实例--jenkins拉取gitlab代码进行sonarqube代码扫描后打镜像推到harbor
0. 环境规划
节点名称 | ip地址 |
---|---|
gitlab | 10.0.0.30 |
jenkins | 10.0.0.40 |
sonarqube | 10.0.0.61 |
harbor | 10.0.0.100 |
1. 安装gitlab
1.1 安装gitlab
#!/bin/bash
#
#********************************************************************
#说明:安装GitLab 服务器内存建议至少4G,root密码至少8位
GITLAB_VERSION=15.1.2
. /etc/os-release
UBUNTU_URL="https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/ubuntu/pool/${UBUNTU_CODENAME}/main/g/gitlab-ce/gitlab-ce_${GITLAB_VERSION}-ce.0_amd64.deb"
RHEL_URL=https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/8/gitlab-ce-${GITLAB_VERSION}-ce.0.el8.x86_64.rpm
HOST=gitlab.lec
DOWNLOAD_DIR=/usr/local/src
GITLAB_ROOT_PASSWORD=12345678
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_gitlab() {
if [ $ID = "centos" -o $ID = "rocky" ];then
PACK="${RHEL_URL##*/}"
echo $PACK
[ ! -e $PACK ] && wget ${RHEL_URL} || { color "下载失败!" 1 ;exit ; }
yum -y install $PACK
elif [ $ID = "ubuntu" ];then
PACK="${UBUNTU_URL##*/}"
echo $PACK
echo ${UBUNTU_URL}
if [ ! -e $PACK ];then
wget ${UBUNTU_URL} || { color "下载失败!" 1 ;exit ; }
fi
dpkg -i $PACK
else
color '不支持当前操作系统!' 1
exit
fi
if [ $? -eq 0 ];then
color "安装 GitLab完成!" 0
else
color "安装 GitLab失败!" 1
exit
fi
}
config_gitlab() {
sed -i.bak "/^external_url.*/c external_url \'http://$HOST\'" /etc/gitlab/gitlab.rb
cat >> /etc/gitlab/gitlab.rb <<EOF
gitlab_rails['initial_root_password'] = "$GITLAB_ROOT_PASSWORD"
EOF
gitlab-ctl reconfigure
gitlab-ctl status
if [ $? -eq 0 ];then
echo
color "Gitlab安装完成!" 0
echo "-------------------------------------------------------------------"
echo -e "请访问链接: \E[32;1mhttp://$HOST/\E[0m"
echo -e "用户和密码: \E[32;1mroot/${GITLAB_ROOT_PASSWORD}\E[0m"
else
color "Gitlab安装失败!" 1
exit
fi
}
install_gitlab
config_gitlab
1.2 登录gitlab和配置
- windows要做域名解析 10.0.0.30 gitlab.lec
url: http://gitlab.lec
账号: root 密码:12345678
gitlab汉化
1.3 gitlab添加用户
添加用户
再次编辑,修改密码
设置密码
1.4 创建组
使用管理员root 或用户都可以创建group组
一个group组里面可以拥有多个project项目分支,可以将开发的用户添加到组里,再进行设置权限
不同的组对应公司不同的开发项目或者服务模块
如果gitlab使用者的组织规模较大,每一个group组可以分别对应一个组织,如:某个分公司或部门
如果gitlab使用者的组织规模较小, 每一个group组也可以对应一个项目或业务
不同的组中添加不同的开发人员帐号,即可实现对开发者实现权限的管理。
2. 安装jenkins
2.1 安装jenkins
#!/bin/bash
#
#********************************************************************
JENKINS_VERSION=2.319.3
URL="https://mirrors.tuna.tsinghua.edu.cn/jenkins/debian-stable/jenkins_${JENKINS_VERSION}_all.deb"
GREEN="echo -e \E[32;1m"
END="\E[0m"
HOST=jenkins.lec
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_java(){
if [ $ID = "centos" -o $ID = "rocky" ];then
#yum -y install java-1.8.0-openjdk
yum -y install java-11-openjdk
else
apt update
#apt -y install openjdk-8-jdk
apt -y install openjdk-11-jdk
fi
if [ $? -eq 0 ];then
color "安装java完成!" 0
else
color "安装java失败!" 1
exit
fi
}
install_jenkins() {
wget -P /usr/local/src/ $URL || { color "下载失败!" 1 ;exit ; }
if [ $ID = "centos" -o $ID = "rocky" ];then
yum -y install /usr/local/src/${URL##*/}
ystemctl enable jenkins
systemctl start jenkins
else
apt -y install daemon net-tools || { color "安装依赖包失败!" 1 ;exit ; }
dpkg -i /usr/local/src/${URL##*/}
fi
if [ $? -eq 0 ];then
color "安装Jenkins完成!" 0
else
color "安装Jenkins失败!" 1
exit
fi
}
start_jenkins() {
systemctl is-active jenkins
if [ $? -eq 0 ];then
echo
color "Jenkins安装完成!" 0
echo "-------------------------------------------------------------------"
echo -e "访问链接: \c"
${GREEN}"http://$HOST:8080/"${END}
else
color "Jenkins安装失败!" 1
exit
fi
while :;do
[ -f /var/lib/jenkins/secrets/initialAdminPassword ] && \
{ key=`cat /var/lib/jenkins/secrets/initialAdminPassword` ; break; }
sleep 1
done
echo -e "登录秘钥: \c"
${GREEN}$key${END}
}
install_java
install_jenkins
start_jenkins
2.2 登录和配置
- windows要做域名解析 10.0.0.40 jenkins.lec
url: http:// jenkins.lec
账号: root
密码:
root@jenkins:~# cat /var/lib/jenkins/secrets/initialAdminPassword
cbf5c7381f164c4d8ffda082d2baa255
2.2.1 修改 jenkins 服务的用户
- 默认jenkins服务使用jenkins 帐号启动,将文件复制到生产服务器可能会遇到权限问题,因此修改为root用户
[root@jenkins-ubunutu1804 ~]#vim /etc/default/jenkins
JENKINS_USER=root
JENKINS_GROUP=root
root@jenkins:~# systemctl daemon-reload
root@jenkins:~# systemctl restart jenkins
# 启动服务
systemctl is-active jenkins
2.2.2 插件管理和配置
2.2.2.1 方法1: 更改 Jenkins 的镜像源为国内镜像站
修改指向国内的网址
sed -i.bak 's#updates.jenkins.io/download#mirror.tuna.tsinghua.edu.cn/jenkins#g' /var/lib/jenkins/updates/default.json
sed -i 's#www.google.com#www.baidu.com#g' /var/lib/jenkins/updates/default.json
#注意:如果是tomcat运行war包方式需要下面路径
sed -i.bak 's#https://updates.jenkins.io/download#https://mirror.tuna.tsinghua.edu.cn/jenkins#g' /root/.jenkins/updates/default.json
将升级站点URL替换成下面国内镜像地址,提交后再次安装插件即可
#查看镜像源
http://mirrors.jenkins-ci.org/status.html
#默认镜像源
https://updates.jenkins.io/update-center.json
#国内镜像源
https://mirror.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
https://mirrors.aliyun.com/jenkins/updates/update-center.json
2.2.2.2 方法2: 离线插件包复制至插件安装目录
可以将其它主机的已安装好的插件打包后,再将之导入到安装插件目录即可
systemctl stop jenkins
tar jenkins_plugins.tar.gz -C /var/lib/jenkins/plugins/
chown -R jenkins.jenkins /var/lib/jenkins/plugins/
systemctl start jenkins
2.2.2.3 安装中文插件
插件管理–搜索 chinese – 选中 Location: Chinese (simplified) 进行安装
2.2.3 优化配置
默认只能并行2个任务,建议根据CPU核心数,将执行者数量修改为CPU的核数
管理 jenkins – Configure System 找到 Maven项目配置下 的 执行者数量
3.Jenkins 结合 GitLab 实现代码下载
3.1 Jenkins安装GitLab 插件
插件管理–搜索 gitlab – 选中 下面三个 进行安装
3.2 基于 ssh key 拉取代码
- 在 Jenkins 服务器上生成 ssh key
ssh-keygen
root@jenkins:~# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvryW5Oq6MVGz/FyRAmAD+Uo7GI9GWCPjIt7elhgJuG2HrrVH6pcsHZVfGUx5kb0Eds1jyxbws03MaD/SOQDRS7m7ua6spfT+3DODoPIOEmHvYGoU8VQqL1Ky6cFzqC23OWKKkI5+t5CahZb9bvReJekitpE8bSQm2kikgb2p9kP0GWoC+3H9H6umrMuRY5LubAq6il/73Z4TT6rb+9bQRjj6zjk5QQTvq9Lipki7RB0do7/2IvWJqqIjD4T6oqscPVvgAejB1MH1H5tP1EsucPbVzSQxmi7uoeM9fObS1C024ZBkeqBV/P3hMGlRMq7FXLiB3LiKo7M7fKqmf8l1Kn2CgwTQ7+Z/bF4+1vNkVFvqIXwYc35+npxsdYqwMgyMyckN4zLCZpBJ+ap+M2WZMhUJc6Y0DlYObyAc69891lY5Opnk5pJJl1/5+ozjxnipcG+CNeUC+hBlBkYBSVMOG2d1WbYJOPtaHGD5lprAlFJ14vPhsCZWDJ4+jrX3FQgk= root@jenkins
-
在 Gitlab服务器上用户中关联 Jenkins 生成的ssh 公钥key
-
先在gitlab查看项目的下载地址
git@gitlab.lec.org:python/spring-boot-helloworld.git
-
在jenkins服务器上执行克隆,不再需要用户和密码
root@jenkins:~# git clone git@gitlab.lec.org:dev1/springboot-hello.git
Cloning into 'spring-boot-helloworld'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.
3.3 添加基于用户名和 private key 类型的凭据
虽然 Jenkins 将root用户公钥传给gitlab可以实现从GitLab服务器基于ssh key 克隆项目,但是Jenkins 无
法自动获取root用户的私钥,也就无法在直接在Jenkins的项目中直接连接GitLab的仓库
还需要在Jenkins通过将Jenkins的root对应的私钥创建为Jenkins的凭证,以方便后续的连接GitLab使用
- Jenkins 添加用户名和private key 类型凭据
系统管理 – 凭据
3.4 添加基于用户名和密码类型的凭据
- 如果基于http协议则无需实现ssh key 凭证,而选择添加gitlab用户名和密码的形式
前面创建的gitlab用户 jenkins 密码 jenkins.com
4. 构建 Webhook 触发器
- 构建触发器(webhook),也称为钩子,实际上是一个HTTP回调,其用于在开发人员向gitlab提交代码后能够触发jenkins自动执行代码构建操作。
4.1 触发远程构建
4.1.1 Jenkins配置构建 Webhook 触发器
- 生成WebHook 触发器链接
http://10.0.0.40:8080/job/test-jenkins-gitlab/build?token=123456
4.1.2 Jenkins 配置生成用户的 API Token
- jenkins创建用户lecjenkins
- 生成api token
11a3554360a8f9f3e131623be89e0e21e4
- 注意: 此值是一次性的,所以必须立即复制Token
- 使用curl命令访问URL
#如果执行正常,则无任何显示
curl http://admin:11a3554360a8f9f3e131623be89e0e21e4@10.0.0.40:8080//job/test-jenkins-gitlab/build?token=123456
4.1.3 Gitlab配置 Webhook
- 在gitlab服务器指定项目中创建webhook,输入下面网址
- 方法1 身份验证令牌
填入http://admin:11a3554360a8f9f3e131623be89e0e21e4@10.0.0.40:8080/job/test-jenkins-gitlab/build?token=123456
- 方法2 使用插件
安装插件
任务里— 配置 —构建触发器
选中
下拉生成Secret token
5. 安装harbor
5.1 安装harbor
#!/bin/bash
#
#********************************************************************
DOCKER_VERSION="20.10.10"
UBUNTU_DOCKER_VERSION="5:${DOCKER_VERSION}~3-0~`lsb_release -si`-`lsb_release -cs`"
DOCKER_COMPOSE_VERSION=2.6.1
DOCKER_COMPOSE_FILE=docker-compose-Linux-x86_64
HARBOR_VERSION=2.6.2
HARBOR_BASE=/apps
HARBOR_NAME=hub.lec.com
HARBOR_IP=`hostname -I|awk '{print $1}'`
HARBOR_ADMIN_PASSWORD=123456
COLOR_SUCCESS="echo -e \\033[1;32m"
COLOR_FAILURE="echo -e \\033[1;31m"
END="\033[m"
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_docker(){
if [ $ID = "centos" -o $ID = "rocky" ];then
if [ $VERSION_ID = "7" ];then
cat > /etc/yum.repos.d/docker.repo <<EOF
[docker]
name=docker
gpgcheck=0
#baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/x86_64/stable/
EOF
else
cat > /etc/yum.repos.d/docker.repo <<EOF
[docker]
name=docker
gpgcheck=0
#baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/8/x86_64/stable/
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/8/x86_64/stable/
EOF
fi
yum clean all
${COLOR_FAILURE} "Docker有以下版本"${END}
yum list docker-ce --showduplicates
${COLOR_FAILURE}"5秒后即将安装: docker-"${DOCKER_VERSION}" 版本....."${END}
${COLOR_FAILURE}"如果想安装其它Docker版本,请按ctrl+c键退出,修改版本再执行"${END}
sleep 5
yum -y install docker-ce-$DOCKER_VERSION docker-ce-cli-$DOCKER_VERSION \
|| { color "Base,Extras的yum源失败,请检查yum源配置" 1;exit; }
else
dpkg -s docker-ce &> /dev/null && $COLOR"Docker已安装,退出" 1 && exit
apt update || { color "更新包索引失败" 1 ; exit 1; }
apt -y install apt-transport-https ca-certificates curl software-properties-common || \
{ color "安装相关包失败" 1 ; exit 2; }
curl -fsSL https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt update
${COLOR_FAILURE} "Docker有以下版本"${END}
apt-cache madison docker-ce
${COLOR_FAILURE}"5秒后即将安装: docker-"${UBUNTU_DOCKER_VERSION}" 版本....."${END}
${COLOR_FAILURE}"如果想安装其它Docker版本,请按ctrl+c键退出,修改版本再执行"${END}
sleep 5
apt -y install docker-ce=${UBUNTU_DOCKER_VERSION} docker-ce-cli=${UBUNTU_DOCKER_VERSION}
fi
if [ $? -eq 0 ];then
color "安装软件包成功" 0
else
color "安装软件包失败,请检查网络配置" 1
exit
fi
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://si7y70hh.mirror.aliyuncs.com"],
"insecure-registries":["harbor.magedu.org:80"]
}
EOF
systemctl daemon-reload
systemctl enable docker
systemctl restart docker
docker version && color "Docker 安装成功" 0 || color "Docker 安装失败" 1
echo 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrc
echo 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrc
}
install_docker_compose(){
if [ $ID = "centos" -o $ID = "rocky" ];then
${COLOR_SUCCESS}"开始安装 Docker compose....."${END}
sleep 1
if [ ! -e ${DOCKER_COMPOSE_FILE} ];then
#curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/${DOCKER_COMPOSE_FILE} -o /usr/bin/docker-compose
curl -L https://get.daocloud.io/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m) -o /usr/bin/docker-compose
else
mv ${DOCKER_COMPOSE_FILE} /usr/bin/docker-compose
fi
chmod +x /usr/bin/docker-compose
else
apt -y install docker-compose
fi
if docker-compose --version ;then
${COLOR_SUCCESS}"Docker Compose 安装完成"${END}
else
${COLOR_FAILURE}"Docker compose 安装失败"${END}
exit
fi
}
install_harbor(){
${COLOR_SUCCESS}"开始安装 Harbor....."${END}
sleep 1
if [ ! -e harbor-offline-installer-v${HARBOR_VERSION}.tgz ] ;then
wget https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/harbor-offline-installer-v${HARBOR_VERSION}.tgz || ${COLOR_FAILURE} "下载失败!" ${END}
fi
[ -d ${HARBOR_BASE} ] || mkdir ${HARBOR_BASE}
tar xvf harbor-offline-installer-v${HARBOR_VERSION}.tgz -C ${HARBOR_BASE}
cd ${HARBOR_BASE}/harbor
cp harbor.yml.tmpl harbor.yml
sed -ri "/^hostname/s/reg.mydomain.com/${HARBOR_NAME}/" harbor.yml
sed -ri "/^https/s/(https:)/#\1/" harbor.yml
sed -ri "s/(port: 443)/#\1/" harbor.yml
sed -ri "/certificate:/s/(.*)/#\1/" harbor.yml
sed -ri "/private_key:/s/(.*)/#\1/" harbor.yml
sed -ri "s/Harbor12345/${HARBOR_ADMIN_PASSWORD}/" harbor.yml
sed -i 's#^data_volume: /data#data_volume: /data/harbor#' harbor.yml
#mkdir -p /data/harbor
${HARBOR_BASE}/harbor/install.sh && ${COLOR_SUCCESS}"Harbor 安装完成"${END} || ${COLOR_FAILURE}"Harbor 安装失败"${END}
cat > /lib/systemd/system/harbor.service <<EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f ${HARBOR_BASE}/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f ${HARBOR_BASE}/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable harbor &>/dev/null || ${COLOR}"Harbor已配置为开机自动启动"${END}
if [ $? -eq 0 ];then
echo
color "Harbor安装完成!" 0
echo "-------------------------------------------------------------------"
echo -e "请访问链接: \E[32;1mhttp://${HARBOR_IP}/\E[0m"
echo -e "用户和密码: \E[32;1madmin/${HARBOR_ADMIN_PASSWORD}\E[0m"
else
color "Harbor安装失败!" 1
exit
fi
}
docker info &> /dev/null && ${COLOR_FAILURE}"Docker已安装"${END} || install_docker
docker-compose --version &> /dev/null && ${COLOR_FAILURE}"Docker Compose已安装"${END} || install_docker_compose
install_harbor
输出结果
Harbor安装完成! [ OK ]
-------------------------------------------------------------------
请访问链接: http://hub.lec.com/
用户和密码: admin/123456
5.2 登录和创建用户
Harbor安装完成! [ OK ]
-------------------------------------------------------------------
请访问链接: http://hub.lec.com/
用户和密码: admin/123456
- 创建用户
设置为管理员
5.3 jenkins设置harbor的凭据
5. 安装docker插件
5.1 设置文本参数
5.2 调用顶层 Maven 目标
5.3 创建build image
5.4 创建push image
6. 部署 sonarqube
6.1 部署sonarqube
#!/bin/bash
#
#********************************************************************
SONARQUBE_VER="8.9.9.56886"
SONARQUBE_URL="https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VER}.zip"
SONAR_USER=sonarqube
SONAR_USER_PASSWORD=123456
WORK_DIR=`pwd`
HOST=`hostname -I|awk '{print $1}'`
GREEN="echo -e \E[32;1m"
END="\E[0m"
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_java(){
if [ $ID = "centos" -o $ID = "rocky" ];then
yum -y install java-11-openjdk-devel
else
apt update
apt -y install openjdk-11-jdk
fi
if [ $? -eq 0 ];then
color "安装java完成!" 0
else
color "安装java失败!" 1
exit
fi
}
system_prepare () {
useradd -s /bin/bash -m sonarqube
cat >> /etc/sysctl.conf <<EOF
vm.max_map_count=262144
fs.file-max=65536
EOF
sysctl -p
cat >> /etc/security/limits.conf <<EOF
sonarqube - nofile 65536
sonarqube - nproc 4096
EOF
}
install_postgresql(){
if [ $ID = "centos" -o $ID = "rocky" ];then
if [ $VERSION_ID -eq 7 ];then
rpm -i http://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum -y install postgresql12-server postgresql12 postgresql12-libs
postgresql-12-setup --initdb
else
#rpm -i http://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
color "不支持此操作系统!" 1
exit
fi
systemctl enable postgresql.service
systemctl start postgresql.service
else
apt update
apt -y install postgresql
fi
if [ $? -eq 0 ];then
color "安装postgresql完成!" 0
else
color "安装postgresql失败!" 1
exit
fi
}
config_postgresql () {
if [ $ID = "centos" -o $ID = "rocky" ];then
sed -i.bak "/listen_addresses/a listen_addresses = '*'" /var/lib/pgsql/data/postgresql.conf
cat >> /var/lib/pgsql/data/pg_hba.conf <<EOF
host all all 0.0.0.0/0 md5
EOF
else
sed -i.bak "/listen_addresses/c listen_addresses = '*'" /etc/postgresql/1*/main/postgresql.conf
cat >> /etc/postgresql/*/main/pg_hba.conf <<EOF
host all all 0.0.0.0/0 md5
EOF
fi
systemctl restart postgresql
su - postgres -c "psql -U postgres <<EOF
CREATE USER $SONAR_USER WITH ENCRYPTED PASSWORD '$SONAR_USER_PASSWORD';
CREATE DATABASE sonarqube OWNER $SONAR_USER;
GRANT ALL PRIVILEGES ON DATABASE sonarqube TO $SONAR_USER;
EOF"
}
install_sonarqube() {
cd $WORK_DIR
if [ -f sonarqube-${SONARQUBE_VER}.zip ] ;then
mv sonarqube-${SONARQUBE_VER}.zip /usr/local/src
else
wget -P /usr/local/src ${SONARQUBE_URL} || { color "下载失败!" 1 ;exit ; }
fi
cd /usr/local/src
unzip ${SONARQUBE_URL##*/}
ln -s /usr/local/src/sonarqube-${SONARQUBE_VER} /usr/local/sonarqube
chown -R sonarqube.sonarqube /usr/local/sonarqube/
cat > /lib/systemd/system/sonarqube.service <<EOF
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=simple
User=sonarqube
Group=sonarqube
PermissionsStartOnly=true
ExecStart=/usr/bin/nohup /usr/bin/java -Xms32m -Xmx32m -Djava.net.preferIPv4Stack=true -jar /usr/local/sonarqube/lib/sonar-application-${SONARQUBE_VER}.jar
StandardOutput=syslog
LimitNOFILE=65536
LimitNPROC=8192
TimeoutStartSec=5
Restart=always
[Install]
WantedBy=multi-user.target
EOF
cat >> /usr/local/sonarqube/conf/sonar.properties <<EOF
sonar.jdbc.username=$SONAR_USER
sonar.jdbc.password=$SONAR_USER_PASSWORD
sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube
EOF
}
start_sonarqube() {
systemctl enable --now sonarqube.service
systemctl is-active sonarqube
if [ $? -eq 0 ];then
echo
color "sonarqube 安装完成!" 0
echo "-------------------------------------------------------------------"
echo -e "访问链接: \c"
${GREEN}"http://$HOST:9000/"${END}
echo -e "用户和密码: \c"
${GREEN}"admin/admin"${END}
else
color "sonarqube 安装失败!" 1
exit
fi
}
install_java
system_prepare
install_postgresql
config_postgresql
install_sonarqube
start_sonarqube
用浏览器访问地址: http://SonarQube服务器IP:9000
新版默认必须登录,不支持匿名访问
默认用户名和密码都是 admin
6.2 jenkins部署 sonar-scanner
下载链接 https://docs.sonarqube.org/latest/analyzing-source-code/scanners/sonarscanner/
apt -y install unzip
mv sonar-scanner-cli-4.7.0.2747-linux.zip /usr/local/src
cd /usr/local/src
unzip sonar-scanner-cli-4.7.0.2747-linux.zip -d /usr/local/src
ln -s /usr/local/src/sonar-scanner-4.7.0.2747-linux/ /usr/local/sonar-scanner
ln -s /usr/local/sonar-scanner/bin/sonar-scanner /usr/bin/
cat >> /usr/local/sonar-scanner/conf/sonar-scanner.properties << EOF
sonar.host.url=http://10.0.0.61:9000
sonar.sourceEncoding=UTF-8
EOF
6.3 jenkins安装插件 SonarQube Scanner
Jenkins—系统管理–插件管理
安装插件 SonarQube Scanner
- sonarqube生成令牌
令牌 b72dea9bc8fbe71ebe3668c44b86f562c7a61e91
-
系统配置中添加 SonarQuebe Server 验证令牌
-
系统配置中添加 SonarQuebe Server 的地址
-
Jenkins 添加 Sonar Scanner 扫描器
Jenkins–系统管理-全局工具配置
- 在任务构建步骤中添加 Execute Sonarqube Scanner
- 在任务构建步骤中添加 执行shell
- 运行结果
7 pipeline
7.1 在 SonarQube 添加 Jenkins的回调接口
密码随便输入
7.2 准备项目目录中的 Jenkins文件
pipeline {
agent any
stages {
stage('Cat') {
steps {
sh "pwd"
}
}
stage("SonarQube analysis"){
steps {
//注意:下面的SonarQube-Server和系统配置SonarQube installations的Name必须一致,大小写敏感
//sonarqube 上面jenkins配置sonarqube的名字
// jenkins上的sonar-scanner路径/usr/bin/sonar-scanner
withSonarQubeEnv("sonarqube"){
sh '/usr/bin/sonar-scanner'
}
}
}
stage("Quality Gate") {
steps {
//代码检测失败,将不再继续执行后面的任务,直接退出,报告返回的超时时长设为5分钟
timeout(time: 5,unit: 'MINUTES'){
waitForQualityGate abortPipeline: true
}
}
}
stage('Build') {
steps {
//sh 'mvn clean package -Dmaven.test.skip=true'
echo 'Build'
}
}
stage('Test') {
steps {
echo "Test"
}
}
stage('Deploy') {
steps {
echo "Deploy"
}
}
}
}
7.3 准备项目目录中的 sonar-project.properties 文件
# 只需要替换项目名字
#项目的唯一标识
sonar.projectKey=sprintboot-hello
#项目的名称,用于显示在 sonarqube web 界面
sonar.projectName=sprintboot-hello
#项目版本
sonar.projectVersion=1.0
#项目源码所在目录
sonar.sources=.
#项目源码编译生成的二进制文件路径
sonar.java.binaries=.
#编程语言
sonar.language=java
#编码格式
sonar.sourceEncoding=UTF-8
7.4 创建 Pipeline 任务
7.5 运行
- jenkins结果
- sonarqube结果