Situation
IT Organizations includes multiple teams such as: QA, Release, Developer and DBA or Middleware Engineers
Jenkins Master - Container-based
Default all users have the same authorization.
I would like to share how to launch the Jenkins Master on a Docker Container. login with docker playground.
As you have provision to Add Node from the left side click it. You will get a terminal to use for 4 hours to play with the Docker engine.
To run the Jenkins inside docker container
- name: Jenkins-master
- run in detached mode -d
- Port forwarding from container port 8080 to host 8081 and 50000 to 50001
- Allocate disk space to run the Jenkins workspace use -v
- Docker image from Blue Ocean
Let's launch the Jenkins container using below command:
docker run --name jenkins-master -u root --rm \ -d -p 8081:8080 -p 50001:50000 \ -v jenkins-data:/var/jenkins_home \ -v /var/run/docker.sock:/var/run/docker.sock \ jenkinsci/blueoceancheck Jenkins master logs from the container Jenkins-master
docker logs jenkins-masterCopy the encrypted InitalAdminPassword to start working on Jenkins
After complete regular steps execution on the Jenkins console installation of Suggested Plugins completed
Once your Jenkins setup is completed you will see on the browser: Jenkins is ready! Start using Jenkins
to create the default Admin user which we will use for administrating users and managing roles assignment.
Jenkins Crate First Admin User |
Click "save and Continue".
How to create a User in Jenkins?
These users can log into Jenkins. This will be maintained by Jenkins Master 'own user database'.
Let's crate User now, ensure you have login with 'administrator' user
Navigation steps:
- Goto to 'Manage Jenkins'
- Select 'Manage Users'
- Select 'Create User'
- Enter Username
- Enter Password and Confirm Password same
- Enter Full name which will display the name on the top when you log in with this user
- In the organizations multi-user Jenkins, to track we must enter the email id
Create User on Jenkins |
Jenkins allows us to create multiple users but they are all set to the global role that means "Anyone can do Anything" which is not good when you have a lot of users and a lot of projects run in the same Jenkins Security Realm. When the project grows on a large scale we must use 'Role' specific assignment to the users.
How to install 'Role-based Authorization Strategy' plugin?
There is a Jenkins Plugin 'Role Base Strategy' which will allow us to enable the different roles assigned to different team members (users). hence we need to install that plugin.
Jenkins > Manage Jenkins > Manage Plugin > Available tab filter 'role'.
Select the 'Role-based Authorization Strategy
Enable user authorization using a Role-based strategy. Roles can be defined globally or for particular jobs or nodes selected by regular expressions.
How to configure Global Security for Role-based?
To secure Jenkins we can define who is allowed to access or use the Jenkins Master Configuration from the 'Configure Global Security. To enable the Role-based Authorization do the following steps:
- Manage Jenkins
- Under the Security section, Select Configure Global Security
- 'Role-based Autoriaztion' select the radio button
- Save the Configuration
Authorization - Role-based Strategy |
How to add Global Role in Jenkins?
Navigate to 'Manage Jenkins' then select 'Manage and Assign Roles' from the right pane.
On the 'Manage Roles's page top, you will see Global roles section, where you will see the admin role as default available with Full access to anything on the Jenkins.Now add the new global role as "devopsAdmin'.
Manage Global Roles |
Full Global Role picture
Jenkins Manage Global Roles |
Now in the Global roles table under 'Overall' choices 'Read' permission. which will enable user to access the Jenkins dashboard.
On the Global roles table for 'DevopsAdmin' role choose 'View all options.
At the bottom click on 'Apply' button to save and continue.
How to setup Project roles?
On the same page of 'Manage Roles' we can add project-specific roles. Here for test purpose, we are using three roles:
- DBA TEAM - dba
- DEVELOPER TEAM - developer
- TESTING TEAM - qa
Manage roles for Project item |
Once all set in the Manage Roles page, go to the 'Assign Roles' option from the 'Manage and Assign Roles' under the Security section.
Assign Global roles for each user
Add the Jenkins users, which were created earlier in our example srini, rajashekhar, melvin are created.
Select the global role which you have created in the Global roles on the 'Manage Roles' page.
After you assign users 'Srini, Melvin, Rajshekhar' the in place of global roles they automatically turn to dev, dba, qa :
Similarly, we can assign 'users' - 'Srini, Melvin, Rajsekhar' then the roles for Item (Project-based) as shown below
User adding to Project roles in Jenkins
Jenkins limited access to developer role |
Please write your experience with the steps.
.
.
No comments:
Post a Comment