Instructions on how to setup Jenkins CI on a Mac for use with test-kitchen. Since I need to test against OS X Images, I'm using Vagrant, the Vagrant VMWare Plugin and VMWare Fusion.
All of these operations are done with the admin user.
Install the command line developer tools.
$ xcode-select --install
After running the installer, visit http://localhost:8080 to see Jenkins. If it does not show up, restart the box.
Once you can access your Jenkins console, goto Manage Jenkins -> Manage Plugins from the home screen.
Sometimes when you install, you will notice that the list of available plugins is empty. If that is the case, from Advanced tab on the Manage Plugins page, click on Check now (button available in the bottom right of the page) to forcefully check for new updates. Once that is done, you should see the list of plugins.
In the Updates tab, check all and click download and install after restart. Once downloads are finished , check Restart Jenkins when installation is complete and no jobs are running.
Open the Available tab and find the plugin entitled:
- Git Plugin
- Github plugin
- Build Pipeline Plugin
- Slack Notification Plugin
Download and restart Jenkins.
Go into OSX System Preferences/Users, select the jenkins user created by the installer and right click on it to access advanced settings:
- Give it the name jenkins
- Move the User home to /Users/jenkins instead of /Users/Shared/Jenkins Then
- Add a secure password to it.
- Make it admin.
Move /Users/Shared/Jenkins to /Users/jenkins
sudo mv /Users/Shared/Jenkins /Users/jenkins
sudo chmod -R jenkins:jenkins /Users/jenkins
All of the next operations are done with your jenkins user, so switch:
$ sudo su - jenkins
Do the following.
As user Jenkins, create a .ssh directory in the Jenkins home directory.
$ mkdir ~/.ssh
Create the public private key pair. The most important thing is not to set a password, otherwise the jenkins user will not be able to connect to the git repo in an automated way.
$ cd ~/.ssh
$ ssh-keygen -t rsa -C "jenkins@CI"
Start the ssh-agent in the background and add the key:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
Display your newly creted public key:
$ cat ~/.ssh/id_rsa.pub
Copy the output and add it to your Git repo.
Set a git user and email address:
$ git config --global user.email "cloud+jenkins@example.com"
$ git config --global user.name "jenkins"
Connect to the Git repo. This is a one time step which will dismiss that 'Are you sure you want to connect' ssh message, again jenkins won't be able to deal with this. Just run:
$ ssh -T git@github.com
From the Jenkins home page, click on New Item, then select Free-style software project and click OK.
Fill in:
- Project Name:
Myproject - GitHub project:
https://github.com/myuser/myproject - Under
Source Code Management, selectGitand fill in the repo url:git@github.com:myuser/myproject.git - Click
Addnext to credentials:- Kind:
SSH username with private key - Private key:
From the jenkins master
- Kind:
Click Add then select jenkins next to Credentials.
Poll SCM with a schedule of:
H/5 * * * *
Navigate to Manage Jenkins and select Configure Global Security. On this screen, check Enable Security, then under Security Realm select Jenkins' own user database. Ensure that Allow users to sign up is unchecked.
Click Save. You will be prompted to register, add an admin user. Once done, you'll be automatically logged in as admin.
Go back to Manage Jenkins, you will now see an additional Manage Users menu. Navigate in there, and create a localmonitor user.
Navigate to Manage Jenkins and select Configure Global Security. On this screen, check Project-based Matrix Authorization Strategy under Authorization.
From there, add admin and localmonitor users, checking all permissions for admin and only Overall Read and JOB read forlocalmonitor. Save the changes.
Install Nginx:
$ sudo su - jenkins
$ brew install nginx
Start it automatically upon login (for all users):
$ sudo cp /usr/local/opt/nginx/homebrew.mxcl.nginx.plist /Library/LaunchDaemons/
$ sudo vim /Library/LaunchDaemons/homebrew.mxcl.nginx.plist
Add param at the end:
<key>UserName</key>
<string>jenkins</string>
If you want to sign the server with self-generated credentials, create ssl keys and cert:
$ mkdir /usr/local/etc/nginx/ssl
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/etc/nginx/ssl/server.key -out /usr/local/etc/nginx/ssl/server.crt
Otherwise get the server.crt and the server.key from your authority.
Configure:
$ rm /usr/local/etc/nginx/nginx.conf
$ vim /usr/local/etc/nginx/nginx.conf
Paste:
worker_processes 4;
events {
worker_connections 768;
}
http {
upstream jenkins {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 4443;
server_name jenkins;
ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/server.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://jenkins;
}
}
}
Restart the box.