deploy Jenkins using docker compose with production ready

rjshk013 — Fri, 13 Dec 2024 17:29:17 +0000

Jenkins is a powerful automation tool widely used for continuous integration and deployment. Setting up Jenkins in a production environment can be challenging, but with Docker Compose, you can simplify the deployment process while ensuring a secure and efficient configuration. This guide also includes setting up Jenkins Agents for distributed builds using Docker Compose.

Docker Compose File for Jenkins and Jenkins Agent

Here is the Docker Compose file used to deploy Jenkins Master and Jenkins Agent:

``services:
  jenkins-master:
    image: jenkins/jenkins:lts-jdk17
    container_name: jenkins
    restart: unless-stopped
    user: 1000:1000 # Explicit user ID mapping
    ports:
      - "8080:8080"
      - "50000:50000"
    volumes:
      - jenkins_home:/var/jenkins_home:rw
    environment:
      - JAVA_OPTS=-Dhudson.security.csrf.GlobalCrumbIssuerStrategy=true -Djenkins.security.SystemReadPermission=true
    networks:
      - jenkins_network
    security_opt:
      - no-new-privileges:true
    read_only: true # Use a read-only filesystem
    tmpfs:
      - /tmp:size=2G # Use tmpfs for temporary storage
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:8080/login || exit 1"]
      interval: 1m30s
      timeout: 10s
      retries: 3
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 2G
        reservations:
          cpus: '1'
          memory: 1G
  jenkins-agent:
    image: jenkins/ssh-agent
    container_name: jenkins-agent
    restart: unless-stopped
    expose:
      - "22"
    volumes:
      - jenkins_agent:/home/jenkins/agent:rw
      - type: bind
        source: ./jenkins_agent_keys
        target: /home/jenkins/.ssh
        read_only: true
    environment:
      - SSH_PUBLIC_KEY_DIR=/home/jenkins/.ssh
    networks:
      - jenkins_network
    security_opt:
      - no-new-privileges:true
    tmpfs:
      - /tmp:size=2G # Use tmpfs for temporary storage
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 512M
networks:
  jenkins_network:
    driver: bridge
volumes:
  jenkins_home:
    driver: local
  jenkins_agent:
    driver: local``

** ## Advantages of This Setup**

Simplified Deployment:
    Using Docker Compose streamlines the deployment process, making it easy to manage Jenkins and its agents.
Agent Integration:
    Automatically sets up Jenkins Agents to distribute builds across multiple nodes, increasing scalability.
Security Best Practices:
    Read-only file systems and restricted privileges (no-new-privileges) enhance security.
    CSRF protection (GlobalCrumbIssuerStrategy) and system read permissions ensure a secure environment.
Resource Management:
    Defined resource limits and reservations prevent resource contention in production.
Efficient Storage Management:
    Volumes ensure persistence for Jenkins data.
    Temporary storage with tmpfs avoids unnecessary disk I/O.
Health Monitoring:
    A health check ensures the Jenkins master container is running as expected.

## Importance of Main Components

Jenkins Master

The jenkins-master service is the central component, responsible for orchestrating builds and managing jobs. Key configurations include:

Volumes: Ensure Jenkins data persists across container restarts.
Health Check: Monitors the service’s availability.
Resource Limits: Prevents overutilization of system resources.

Jenkins Agent

The jenkins-agent service provides scalable build execution. Key configurations include:

Bind Mount for SSH Keys: Securely connects the agent to the master.
Exposed Port: Allows the master to communicate with the agent over SSH.

Volumes

jenkins_home: Stores all Jenkins configurations, jobs, and plugins persistently.
jenkins_agent: Maintains the workspace and data for builds.
Bind Mount for SSH Keys: Ensures secure agent communication.

Startup Script for Manual Setup

Use the following script to create the required folders and set permissions:

`#!/bin/bash
# Exit script on error
set -e
echo "Preparing environment for Jenkins deployment..."
# Define SSH keys directory
JENKINS_AGENT_KEYS_DIR="./jenkins_agent_keys"
# Create SSH keys directory
echo "Creating SSH keys directory for Jenkins Agent..."
mkdir -p "$JENKINS_AGENT_KEYS_DIR"
# Generate SSH keys for Jenkins Agent
echo "Generating SSH keys for Jenkins Agent..."
if [ ! -f "$JENKINS_AGENT_KEYS_DIR/id_rsa" ]; then
  ssh-keygen -t rsa -b 4096 -f "$JENKINS_AGENT_KEYS_DIR/id_rsa" -N ""
  chmod 600 "$JENKINS_AGENT_KEYS_DIR/id_rsa"
  chmod 644 "$JENKINS_AGENT_KEYS_DIR/id_rsa.pub"
else
  echo "SSH keys already exist. Skipping key generation."
fi
# Copy public key to authorized_keys
echo "Configuring authorized_keys for Jenkins Agent..."
cp "$JENKINS_AGENT_KEYS_DIR/id_rsa.pub" "$JENKINS_AGENT_KEYS_DIR/authorized_keys"
chmod 644 "$JENKINS_AGENT_KEYS_DIR/authorized_keys"
# Set permissions for SSH keys directory
chmod -R 700 "$JENKINS_AGENT_KEYS_DIR"
# Ensure everything is ready
echo "Environment setup is complete!"
echo "You can now run 'docker-compose up -d' to start Jenkins."`

1.Prepare the Host Machine

Ensure Docker and Docker Compose are installed on your machine.
Check for sufficient disk space and memory (at least 2GB RAM and 10GB free disk space).

2.Create Required Directories

Run the setup.sh script provided to create the necessary directories and generate SSH keys for agent communication.

3.Set Permissions

The setup.sh script will automatically set the required permissions for the jenkins_agent_keys directory.
Verify permissions by running:

ls -ld ./jenkins_agent_keys

4.Start Jenkins Services

Run the following command to start the Jenkins master and agent containers:

docker-compose up -d

5.Check containers status

Run the following command to check containers are running or not

docker ps

6.Access Jenkins

Open your web browser and navigate to http://:8080 to access the Jenkins web interface.Follow the setup wizard to configure Jenkins.

To retrieve the initial admin password for login run the below command

docker exec -it jenkins cat /var/jenkins_home/secrets/initialAdminPassword

Complete the initial setup like installing plugins & configure admin user

Configure SSH Credentials in Jenkins

Add the private key (id_rsa) from the jenkins_agent_keys folder as a credential in Jenkins.

Navigate to Manage Jenkins > Manage Credentials and add a new SSH key.

Verify Agent Connection

Go to Manage Jenkins:

From the dashboard, click Manage Jenkins.

Then, click Manage Nodes and Clouds.

Add a New Node:

Click on New Node.

Enter a name for your node, such as agent.

Select Permanent Agent, and click OK.
Configure the Node:

Remote Root Directory: Set this to /home/jenkins/agent (the volume mounted for the agent container).
Labels: Add appropriate labels like agent for categorizing the node.
Launch Method:
    Select Launch agent via SSH.
    Fill in the following:
        Host: Enter the IP address of the agent container (will get from docker inspect jenkins-agent).
        Credentials:
            Click Add, and select Jenkins.
            Choose SSH Username with Private Key.
            Enter jenkins as the username.
            Paste the private key (id_rsa) contents into the key field.
        Host Key Verification Strategy:
            Select Non-verifying Verification Strategy for simplicity. For production, consider verifying host keys.

Save the Node Configuration: Click Save to complete the configuration

Verify Connection:

Jenkins will attempt to connect to the agent. If successful, the agent’s status will show as Connected.

Test the CI/CD Pipeline

Create a simple freestyle or pipeline job to ensure the agent can execute builds.
Use a basic script like:

echo "Running on $(uname -a)"

Conclusion

This Docker Compose setup for Jenkins provides a secure, efficient, and scalable solution for production use. By following best practices, such as using Docker volumes, enabling health checks, and securing communication between the master and agent, you can ensure a robust CI/CD pipeline.

Deploy Jenkins using this setup to streamline your development workflows and enhance productivity.

Follow me on linkdin: www.linkedin.com/in/rajesh-k-1b290498

DEV Community: rjshk013

deploy Jenkins using docker compose with production ready

Startup Script for Manual Setup

Configure SSH Credentials in Jenkins

Verify Connection:

Conclusion