dlx-ansible/docs/JENKINS-CONNECTIVITY-FIX.md

Jenkins Server Connectivity Fix

Date: 2026-02-09 Server: jenkins (192.168.200.91) Issue: Ports blocked by firewall, SonarQube containers stopped

Problem Summary

The jenkins server had two critical issues:

1. Firewall Blocking Ports: UFW was configured with default settings, only allowing SSH (port 22)

   • Jenkins running on port 8080 was blocked
   • SonarQube on port 9000 was blocked

2. SonarQube Containers Stopped: Both containers had been down for 5 months

   • sonarqube container: Exited (137)
   • postgresql container: Exited (0)

Root Cause

The jenkins server lacked a host_vars/jenkins.yml file, causing it to inherit default firewall settings from the common role that only allowed SSH access.

Solution Applied

1. Created Firewall Configuration

Created /source/dlx-src/dlx-ansible/host_vars/jenkins.yml:

---
# Jenkins server specific variables

# Allow Jenkins and SonarQube ports through firewall
common_firewall_allowed_ports:
  - "22/tcp"    # SSH
  - "8080/tcp"  # Jenkins Web UI
  - "9000/tcp"  # SonarQube Web UI
  - "5432/tcp"  # PostgreSQL (SonarQube database) - optional

2. Applied Firewall Rules

ansible jenkins -m community.general.ufw -a "rule=allow port=8080 proto=tcp" -b
ansible jenkins -m community.general.ufw -a "rule=allow port=9000 proto=tcp" -b

3. Restarted SonarQube Services

ansible jenkins -m shell -a "docker start postgresql" -b
ansible jenkins -m shell -a "docker start sonarqube" -b

Verification

Firewall Status

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
8080/tcp                   ALLOW IN    Anywhere
9000/tcp                   ALLOW IN    Anywhere

Running Containers

CONTAINER ID   IMAGE                 STATUS          PORTS
97c85a325ed9   sonarqube:community   Up 6 seconds    0.0.0.0:9000->9000/tcp
29fe0ededb3e   postgres:15           Up 14 seconds   5432/tcp

Listening Ports

Port 8080: Jenkins (Java process)
Port 9000: SonarQube (Docker container)
Port 5432: PostgreSQL (internal Docker networking)

Access URLs

• Jenkins: http://192.168.200.91:8080
• SonarQube: http://192.168.200.91:9000

Future Maintenance

Check Container Status

ansible jenkins -m shell -a "docker ps -a" -b

Restart SonarQube

ansible jenkins -m shell -a "docker restart postgresql sonarqube" -b

View Logs

# SonarQube logs
ansible jenkins -m shell -a "docker logs sonarqube --tail 100" -b

# PostgreSQL logs
ansible jenkins -m shell -a "docker logs postgresql --tail 100" -b

Apply Firewall Configuration via Ansible

# Apply common role with updated host_vars
ansible-playbook playbooks/site.yml -l jenkins -t firewall

Notes

• PostgreSQL container only exposes port 5432 internally to Docker network (not 0.0.0.0), which is the correct configuration
• SonarQube takes 30-60 seconds to fully start up after container starts
• Jenkins is running as a system service (Java process), not in Docker
• Future updates to firewall rules should be made in host_vars/jenkins.yml and applied via the common role

Related Files

• Host variables: host_vars/jenkins.yml
• Inventory: inventory/hosts.yml (jenkins @ 192.168.200.91)
• Common role: roles/common/tasks/security.yml
• Playbook (WIP): playbooks/fix-jenkins-connectivity.yml