127 lines
3.4 KiB
Markdown
127 lines
3.4 KiB
Markdown
# Jenkins Server Connectivity Fix
|
|
|
|
**Date**: 2026-02-09
|
|
**Server**: jenkins (192.168.200.91)
|
|
**Issue**: Ports blocked by firewall, SonarQube containers stopped
|
|
|
|
## Problem Summary
|
|
|
|
The jenkins server had two critical issues:
|
|
|
|
1. **Firewall Blocking Ports**: UFW was configured with default settings, only allowing SSH (port 22)
|
|
- Jenkins running on port 8080 was blocked
|
|
- SonarQube on port 9000 was blocked
|
|
|
|
2. **SonarQube Containers Stopped**: Both containers had been down for 5 months
|
|
- `sonarqube` container: Exited (137)
|
|
- `postgresql` container: Exited (0)
|
|
|
|
## Root Cause
|
|
|
|
The jenkins server lacked a `host_vars/jenkins.yml` file, causing it to inherit default firewall settings from the common role that only allowed SSH access.
|
|
|
|
## Solution Applied
|
|
|
|
### 1. Created Firewall Configuration
|
|
|
|
Created `/source/dlx-src/dlx-ansible/host_vars/jenkins.yml`:
|
|
|
|
```yaml
|
|
---
|
|
# Jenkins server specific variables
|
|
|
|
# Allow Jenkins and SonarQube ports through firewall
|
|
common_firewall_allowed_ports:
|
|
- "22/tcp" # SSH
|
|
- "8080/tcp" # Jenkins Web UI
|
|
- "9000/tcp" # SonarQube Web UI
|
|
- "5432/tcp" # PostgreSQL (SonarQube database) - optional
|
|
```
|
|
|
|
### 2. Applied Firewall Rules
|
|
|
|
```bash
|
|
ansible jenkins -m community.general.ufw -a "rule=allow port=8080 proto=tcp" -b
|
|
ansible jenkins -m community.general.ufw -a "rule=allow port=9000 proto=tcp" -b
|
|
```
|
|
|
|
### 3. Restarted SonarQube Services
|
|
|
|
```bash
|
|
ansible jenkins -m shell -a "docker start postgresql" -b
|
|
ansible jenkins -m shell -a "docker start sonarqube" -b
|
|
```
|
|
|
|
## Verification
|
|
|
|
### Firewall Status
|
|
```
|
|
Status: active
|
|
|
|
To Action From
|
|
-- ------ ----
|
|
22/tcp ALLOW IN Anywhere
|
|
8080/tcp ALLOW IN Anywhere
|
|
9000/tcp ALLOW IN Anywhere
|
|
```
|
|
|
|
### Running Containers
|
|
```
|
|
CONTAINER ID IMAGE STATUS PORTS
|
|
97c85a325ed9 sonarqube:community Up 6 seconds 0.0.0.0:9000->9000/tcp
|
|
29fe0ededb3e postgres:15 Up 14 seconds 5432/tcp
|
|
```
|
|
|
|
### Listening Ports
|
|
```
|
|
Port 8080: Jenkins (Java process)
|
|
Port 9000: SonarQube (Docker container)
|
|
Port 5432: PostgreSQL (internal Docker networking)
|
|
```
|
|
|
|
## Access URLs
|
|
|
|
- **Jenkins**: http://192.168.200.91:8080
|
|
- **SonarQube**: http://192.168.200.91:9000
|
|
|
|
## Future Maintenance
|
|
|
|
### Check Container Status
|
|
```bash
|
|
ansible jenkins -m shell -a "docker ps -a" -b
|
|
```
|
|
|
|
### Restart SonarQube
|
|
```bash
|
|
ansible jenkins -m shell -a "docker restart postgresql sonarqube" -b
|
|
```
|
|
|
|
### View Logs
|
|
```bash
|
|
# SonarQube logs
|
|
ansible jenkins -m shell -a "docker logs sonarqube --tail 100" -b
|
|
|
|
# PostgreSQL logs
|
|
ansible jenkins -m shell -a "docker logs postgresql --tail 100" -b
|
|
```
|
|
|
|
### Apply Firewall Configuration via Ansible
|
|
```bash
|
|
# Apply common role with updated host_vars
|
|
ansible-playbook playbooks/site.yml -l jenkins -t firewall
|
|
```
|
|
|
|
## Notes
|
|
|
|
- PostgreSQL container only exposes port 5432 internally to Docker network (not 0.0.0.0), which is the correct configuration
|
|
- SonarQube takes 30-60 seconds to fully start up after container starts
|
|
- Jenkins is running as a system service (Java process), not in Docker
|
|
- Future updates to firewall rules should be made in `host_vars/jenkins.yml` and applied via the common role
|
|
|
|
## Related Files
|
|
|
|
- Host variables: `host_vars/jenkins.yml`
|
|
- Inventory: `inventory/hosts.yml` (jenkins @ 192.168.200.91)
|
|
- Common role: `roles/common/tasks/security.yml`
|
|
- Playbook (WIP): `playbooks/fix-jenkins-connectivity.yml`
|