Dockerize all the things¶
As we encountered some issues trying to use the server “local” proxy setup, and packages for Docker and Jenkins (tomcat server 
)
we’ve decided to run containers for all the required services:
Docker Daemon (docker:dind)
Nginx (for the reverse proxy, TLS/https)
Jenkins (jenkins-blueocean)
Jenkins SSH Agent
based on https://hub.docker.com/r/jenkins/ssh-agent (to make deployments in a different -ie not master- Jenkins Node)
Portainer (Web UI to manage containers)
We have “packaged” all those in a lovely docker-compose yml file:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | version: '3.8' services: # Docker daemon. DNS name "docker" docker: container_name: jenkins-docker image: docker:dind privileged: true networks: jenkins: aliases: - docker environment: - DOCKER_TLS_CERTDIR=/certs volumes: - jenkins-docker-certs:/certs/client - jenkins-data:/var/jenkins_home ports: - '2376:2376' # Nginx with reverse proxy for SSL/https. jenkins-nginx: depends_on: - docker container_name: jenkins-nginx image: jwilder/nginx-proxy hostname: jenkins-nginx privileged: true networks: - jenkins environment: - DOCKER_CERT_PATH=/etc/nginx/certs - DOCKER_TLS_VERIFY=1 - DHPARAM_GENERATION=0 ports: - '8880:80' - '1443:443' volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - jenkins-docker-certs:/etc/nginx/certs # Jenkins blueocean. jenkins: depends_on: - docker - jenkins-nginx container_name: jenkins-blueocean image: jenkinsci/blueocean networks: - jenkins environment: - DOCKER_HOST=tcp://docker:2376 - DOCKER_CERT_PATH=/certs/client - DOCKER_TLS_VERIFY=1 volumes: - "jenkins-data:/var/jenkins_home" - "jenkins-docker-certs:/certs/client:ro" - agent-home:/home/jenkins ports: - 8080:8080 - 50000:50000 # Portainer web UI. portainer: depends_on: - docker image: portainer/portainer restart: always environment: - DOCKER_TLS_VERIFY=1 - DOCKER_CERT_PATH=/certs/client networks: - jenkins volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer_data:/data - jenkins-docker-certs:/certs/client:ro ports: - 9000:9000 # Jenkins ssh agent to build and execute Acquia deployments :) ssh-agent: domainname: ssh-agent hostname: jenkins container_name: jenkins-ssh_agent depends_on: - jenkins build: context: . dockerfile: ./Dockerfile image: anairamzap/jenkins-dind-php:latest environment: - JENKINS_SLAVE_SSH_PUBKEY=${JENKINS_SLAVE_SSH_PUBKEY} - JAVA_HOME=/usr/lib/jvm/openjdk/ - DOCKER_HOST=tcp://docker:2376 - DOCKER_CERT_PATH=/certs/client - DOCKER_TLS_VERIFY=1 networks: jenkins: aliases: - jenkins.ssh-agent volumes: - jenkins-docker-certs:/certs/client:ro - jenkins-data:/var/jenkins_home - agent-home:/home/jenkins networks: jenkins: driver: bridge volumes: jenkins-data: jenkins-docker-certs: portainer_data: agent-home: |
If you change something in the Dockerfile(s) for the jenkins ssh agent or for the jenkins-blueocean, remember to re-build that image:
1 | docker-compose up -d --build --no-cache |
To run the docker-compose stack:
1 | docker-compose -f docker-compose.yml up -d |
In order to run this we should check that we’ve added:
- ssh private key added to Jenkins > Credentials
You can get it on jenkins-blueocean container
/var/jenkins_home/.ssh/id_rsaplease be careful and do not share it in plain emails/messages :) - Above credentials to be used on both the ACSF Daily Agent and on the Freestyle Project
Where is this coming from?¶
On the QA server we’ve cloned the image repo (which is providing the docker-compose, Dockerfiles, and entrypoints) on Bitnami home:
1 | /home/bitnami/jenkins_mbn/jenkins-dind-php |