• CICD 持续集成与持续交付(2)


    安装依赖性

    1. [root@server1 ~]# yum install -y curl policycoreutils-python openssh-server perl
    2. [root@server1 ~]# yum install -y gitlab-ce-15.9.3-ce.0.el7.x86_64.rpm
    3. [root@server1 ~]# cd /etc/gitlab/
    4. [root@server1 gitlab]# vim gitlab.rb
    5. external_url 'http://192.168.81.11' #gitlab访问地址

    自动化部署

    [root@server1 gitlab]# gitlab-ctl reconfigure
    

     

    登录 

    用户:root

    初始密码: cat /etc/gitlab/initial_root_password

     

     

    修改密码,初始密码24小时后过期

    新建项目

    添加密钥

    克隆项目

    1. [root@server1 ~]# git clone git@192.168.81.11:root/demo.git
    2. [root@server1 ~]# cd demo/
    3. [root@server1 demo]# git remote -v
    4. origin git@192.168.81.11:root/demo.git (fetch)
    5. origin git@192.168.81.11:root/demo.git (push)

    1. [root@server1 demo]# echo www.westos.org > index.html
    2. [root@server1 demo]# git add index.html
    3. [root@server1 demo]# git commit -m "add index.html"
    4. [root@server1 demo]# git push -u origin main

    1. [root@server2 ~]# rpm -ivh jdk-11.0.15_linux-x64_bin.rpm
    2. [root@server2 ~]# yum install -y fontconfig
    3. [root@server2 ~]# rpm -ivh jenkins-2.432-1.1.noarch.rpm
    4. [root@server2 ~]# systemctl enable --now jenkins.service
    5. [root@server2 ~]# netstat -antlp|grep :8080

     

    安装推荐插件

    无需新建用户,直接使用admin账户

    配置

    修改密码

    新建项目

    在jenkins主机上安装git工具

    [root@server2 ~]# yum install -y git
    

    创建密钥并上传gitlab

    添加gitlab认证凭据

    复制私钥

    配置ssh

    [root@server2~]# vim  /etc/ssh/ssh_config
    

    构建触发器

    构建任务

    查看控制台输出

    gitlab变动时进行轮询

    实时触发

    安装gitlab插件

    配置项目触发器

    生成secret token

    配置gitlab

    再回到demo项目下配置

    测试推送

    自动化构建docker镜像

    在server6上安装docker-ce

    1. [root@server2 docker]# cd /etc/yum.repos.d/
    2. [root@server2 yum.repos.d]# cat docker.repo
    3. [docker]
    4. name=docker-ce
    5. baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/x86_64/stable/
    6. gpgcheck=0
    7. [update]
    8. name=centos
    9. baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/7/extras/x86_64/
    10. gpgcheck=0
    11. [root@server2 yum.repos.d]# yum install -y docker-ce

    修改内核参数

    1. [root@server2 ~]# vim /etc/sysctl.d/docker.conf
    2. net.bridge.bridge-nf-call-iptables = 1
    3. net.bridge.bridge-nf-call-ip6tables = 1
    4. net.ipv4.ip_forward = 1
    5. [root@server2 ~]# sysctl --system
    6. [root@server2 ~]# systemctl enable --now docker

    配置docker默认仓库

    1. [root@server2 ~]# vim /etc/docker/daemon.json
    2. {
    3. "registry-mirrors": ["https://reg.westos.org"]
    4. }
    5. [root@server2 ~]# systemctl restart docker

    拷贝仓库证书

    1. [root@k8s1 harbor]# cd /etc/docker/
    2. [root@k8s1 docker]# scp -r certs.d/ 192.168.81.12:/etc/docker/
    3. [root@server2 ~]# ls /etc/docker/certs.d/reg.westos.org/ca.crt
    4. /etc/docker/certs.d/reg.westos.org/ca.crt

    登录私有harbor仓库

    1. [root@server2 test]# docker login reg.westos.org
    2. [root@server2 test]# chmod /var/run/docker.sock
    3. [root@server2 test]# cp -r /root/.docker/ /var/lib/jenkins/
    4. [root@server2 test]# cd /var/lib/jenkins/
    5. [root@server2 jenkins]# chown -R jenkins.jenkins .docker/

    安装CloudBees Docker Build and Publish插件

    配置项目构建

    在server1上提交Dockerfile

    1. [root@server1 demo]# vim Dockerfile
    2. FROM nginx
    3. COPY index.html /usr/share/nginx/html
    4. [root@server1 demo]# git status -s
    5. ?? Dockerfile
    6. [root@server1 demo]# git add Dockerfile
    7. [root@server1 demo]# git commit -m "add Dockerfile"
    8. [root@server1 demo]# git push -u origin main

    此时gitlab会主动触发jenkins构建任务,观察jenkins的任务输出

    通过ssh插件交付任务

    新建测试虚拟机server3

    在server3上安装docker-ce、修改内核参数、拷贝仓库证书

    jenkins安装ssh插件

    进入系统配置,添加ssh主机

    新建docker_test项目

    当test项目成功运行后触发docker_test项目

    构建后查看输出

    添加jenkins节点

    安装ssh agent插件

    安装jdk和git

    1. [root@server3 ~]# rpm -ivh jdk-11.0.15_linux-x64_bin.rpm
    2. [root@server3 ~]# yum install -y git

    配置解析

    [root@server3 ~]# vim /etc/hosts
    

    在节点管理中添加节点

    配置从节点、 ssh认证

    关闭Built-InNode节点的构建任务数

    关闭git主机校验

    最后测试构建,构建任务会在server3节点上运行

    RBAC

    安装插件

    修改默认授权策略

    新建测试用户

    新建角色

    用户授权

    docker_dev可以构建、read

    docker_test

    pipeline

    新建流水线项目 docker_image_build

    server1对server3进行免密

    1. pipeline {
    2. agent any
    3. stages {
    4. stage('check out') {
    5. steps {
    6. git credentialsId: 'b3c53a2f-3c0a-4f8b-95ac-6b215e11f71f', url: 'git@192.168.81.11:root/dockerfile.git', branch: 'main'
    7. }
    8. }
    9. stage('docker build') {
    10. steps {
    11. sh '''
    12. cd $WORKSPACE
    13. docker build -t reg.westos.org/library/webserver:${BUILD_NUMBER} .
    14. '''
    15. }
    16. }
    17. stage('docker push') {
    18. steps {
    19. sh '''
    20. REPOSITORY=reg.westos.org/library/webserver:${BUILD_NUMBER}
    21. docker tag $REPOSITORY reg.westos.org/library/webserver:latest
    22. docker login reg.westos.org -u admin -p shg12345
    23. docker push $REPOSITORY
    24. docker push reg.westos.org/library/webserver:latest
    25. '''
    26. }
    27. }
    28. stage('docker deploy') {
    29. steps {
    30. sshagent(credentials: ['279e420b-1d3c-4ac4-a25f-10b876f700f3']) {
    31. sh '''
    32. ssh -o StrictHostKeyChecking=no root@192.168.81.13 """
    33. docker ps -a |grep myapp && docker rm -f myapp
    34. docker rmi reg.westos.org/library/webserver:latest
    35. docker run -d --name myapp -p 80:80 reg.westos.org/library/webserver:latest """
    36. '''
    37. }
    38. }
    39. }
    40. }
    41. }

    注意:ssh需要使用ssh免密认证

    jenkins结合ansible参数化构建

    主机环境

    主机

    IP

    角色

    server1

    192.168.81.12

    jenkins、ansible

    server2

    192.168.81.11

    测试机test、devops sudo

    server3

    192.168.81.13

    测试机prod、devops sudo

    安装ansible

    1. [root@server2 ~]# vim /etc/yum.repos.d/ansible.repo
    2. [ansible]
    3. name=epel
    4. baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/
    5. gpgcheck=0
    6. [root@server2 ~]# yum install -y ansible

    devops是测试机的ssh免密用户,并且配置sudo

    1. [root@server1 ~]# useradd devops
    2. [root@server1 ~]# echo westos | passwd --stdin devops
    3. [root@server1 ~]# visudo

    server3同上配置

    在ansible主机上以jenkins身份配置ssh免密到所有测试机

    1. [root@server2 ~]# usermod -s /bin/bash jenkins
    2. [root@server2 ~]# su - jenkins
    3. -bash-4.2$ ssh-keygen
    4. -bash-4.2$ ssh-copy-id devops@192.168.81.11
    5. -bash-4.2$ ssh-copy-id devops@192.168.81.13

    新建gitlab项目

    1. [root@server1 ~]# git clone git@192.168.81.11:root/playbook.git
    2. [root@server1 ~]# cd playbook/
    3. [root@server1 playbook]# vim ansible.cfg
    4. [defaults]
    5. command_warnings=False
    6. remote_user=devops
    7. [privilege_escalation]
    8. become=True
    9. become_method=sudo
    10. become_user=root
    11. become_ask_pass=False

    1. [root@server1 playbook]# mkdir inventory
    2. [root@server1 playbook]# cd inventory/
    3. [root@server1 inventory]# vim test
    4. [test]
    5. 192.168.81.11 http_port=8000

    1. [root@server1 inventory]# vim prod
    2. [prod]
    3. 192.168.81.13 http_port=8080

    1. [root@server1 inventory]# cd ..
    2. [root@server1 playbook]# vim playbook.yaml
    3. ---
    4. - hosts: all
    5. tasks:
    6. - name: install the latest version of Apache
    7. yum:
    8. name: httpd
    9. state: latest
    10. - name: configure apache
    11. template:
    12. src: httpd.conf.j2
    13. dest: /etc/httpd/conf/httpd.conf
    14. notify: restart apache
    15. - name: Start service httpd, if not started
    16. service:
    17. name: httpd
    18. state: started
    19. enabled: yes
    20. handlers:
    21. - name: restart apache
    22. service:
    23. name: httpd
    24. state: restarted

    1. [root@server1 playbook]# yum install -y httpd
    2. [root@server1 playbook]# cp /etc/httpd/conf/httpd.conf .
    3. [root@server1 playbook]# mv httpd.conf httpd.conf.j2
    4. [root@server1 playbook]# vim httpd.conf.j2
    5. Listen {{ http_port }}

    推送项目

    jenkins新建项目playbook

    选择参数构建

  • 相关阅读:
    【VUE3】setup语法糖使用记录
    6.wifi开发【智能家居:下】,正式开发:智能开关灯,智能采集温湿度,智能调彩灯
    C#操作MySQL从入门到精通(22)——创建表与操纵表
    acl的构成-scheme与id、permissions
    抖音web版地址个人主页和视频地址
    异步注解@Async失效的原因
    【Leetcode刷题Python】852. 山脉数组的峰顶索引
    C#使用西门子S7 协议读写PLC DB块
    Pandas简单使用Series和DataFrame
    第五章:Java中的方法和方法重载
  • 原文地址:https://blog.csdn.net/m0_64028800/article/details/134489653