关闭

CentOS7搭建CI(GitLab + Gerrit + Jenkins)系统

标签: centosCI系统GitlabGerritJenkins
1060人阅读 评论(0) 收藏 举报
分类:

1、安装GitLab:

①、安装需要的扩展/应用:

yum -y install curl policycoreutils openssh-server openssh-clients postfix cronie
yum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel expat-devel db4-devel byacc sqlite-devel libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui crontabs logwatch logrotate perl-Time-HiRes git cmake libcom_err-devel libcom_err-devel git patch gcc-c++ zlib-devel make autoconf automake libtool bison python python-docutils wget ruby
sudo systemctl enable sshd
sudo systemctl start sshd
sudo systemctl enable postfix
sudo systemctl start postfix
sudo chkconfig postfix on

②、更换Ruby源:

gem sources -r https://rubygems.org/
gem sources -a https://ruby.taobao.org/

③、添加yum源,使用yum源安装:

Ⅰ、这种是官方的yum源,在国内速度可能会很慢:

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
sudo yum -y install gitlab-ce

Ⅱ、使用国内的yum源:
PS.具体源内容可以参考官方说明:
修改使用GitLab国内源
首先添加源文件

sudo vi /etc/yum.repos.d/gitlab_gitlab-ce.repo

修改源文件内容:

[gitlab-ce]
name=gitlab-ce
baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key

然后执行如下命令:

sudo yum makecache
sudo yum -y install gitlab-ce

④、用默认配置配置GitLab:

sudo gitlab-ctl reconfigure

⑤、按个人需求修改GitLab配置:

PS.因为这里要用已有的Nginx作为GitLab的服务器,所以要先进行配置,GitLab的配置文件位置:

/etc/gitlab/gitlab.rb

我这里因为提前配置了gitlab的域名是http://git.xxx.com,接下来修改/etc/gitlab/gitlab.rb以下内容,在修改内容里要注意一点就是web_server设置的值是你nginx的配置,注意每行前面不要有空格,需要特别注意 的是因为GitLab使用的是Ruby,默认开启端口是8080:

# note the 'https' below
external_url 'http://git.xxx.com'

# Set the web server
web_server['external_users'] = ['www']

# Disable the built-in nginx
nginx['enable'] = false

上面是gitlab配置文件需要修改的地方,重新生成配置:

sudo gitlab-ctl reconfigure

接下来配置Nginx虚拟主机,

⑥、添加nginx虚拟主机,支持gitlab:

添加gitlab.conf:

vi /usr/local/nginx/conf/vhost/gitlab.conf

在gitlab.conf中添加以下模板内容:

## GitLab
##
## Modified from nginx http version
## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
##        CONTRIBUTING          ##
##################################
##
## If you change this file in a Merge Request, please also create
## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
##         configuration         ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}

## HTTPS host
server {
  listen  80;
  server_name git.xxx.com; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  root /opt/gitlab/embedded/service/gitlab-rails/public;
  include pagespeed.conf;
  ## Individual nginx logs for this GitLab vhost
  access_log  /data/log/nginx/gitlab.access.log;
  error_log   /data/log/nginx/gitlab.error.log;
  location / {
    client_max_body_size 0;
    gzip on;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     off;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    Upgrade $http_upgrade;
    proxy_set_header    Connection "upgrade";
    proxy_pass http://gitlab-workhorse;
  }
}

⑦、修改防火墙设置:

#为public域开放tcp协议的8080端口
firewall-cmd --zone=public --add-port=8080/tcp --permanent
#为public域添加http服务
firewall-cmd --zone=public --add-service=http --permanent
#重启firewall服务
firewall-cmd --reload

⑧、启动:

启动GitLab:

sudo gitlab-ctl start/stop/restart

重启Nginx:

nginx -s reload
nginx -s reopen

接下来就可以访问git.xxx.com操作gitlab了。

⑨、修改GitLab默认图像路径:

由于GitLab使用的是Gravatar的头像,但Gravatar服务在国内不能正常访问http的图像信息导致Gitlab的头像全都裂了,可以采用下面的方法来解决这个问题:
修改/etc/gitlab/gitlab.rb文件中gravatar_plain_url的值,打开文件,搜索gravatar_plain_url,如果想要在原来的基础上改,就去掉该行前面的#,然后修改gravatar_plain_url值为

http://gravatar.duoshuo.com/avatar/%{hash}?s=%{size}&d=identicon

然后执行下面的命令:

sudo gitlab-ctl reconfigure 
sudo gitlab-rake cache:clear RAILS_ENV=production
sudo gitlab-ctl restart

完成之后GitLab使用的就是国内多说的头像了,如果你的网站采用的是https模式,可以修改gitlab_rails['gravatar_plain_url']值为如下内容:

gitlab_rails['gravatar_plain_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'

然后执行上面的重新配置/重启命令。

2、安装Jenkins:

①、安装yum源:

cd ~&&  wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key

②、安装jenkins并修改启动端口:

sudo yum -y install java jenkins

修改/etc/sysconfig/jenkins配置:

JENKINS_PORT="8081"

③、启动jenkins,设置开机启动:

sudo service jenkins start/stop/restart
sudo chkconfig jenkins on

④、修改防火墙设置:

firewall-cmd --zone=public --add-port=8081/tcp --permanent
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload

⑤、使用Nginx作为Web服务器:

安装完成之后,访问http://localhost:8080/就可以看到jenkins的主页面了,然后根据提示输入随机生成的密码,登录jenkins,如果想使用已有的Web服务器访问jenkins,可以进行如下配置(我这里直接使用Nginx,Apache的配置官方有说明),

vi /etc/nginxhost/jenkins.conf 

在配置文件中写入如下配置:

server {
  listen          80;       # Listen on port 80 for IPv4 requests
  server_name     jenkins.xxx.com;
  server_tokens   off;
  #this is the jenkins web root directory (mentioned in the /etc/default/jenkins file)
  root            /var/run/jenkins/war/;
  include pagespeed.conf;
  include proxy.conf;
  access_log      /data/log/nginx/jenkins.access.log;
  error_log       /data/log/nginx/jenkins.error.log;

  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {

    #rewrite all static files into requests to the root
    #E.g /static/12345678/css/something.css will become /css/something.css
    rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
  }

  location /userContent {
        #have nginx handle all the static requests to the userContent folder files
        #note : This is the $JENKINS_HOME dir
        root /var/lib/jenkins/;
        if (!-f $request_filename){
           #this file does not exist, might be a directory or a /**view** url
           rewrite (.*) /$1 last;
           break;
        }
        sendfile on;
  }

  location @jenkins {
      sendfile off;
      proxy_pass         http://127.0.0.1:8081;
      proxy_redirect     default;
  }
  location / {

     # Optional configuration to detect and redirect iPhones
      if ($http_user_agent ~* '(iPhone|iPod)') {
          rewrite ^/$ /view/iphone/ redirect;
      }

      try_files $uri @jenkins;
   }
}

重启Nginx,访问http://jenkins.xxx.com就可以访问jenkins了,安装完成更新插件时会发现插件更新比较慢,可以设置新的更新站点,不用官方的更新点:
①、首先测试更新数据是否可用:
访问http://mirror.xmission.com/jenkins/updates/current/update-center.json,如果得到结果就说明更新点可用,如果不可访问,就直接使用官方默认的更新源;
②、测试可用之后在“Manage Jenkins”——>“Manage Plugins”——>“Advanced”中设置“Update Site”为如下地址:

http://mirror.xmission.com/jenkins/updates/current/update-center.json

3、安装Gerrit:

①、下载gerrit2.12.2:

cd ~ && wget https://gerrit-releases.storage.googleapis.com/gerrit-2.12.2.war

②、安装前准备:
Gerrit支持MySQL、PostgreSQL等,我这里在使用MySQL时发现有一个创建数据表报错的提示,也不愿意再去折腾,就改用PostgreSQL,PostgreSQL的安装使用,请参考文章:Centos7安装PostgreSQL9.5,安装完成之后,为Gerrit创建数据库reviewdb

createdb -h 127.0.0.1 -p 5432 -U postgres reviewdb

输入postgres的密码后就创建了数据库reviewdb
③、安装gerrit至/var/opt/gerrit

cd ~ && java -jar gerrit-2.12.2.war init -d /var/opt/gerrit 

操作及显示结果如下:

*** Gerrit Code Review 2.12.2
*** 

Create '/var/opt/gerrit'       [Y/n]? y

*** Git Repositories
*** 

Location of Git repositories   [git]: 

*** SQL Database
*** 

Database server type           [h2]: postgresql
Server hostname                [localhost]: 
Server port                    [(postgresql default)]: 
Database name                  [reviewdb]: 
Database username              [root]: postgres
postgres's password            : 
              confirm password : 

*** Index
*** 

Type                           [LUCENE/?]: 

*** User Authentication
*** 

Authentication method          [OPENID/?]: http
Get username from custom HTTP header [y/N]? 
SSO logout URL                 : 
Enable signed push support     [y/N]? 

*** Review Labels
*** 

Install Verified label         [y/N]? 

*** Email Delivery
*** 

SMTP server hostname           [localhost]: 
SMTP server port               [(default)]: 
SMTP encryption                [NONE/?]: 
SMTP username                  : root@localhost.localdomain
root@localhost.localdomain's password : 
              confirm password : 

*** Container Process
*** 

Run as                         [root]: 
Java runtime                   [/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre]: 
Copy gerrit-2.12.2.war to /var/opt/gerrit/bin/gerrit.war [Y/n]? 
Copying gerrit-2.12.2.war to /var/opt/gerrit/bin/gerrit.war

*** SSH Daemon
*** 

Listen on address              [*]: 
Listen on port                 [29418]: 

Gerrit Code Review is not shipped with Bouncy Castle Crypto SSL v152
  If available, Gerrit can take advantage of features
  in the library, but will also function without it.
Download and install it now [Y/n]? 
Downloading http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jar ... Failed to clean up lib: /var/opt/gerrit/lib/bcpkix-jdk15on-152.jar
 !! FAIL !!


error: http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jar: 302 Found
Please download:

  http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jar

and save as:

  /var/opt/gerrit/lib/bcpkix-jdk15on-152.jar

Press enter to continue 
Continue without this library  [Y/n]? 
Generating SSH host key ... rsa(simple)... done

*** HTTP Daemon
*** 

Behind reverse proxy           [y/N]? y
Proxy uses SSL (https://)      [y/N]? 
Subdirectory on proxy server   [/]: 
Listen on address              [*]:    
Listen on port                 [8081]: 8082
Canonical URL                  [http://localhost/]: http://g.example.com

*** Plugins
*** 

Installing plugins.
Install plugin singleusergroup version v2.12.2 [y/N]? y
Install plugin commit-message-length-validator version v2.12.2 [y/N]? y
Install plugin reviewnotes version v2.12.2 [y/N]? y
Install plugin replication version v2.12.2 [y/N]? y
Install plugin download-commands version v2.12.2 [y/N]? y
Initializing plugins.
No plugins found with init steps.

Initialized /var/opt/gerrit
Executing /var/opt/gerrit/bin/gerrit.sh start
Starting Gerrit Code Review: OK
Waiting for server on g.maidoumi.cn:80 ... OK
Opening http://g.example.com/#/admin/projects/ ...FAILED
Open Gerrit with a JavaScript capable browser:
  http://g.example.com/#/admin/projects/

④、安装完成,设置Gerrit:
添加文件gerritcodereview

vi /etc/default/gerritcodereview

文件内容如下:

GERRIT_SITE=/var/opt/gerrit

⑤、启动Gerrit,并设置Gerrit自启动:
创建启动软链:

ln -sf /var/opt/gerrit/bin/gerrit.sh /usr/bin/gerrit

启动Gerrit:

gerrit start

设置自启动:

echo -e 'gerrit start\n' >> /etc/rc.local

⑥、设置Gerrit认证:
使用htpasswd命令为管理云用户生成http认证配置文件,如果没有htpasswd文件需要安装apache2-utils包。
添加admin用户的验证文件,放在/var/opt/gerrit下,并将admin作为管理员:

cd /var/opt/gerrit && htpasswd -d htpasswd.conf admin

输入两次密码之后就添加了admin用户,以后添加gerrit用户时,同样需要先为其配置http认证,然后用户登录后gerrit会为其自动生成用户帐号,名字与http认证名字一致,第一次登录成功之后就会要求你设置基本验证。
⑦、设置Nginx代理:

vi /etc/nginxhost/gerrit.conf

文件内容如下:

server {
        listen       80;
        server_name  g.example.com;
        ## Don't show the nginx version number, a security best practice
        server_tokens off;
        include proxy.conf;
        include pagespeed.conf;
        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        access_log  /data/log/nginx/gerrit.access.log  main;
        error_log   /data/log/nginx/gerrit.error.log;
        location / {
                auth_basic              "Gerrit2 Code Review";
                auth_basic_user_file    /var/opt/gerrit/htpasswd.conf;
                proxy_pass              http://127.0.0.1:8082;
                proxy_set_header        X-Forwarded-For $remote_addr;
                proxy_set_header        Host $host;
        }
        location /login/ {
                proxy_pass              http://127.0.0.1:8082;
                proxy_set_header        X-Forwarded-For $remote_addr;
                proxy_set_header        Host $host;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
                expires       1d;
        }
        location ~ .*\.(js|css|html)?$
        {
                expires       1d;
        }
}

PS.配置文件中的proxy.conf;pagespeed.conf具体写法请参考我之前的文章。
之后重启Nginx和Gerrit:

nginx -s reload
nginx -s reopen
gerrit restart

至此CI系统所需的三个产品都完成了安装,接下来就是配合使用了。

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:54086次
    • 积分:809
    • 等级:
    • 排名:千里之外
    • 原创:21篇
    • 转载:0篇
    • 译文:0篇
    • 评论:9条
    文章分类
    最新评论