Docker : Jenkins Master and Slave

bogotobogo.com site search:

Jenkins with Docker

We'll define Docker images that Jenkins can use agents (in this post, we'll use the Docker images for master and slaves). In other words, by setting up a "cloud" environment, when Jenkins pipeline runs, it references the cloud setup and start up instances of the images as agents (slaves). The agents then can run various Jenkins tasks. After the pipeline is done, Jenkins will stop and remove the containers running those images.

To do so, we need to install Docker plugin.

Also note that the images we supply should be able to function as a "standalone agent" or a "node". This means the images should have basic applications installed on it (ssh and/or java, etc.).

Depending on the way how the agent is launched (launch via SSH, launch via JNLP, or launch attached), we may have to use different images.

Official Jenkins image

Official Jenkins image is available from https://hub.docker.com/r/jenkins/jenkins/.

This is a fully functional Jenkins server, based on the weekly and LTS releases.

To use the latest LTS: docker pull jenkins/jenkins:lts.

Usage

To run container in a detached mode and to create a 'jenkins_home' docker volume attached to the host machine volume:

$ docker run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 jenkins/jenkins:lts

$ docker ps
CONTAINER ID  IMAGE                COMMAND                 CREATED        STATUS        PORTS                                              NAMES
666101198dd0  jenkins/jenkins:lts  "/sbin/tini -- /usr/…"  2 minutes ago  Up 2 minutes  0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp   dazzling_euclid

Thanks to the volume, we will survive the container stop/restart/deletion. Also, by making an explicit volume, we can manage it and attach to another container for upgrades.

Let's go into the running Jenkins container:

$ docker exec -i -t --user root 666101198dd0 /bin/bash
root@666101198dd0:/#

We can retrieve an initial password for Jenkins:

root@666101198dd0:/# cat /var/jenkins_home/secrets/initialAdminPassword
56316ef50c714872a210ee44564cbe40

As instructed, paste the password:

Select "Install suggested plugins":

Click "Save and Finish" and "Start using Jenkins":

Install Docker plugin

We need to install Docker Plugin in Jenkins. Go to "Manage Jenkins" => click on "Manage Plugins" => Go to "Available" Tab => select "Docker Plugin":

With the Docker plugin integration, a new entry is created for Docker under "Manage Jenkins":

Click it:

We get more info if we click the server:

Adding Docker agent

On MacOS, we need to expose a tcp socket for accessing docker API via https://hub.docker.com/r/alpine/socat/ . So, to publish the unix-socket (/var/run/docker.sock) to the Docker daemon as port 2376 on the local host (127.0.0.1), we may want to use the following:

$ docker pull alpine/socat

$ docker run -d --restart=always     -p 127.0.0.1:2376:2375     -v /var/run/docker.sock:/var/run/docker.sock     alpine/socat     tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock

$ netstat -ap tcp | grep -i "listen"
tcp6       0      0  localhost.2376         *.*                    LISTEN     
tcp4       0      0  localhost.2376         *.*                    LISTEN

Once the Docker-plugin is installed, we can configure how to launch the Docker Containers. The configuration will tell the plugin which Docker Image to use for the agent and which Docker daemon to run the containers and builds on.

The plugin treats Docker as a cloud provider, spinning up containers as and when the build requires them.

Go back to Jenkins "Dashboard" => "Manage Jenkins" => "Configure system"

Then, under "Configure System", scroll down, there will be a section named "Cloud" at the bottom. There we can fill out the Docker host parameters for spinning up the slaves.

Under "Docker", we need to fill out the details. Replace "Docker URL" with our docker host IP. We can use the "Test connection" to test if Jenkins is able to connect to the docker host (Docker Daemon). We should see the Docker version number returned.

As we can see, at "Test Connection" button click, it wrote as the following:

Version = 18.06.1-ce, API Version = 1.38

Slave image - connect with ssh

No luck with SSH connection method nor with JNLP on MacOSX. Skip this section and go to Attach Docker container method

We need a docker image that can be used to run Jenkins agent runtime. Depending on the launch method we select, there's some prerequisites for the Docker image to be used. In our case, we're going to use SSH method.

Get the image from https://hub.docker.com/r/jenkinsci/ssh-slave/ and the Dockerfile is available from docker-ssh-slave/Dockerfile.

$ docker pull jenkinsci/ssh-slave

The Dockerfile looks like this:

FROM openjdk:8-jdk
LABEL MAINTAINER="Nicolas De Loof "

ARG user=jenkins
ARG group=jenkins
ARG uid=1000
ARG gid=1000
ARG JENKINS_AGENT_HOME=/home/${user}

ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME}

RUN groupadd -g ${gid} ${group} \
    && useradd -d "${JENKINS_AGENT_HOME}" -u "${uid}" -g "${gid}" -m -s /bin/bash "${user}"

# setup SSH server
RUN apt-get update \
    && apt-get install --no-install-recommends -y openssh-server \
    && rm -rf /var/lib/apt/lists/*
RUN sed -i /etc/ssh/sshd_config \
        -e 's/#PermitRootLogin.*/PermitRootLogin no/' \
        -e 's/#RSAAuthentication.*/RSAAuthentication yes/'  \
        -e 's/#PasswordAuthentication.*/PasswordAuthentication no/' \
        -e 's/#SyslogFacility.*/SyslogFacility AUTH/' \
        -e 's/#LogLevel.*/LogLevel INFO/' && \
    mkdir /var/run/sshd

VOLUME "${JENKINS_AGENT_HOME}" "/tmp" "/run" "/var/run"
WORKDIR "${JENKINS_AGENT_HOME}"

COPY setup-sshd /usr/local/bin/setup-sshd

EXPOSE 22

ENTRYPOINT ["setup-sshd"]

As we can see, sshd server and a JDK are installed. We can just use "jenkins/ssh-slave" as a basis for a custom image. A SSH key (based on unique Jenkins master instance identity) can be injected in container on startup, we don't need any credential set as long as we use standard openssl sshd.

Now, we want to add a new "Docker Agent Template". It is used to parameterize our image. Here is a list of the crucial parameters needed. Let's configure Docker agent:

Label : Name which will be later used by Jenkins Jobs
Docker image : Docker image name which image needs to be used by Jenkins Slave
Remote File System Root : The home folder for the user we've created in the image. Provides the Root of File System
Connect Method : SSH
User: Name of the user used to connect, jenkins.

Building Jobs On Docker Slaves

Now that the slave configuration is ready, we can create a job. Select "Restrict where this project can be run" option and select the docker host as slave using the label as shown below:

We may get the following if the configuration is not set properly:

Sorry, at this time, I could not resolve the issue!

Connection method: Attach Docker container

Unlike the other methods (ssh and JNLP), with the Attach method, I managed to run a task on a Docker slave node. The image used was jenkins/jnlp-slave and the Dockerfile looks like this:

FROM jenkins/slave:3.27-1-jdk11
MAINTAINER Oleg Nenashev 
LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols" Vendor="Jenkins project" Version="3.27"

COPY jenkins-slave /usr/local/bin/jenkins-slave

ENTRYPOINT ["jenkins-slave"]

Note that the image that's working is based off on jenkins/slave and it runs "jenkins-slave" script on the container.

The Jenkins URL is specified in the global configuration (Manage Jenkins => Configure System):

It took about a minute for the status switch from "pending/offline" to active!

This is the containers running while the task is running on the Docker slave node:

$ docker ps
CONTAINER ID  IMAGE                COMMAND                 CREATED            STATUS             PORTS                                              NAMES
ce6093c854b7  jenkins/jnlp-slave   "jenkins-slave /bin/…"  2 minutes ago      Up 2 minutes                                                           competent_bardeen
6769cd5edb32  alpine/socat         "socat tcp-listen:23…"  About an hour ago  Up About an hour   127.0.0.1:2376->2375/tcp                           pensive_ardinghelli
58faf694a367  jenkins/jenkins:lts  "/sbin/tini -- /usr/…"  About an hour ago  Up About an hour   0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp   romantic_neumann