm -f /tmp/apache-maven.tar.gz && \
ln -s /usr/share/maven/bin/mvn /usr/bin/mvn && \
#Install AWS CLI
cd /tmp && \
curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && \
unzip awscliv2.zip && \
./aws/install && \
# Install kubectl
curl -fsSL https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \
chmod +x /usr/local/bin/kubectl && \
#Clean
apt-get clean autoclean && \
apt-get autoremove -y && \
rm -rf /tmp/* \
/var/lib/{apt,dpkg,cache,log} \
/var/lib/apt/lists/* \
/var/tmp/* \
/var/log/*log \
/usr/share/doc/*
USER jenkins
WORKDIR /var/jenkins
ENV SECRETS_DIR=/run/secrets
# Whether to skip setup wizard
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
# Creates username and password specified through environment variables JENKINS_USER_SECRET and JENKINS_PASS_SECRET
COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy
# Setting the number of executors
#COPY executors.groovy /usr/share/jenkins/ref/init.groovy.d/executors.groovy
# Install groovy global libraries for pipeline plugin
#COPY var/jenkins_home/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml /usr/share/jenkins/ref/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml
# Install a list of plugins from the file 'plugins.txt' and their dependencies
COPY plugins-1.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
ace-editor
amazon-ecs
amazon-ecr
ansicolor
antisamy-markup-formatter
apache-httpcomponents-client-4-api
async-http-client
authentication-tokens
authorize-project
aws-codepipeline
backup
beer
blueocean-autofavorite
blueocean-commons
blueocean-config
blueocean-core-js
blueocean-dashboard
blueocean-display-url
blueocean-events
blueocean-git-pipeline
blueocean-i18n
blueocean-jira
blueocean
blueocean-jwt
blueocean-personalization
blueocean-pipeline-api-impl
blueocean-pipeline-editor
blueocean-pipeline-scm-api
blueocean-rest-impl
blueocean-rest
blueocean-web
bouncycastle-api
branch-api
build-timeout
build-timestamp
chucknorris
cloudbees-folder
command-launcher
configuration-as-code
credentials
credentials-binding
dashboard-view
display-url-api
docker-plugin
dtkit-api
durable-task
ec2
extended-choice-parameter
external-monitor-job
favorite
filesystem_scm
git-changelog
git-client
git
greenballs
groovy
handlebars
handy-uri-templates-2-api
htmlpublisher
http-post
http_request
icon-shim
jackson2-api
javadoc
jdk-tool
jenkins-design-language
jira
jobConfigHistory
job-restrictions
jquery-detached
jquery
jsch
junit
kerberos-sso
kubernetes
ldap
locale
lockable-resources
mailer
mapdb-api
mask-passwords
matrix-auth
matrix-project
maven-plugin
metrics
momentjs
monitoring
openshift-client
ownership
pam-auth
performance
pipeline-aws
pipeline-build-step
pipeline-graph-analysis
pipeline-input-step
pipeline-milestone-step
pipeline-model-api
pipeline-model-definition
pipeline-model-extensions
pipeline-rest-api
pipeline-restful-api
pipeline-stage-step
pipeline-stage-tags-metadata
pipeline-stage-view
pipeline-utility-steps
publish-over-cifs
plain-credentials
postbuildscript
prometheus
pubsub-light
rebuild
resource-disposer
role-strategy
scm-api
scm-httpclient
scoverage
script-security
schedule-build
security-inspector
seleniumhtmlreport
selenium
sse-gateway
ssh-agent
ssh-credentials
ssh
ssh-slaves
structs
thinBackup
timestamper
token-macro
variant
windows-slaves
workflow-aggregator
workflow-api
workflow-basic-steps
workflow-cps-global-lib
workflow-cps
workflow-durable-task-step
workflow-job
workflow-multibranch
workflow-scm-step
workflow-step-api
workflow-support
ws-cleanup
xunit
#!groovy
import jenkins.model.*
import hudson.security.*
import jenkins.security.s2m.AdminWhitelistRule
def instance = Jenkins.getInstance()
def user = new File(System.getenv()["SECRETS_DIR"] + "/jenkins-user").text.trim()
def pass = new File(System.getenv()["SECRETS_DIR"] + "/jenkins-pass").text.trim()
println "Creating user " + user + "..."
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount(user, pass)
instance.setSecurityRealm(hudsonRealm)
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
instance.setAuthorizationStrategy(strategy)
instance.save()
Jenkins.instance.getInjector().getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false)
println "User " + user + " was created"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment