设置docker-compose环境变量以正确启动Jenkins与自定义java System.Property
问题描述:
我有Jenkins泊坞窗图像,我想从docker环境中放松Jenkins Content Security Policy。设置docker-compose环境变量以正确启动Jenkins与自定义java System.Property
我能做到这一点从詹金斯脚本控制台:
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; style-src 'self' 'unsafe-inline';")
System.getProperty("hudson.model.DirectoryBrowserSupport.CSP")
但不是。然后docker容器在运行时重新启动。
cat /usr/local/bin/jenkins.sh
#! /bin/bash -e
: "${JENKINS_HOME:="/var/jenkins_home"}"
touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
find /usr/share/jenkins/ref/ -type f -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +
# if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
# read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities)
java_opts_array=()
while IFS= read -r -d '' item; do
java_opts_array+=("$item")
done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
jenkins_opts_array=()
while IFS= read -r -d '' item; do
jenkins_opts_array+=("$item")
done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
exec java "${java_opts_array[@]}" -jar /usr/share/jenkins/jenkins.war "${jenkins_opts_array[@]}" "[email protected]"
fi
# As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image
exec "[email protected]"
我詹金斯Dockerfile环境:
ENV JAVA_OPTS="-Xmx2048m"
ENV JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war"
我的搬运工,compose.yml:
version: '2'
services:
jenkins:
build: jenkins
image: my-jenkins
container_name: my-jenkins
environment:
- JAVA_OPTS="-Xmx2048m"
# - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war"
# - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war -Dhudson.model.DirectoryBrowserSupport.CSP=\"default-src 'self'; style-src 'self' 'unsafe-inline';\""
# - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war -Dhudson.model.DirectoryBrowserSupport.CSP=default-src 'self'; style-src 'self' 'unsafe-inline';"
ports:
- "49001:8080"
- "50000:50000"
volumes:
- data-jenkins-home:/var/jenkins_home
restart: always
volumes:
data-jenkins-home:
詹金斯
泊坞窗服务由 'jenkins.sh' 脚本运行如果上面的任何一行没有注释,容器就会损坏(重新启动大约一两秒)。 Run throws:
Mar 02, 2017 11:32:25 AM Main deleteWinstoneTempContents
WARNING: Failed to delete the temporary Winstone file /tmp/winstone/jenkins.war
我看到'jenkins.sh'正在重新创建JENKINS_OPTS数组。是否可以设置env变量JENKINS_OPTS使用taht脚本正确运行服务?
答
您可以在创建容器的docker run命令中设置JENKINS_OPTS。 例如这个docker run命令显示了如何设置JAVA_OPTS和JENKINS_OPTS。 此外,它还显示了jenkins GUI端口如何映射(从容器中的8080到9090到外部世界)。此外,它还显示了jenkins家庭目录如何定制(码头卷装)。
JENKINS_PORT=9090
JENKINS_SLAVE_PORT=50000
JENKINS_DIR=jenkins
IMAGE=whatever
docker run -it \
-d \
--name jenkins42 \
--restart always \
-p $OMN_HOST_IP:$JENKINS_PORT:8080 \
-p $OMN_HOST_IP:$JENKINS_SLAVE_PORT:50000 \
--env JAVA_OPTS="-Dhudson.Main.development=true \
-Dhudson.footerURL=http://customurl.com \
-Xms800M -Xmx800M -Xmn400M \
" \
-v $JENKINS_DIR:/var/jenkins_home \
$VARGS \
$IMAGE