Jenkins Git Setup

How to setup Jenkins git?

In your Jenkins Dashboard (Home screen), click the Manage Jenkins option on the left hand side.

In the next screen, click on ‘Manage Plugins’ option.


In the next screen, click on Available tab. This tab gives a list of plugins which are available for downloading. In the ‘Filter’ tab type ‘Git plugin’


Installation will then begin and the screen will be refreshed to show the status of the download.


Once all installations are complete, restart Jenkins by issuing below command in the browser.
 http://localhost:8080/jenkins/restart

After restarting Jenkins, Git will be available as an option whilst configuring jobs. 
To verify, click on
New Item in the menu options for Jenkins. Then enter a name for a job, example ‘Demo’. 
Select ‘Freestyle project’ as the item type. 
Click the Ok button.

Make sure that Jenkins is properly setup and Maven project is on GitHub.

Step 1: Configure Jenkins

1. Insure that GitHub Plugin is installed under- Manage Jenkins > Manage Plugins > Installed search for git. If not installed move to Available Tab and search for git and install it.
2. Configure Java, GitHub and Maven for Jenkins
3. Navigate to Manage Jenkins > Global Tool Configuration > Under JDK section provide Name and path to JAVA_HOME, in same way for Git provide Git Name and path to Git executable, same in case of Mavenprovide Name and MAVEN_HOME as in below images

Step 2: Create Job

Create a new Job by clicking New Item

1. Enter your Job Name ‘Jenkins-GitHub’ and select Maven Project then click OK, You will be navigated to configure the Job.

Jenkins Tomcat Setup

How to setup Jenkins tomcat?

Below are the prerequisites which must be met for Jenkins Tomcat setup.

Step 1: Verifying Java Installation

To verify Java installation, open the console and execute below java command.

OS	Task	Command
Windows	Open command console	>java –version
Linux	Open command terminal	$java –version

If Java is successfully installed correctly on the system, then you will get one of the
below outputs, depending on the platform you are working on.

OS	Output
Windows	Java version "1.7.0_60" Java (TM) SE Run Time Environment (build 1.7.0_60-b19) Java Hotspot (TM) 64-bit Server VM (build 24.60-b09, mixed mode)
Linux	java version "1.7.0_25" Open JDK Runtime Environment (rhel-2.3.10.4.el6_4-x86_64) Open JDK 64-Bit Server VM (build 23.7-b01, mixed mode)

Before proceeding with this tutorial, Java 1.7.0_60 should be installed on your system.
If you do not have Java JDK, you can download it from the link Oracle

Step 2: Verifying Java Installation

Set the JAVA_HOME environment variable to point to the base directory location where Java is installed on your machine. For example,

OS	Output
Windows	Set Environmental variable JAVA_HOME to C:ProgramFilesjavajdk1.7.0_60
Linux	export JAVA_HOME=/usr/local/java-current

Append the full path of the Java compiler location to the System Path.

OS	Output
Windows	Append the String; C:Program FilesJavajdk1.7.0_60 in to the end of the system variable PATH.
Linux	export PATH=$PATH:$JAVA_HOME/bin/

Verify the command java-version from command prompt as explained above.

Step 3: Download Tomcat

Official website for tomcat is Tomcat. By clicking on the given link, home page of the tomcat official website will be displayed as shown below.

Browse to the link https://tomcat.apache.org/download-70.cgito get the download for tomcat.

Go to the ‘Binary Distributions’ section. Download the 32-bit Windows zip file.
Then unzip the contents of the downloaded zip file.

Step 4: Jenkins and Tomcat Setup

Copy Jenkis.war file which was downloaded from the previous section and copy it to the webapps folder in the tomcat folder.
Now open the command prompt and browse the directory where the tomcat7 folder is present. Browse the bin directory in this folder and run the start.bat
E:\Apps\Tomcat7\Bin>startup.bat

After processing is completed without major errors, below line comes in the output of the command prompt
INFO: Server startup in 1302 ms
Open the browser and go to the link − http://localhost:8080/jenkins. Jenkins will be up and running on tomcat.

Jenkins Installation

How to install Jenkins?

Download Jenkins

Official website for Jenkins is Jenkins. By clicking on the given link, home page of the Jenkins official website will be displayed as shown below.

By default, latest release and the Long-Term support release is available for download. Past releases are also available for download. Click on the Long-Term Support Release tab in the download section.

Click the link “Older but stable version” to download the Jenkins war file.

Starting Jenkins

Open the command prompt and browse the directory where the jenkins.war file is present. Run below command
D:\>Java –jar Jenkins.war.
After running the command, various tasks will run, one of which is the extraction of the war file which is done by an embedded webserver called winstone.

D:\>Java –jar Jenkins.war

Running from: D:jenkins.war

Webroot: $user.home/ .jenkins

Sep 29, 2015 4:10:46 PM winstone.Logger logInternal

INFO: Beginning extraction from war file

After processing is completed without major errors, below line comes in the output of the command prompt.

INFO: Jenkins is fully up and running

Accessing Jenkins
Once Jenkins is up and running, one can access Jenkins from the link − http://localhost:8080


This link will bring up the Jenkins dashboard

What is the use of Jenkins?

Jenkins is a software which allows uninterrupted integration which can be installed on a server where the central build takes place. Below flowchart explains very simple workflow of how Jenkins works.

Along with Jenkins, sometimes, Hudson is also associated which is a very popular open-source Java-based uninterrupted integration tool developed by Sun Microsystems and it was later acquired by Oracle. After the acquisition of Sun by Oracle, a fork was created from the Hudson source code, which gave the introduction of Jenkins.

What is Continuous Integration?

Continuous or uninterrupted Integration is a development practice which needs developers to integrate code into a shared repository at regular intervals. Main idea of this is to eliminate the problem of finding upcoming issues in the build lifecycle, but it requires repeated builds. Common practice is that whenever a code commit occurs, a build should be triggered.

System Requirements

JDK	JDK 1.5 or above
Memory	2 GB RAM (recommended)
Disk Space	No minimum requirement. As all the builds will be stored on the Jenkins machines, ensure that sufficient disk space is available for build storage.
Operating System Version	Jenkins can be installed on Windows, Ubuntu/Debian, Red Hat/Fedora/CentOS, Mac OS X, openSUSE, FReeBSD, OpenBSD, Gentoo.
Java Container	The WAR file can be run in any container that supports Servlet 2.4/JSP 2.0 or later.(An example is Tomcat 5).

Understanding DNS – Beginners Guide to DNS

DNS (Domain Name System) is one of the most important technologies/services on the internet, as without it the Internet would be very difficult to use.

DNS provides a name to number (IP address) mapping or translation, allowing internet users to use, easy to remember names, and not numbers to access resources on a network and the Internet.
DNS Basics – Understanding Why we Need it

All devices (computers etc) that are connected to the Internet, your own network, or company network are identified by an IP address; which is a number.

IP addresses are easy for computers to process but they are not so easy for people to remember.

To make it easy for people to remember names (host names) are used to identify individual computers on a network.

On early computer networks a simple text file called a hosts file was created that mapped host names to IP addresses.

This enabled people to refer to other computers by the name, and their computer translated that name to an IP address when it needed to communicate with it.

Here is the host file taken from my PC. It comes with all Windows machines

The location for the hosts file is normally C\windows\system32\drivers\etc

As network sizes increased the hosts file approach became impractical due to the fact that:

• It needed to be stored on each computer
• The text file could take a along time to process due to the fact that it was unstructured.
• Updates were difficult to manage as all of the computers would need to be given an updated file.

To overcome these (and other) limitations the DNS system was developed.

The DNS system essentially provides for:

• A way to organize the names- Domain name structure
• Protocols ,services and methods for storing,updating, and retrieving IP addresses for hosts computers.- DNS System

From the perspective of an end user you can consider the DNS system as a structured hosts file.

Domain Name Structure

The hosts file is simply a list of names and IP addresses with no structure making it difficult to scale to a large number of machines.

The solution is to place the machines into administrative areas known as domains, and arrange the domains in a hierarchy.

This takes the form of a tree like structure that resembles the file system structure found on computers. The DNS system consists of many Domain Name servers that together provide the name to IP address mapping for registered devices (usually servers) on the Internet.

The main DNS severs (root servers) are owned and managed by a variety of different organizations, and are located mainly in the USA.

Other companies including ISPs have their own DNS servers which are linked to the root servers in a hierarchical fashion providing a distributed system.Fortunately you don’t need to manage a DNS server or create DNS records to use the Internet.

However you need to have access to a DNS server.

To access a DNS server you will need the IP address of the DNS server.

This is usually supplied to you by your ISP (Internet Service Provider).

Most client computers/devices will be configured to obt

ain an IP and a DNS server address automatically. (see below)

You can Check what IP address and what DNS address you have been assigned by typing ipconfig/all at the command line.

If DNS isn’t working properly then you will be unable to connect to other computers on the Internet using their name, but you can still connect using their IP address if you know it.

DNS Services- Open DNS and Google DNS

Most Home users will use the DNS severs provided by their ISP via their home router.

However you can use alternative DNS servers like OpenDNS and Google Public DNS.

This does mean that you will need to manually add these server addresses to your DNS settings.

Why Use Alternative DNS Services?

The standard DNS server doesn’t provide any form of protection from malicious sites.

Because DNS is the gateway to the Internet there are many companies that provide security related services based on the public DNS service.

They do this by filtering DNS requests. Most will detect phishing and spam sites, and many will provide protection from adult related sites.

Most security internet product suites will use some form of filtered DNS.

Open DNS was one of the first companies to do this and they offer family protection for free.

DNS server addresses are: 208.67.222.222 and 208.67.220.220

Google also provide a public DNS service. This doesn’t provide filtering, but may provide a faster DNS service than your ISP.

If your ISP blocks access to an address for some reason using an alternative DNS server like Google Public DNS may avoid the ISP blocks.

IP addresses are : 8.8.8.8 and 8.8.4.4

Basic DNS Concepts

There are many terms that you will see when reading about DNS.

Terms like zones, zone files, caching server etc.

DNS Name Resolution

To resolve a host name to an IP address using DNS you will need to have s DNS client on your machine, and the client must know the IP address of a DNS server.

The DNS client queries it’s DNS server which then follows through a process to get an answer- 

Host Name Resolution

DNS and Host are two name resolution methods but they are not the only ones.

A Windows client will use DNS,Hosts and other methods to resolve a host name or computer name to an IP address. 

Dynamic DNS

Internal IP addresses are normally are non static as they are usually assigned by a DHCP server.

In large corporate networks that use their own internal DNS and DHCP servers a need to keep the DNS servers up to date was required.

DDNS (Dynamic DNS updates) was introduced  to solve this problem

The basic procedure is:

1. The Machine gets IP address from DHCP
2. The Machine or the DHCP server contacts the DNS server and updates the DNS record with the IP address and DNS name.

Home and small business networks don’t use their own DNS servers because they don’t have so many servers/machines,and they don’t really need DDNS either because  all their machines are in the same broadcast domain.

Because they are in the same broadcast domain windows networking will resolve the names and IP addresses, even if the IP addresses change.

However small business/home network may need DDNS if they want to provide access to internal resources from across the internet. See Dynamic DNS and Services Guide

DNS Problems

If you have problems connecting to resources on the Internet then DNS is one of the first things to check.

The main troubleshooting tool is nslookup and it is available on all of the main operating systems. See using nslookup and troubleshooting Internet connection problems .

DNS Lookups Explained

when you use DNS to lookup or resolve a domain name to an IP address.

We look at how DNS lookups work, and the exact process involved when looking up a domain name. We follow the client DNS query as it is processed by the various DNS serversin the response chain.

Before we start it might be useful to compare DNS name resolution with a standard question and answer that takes place in everyday life.

Let’s assume you want to know what country Casablanca is in.

Well the first thing you would probably do is ask one of your friends.

So you ask Bob but Bob doesn’t know so he would probably suggest you ask John as he travels a lot, and he might know. ( this is a referral)

So you ask John who again might know and give you the answer or again he might suggest you ask someone else. ( another referral)

This continues until you get an answer.

On the other hand you could also just ask bob, and tell him to get back to you when he’s found the answer. In this case Bob does all the chasing for you.

These exact processes are used when doing a domain name to IP address Lookup using DNS.

Recursive or non Recursive Queries

When a client or DNS server requests a DNS server to resolve a domain name it can use a recursive ornon recursive query.

Recursive queries are generally used by clients i.e. PCs and they tell DNS server to respond only with an answer and not a referral.

Non recursive or Iterative queries are used by DNS servers and essentially instruct the other DNS server to return an answer or return the address of another DNS server that may know the answer.

Root Servers

The Domain name structure is an inverted tree like structure starting at the root

Recursive queries are generally used by clients i.e. PCs and they tell DNS server to respond only with an answer and not a referral.

Non recursive or Iterative queries are used by DNS servers and essentially instruct the other DNS server to return an answer or return the address of another DNS server that may know the answer.

Root Servers

The Domain name structure is an inverted tree like structure starting at the root.

You can consider it a parent child type relationship with the root being the parent.

The way in which it is constructed is that parents know about their children, but children don’t necessary know about their parents.

Therefore you can only traverse down the tree from the root and not up the tree.

The Root servers are responsible for the Root, and know all of the domain name servers that are responsible for all of the second level domain names. e.g. .com, .net, .org etc

So if you contact a root server looking to resolve the name www.mydomain.com it might not know the IP address itself, but it would know the IP address of a server that knows about the .com domain name.

Because almost all domain name queries need to use the root server there are many of them and they are busy.

Caching

DNS clients and DNS server both use caching to speed up the domain name lookup process and to ease traffic on the root servers.

A cache is a temporary store

If a client queries domain server A looking to resolve www.mydomain.com, and in turn domain server Aqueries domain server B etc then the result will be stored in a cache on

• the client ( windows only)
• domain server A
• domain server B

If another client needs to resolve the same domain name using server A then server A can respond using the cached result.

You can check the DNS cache on a Windows machine with the command:

ipconfig /displaydns

Domain Name Lookup Examples

The schematic below shows two DNS lookups. In the first Lookup the local DNS server performs an interactive query and is directed down the domain tree to resolve the name.

In the second query the Local server knows the answer and so returns the result from cache.

Questions

1. What would happen if client 1 makes a request for www.mydomain.com followed by ftp.mydomain.com
2.  After about 1 minute Client 1 makes another request for www.mydomain.com .

Answers

1. The first request would need to go to the root and work down the tree. The second request goes direct to the server responsible for the mydomain domain as the local server already knows who it is.
2. If the client2 uses Windows then it uses it’s local DNS cache. If client2 is Linux machine then it will need to go the local DNS server, which will return it from it’s cache.

WebLogic Server 8 – 12x: Install and Configure Your SSL/TLS Certificate

1. If you still need to create a certificate signing request (CSR) and order your certificate, 

1. After we've validated and issued your SSL certificate, you can install it on your WebLogic 8, 9, 10, 11, or 12.x server (where the CSR was generated) and configure the server to use the certificate.

1. Step 1: Use Java Keytool to Install Your SSL Certificate in WebLogic

keytool -import -trustcacerts -alias server -file /your_domain_com.p7b 
-keystore your_domain_com.jks
You should get a confirmation that the "Certificate reply was installed in keystore".

• If you are prompted to trust the certificate, type "y" or "yes".

• The installation of this file loads all the necessary certificates to your Keystore.

1. Now you just need to configure your server to use the certificate.

Step II: Configure the Keystore for Use in WebLogic

1. On your WebLogic server, expand the Servers node and select the server you need to configure.

1. Next, go to Configuration-->Keystores and SSL.

1. To enable your new keystore, under Keystore Configuration, click the Change... link

1. Select Custom Identity and Java Standard Trust as your keystore configuration type, and then click Continue.

1. Under Custom Identity Keystore File Name, type the full path to the your_domain.jks file on your WebLogic server.

1. For Custom Identity Keystore Type, select jks.

1. For Custom Identity Keystore PassPhrase, type the password you created when creating the Keystore.

1. When asked again, type your Keystore password and confirm.

1. Click Continue. Then click Finish.

1. Go back and expand the Server node and select the server you are configuring.

1. Next, go to Configuration-->Keystores and SSL and under Keystore Configuration, click the Change… link

1. On the Configure SSL page, select Key Stores as the method in which identity and trust is stored for the WebLogic server.

• Click Continue. Then click Finish.

• Congratulations! Your Keystore should now be installed and enabled on your WebLogic server.

1. Download Certificate
   Download the your_domain_com.p7b certificate file from your DigiCert Account.
   On the My Orders tab, click the order number link and then click Download.
2. Install the Certificate File in Your Keystore
   1. Run the command below to install the certificate.

Specify the Private Key Alias and Passphrase that were used when creating your Keystore.

        Reboot the WebLogic server.

SSL and SSL Certificates Explained

Secure Sockets Layer (SSL) and Transport Layer security (TLS ) are protocols that provide secure communications over a computer network or link.

provide secure communications over a computer network or link.

They are commonly used in web browsing and email.

In this tutorial we will look:

• TLS and SSL

• Public and Private keys

• Why we need certificates and what they do

• How to get a digital certificate and understand the different common certificate types.

What is TLS
Security Provided

• No one has read your message

• No one has changed your message

• You are communicating with the intended person (server)

• How do you know that no one has read the message?

• How do you know that no one has changed the message?

• Encrypt it.– This makes the content unreadable so that to anyone viewing the message it is just gibberish.

• Sign it– This allows the recipient to be confident that it was you who sent the message, and that the message hasn’t been changed.

Symmetrical Keys and Public and Private Keys
 Keys and SSL Certificates
Obtaining a Digital Certificate
Example Usage

1. Browser connects to server Using SSL (https)

1. Server Responds with Server Certificate containing the public key of the web server.

1. Browser verifies the certificate by checking the signature of the CA. To do this the CA certificateneeds to be in the browser’s trusted store( See later)

1. Browser uses this Public Key to agree a session key with the server.

1. Web Browser and server encrypt data over the connection using the session key.

Digital Certificate Types

• Domain Validated Certificates (DVC)

• Extended validation Certificates (EVC)

Certificate Usage Restrictions- Wildcards and SANs

• mail.mydomain.com

• www.mydomain.com

• ftp.mydomain.com

• etc

• www.mydomain.com

• www.mydomain.org

• www.mydomain.net

• www.mydomain.co

• www.mydomain.co.uk

Why use Commercial Certificates?
Certificate Encodings and Files Extensions

• Binary files

• ASCII (base64)files

• .DER

• .PEM (Privacy Enhanced Electron Mail)

• .CRT

• .CERT

Certificate Examples
Root CA Bundle and Hashed Certificates
mosquitto_pub --cafile /etc/ssl/certs/ca-certificates.crt
or
mosquitto_pub --capath /etc/ssl/certs/
Root Certificates, Intermediate Certificates and Certificate Chains and Bundles.
Video

• Here is my video that covers the points above.

• Here is a Microsoft video that I found that explains the above.

Common Questions and Answers
Q- What is a trusted store?
Q- Can I add my own CA to my browser trusted store?
Q- What is a self signed certificate?

TLS is based on SSL and was developed as a replacement in response to known vulnerabilities in SSLv3.

SSL is the term commonly used, and today usually refers to TLS.

SSL/TLS provides data encryption, data integrity and authentication.

This means that when using SSL/TLS you can be confident that

When sending a message between two parties you have two problems that you need to address.

The solutions to these problems are to:

Both of these processes require the use of keys.

These keys are simply numbers (128 bit being common) that are then combined with the message using a particular method, commonly known as an algorithm- e.g. RSA, to either encrypt or sign the message.

Almost all encryption methods in use today employ public and private keys.

These are considered much more secure than the old symmetrical key arrangement.

With a symmetrical key, a key is used to encrypt or sign the message, and the same key is used to decrypt the message.

This is the same as the keys (door, car keys) we deal with in everyday life.

The problem with this type of key arrangement is if you lose the key anyone who finds it can unlock your door.

With Public and Private keys, two keys are used that are mathematically related (they belong as a key pair), but are different.

This means a message encrypted with a public key cannot be decrypted with the same public key.

To decrypt the message you require the private key.

If this type of key arrangement were used with your car. Then you could lock the car, and leave the key in the lock as the same key cannot unlock the car

SSL/TLS use public and private key system for data encryption and data Integrity.

Public keys can be made available to anyone, hence the term public.

Because of this there is a question of trust, specifically:

How do you know that a particular public key belongs to the person/entity that it claims.

For example, you receive a key claiming to belong to your bank.

How do you know that it does belong to your bank?

The answer is to use a digital certificate.

A certificate serves the same purpose as a passport does in everyday life.

A passport established a link between a photo and a person, and that link has been verified by a trusted authority (passport office).

A digital certificate provides a link between a public key and an entity (business,domain name etc) that has been verified (signed) by a trusted third party ( A certificate authority)

A digital certificate provides a convenient way of distributing trusted public encryption keys.

You get a digital certificate from a recognized Certificate authority (CA). Just like you get a passport from a passport office.

In fact the procedure is very similar.

You fill out the appropriate forms add your public keys (they are just numbers) and send it/them to the certificate authority. (this is a certificate Request)

The certificate authority does some checks ( depends on authority), and sends you back the keys enclosed in a certificate.

The certificate is signed by the Issuing Certificate authority, and this it what guarantees the keys.

Now when someone wants your public keys, you send them the certificate, they verify the signature on the certificate, and if it verifies, then they can trust your keys.

1. The important thing to note is that they start and end with the Begin Certificate and End Certificatelines.
   Certificates can be stored in their own file or together in a single file called a bundle.
   Although root certificates exist as single files they can also be combined into a bundle.
   On Debian based Linux systems these root certificates are stored in the /etc/ssl/certs folder along with a file called ca-certificates.crt.
   This file is a bundle of all the root certificates on the system .
   It is created by the system and can be updated if new certificates are added using the update-ca-certificates command. See here
   The ca-certifcates.crt file looks like this
   The certs folder also contains each individual certificate or a symbolic link to the certificate along with a hash.
   The hash files are created by the c_rehash command and are used when a directory is specified, and not a file.For example the mosquitto_pub tool can be run as:
   A certificate authority can create subordinate certificate authorities that are responsible for issuing certificates to clients.
   
2. For a client to verify the authenticity of the certificate it needs to be able to verify the signatures of all the CAs in the chain this means that the client needs access to the certificates of all of the CAs in the chain.
   The client may already have the root certificate installed, but probably not the certificates of the intermediate CAs.
3. 
4. Therefore certificates are often provided as art of a certificate bundle.
   This bundle would consist of all of the CA certificates in the chain in a single file, usually called CA-Bundle.crt.
   If your certificates are sent individually you can create your own bundle by following the steps here.
   
   
   A- It is a list of CA certificates that you trust. All web browsers come with a list of trusted CAs.
   A- Yes on Windows if you right click on the certificate you should see an install option
   
   A- A self signed certificate is a certificate signed by the same entity that the certificate verifies. It is like you approving your own passport application.