安装依赖性
- [root@server1 ~]# yum install -y curl policycoreutils-python openssh-server perl
- [root@server1 ~]# yum install -y gitlab-ce-15.9.3-ce.0.el7.x86_64.rpm
- [root@server1 ~]# cd /etc/gitlab/
- [root@server1 gitlab]# vim gitlab.rb
- external_url 'http://192.168.81.11' #gitlab访问地址
自动化部署
[root@server1 gitlab]# gitlab-ctl reconfigure
登录
用户:root
初始密码: cat /etc/gitlab/initial_root_password
修改密码,初始密码24小时后过期
新建项目
添加密钥
克隆项目
- [root@server1 ~]# git clone git@192.168.81.11:root/demo.git
- [root@server1 ~]# cd demo/
- [root@server1 demo]# git remote -v
- origin git@192.168.81.11:root/demo.git (fetch)
- origin git@192.168.81.11:root/demo.git (push)
- [root@server1 demo]# echo www.westos.org > index.html
- [root@server1 demo]# git add index.html
- [root@server1 demo]# git commit -m "add index.html"
- [root@server1 demo]# git push -u origin main
- [root@server2 ~]# rpm -ivh jdk-11.0.15_linux-x64_bin.rpm
- [root@server2 ~]# yum install -y fontconfig
- [root@server2 ~]# rpm -ivh jenkins-2.432-1.1.noarch.rpm
- [root@server2 ~]# systemctl enable --now jenkins.service
- [root@server2 ~]# netstat -antlp|grep :8080
安装推荐插件
无需新建用户,直接使用admin账户
修改密码
新建项目
在jenkins主机上安装git工具
[root@server2 ~]# yum install -y git
创建密钥并上传gitlab
添加gitlab认证凭据
复制私钥
配置ssh
[root@server2~]# vim /etc/ssh/ssh_config
构建触发器
构建任务
查看控制台输出
gitlab变动时进行轮询
安装gitlab插件
配置项目触发器
生成secret token
配置gitlab
再回到demo项目下配置
测试推送
在server6上安装docker-ce
- [root@server2 docker]# cd /etc/yum.repos.d/
- [root@server2 yum.repos.d]# cat docker.repo
- [docker]
- name=docker-ce
- baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/x86_64/stable/
- gpgcheck=0
-
- [update]
- name=centos
- baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/7/extras/x86_64/
- gpgcheck=0
-
- [root@server2 yum.repos.d]# yum install -y docker-ce
修改内核参数
- [root@server2 ~]# vim /etc/sysctl.d/docker.conf
- net.bridge.bridge-nf-call-iptables = 1
- net.bridge.bridge-nf-call-ip6tables = 1
- net.ipv4.ip_forward = 1
-
- [root@server2 ~]# sysctl --system
-
- [root@server2 ~]# systemctl enable --now docker
配置docker默认仓库
- [root@server2 ~]# vim /etc/docker/daemon.json
- {
- "registry-mirrors": ["https://reg.westos.org"]
- }
-
- [root@server2 ~]# systemctl restart docker
拷贝仓库证书
- [root@k8s1 harbor]# cd /etc/docker/
- [root@k8s1 docker]# scp -r certs.d/ 192.168.81.12:/etc/docker/
-
- [root@server2 ~]# ls /etc/docker/certs.d/reg.westos.org/ca.crt
- /etc/docker/certs.d/reg.westos.org/ca.crt
登录私有harbor仓库
- [root@server2 test]# docker login reg.westos.org
- [root@server2 test]# chmod /var/run/docker.sock
- [root@server2 test]# cp -r /root/.docker/ /var/lib/jenkins/
- [root@server2 test]# cd /var/lib/jenkins/
- [root@server2 jenkins]# chown -R jenkins.jenkins .docker/
安装CloudBees Docker Build and Publish插件
配置项目构建
在server1上提交Dockerfile
- [root@server1 demo]# vim Dockerfile
- FROM nginx
- COPY index.html /usr/share/nginx/html
-
- [root@server1 demo]# git status -s
- ?? Dockerfile
- [root@server1 demo]# git add Dockerfile
- [root@server1 demo]# git commit -m "add Dockerfile"
- [root@server1 demo]# git push -u origin main
此时gitlab会主动触发jenkins构建任务,观察jenkins的任务输出
新建测试虚拟机server3
在server3上安装docker-ce、修改内核参数、拷贝仓库证书
jenkins安装ssh插件
进入系统配置,添加ssh主机
新建docker_test项目
当test项目成功运行后触发docker_test项目
构建后查看输出
安装jdk和git
- [root@server3 ~]# rpm -ivh jdk-11.0.15_linux-x64_bin.rpm
- [root@server3 ~]# yum install -y git
配置解析
[root@server3 ~]# vim /etc/hosts
在节点管理中添加节点
配置从节点、 ssh认证
关闭Built-InNode节点的构建任务数
关闭git主机校验
最后测试构建,构建任务会在server3节点上运行
安装插件
修改默认授权策略
新建测试用户
新建角色
用户授权
docker_dev可以构建、read
docker_test
新建流水线项目 docker_image_build
server1对server3进行免密
- pipeline {
- agent any
-
- stages {
- stage('check out') {
- steps {
- git credentialsId: 'b3c53a2f-3c0a-4f8b-95ac-6b215e11f71f', url: 'git@192.168.81.11:root/dockerfile.git', branch: 'main'
- }
- }
- stage('docker build') {
- steps {
- sh '''
- cd $WORKSPACE
- docker build -t reg.westos.org/library/webserver:${BUILD_NUMBER} .
- '''
- }
- }
- stage('docker push') {
- steps {
- sh '''
- REPOSITORY=reg.westos.org/library/webserver:${BUILD_NUMBER}
- docker tag $REPOSITORY reg.westos.org/library/webserver:latest
- docker login reg.westos.org -u admin -p shg12345
- docker push $REPOSITORY
- docker push reg.westos.org/library/webserver:latest
- '''
- }
- }
- stage('docker deploy') {
- steps {
- sshagent(credentials: ['279e420b-1d3c-4ac4-a25f-10b876f700f3']) {
- sh '''
- ssh -o StrictHostKeyChecking=no root@192.168.81.13 """
- docker ps -a |grep myapp && docker rm -f myapp
- docker rmi reg.westos.org/library/webserver:latest
- docker run -d --name myapp -p 80:80 reg.westos.org/library/webserver:latest """
- '''
- }
- }
- }
- }
- }
注意:ssh需要使用ssh免密认证
- [root@server2 ~]# vim /etc/yum.repos.d/ansible.repo
- [ansible]
- name=epel
- baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/
- gpgcheck=0
-
- [root@server2 ~]# yum install -y ansible
devops是测试机的ssh免密用户,并且配置sudo
- [root@server1 ~]# useradd devops
- [root@server1 ~]# echo westos | passwd --stdin devops
- [root@server1 ~]# visudo
server3同上配置
在ansible主机上以jenkins身份配置ssh免密到所有测试机
- [root@server2 ~]# usermod -s /bin/bash jenkins
- [root@server2 ~]# su - jenkins
- -bash-4.2$ ssh-keygen
- -bash-4.2$ ssh-copy-id devops@192.168.81.11
- -bash-4.2$ ssh-copy-id devops@192.168.81.13
- [root@server1 ~]# git clone git@192.168.81.11:root/playbook.git
- [root@server1 ~]# cd playbook/
- [root@server1 playbook]# vim ansible.cfg
- [defaults]
- command_warnings=False
- remote_user=devops
-
- [privilege_escalation]
- become=True
- become_method=sudo
- become_user=root
- become_ask_pass=False
- [root@server1 playbook]# mkdir inventory
- [root@server1 playbook]# cd inventory/
- [root@server1 inventory]# vim test
- [test]
- 192.168.81.11 http_port=8000
- [root@server1 inventory]# vim prod
- [prod]
- 192.168.81.13 http_port=8080
- [root@server1 inventory]# cd ..
- [root@server1 playbook]# vim playbook.yaml
- ---
- - hosts: all
- tasks:
- - name: install the latest version of Apache
- yum:
- name: httpd
- state: latest
-
- - name: configure apache
- template:
- src: httpd.conf.j2
- dest: /etc/httpd/conf/httpd.conf
- notify: restart apache
-
- - name: Start service httpd, if not started
- service:
- name: httpd
- state: started
- enabled: yes
-
- handlers:
- - name: restart apache
- service:
- name: httpd
- state: restarted
- [root@server1 playbook]# yum install -y httpd
- [root@server1 playbook]# cp /etc/httpd/conf/httpd.conf .
- [root@server1 playbook]# mv httpd.conf httpd.conf.j2
- [root@server1 playbook]# vim httpd.conf.j2
-
- Listen {{ http_port }}
-