Step‑by‑Step Guide to Install, Configure, and Secure Jenkins on Linux

Deploy Jenkins

1. Jenkins installation

Official site: https://jenkins.io

yum installation (Jenkins requires Java; note that versions after 2.346 no longer support JDK 8)

# Remove old Jenkins
rpm -qa | grep jenkins
yum -y remove jenkins
rpm -e jenkins
# Delete residual files
find / -iname jenkins | xargs -n 1000 rm -rf
# Import Jenkins repository
wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo
# Import Jenkins GPG key
rpm --import https://pkg.jenkins.io/redhat/jenkins.io-2023.key
# Install JDK 17
yum install fontconfig java-17-openjdk -y
wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.rpm
sudo yum -y install ./jdk-17_linux-x64_bin.rpm
java -version
# Install Jenkins
yum install jenkins -y
# Enable service at boot
systemctl enable jenkins
# Install via RPM (alternative)
wget http://pkg.jenkins-ci.org/redhat-stable/jenkins-2.346.1-1.1.noarch.rpm
rpm -ivh jenkins-2.346.1-1.1.noarch.rpm

2. Configuration files

2.1 List files installed by yum

[root@k8s-master-node1 ~]# rpm -ql jenkins
/usr/bin/jenkins            # Jenkins binary
/usr/lib/systemd/system/jenkins.service  # systemd unit file
/usr/share/java/jenkins.war # WAR package
/var/cache/jenkins          # Extracted web files
/var/lib/jenkins            # Jenkins home directory

2.2 Modify the service file

# grep -Ev "^(#|$)" /usr/lib/systemd/system/jenkins.service
[Unit]
Description=Jenkins Continuous Integration Server
Requires=network.target
After=network.target

[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/bin/jenkins
Restart=on-failure
SuccessExitStatus=143
User=root
Group=root
Environment="JENKINS_HOME=/var/lib/jenkins"
WorkingDirectory=/var/lib/jenkins
Environment="JENKINS_WEBROOT=%C/jenkins/war"
Environment="JAVA_OPTS=-Djava.awt.headless=true"
Environment="JENKINS_PORT=3333"

[Install]
WantedBy=multi-user.target

2.3 Start Jenkins

Before starting, ensure Jenkins runs as root (or a user with Docker access).

Start the service:

systemctl start jenkins

2.4 Verify installation

ps -ef | grep jenkins

3. Jenkins web UI configuration

3.1 Retrieve admin password

cat /var/lib/jenkins/secrets/initialAdminPassword

3.2 Install plugins (online)

Use the plugin manager to install recommended plugins. If the download fails due to network restrictions, edit the update‑center URLs:

Replace the default Google URL in /var/lib/jenkins/updates/default.json with www.baidu.com or another reachable mirror.

Change /var/lib/jenkins/hudson.model.UpdateCenter.xml from https://updates.jenkins.io/update-center.json to http://updates.jenkins.io/update-center.json (or a mirror such as

https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

).

3.3 User permission management

Install the Role‑Based Authorization Strategy and Authorize Project plugins to separate permissions for developers, operations, and testers.

System → Manage Plugins → search and install the plugins.

System → Configure Global Security → Authorization → select “Role‑Based Strategy”.

Define roles (Global, Project, Agent) and assign users to them.

Example: create a “user” role with read permission and assign it to a test account.

3.4 Create first admin user

After the initial setup, create an administrator account via the UI.

3.5 Verify role assignment

Log in as the new user; permissions should reflect the assigned role.

4. Parameterized builds

4.1 Background

Parameterized builds allow selecting branches, passing variables, and customizing the build process. Useful plugins include Extended Choice Parameter and Git Parameter .

4.2 Install plugins

Install the plugins from the Manage Plugins page.

4.3 Configure a job

Add a string parameter for version selection and a Git parameter for branch selection.

5. Jenkins Pipeline

5.1 Overview

Jenkins ships with the Pipeline plugin. Create a new pipeline job and write a Jenkinsfile.

5.2 Example pipeline script

pipeline {
    agent any
    parameters {
        string(name: 'version', defaultValue: '2.0.0', description: 'Select version')
        gitParameter(name: 'BRANCH', type: 'PT_BRANCH', defaultValue: 'master', branchFilter: 'origin/(.*)')
    }
    tools {
        jdk 'jdk1.8'
        maven 'maven-3.9.6'
    }
    stages {
        stage('pull code') {
            steps {
                cleanWs()
                echo 'pull start'
                git branch: "${params.BRANCH}", credentialsId: 'xxxx', url: 'xxxx'
                echo 'pull end'
            }
        }
        stage('build') {
            steps {
                echo 'build'
                dir('project') {
                    sh "mvn -v"
                    sh "mvn clean install -Dmaven.test.skip=true"
                }
            }
        }
        // Additional stages for Docker image build, push, etc.
    }
}

5.3 Build test

Run the pipeline and verify the stages execute as expected.

6. Email notifications

6.1 Prerequisite

Ensure the server has an SMTP service (e.g., Postfix) running and correctly configured (check /etc/postfix/main.cf for inet_interfaces).

6.2 Install Email Extension Plugin

System → Manage Plugins → install “Email Extension Plugin”.

6.3 Configure email settings

System → Configure System → Email Extension section – fill in SMTP server, default recipients, etc. Use the “Test” button to verify delivery.

After configuration, add a post‑build action “Editable Email Notification” to your jobs to receive build status emails.