diff --git a/scripts/jenkins-install.sh b/scripts/jenkins-install.sh new file mode 100644 index 0000000..11fb4e6 --- /dev/null +++ b/scripts/jenkins-install.sh @@ -0,0 +1,179 @@ +#!/bin/bash +set -euo pipefail + +# ==================== 配置参数(可按需修改)==================== +JENKINS_NAME="jenkins-enterprise" +USER_ID="1001" +GROUP_ID="1001" +MEMORY_LIMIT="8g" +CPU_LIMIT="4" +HTTP_PORT="8080" +AGENT_PORT="50000" +DATA_DIR="/opt/jenkins" # 数据持久化目录(版本共享核心) +IMAGE="swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/jenkins/jenkins:lts-jdk21" +TZ="Asia/Shanghai" +JAVA_OPTS="-Xms4g -Xmx6g -Dhudson.model.DirectoryBrowserSupport.CSP=''" + +# ==================== 前置检查 ==================== +check_dependency() { + local cmd=$1 + if ! command -v $cmd &> /dev/null; then + echo "❌ 错误:未安装 $cmd,请先安装后重试!" + echo " 安装指引:" + if [[ $cmd == "nerdctl" ]]; then + echo " - Debian/Ubuntu: apt install containerd nerdctl" + echo " - CentOS/RHEL: dnf install containerd nerdctl" + elif [[ $cmd == "stat" ]]; then + echo " - Debian/Ubuntu: apt install coreutils" + echo " - CentOS/RHEL: dnf install coreutils" + fi + exit 1 + fi +} + +# 检查依赖命令 +check_dependency "nerdctl" +check_dependency "stat" +check_dependency "sudo" + +# 检查 containerd 服务是否运行 +if ! systemctl is-active --quiet containerd; then + echo "⚠️ containerd 服务未启动,正在启动..." + sudo systemctl start containerd + sudo systemctl enable containerd +fi + +# ==================== 环境准备 ==================== +prepare_environment() { + echo "🔧 正在准备运行环境..." + + # 创建数据目录并配置权限(版本共享核心:目录持久化) + sudo mkdir -p ${DATA_DIR}/{home,logs,backup} + sudo chown -R ${USER_ID}:${GROUP_ID} ${DATA_DIR} + sudo chmod -R 755 ${DATA_DIR} + echo "✅ 数据目录 ${DATA_DIR} 已创建并配置权限" + + # 检查 1001 用户组是否存在,不存在则创建 + if ! getent group ${GROUP_ID} &> /dev/null; then + sudo groupadd -g ${GROUP_ID} jenkins + echo "✅ 已创建组 ID: ${GROUP_ID}" + fi + if ! id -u ${USER_ID} &> /dev/null; then + sudo useradd -m -u ${USER_ID} -g ${GROUP_ID} jenkins + echo "✅ 已创建用户 ID: ${USER_ID}" + fi + + # 清理旧容器(避免冲突) + if nerdctl ps -a | grep -q ${JENKINS_NAME}; then + echo "⚠️ 发现旧容器 ${JENKINS_NAME},正在删除..." + sudo nerdctl rm -f ${JENKINS_NAME} + fi +} + +# ==================== 启动 Jenkins ==================== +start_jenkins() { + echo "🚀 正在启动 Jenkins 容器..." + + # 获取 containerd.sock 组 ID(允许容器内访问宿主机容器引擎) + CONTAINERD_SOCK_GID=$(stat -c %g /var/run/containerd/containerd.sock) + + # 执行启动命令 + sudo nerdctl run -d \ + --name ${JENKINS_NAME} \ + --restart always \ + --user ${USER_ID}:${GROUP_ID} \ + --memory ${MEMORY_LIMIT} \ + --cpus ${CPU_LIMIT} \ + -p ${HTTP_PORT}:8080 \ + -p ${AGENT_PORT}:50000 \ + -v ${DATA_DIR}/home:/var/jenkins_home \ + -v ${DATA_DIR}/logs:/var/log/jenkins \ + -v ${DATA_DIR}/backup:/var/jenkins_backup \ + -v /var/run/containerd/containerd.sock:/var/run/docker.sock:ro \ + -v /etc/localtime:/etc/localtime:ro \ + -e TZ="${TZ}" \ + -e JAVA_OPTS="${JAVA_OPTS}" \ + --security-opt=no-new-privileges \ + --cap-drop=ALL \ + --cap-add=NET_BIND_SERVICE \ + --group-add ${CONTAINERD_SOCK_GID} \ + ${IMAGE} + + # 等待容器启动(最多等待 30 秒) + echo "⌛ 等待 Jenkins 初始化(约 30 秒)..." + for ((i=0; i<30; i++)); do + if sudo nerdctl logs ${JENKINS_NAME} | grep -q "initialAdminPassword"; then + echo "✅ Jenkins 启动成功!" + return 0 + fi + sleep 1 + done + + echo "⚠️ Jenkins 启动超时,可能正在初始化,请稍后查看日志确认" +} + +# ==================== 打印运维指南 ==================== +print_operation_guide() { + echo -e "\n==================================================" + echo -e "🎉 Jenkins 一键安装完成!" + echo -e "==================================================" + echo -e "📌 基础访问信息:" + echo -e " - 访问地址:http://$(hostname -I | awk '{print $1}'):${HTTP_PORT}" + echo -e " - 初始密码:sudo cat ${DATA_DIR}/home/secrets/initialAdminPassword" + echo -e " - 容器名称:${JENKINS_NAME}" + echo -e " - 数据目录:${DATA_DIR}(核心!删除会丢失所有配置)" + echo -e "\n📌 运维常用操作:" + echo -e "\n【1. 插件加速(解决安装慢/失败)】" + echo -e " 方法1:替换 Jenkins 插件源(推荐清华源)" + echo -e " 1) 进入 Jenkins 管理界面 → 系统管理 → 插件管理 → 高级" + echo -e " 2) 替换「升级站点」URL 为:" + echo -e " https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json" + echo -e " 3) 点击「提交」→ 「立即获取」" + echo -e "" + echo -e " 方法2:手动修改配置文件(容器外操作)" + echo -e " sudo sed -i 's#https://updates.jenkins.io/update-center.json#https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json#' ${DATA_DIR}/home/hudson.model.UpdateCenter.xml" + echo -e " sudo nerdctl restart ${JENKINS_NAME}" + echo -e "\n【2. 版本共享(数据持久化)】" + echo -e " - 核心原理:${DATA_DIR}/home 目录存储所有配置、插件、任务数据" + echo -e " - 升级/重建容器:保留该目录,数据不丢失(版本共享核心)" + echo -e " - 迁移 Jenkins:复制 ${DATA_DIR} 到新服务器,启动命令不变即可" + echo -e "\n【3. 备份与恢复】" + echo -e " 🔸 手动备份(推荐每日执行):" + echo -e " sudo tar -zcvf ${DATA_DIR}/backup/jenkins_backup_$(date +%Y%m%d).tar.gz -C ${DATA_DIR}/home ." + echo -e "" + echo -e " 🔸 恢复数据(需先停止容器):" + echo -e " sudo nerdctl stop ${JENKINS_NAME}" + echo -e " sudo rm -rf ${DATA_DIR}/home/*" + echo -e " sudo tar -zxvf ${DATA_DIR}/backup/[备份文件名].tar.gz -C ${DATA_DIR}/home" + echo -e " sudo nerdctl start ${JENKINS_NAME}" + echo -e "\n【4. 版本升级/回滚】" + echo -e " 🔸 升级 Jenkins 版本:" + echo -e " 1) 拉取新版本镜像:sudo nerdctl pull ${IMAGE/:lts-jdk21/:lts-jdk21-new}" # 替换为目标版本 + echo -e " 2) 停止旧容器:sudo nerdctl stop ${JENKINS_NAME}" + echo -e " 3) 重建容器(保留数据目录):重新执行本脚本或启动命令" + echo -e "" + echo -e " 🔸 回滚版本:" + echo -e " sudo nerdctl pull ${IMAGE} # 拉取原版本镜像" + echo -e " sudo nerdctl stop ${JENKINS_NAME} && sudo nerdctl rm ${JENKINS_NAME}" + echo -e " 重新执行本脚本(数据目录不变,配置不丢失)" + echo -e "\n【5. 常用排查命令】" + echo -e " - 查看容器状态:sudo nerdctl ps -a | grep ${JENKINS_NAME}" + echo -e " - 查看实时日志:sudo nerdctl logs -f ${JENKINS_NAME}" + echo -e " - 重启 Jenkins:sudo nerdctl restart ${JENKINS_NAME}" + echo -e " - 查看资源占用:sudo nerdctl stats ${JENKINS_NAME}" + echo -e " - 进入容器终端:sudo nerdctl exec -it ${JENKINS_NAME} bash" + echo -e "\n==================================================" +} + +# ==================== 主流程执行 ==================== +main() { + echo "==================================================" + echo "📦 Jenkins 一键安装脚本(nerdctl 容器化版)" + echo "==================================================" + prepare_environment + start_jenkins + print_operation_guide +} + +# 启动主流程 +main \ No newline at end of file