Part 2 — Con­fig File Management

This is part 2 of a con­tin­ued se­ries on how to con­fig­ure Jenk­ins on a Ku­ber­netes clus­ter. The goal of the se­ries is to have a ful­ly func­tion­ing con­tin­ues in­te­gra­tion and de­liv­ery Jenk­ins up and run­ning. Part 1 de­scribed how to in­stall Jenk­ins and the nec­es­sary plu­g­ins and how to con­fig­ure them for Ku­ber­netes. This part will de­scribe the nec­es­sary con­fig­u­ra­tion files that are go­ing to be used in the pipeline.

Con­fig File Management

We need two files for a Maven re­lease. The gpg-key that will be used to sign the de­ploy­ment ar­ti­facts and the settings.xml for serv­er Ids, de­ploy­ment URLs and Jenk­ins user names and passwords.

gpg-key

• ID: gpg-key
• Name: gpg-key
• Con­tent: — – BEGIN PGP PRIVATE KEY BLOCK — – …

The pri­vate key will be used to sign de­ploy­ment ar­ti­facts via maven. We are go­ing to use the maven-gpg-plu­g­in plu­g­in. The key­name must be set to the name of the gpg-key. The Jenk­ins Dock­er im­age that we are us­ing will start a gpg dae­mon and is go­ing to use the pro­vid­ed gpg-key and the pro­vid­ed gpg pri­vate passphrase to sign ar­ti­facts automatically.

[xml title=“pom.xml” firstline=“1”]
<plu­g­in>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<con­fig­u­ra­tion>
<keyname>ANRI Software</keyname>
</configuration>
<ex­e­cu­tions>
<ex­e­cu­tion>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
[/xml]

maven-set­tings-glob­al

• ID: maven-set­tings-glob­al
• Name: settings.xml
• Com­ment: glob­al settings
• [x] Re­place All
• Con­tent: <set­tings xmlns=“http://maven.apache.org/SETTINGS/1.0.0” …

Ex­am­ple settings.xml

We are not go­ing to use Serv­er Cre­den­tials. If we use Serv­er Cre­den­tials then all servers that are man­u­al­ly added in the <servers> block are go­ing to be re­placed by those Cre­den­tials, but we need at least one spe­cial serv­er con­fig­u­ra­tion: the site-ssh. There we must con­fig­ure the SSH ports to ac­cess the Dock­er Con­tain­er where we are go­ing to send our gen­er­at­ed site pages. via scp.

There are ad­di­tion­al con­fig­u­ra­tions that will work on­ly with our Jenk­ins Dock­er im­age. We are go­ing to use scp to copy HTML pages to a Dock­er Ng­inx Im­age. The Dock­er Ng­inx Im­age is go­ing to be de­ployed as a con­tain­er on our Ku­ber­netes cloud and will pro­vide the gen­er­at­ed mvn site:site HTML pages. I was think­ing in us­ing Web­DAV to trans­fer files to the Ng­inx web serv­er, but for that I had to im­ple­ment an au­then­ti­ca­tion and user man­age­ment. SSH al­ready pro­vides au­then­ti­ca­tion and I can safe­ly use the Jenk­ins SSH key to trans­fer the HTML pages.

[xml title=“settings.xml” firstline=“38”] <serv­er> <id>site-ssh</id> <username>rsync</username> <privateKey>/home/devent/Private/andrea-master‑0.muellerpublic.de/jenkins/jenkins</privateKey> <con­fig­u­ra­tion> <sshExecutable>ssh</sshExecutable> <scpExecutable>scp</scpExecutable> <sshArgs>-p 30101</sshArgs> <scpArgs>-P 30101</scpArgs> </configuration> </server> … <pro­file> <id>site-ssh</id> <ac­ti­va­tion> <activeByDefault>true</activeByDefault> </activation> <prop­er­ties> <site.ssh.url>scpexe://javadoc.anrisoftware.com:/data/${project.groupId}/${project.artifactId}/${project.version}</site.ssh.url> </properties> </profile> [/xml]

We are al­so adding Sonar­Qube host URL and lo­gin to­ken. That will be used by the maven sonar:sonar goal. This con­fig­u­ra­tion is tak­en from the of­fi­cial doc­u­men­ta­tion: An­a­lyz­ing with Sonar­Qube Scan­ner for Maven

[xml title=“settings.xml” firstline=“9”]
<plug­in­Groups>
<pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
</pluginGroups>
…
<pro­file>
<id>sonar</id>
<ac­ti­va­tion>
<activeByDefault>true</activeByDefault>
</activation>
<prop­er­ties>
<sonar.host.url>https://sonarqube.anrisoftware.com</sonar.host.url>
<sonar.login>xxxx</sonar.login>
</properties>
</profile>
[/xml]