我有Jenkins docker图像,我想从docker环境中放松Jenkins Content Security Policy。
我可以从Jenkins脚本控制台那样做:
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; style-src 'self' 'unsafe-inline';")
System.getProperty("hudson.model.DirectoryBrowserSupport.CSP")
但不是来自docker-compose环境。然后docker容器在运行时重新启动。
Docker服务由' jenkins.sh'运行。脚本:
cat /usr/local/bin/jenkins.sh
#! /bin/bash -e
: "${JENKINS_HOME:="/var/jenkins_home"}"
touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
find /usr/share/jenkins/ref/ -type f -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +
# if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
# read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities)
java_opts_array=()
while IFS= read -r -d '' item; do
java_opts_array+=( "$item" )
done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
jenkins_opts_array=( )
while IFS= read -r -d '' item; do
jenkins_opts_array+=( "$item" )
done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
exec java "${java_opts_array[@]}" -jar /usr/share/jenkins/jenkins.war "${jenkins_opts_array[@]}" "$@"
fi
# As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image
exec "$@"
我的jenkins Dockerfile环境:
ENV JAVA_OPTS="-Xmx2048m"
ENV JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war"
我的docker-compose.yml:
version: '2'
services:
jenkins:
build: jenkins
image: my-jenkins
container_name: my-jenkins
environment:
- JAVA_OPTS="-Xmx2048m"
# - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war"
# - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war -Dhudson.model.DirectoryBrowserSupport.CSP=\"default-src 'self'; style-src 'self' 'unsafe-inline';\""
# - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war -Dhudson.model.DirectoryBrowserSupport.CSP=default-src 'self'; style-src 'self' 'unsafe-inline';"
ports:
- "49001:8080"
- "50000:50000"
volumes:
- data-jenkins-home:/var/jenkins_home
restart: always
volumes:
data-jenkins-home:
如果任何上面的行被取消注释,则Jenkins容器会被破坏(它会在大约一两秒内重新启动)。抛出投掷:
Mar 02, 2017 11:32:25 AM Main deleteWinstoneTempContents
WARNING: Failed to delete the temporary Winstone file /tmp/winstone/jenkins.war
我看到&#39; jenkins.sh&#39;正在重新创建JENKINS_OPTS数组。是否可以使用taht脚本设置env变量JENKINS_OPTS来正确运行服务?
答案 0 :(得分:1)
您可以在创建容器的docker run命令中设置JENKINS_OPTS。 例如此docker run命令显示如何设置JAVA_OPTS和JENKINS_OPTS。 它还显示了如何映射jenkins GUI端口(从容器中的8080到9090到外部世界)。它还显示了如何定制jenkins home目录(docker volume mount)。
JENKINS_PORT=9090
JENKINS_SLAVE_PORT=50000
JENKINS_DIR=jenkins
IMAGE=whatever
docker run -it \
-d \
--name jenkins42 \
--restart always \
-p $OMN_HOST_IP:$JENKINS_PORT:8080 \
-p $OMN_HOST_IP:$JENKINS_SLAVE_PORT:50000 \
--env JAVA_OPTS="-Dhudson.Main.development=true \
-Dhudson.footerURL=http://customurl.com \
-Xms800M -Xmx800M -Xmn400M \
" \
-v $JENKINS_DIR:/var/jenkins_home \
$VARGS \
$IMAGE