From ff5b5fefffb974808249cf75a674ed57958157ff Mon Sep 17 00:00:00 2001 From: Egor Ivanov Date: Sat, 23 Nov 2024 02:51:55 +0300 Subject: [PATCH] =?UTF-8?q?=D0=9E=D0=B1=D0=BD=D0=BE=D0=B2=D0=B8=D0=BB=20?= =?UTF-8?q?=D0=B2=D0=B5=D1=80=D1=81=D0=B8=D1=8E=20k8s-=D0=B0=D0=B3=D0=B5?= =?UTF-8?q?=D0=BD=D1=82=D0=B0,=20=D1=82=D0=B5=D0=BF=D0=B5=D1=80=D1=8C=20?= =?UTF-8?q?=D0=BE=D0=BD=D0=B0=20=D0=BC=D0=B0=D0=BA=D1=81=D0=B8=D0=BC=D0=B0?= =?UTF-8?q?=D0=BB=D1=8C=D0=BD=D0=BE=20=D1=81=D1=85=D0=BE=D0=B6=D0=B0=20?= =?UTF-8?q?=D1=81=D0=BE=20=D1=81=D1=82=D0=B0=D0=BD=D0=B4=D0=B0=D1=80=D1=82?= =?UTF-8?q?=D0=BD=D0=BE=D0=B9=20=D1=81=D0=B1=D0=BE=D1=80=D0=BA=D0=BE=D0=B9?= =?UTF-8?q?=20=D1=81=20=D0=BD=D0=B5=D1=81=D0=BA=D0=BE=D0=BB=D1=8C=D0=BA?= =?UTF-8?q?=D0=B8=D0=BC=D0=B8=20=D0=B8=D0=B7=D0=BC=D0=B5=D0=BD=D0=B5=D0=BD?= =?UTF-8?q?=D0=B8=D1=8F=D0=BC=D0=B8:=201)=20=D0=97=D0=B0=D0=BF=D1=83=D1=81?= =?UTF-8?q?=D0=BA=D0=B0=D1=8E=D1=82=D1=81=D1=8F=20=D0=B8=D0=BA=D1=81=D1=8B?= =?UTF-8?q?,=20=D0=B5=D1=81=D0=BB=D0=B8=20=D0=BE=D0=BD=D0=B8=20=D0=B5?= =?UTF-8?q?=D1=81=D1=82=D1=8C=202)=20=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE?= =?UTF-8?q?=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8C=20=D0=BF=D0=BE=20=D1=83?= =?UTF-8?q?=D0=BC=D0=BE=D0=BB=D1=87=D0=B0=D0=BD=D0=B8=D1=8E=20=D0=BE=D1=81?= =?UTF-8?q?=D1=82=D0=B0=D0=B2=D0=BB=D0=B5=D0=BD=20root,=20=D0=B0=20=D0=BD?= =?UTF-8?q?=D0=B5=20jenkins.=20(=D0=BA=D0=B0=D0=BA=20=D0=B2=20=D1=81=D0=B2?= =?UTF-8?q?=D0=B0=D1=80=D0=BC=D0=B5)=203)=20=D0=9B=D0=BE=D0=BA=D0=B0=D0=BB?= =?UTF-8?q?=D1=8C=20=D0=B8=20=D0=A2=D0=97=20=D0=BD=D0=B5=20=D1=82=D1=80?= =?UTF-8?q?=D0=BE=D0=B3=D0=B0=D0=B5=D0=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- k8s-jenkins-agent/Dockerfile | 128 +++++++++++++------------ k8s-jenkins-agent/docker-entrypoint.sh | 7 -- k8s-jenkins-agent/jenkins-agent | 30 ++++-- 3 files changed, 91 insertions(+), 74 deletions(-) delete mode 100644 k8s-jenkins-agent/docker-entrypoint.sh diff --git a/k8s-jenkins-agent/Dockerfile b/k8s-jenkins-agent/Dockerfile index 3ebbbca..35cdb69 100644 --- a/k8s-jenkins-agent/Dockerfile +++ b/k8s-jenkins-agent/Dockerfile @@ -1,70 +1,80 @@ +# Для сборки использован стандартный шаблон jenkins-inbound-agent https://github.com/jenkinsci/docker-agent/blob/master/debian/Dockerfile +# Стадию с as jre-build убрал, т.к. у нас на этот момент уже всегда есть джава в контейнере. ARG DOCKER_REGISTRY_URL ARG BASE_IMAGE ARG BASE_TAG -ARG user=jenkins -FROM ${DOCKER_REGISTRY_URL}/${BASE_IMAGE}:${BASE_TAG} +FROM ${DOCKER_REGISTRY_URL}/${BASE_IMAGE}:${BASE_TAG} as agent LABEL maintainer="Nikita Gryzlov , FirstBit" -RUN set -xe \ - && apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - curl \ - git \ - locales \ - openssh-client \ - wget \ - init \ - openssh-server openssh-client \ - apt-transport-https \ - # git-lfs - && curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ +ARG user=jenkins +ARG group=jenkins +ARG uid=1000 +ARG gid=1000 + +RUN groupadd -g "${gid}" "${group}" \ + && useradd -l -c "Jenkins user" -d /home/"${user}" -u "${uid}" -g "${gid}" -m "${user}" || echo "user ${user} already exists." + +ARG AGENT_WORKDIR=/home/"${user}"/agent + +## Always use the latest Debian packages: no need for versions +# hadolint ignore=DL3008 +RUN apt-get update \ + && apt-get --yes --no-install-recommends install \ + ca-certificates \ + curl \ + fontconfig \ + git \ git-lfs \ - && rm -rf \ - /var/lib/apt/lists/* \ - /var/cache/debconf \ - && localedef -i ru_RU -c -f UTF-8 -A /usr/share/locale/locale.alias ru_RU.UTF-8 - -RUN echo "deb http://security.ubuntu.com/ubuntu bionic-security main" | tee -a /etc/apt/sources.list -RUN apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 3B4FE6ACC0B21F32 && apt-get update -#RUN apt-add-repository 'deb http://security.debian.org/debian-security stretch/updates main' && apt-get update -#RUN apt-get update && apt install -y openjdk-11-jdk - + less \ + netbase \ + openssh-client \ + patch \ + tzdata \ + && apt-get clean \ + && rm -rf /tmp/* /var/cache/* /var/lib/apt/lists/* + +ARG VERSION=3283.v92c105e0f819 +ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" /usr/share/jenkins/agent.jar +RUN chmod 0644 /usr/share/jenkins/agent.jar \ + && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar + +USER "${user}" +ENV AGENT_WORKDIR=${AGENT_WORKDIR} +RUN mkdir -p /home/"${user}"/.jenkins && mkdir -p "${AGENT_WORKDIR}" + +VOLUME /home/"${user}"/.jenkins +VOLUME "${AGENT_WORKDIR}" +WORKDIR /home/"${user}" +ENV USER=${user} +LABEL \ + org.opencontainers.image.vendor="Jenkins project" \ + org.opencontainers.image.title="Official Jenkins Agent Base Docker image" \ + org.opencontainers.image.description="This is a base image, which provides the Jenkins agent executable (agent.jar)" \ + org.opencontainers.image.version="${VERSION}" \ + org.opencontainers.image.url="https://www.jenkins.io/" \ + org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \ + org.opencontainers.image.licenses="MIT" + +## Inbound Agent image target +FROM agent AS inbound-agent -RUN groupadd -g 1000 jenkins \ - && useradd -l -d /home/jenkins -u 1000 -g 1000 -m jenkins - - -ARG AGENT_WORKDIR=/home/jenkins/agent - -# Install jenkins jnlp -ARG VERSION=4.14 -RUN curl --create-dirs -sSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/4.14/remoting-4.14.jar \ - && chmod 755 /usr/share/jenkins \ - && chmod 644 /usr/share/jenkins/slave.jar \ - && chown jenkins:jenkins /usr/share/jenkins/slave.jar +ARG user=jenkins +USER root COPY ./k8s-jenkins-agent/jenkins-agent /usr/local/bin/jenkins-agent -RUN chmod +x /usr/local/bin/jenkins-agent \ - && chown jenkins:jenkins /usr/local/bin/jenkins-agent \ - && ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave - -RUN mkdir -p /home/jenkins/.jenkins \ - && mkdir -p /home/jenkins/agent \ - && chown -R jenkins:jenkins /home/jenkins - - -ENV LANG ru_RU.UTF-8 - -VOLUME /home/jenkins/.jenkins -VOLUME /home/jenkins/agent - -WORKDIR /home/jenkins/agent - -COPY ./k8s-jenkins-agent/docker-entrypoint.sh / -RUN chmod 755 /docker-entrypoint.sh \ - && chmod +x /docker-entrypoint.sh - -ENTRYPOINT ["/docker-entrypoint.sh"] +RUN chmod +x /usr/local/bin/jenkins-agent &&\ + ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave +# USER ${user} + +LABEL \ + org.opencontainers.image.vendor="Jenkins project" \ + org.opencontainers.image.title="Official Jenkins Inbound Agent Base Docker image" \ + org.opencontainers.image.description="This is an image for Jenkins agents using TCP or WebSockets to establish inbound connection to the Jenkins controller" \ + org.opencontainers.image.version="${VERSION}" \ + org.opencontainers.image.url="https://www.jenkins.io/" \ + org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \ + org.opencontainers.image.licenses="MIT" + +ENTRYPOINT ["/usr/local/bin/jenkins-agent"] \ No newline at end of file diff --git a/k8s-jenkins-agent/docker-entrypoint.sh b/k8s-jenkins-agent/docker-entrypoint.sh deleted file mode 100644 index e60f528..0000000 --- a/k8s-jenkins-agent/docker-entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -if [ -f "/init" ]; then - /init & -fi - -wget -O agent.jar $JENKINS_URL/jnlpJars/agent.jar && java -Xms4096m -Xmx4096m -Dhudson.remoting.Launcher.pingIntervalSec=-1 -jar /home/jenkins/agent/agent.jar -jnlpUrl $JENKINS_URL/computer/$JENKINS_NAME/jenkins-agent.jnlp -secret $JENKINS_SECRET -noReconnect -workDir /home/jenkins/agent diff --git a/k8s-jenkins-agent/jenkins-agent b/k8s-jenkins-agent/jenkins-agent index 6d1beb2..b2f3f80 100644 --- a/k8s-jenkins-agent/jenkins-agent +++ b/k8s-jenkins-agent/jenkins-agent @@ -22,10 +22,14 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. -# Usage jenkins-agent.sh [options] -url http://jenkins [SECRET] [AGENT_NAME] +# Usage jenkins-agent.sh [options] -url http://jenkins -secret [SECRET] -name [AGENT_NAME] # Optional environment variables : # * JENKINS_JAVA_BIN : Java executable to use instead of the default in PATH or obtained from JAVA_HOME # * JENKINS_JAVA_OPTS : Java Options to use for the remoting process, otherwise obtained from JAVA_OPTS +# * JENKINS_AGENT_FILE : Jenkins agent jar file location, /usr/share/jenkins/agent.jar will be used if this is not set +# * REMOTING_OPTS : Generic way to pass additional CLI options to agent.jar (see -help) +# +# Deprecated environment variables (prefer setting REMOTING_OPTS) # * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network # * JENKINS_URL : alternate jenkins URL # * JENKINS_SECRET : agent secret, if not set as an argument @@ -34,10 +38,16 @@ # * JENKINS_WEB_SOCKET: true if the connection should be made via WebSocket rather than TCP # * JENKINS_DIRECT_CONNECTION: Connect directly to this TCP agent port, skipping the HTTP(S) connection parameter download. # Value: ":" -# * JENKINS_INSTANCE_IDENTITY: The base64 encoded InstanceIdentity byte array of the Jenkins master. When this is set, +# * JENKINS_INSTANCE_IDENTITY: The base64 encoded InstanceIdentity byte array of the Jenkins controller. When this is set, # the agent skips connecting to an HTTP(S) port for connection info. # * JENKINS_PROTOCOLS: Specify the remoting protocols to attempt when instanceIdentity is provided. +############## ВСТАВКА СТАРТА ИКСОВ В СТАНДАРТНЫЙ jenkins-agent ############ +if [ -f "/init" ]; then + /init & +fi +############################### Конец вставки ############################## + if [ $# -eq 1 ] && [ "${1#-}" = "$1" ] ; then # if `docker run` only has one arguments and it is not an option as `-help`, we assume user is running alternate command like `bash` to inspect the image @@ -106,28 +116,32 @@ else fi fi + if [ "$JENKINS_AGENT_FILE" ]; then + AGENT_FILE="$JENKINS_AGENT_FILE" + else + AGENT_FILE="/usr/share/jenkins/agent.jar" + fi + # if both required options are defined, do not pass the parameters - OPT_JENKINS_SECRET="" if [ -n "$JENKINS_SECRET" ]; then case "$@" in *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;; *) - OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;; + SECRET="-secret ${JENKINS_SECRET}" ;; esac fi - OPT_JENKINS_AGENT_NAME="" if [ -n "$JENKINS_AGENT_NAME" ]; then case "$@" in *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;; *) - OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;; + AGENT_NAME="-name ${JENKINS_AGENT_NAME}" ;; esac fi #TODO: Handle the case when the command-line and Environment variable contain different values. #It is fine it blows up for now since it should lead to an error anyway. - exec $JAVA_BIN $JAVA_OPTIONS -cp /usr/share/jenkins/agent.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $WEB_SOCKET $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@" + exec $JAVA_BIN $JAVA_OPTIONS -jar $AGENT_FILE $SECRET $AGENT_NAME $TUNNEL $URL $WORKDIR $WEB_SOCKET $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $REMOTING_OPTS "$@" -fi +fi \ No newline at end of file