How to install and configure Jenkins using Docker containers

Introduction

In the previous tutorial, we learned how to install and configure Jenkins’s stable version from the ubuntu repositories. In this article, we will discuss how to install Jenkins server using docker containers

In this article, you will learn how to run Jenkins docker containers using two popular docker images.

To read the previous article regarding Jenkins installation please checkout on Jenkins install from repositories

Before We Begin

  • A server running Ubuntu 18.04 with minimum 2 GB of RAM
  • Root user or non-root user with sudo privileges
  • Docker installed on server

If Docker is not installed please checkout our tutorial guide on Install docker on ubuntu 18.04.After that follow this article session.

Run Jenkins container from jenkinsci/blueocean image 

There are several Docker images of Jenkins available. The recommended Docker image to use is the jenkinsci/blueocean image (from the Docker Hub repository). This image contains the current Long-Term Support (LTS) release of Jenkins (which is production-ready) bundled with all Blue Ocean plugins and features.

There are also other Jenkins Docker images you can use (accessible through jenkins/jenkins on Docker Hub). First, we will install and run a container using Jenkins blue ocean image

1.Create a bridge network in Docker using the following docker network create command:

sudo docker network create jenkins

2.Create the following volumes to share the Docker client TLS certificates needed to connect to the Docker daemon and persist the Jenkins data using the following docker volume create commands:

sudo docker volume create jenkins-docker-certs
sudo docker volume create jenkins-data

3.In order to execute Docker commands inside Jenkins nodes, download and run the docker:dind Docker image using the following docker container run command:

docker container run \
--name jenkins-docker \
--rm \
--detach \
--privileged \
--network jenkins \
--network-alias docker \
--env DOCKER_TLS_CERTDIR=/certs \
--volume jenkins-docker-certs:/certs/client \
--volume jenkins-data:/var/jenkins_home \
--publish 2376:2376 \
docker:dind

Here is the explanation of each steps:

  • –name jenkins-docker : ( Optional ) Specifies the Docker container name to use for running the image. By default, Docker will generate a unique name for the container.
  • –rm : ( Optional ) Automatically removes the Docker container (the instance of the Docker image) when it is shut down. This contains the Docker image cache used by Docker when invoked from the jenkinsci/blueocean container described below.
  • –detach : ( Optional ) Runs the Docker container in the background. This instance can be stopped later by running docker container stop jenkins-docker and started again with docker container start jenkins-docker. See docker container for more container management commands.
  • –privileged : Running Docker in Docker currently requires privileged access to function properly. This requirement may be relaxed with newer Linux kernel versions.
  • –network jenkins : This corresponds with the network created in the earlier step.
  • –network-alias docker : Makes the Docker in Docker container available as the hostname docker within the jenkins network.
  • –env DOCKER_TLS_CERTDIR=/certs : Enables the use of TLS in the Docker server. Due to the use of a privileged container, this is recommended, though it requires the use of the shared volume described below. This environment variable controls the root directory where Docker TLS certificates are managed.
  • –volume jenkins-docker-certs:/certs/client : Maps the /certs/client directory inside the container to a Docker volume named jenkins-docker-certs as created above.
  • –volume jenkins-data:/var/jenkins_home : Maps the /var/jenkins_home directory inside the container to the Docker volume named jenkins-data as created above. This will allow for other Docker containers controlled by this Docker container’s Docker daemon to mount data from Jenkins.
  • –publish 2376:2376 : ( Optional ) Exposes the Docker daemon port on the host machine. This is useful for executing docker commands on the host machine to control this inner Docker daemon.
  • docker:dind : The docker:dind image itself. This image can be downloaded before running by using the command: docker image pull docker:dind.

4.Download the jenkinsci/blueocean image and run it as a container in Docker using the following docker container run command:

docker container run \
--name jenkins-blueocean \
--rm \
--detach \
--network jenkins \
--env DOCKER_HOST=tcp://docker:2376 \
--env DOCKER_CERT_PATH=/certs/client \
--env DOCKER_TLS_VERIFY=1 \
--publish 8080:8080 \
--publish 50000:50000 \
--volume jenkins-data:/var/jenkins_home \
--volume jenkins-docker-certs:/certs/client:ro \
jenkinsci/blueocean
  • –name jenkins-blueocean 🙁 Optional ) Specifies the Docker container name for this instance of the jenkinsci/blueocean Docker image. This makes it simpler to reference by subsequent docker container commands.
  • –rm : ( Optional ) Automatically removes the Docker container (which is the instantiation of the jenkinsci/blueocean image below) when it is shut down. This keeps things tidy if you need to quit Jenkins.
  • –detach : ( Optional ) Runs the jenkinsci/blueocean container in the background (i.e. “detached” mode) and outputs the container ID. If you do not specify this option, then the running Docker log for this container is output in the terminal window.
  • –network jenkins : Connects this container to the jenkins network defined in the earlier step. This makes the Docker daemon from the previous step available to this Jenkins container through the hostname docker.
  • –env DOCKER_HOST=tcp://docker:2376 : Specifies the environment variables used by dockerdocker-compose, and other Docker tools to connect to the Docker daemon from the previous step.
  • –publish 8080:8080 : Maps (i.e. “publishes”) port 8080 of the jenkinsci/blueocean container to port 8080 on the host machine. The first number represents the port on the host while the last represents the container’s port. Therefore, if you specified -p 49000:8080 for this option, you would be accessing Jenkins on your host machine through port 49000.
  • –publish 50000:50000 : ( Optional ) Maps port 50000 of the jenkinsci/blueocean container to port 50000 on the host machine. This is only necessary if you have set up one or more inbound Jenkins agents on other machines, which in turn interact with the jenkinsci/blueocean container (acting as the “master” Jenkins server, or simply “Jenkins master”). inbound Jenkins agents communicate with the Jenkins master through TCP port 50000 by default.
  • –volume jenkins-data:/var/jenkins_home : Maps the /var/jenkins_home directory in the container to the Docker volume with the name jenkins-data. Instead of mapping the /var/jenkins_home directory to a Docker volume, you could also map this directory to one on your machine’s local file system.For example, specifying the option--volume $HOME/jenkins:/var/jenkins_home would map the container’s /var/jenkins_home directory to the jenkins subdirectory within the $HOME directory on your local machine, which would typically be /Users/<your-username>/jenkins or /home/<your-username>/jenkins
  • –volume jenkins-docker-certs:/certs/client:ro:Maps the /certs/client directory to the previously created jenkins-docker-certs volume. This makes the client TLS certificates needed to connect to the Docker daemon available in the path specified by the DOCKER_CERT_PATH environment variable.
  • jenkinsci/blueocean : The jenkinsci/blueocean Docker image itself. If this image has not already been downloaded, then this docker container run command will automatically download the image for you. Furthermore, if any updates to this image were published since you last ran this command, then running this command again will automatically download these published image updates for you.

Note: This Docker image could also be downloaded (or updated) independently using the docker image pull command:
docker image pull jenkinsci/blueocean

Check the jenkins Docker container status 

sudo docker ps

You will get the output as below :

Now You can see our two containers ,jenkinsci/blueocean and jenkins-docker are Up and running

Now check our jenkins server is running on port 8080 using any browser as http://server public ip:8080

To unlock jenkins , we need to copy the password from the file /var/jenkins_home/secrets/initialAdminPassword (Inside of docker container).

So first login into the container using the command :

efd00b013a14 —–Container id of jenkinsblueocean

sudo docker exec -it efd00b013a14 /bin/bash
bash-4.4$

Now we are in the container shell.To view the password use cat command :

cat /var/jenkins_home/secrets/initialAdminPassword

bash-4.4$ cat /var/jenkins_home/secrets/initialAdminPassword
8e49ee62a2d44bda81d3e58c8fbf50a9

Copy & paste the password ,here we got 8e49ee62a2d44bda81d3e58c8fbf50a9 and click continue

To know about the Post-installation setup wizard of Jenkins docker checkout Post-installation setup wizard.

After giving admin password you will get the Jenkins Main UI page as below :

Docker volume location on Linux:

Volumes are stored in a part of the host filesystem which is managed by Docker ( /var/lib/docker/volumes/ on Linux)

cd /var/lib/docker/volumes

Will get output like as

root@ip-of machine:/var/lib/docker/volumes# ls
c35bd0cb025de36a105d26eb35ec6701356ae7596ee2a3d386a6a727d8e8943b jenkins-data jenkins-docker-certs metadata.db

Run Jenkins server using Official Jenkins Docker image
(jenkins/jenkins)

We have now installed jenkins server using jenkinsci/blueocean image .Now we will run Jenkins server using the official jenkins docker image

we will run the Jenkins container using the latest version. So make sure you are pulling the image :

jenkins/jenkins:lts

Next run the command as below to get the latest Jenkins container as :

sudo docker run -d --name Jenkins-local -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 jenkins/jenkins:lts

Here is the explanation for each commands run above :

  • -v jenkins_home:/var/jenkins_home : This will save all the Jenkins data(including plugins and configuration) to your host machine in addition to mapping ports by automatically creating  ‘jenkins_home‘ docker volume ./var/jenkins_home is the location of jenkins data saved inside the container

Actually, there will be only one copy of the data, but it will be available on different paths from outside and inside the container. Also make sure the path where data is being stored on the host machine, all those directories are accessible to Jenkins user.

If you are only using SSH slaves, then you do NOT need to put that port mapping.-p 50000:50000.To learn more check out https://github.com/jenkinsci/docker/blob/master/README.md

Check our new Jenkins docker container is running or not :

sudo docker ps

You should get output like below :

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
693a257a756c jenkins/jenkins:lts “/sbin/tini — /usr/…” 10 seconds ago Up 9 seconds 0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp Jenkins-local

Now check our jenkins docker volume folder ,jenkins_home is created properly or not

Normally docker user or root user is allowed to view this docker volume folder. Otherwise, you will get the below error. To configure docker user permissions check out our previous tutorial on Docker Install ubuntu

ubuntu@ip-:~$ cd /var/lib/docker/volumes
-bash: cd: /var/lib/docker/volumes: Permission denied

Yes.The folder jenkins_home is automatically created on our host machine.

Check jenkins server status on browser using server ip with port 8080

Since now Jenkins server is running on docker container ,we need to login into the container .After that copy the Administrator Password in order to unlock Jenkins

sudo docker exec -it 693a257a756c /bin/bash

jenkins@693a257a756c:/$

Now we are logged on our Jenkins container.

use cat command to view the password as shown in the jenkins UI

cat /var/jenkins_home/secrets/initialAdminPassword
9868e1009d3840f1b242727164f0139b

When you paste the password ,you will get the Jenkins console

How to change the admin password after the first login?

You can change the Jenkins admin password as follows :

Go to manage jenkins -> Under security section > Manage users

Click on settings button > you can see the password option > give new password >apply & save

Conclusion

In this tutorial we learned to run Jenkins server using Jenkins blue-ocean and normal Jenkins images from the Docker hub.We studied to create volumes for data persistence .In upcoming sessions we will learn how to use Jenkins for build and deploy applications

Leave a Reply