During a recent project at FlowFactor, we set up a Jenkins server with a Nexus, Sonarqube and AD integration. It didn’t sound too complicated at first, but in the end, it wasn’t as easy as expected. We came across multiple obstacles and there were many company policies we had to follow. In this blog, I will show you how we have accomplished the installation of the software and in the next blog post, we are going to take a look at a pipeline with the software integrated.

1. Jenkins installation

In our environment, we have 1 Windows master and 3 slaves consisting of 2 Linux and 1 Windows machines.

– MASTER INSTALLATION

We installed the Jenkins, java OpenJDK and git via RHEL’s package manager and we adjusted the firewall so that Jenkins was reachable. We then added java to the path environment variable.

– JENKINS SERVICE

We adjusted values in the Jenkins service.

– JENKINS SLAVES (LINUX)

On the Linux slaves, Jenkins uses nodes for the javascript projects.

2. AD integration

https://plugins.jenkins.io/ldap/

For the LDAP integration, we have used the Jenkins LDAP plugin.

The settings for the LDAP integration can be found in the Global Security section to manage Jenkins.

Fill in the fields according to your LDAP setup. We have created a technical user to be the Manager DN in order to authenticate with the LDAP server and parse the user attribute “memberOf” for listing the LDAP Groups. After you have filled in the values, make sure to test your connection by hitting the “Test LDAP settings” button. Now the users are able to log in and they are automatically placed in groups upon which we can define permissions.

This is done in the Manage and Assign Roles section and is available with the “Role-based Authorization Strategy” plugin in Jenkins. You need to choose Role-Based Strategy at the same location as the LDAP settings.

This opens the “Manage and Assign Roles” section. First, you need to create a role that will link with one of the groups in your LDAP setup. After creating the role and giving it permissions, you’ll have to add the LDAP group to Jenkins by adding the Group name to the list and by linking the group to a role. The group will have a user icon, but it is in fact a group. Now your LDAP users and groups are also in Jenkins.

3. Nexus OSS 3.21.1–01

3.1. INSTALLING NEXUS

– Creating a Nexus User

We have created a user on the nexus server to run the nexus service

– Installing Java 8 openJDK 64bit

– Download and extract

– Creating Nexus service

– SELinux adjustment

When starting the Nexus service, we encountered an error in the logs which could be resolved by using the following commands. The commands were suggested by SELinux. This may not be the case with your installation, but it worked for us.

– Starting the service

3.2. Nexus LDAP configuration

We will now integrate Nexus with LDAP. This can be done in the security settings under LDAP.

The first window we get when we add a new LDAP connection is for the connection itself. The next one is for the Users and Groups. Before we go to the User and Group settings, you can try to see if the connection works.

In the User and Group settings, we chose Active Directory as a template. Fill in the fields according to your LDAP setup. Just like the Jenkins LDAP setup, we have created a technical user for authentication requests with the server.

Users are now able to login to Nexus with their LDAP user.

3.3. SSL configuration

First, we need to create a keystore with the following command and move the keystore to the correct location.

Next, we will add a few configuration lines to the nexus.properties files with the following command

We don’t want the password to be readable, so we will obfuscate the password. Run the command and fill in the password, you will then get the obfuscated password.

Now we are going to edit the jetty-https.xml file. Before the line containing `<Set name=”KeyStorePath”>`, you need to add a new line containing the alias name of your keystore file PrivateKeyEntry.

Fill in the obfuscated password (Make sure all three passwords have the same value (required)).

Just like Jenkins, we couldn’t change the port to 443 because we are executing Nexus as a non-root user. Therefore, we have added firewall port forward rules to map port 8443 to 443. We have also created a new service and added the specified port to it.

4. Sonarqube

4.1 Install Sonarqube

Sonarqube requires a database for the installation. You can use a few database engines like Microsoft SQL Server, Oracle or PostgreSQL but we will not go into detail about the database installation today.

We have created a “Sonarqube” user for the server to execute Sonarqube on all three servers.

Next, we will install Java 11 openJDK

Download and unzip Sonarqube

! We didn’t create a symbolic link for Sonarqube because it will not work in the service.

We will have to create some directories for Sonarqube

Adjust some values in the sonar.properties file located in /opt/sonarqube/conf

Before we can create and run Sonarqube as a service, we have to make it executable

Creating Sonarqube service

Starting a Sonarqube service

Setting kernel parameters for max open files

4.2. Sonarqube LDAP configuration  (/OPT/SONARQUBE/CONF/SONAR.PROPERTIES)

For the delegation of authorization, groups need to be defined in SonarQube first. Then, the following properties (group.baseDn, group.request) must be defined to allow SonarQube to automatically synchronize the relationships between users and groups.

If you want more LDAP servers in your config file, this can be done by adjusting your config like this:

And you are ready to go to set up your next Jenkins Server. Do you need some more help? Or do you want work on some challenging projects yourself?