設置docker-compose環境變量以正確啓動Jenkins與自定義java System.Property

Question

我有Jenkins泊塢窗圖像，我想從docker環境中放鬆Jenkins Content Security Policy。

我能做到這一點從詹金斯腳本控制檯：

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; style-src 'self' 'unsafe-inline';") 
System.getProperty("hudson.model.DirectoryBrowserSupport.CSP") 

從搬運工，撰寫環境

但不是。然後docker容器在運行時重新啓動。

cat /usr/local/bin/jenkins.sh 

#! /bin/bash -e 

: "${JENKINS_HOME:="/var/jenkins_home"}" 
touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; } 
echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG" 
find /usr/share/jenkins/ref/ -type f -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} + 

# if `docker run` first argument start with `--` the user is passing jenkins launcher arguments 
if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then 

    # read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities) 
    java_opts_array=() 
    while IFS= read -r -d '' item; do 
    java_opts_array+=("$item") 
    done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS") 

    jenkins_opts_array=() 
    while IFS= read -r -d '' item; do 
    jenkins_opts_array+=("$item") 
    done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS") 

    exec java "${java_opts_array[@]}" -jar /usr/share/jenkins/jenkins.war "${jenkins_opts_array[@]}" "$@" 
fi 

# As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image 
exec "$@" 

我詹金斯Dockerfile環境：

ENV JAVA_OPTS="-Xmx2048m" 
ENV JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war" 

我的搬運工，compose.yml：

version: '2' 
services: 
    jenkins: 
    build: jenkins 
    image: my-jenkins 
    container_name: my-jenkins 
    environment: 
    - JAVA_OPTS="-Xmx2048m" 
# - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war" 
# - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war -Dhudson.model.DirectoryBrowserSupport.CSP=\"default-src 'self'; style-src 'self' 'unsafe-inline';\"" 
# - JENKINS_OPTS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war -Dhudson.model.DirectoryBrowserSupport.CSP=default-src 'self'; style-src 'self' 'unsafe-inline';" 
    ports: 
    - "49001:8080" 
    - "50000:50000" 
    volumes: 
    - data-jenkins-home:/var/jenkins_home 
    restart: always 

volumes: 
    data-jenkins-home: 

詹金斯

泊塢窗服務由 'jenkins.sh' 腳本運行如果上面的任何一行沒有註釋，容器就會損壞（重新啓動大約一兩秒）。 Run throws：

Mar 02, 2017 11:32:25 AM Main deleteWinstoneTempContents 
WARNING: Failed to delete the temporary Winstone file /tmp/winstone/jenkins.war 

我看到'jenkins.sh'正在重新創建JENKINS_OPTS數組。是否可以設置env變量JENKINS_OPTS使用taht腳本正確運行服務？

Answer 1

您可以在創建容器的docker run命令中設置JENKINS_OPTS。 例如這個docker run命令顯示瞭如何設置JAVA_OPTS和JENKINS_OPTS。 此外，它還顯示了jenkins GUI端口如何映射（從容器中的8080到9090到外部世界）。此外，它還顯示了jenkins家庭目錄如何定製（碼頭卷裝）。

JENKINS_PORT=9090 
JENKINS_SLAVE_PORT=50000 
JENKINS_DIR=jenkins 
IMAGE=whatever 

docker run -it \ 
-d \ 
--name jenkins42 \ 
--restart always \ 
-p $OMN_HOST_IP:$JENKINS_PORT:8080 \ 
-p $OMN_HOST_IP:$JENKINS_SLAVE_PORT:50000 \ 
--env JAVA_OPTS="-Dhudson.Main.development=true \ 
    -Dhudson.footerURL=http://customurl.com \ 
    -Xms800M -Xmx800M -Xmn400M \ 
    " \ 
-v $JENKINS_DIR:/var/jenkins_home \ 
$VARGS \ 
$IMAGE