设置docker-compose环境variables,以便用自定义的java System.Property正确启动Jenkins
我有jenkinsdocker图像,我想从docker环境放松jenkins内容安全策略 。
我可以从Jenkins脚本控制台执行此操作:
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; style-src 'self' 'unsafe-inline';") System.getProperty("hudson.model.DirectoryBrowserSupport.CSP") 但不是从docker构成的环境。 然后docker容器正在运行重新启动。
Docker服务由'jenkins.sh'脚本运行:
cat /usr/local/bin/jenkins.sh #! /bin/bash -e : "${JENKINS_HOME:="/var/jenkins_home"}" touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; } echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG" find /usr/share/jenkins/ref/ -type f -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} + # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then # read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities) java_opts_array=() while IFS= read -r -d '' item; do java_opts_array+=( "$item" ) done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS") jenkins_opts_array=( ) while IFS= read -r -d '' item; do jenkins_opts_array+=( "$item" ) done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS") exec java "${java_opts_array[@]}" -jar /usr/share/jenkins/jenkins.war "${jenkins_opts_array[@]}" "$@" fi # As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image exec "$@"
我的jenkins Dockerfile环境:
ENV JAVA_OPTS="-Xmx2048m" ENV JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war"
我的docker-compose.yml:
version: '2' services: jenkins: build: jenkins image: my-jenkins container_name: my-jenkins environment: - JAVA_OPTS="-Xmx2048m" # - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war" # - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war -Dhudson.model.DirectoryBrowserSupport.CSP=\"default-src 'self'; style-src 'self' 'unsafe-inline';\"" # - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war -Dhudson.model.DirectoryBrowserSupport.CSP=default-src 'self'; style-src 'self' 'unsafe-inline';" ports: - "49001:8080" - "50000:50000" volumes: - data-jenkins-home:/var/jenkins_home restart: always volumes: data-jenkins-home:
如果上面的行没有注释,Jenkins容器就会被破坏(大约在一两秒内重新启动)。 运行抛出:
Mar 02, 2017 11:32:25 AM Main deleteWinstoneTempContents WARNING: Failed to delete the temporary Winstone file /tmp/winstone/jenkins.war
我看到'jenkins.sh'正在重新创buildJENKINS_OPTS数组。 是否可以设置envvariablesJENKINS_OPTS使用taht脚本正确运行服务?
您可以在创build容器的docker run命令中设置JENKINS_OPTS。 例如这个docker run命令显示了如何设置JAVA_OPTS和JENKINS_OPTS。 另外它显示了jenkins GUI端口如何映射(从容器中的8080到9090到这里的外部世界)。 另外它显示如何jenkins家庭目录可以定制(docker卷装)。
JENKINS_PORT=9090 JENKINS_SLAVE_PORT=50000 JENKINS_DIR=jenkins IMAGE=whatever docker run -it \ -d \ --name jenkins42 \ --restart always \ -p $OMN_HOST_IP:$JENKINS_PORT:8080 \ -p $OMN_HOST_IP:$JENKINS_SLAVE_PORT:50000 \ --env JAVA_OPTS="-Dhudson.Main.development=true \ -Dhudson.footerURL=http://customurl.com \ -Xms800M -Xmx800M -Xmn400M \ " \ -v $JENKINS_DIR:/var/jenkins_home \ $VARGS \ $IMAGE