Jenkins : Liberty profile

Requirements

Jenkins works on all released versions of the Liberty profile, however it works best with the latest version (at the time of writing that was the copy shipped as a part of WebSphere Application Server v8.5.5.) and these instructions are based on 8.5.5.

Installation

There are two ways to deploy Jenkins to the Liberty profile.

Dropins

To install Jenkins on Liberty profile, simply copy jenkins.war to ${server.config.dir}/dropins, then access http://yourhost:9080/jenkins.

Configured

To install Jenkins on Liberty profile copy jenkins.war to ${server.config.dir}/apps. Edit the server.xml to add

<webApplication location="jenkins.war" />

then access http://youhost:9080/jenkins.

Upgrade

Simply overwrite your jenkins.war with the new version. Liberty profile should automatically redeploy the application.

Setting JVM options

Before starting Liberty profile create a ${server.config.dir}/jvm.options file and add the following line:

-DJENKINS_HOME=/path/to/jenkins_home/

Additionally, add the following lines to ensure HTTP requests without Content-Type header are decoded correctly (JENKINS-62987):

-Dfile.encoding=UTF-8
-Dclient.encoding.override=UTF-8

This file can also be used to increase the heap size. On a new line add:

-Xmx512m


Securing Jenkins on Liberty profile

To configure the user/group to role mappings in Liberty profile you need to deploy it via the server.xml. Users and groups can be picked up from LDAP, or can be stored in the server.xml.

  1. Configure security by enabling the appSecurity-2.0 feature. This is done by editing the server.xml to add:

    <featureManager>
       <feature>appSecurity-2.0</feature>
    </featureManager>
  2. Configure the role mapping for the Jenkins application:

    <webApplication location="jenkins.war">
      <application-bnd>
        <security-role name="admin">
          <user name="jenkins-admin"/>
          <group name="jenkins-admins"/>
        </security-role>
      </application-bnd>
    </webApplication>
  3. Optional: Configure user in server.xml

    <basicRegistry realm="jenkins">
      <user name="jenkins-admin" password="secret"/>
      <group name="jenkins-admins">
        <member name="jenkins-admin">
      </group>
    </basicRegistry>

    The securityUtility script in the bin folder can be used to generate a hashed password for this file. This can be done by running

    $ ${wlp.install.dir}/bin/securityUtility encode --encoding=hash secret

    Copy the printed hashed password into the password attribute in the server.xml. If secret is not passed in on the command line you will be prompted for it.

    Related reads

Relevant Issues