Jenkins 使用
一、jenkins 任务执行
jenkins 创建 job
job的名字最好是有意义的
restart_web_backend
restart_web_mysql
[root@jenkins ~]# ls /var/lib/jenkins/
config.xml nodeMonitors.xml
hudson.model.UpdateCenter.xml nodes
hudson.plugins.git.GitTool.xml plugins
identity.key.enc queue.xml.bak
jenkins.install.InstallUtil.lastExecVersion secret.key
jenkins.install.UpgradeWizard.state secret.key.not-so-secret
jenkins.model.JenkinsLocationConfiguration.xml secrets
jenkins.telemetry.Correlator.xml updates
jobs userContent
logs users
[root@jenkins ~]# ls /var/lib/jenkins/jobs/
guan_jenkins_job
[root@jenkins ~]# ls /var/lib/jenkins/jobs/guan_jenkins_job/
builds config.xml
[root@jenkins ~]# ls /var/lib/jenkins/workspace/guan_jenkins_job
guan12319.txt
清理工作空间之后,可以发现workspace目录下没有内容了
[root@jenkins ~]# ls /var/lib/jenkins/workspace/
二、 Jenkins 连接gitee
ssh协议连接方式
获取仓库地址
git@gitee.com:sound-of-birds-chirpingg/test_git.git
目的:用户在jenkins服务器上去Gitee(码云)下载代码,然后把代码下载到jenkins服务器上
常见报错
jenkins 没有安装git
yum install -y git
没有做免密
用ssh-keygen 生成公私要,然后上传公钥到gitee上,进行免密登录
[root@jenkins ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6ATb8WL+zTOhYNkwJKr+xfaZ5QbfLBxyaRYtcO977T6ySDv1MDmBXC0ELBOE0x/Pyac3u5IB+NjLsKM63iYzSXrqk0TzjgrCXM85ZdnJ3mqCwaOa0xt2xFYeu0Pxz5o6CO+bffgfoInEIBHn44UaiJLM1qUdyoIxm8vKEaWF5ZZeDvyl8s952du0NgAQeRr70aISqRFTfZM5rYtkJeQ1r/3O0fuv5VbbklJprOid+viXwPIATLnste4TMFeN0dWW752WSfYpxR/XbPWLeZ0rTu3frIhLCsTOpPZyoLvRwJ7SpqLyPpLxC3mTYysPe66/VmSB6AkOebz9bDHWdsCiyHF6yV8Rl6MPHiilYW+nzWV48Mj5mVO7JMA5euFNMsgNqF908HS9czjD89nOjWjeSjlMn/+TweGulVHopP6n0puC+g2PFPLCfULm9J+JpRJNRCFXoEZ3MW1B3okHZ/Kq9zJNLQs7TjrHhCE8zR2wWULCybLrwqbsHXGRarW6QJvE= root@jenkins
[root@jenkins ~]# cat ~/.ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAugE2/Fi/s0zoWDZMCSq/sX2meUG3ywccmkWLXDve+0+skg79TA5g
VwtBCwThNMfz8mnN7uSAfjYy7CjOt4mM0l66pNE844KwlzPOWXZyd5qgsGjmtMbdsRWHrt
D8c+aOgjvm334H6CJxCAR5+OFGoiSzNalHcqCMZvLyhGlheWWXg78pfLPednbtDYAEHka+
9GiEqkRU32TOa2LZCXkNa/9ztH7r+VW25JSaazonfr4l8DyAEy57LXuEzBXjdHVlu+dlkn
2KcUf12z1i3mdK07t36yISwrEzqT2cqC70cCe0qai8j6S8Qt5k2MrD3uuv1ZkgegJDnm8/
Wwx1nbAoshxeslfEZejDx4opWFvp81lePDI+ZlTuyTAOXrhTTLIDahfdPB0vXM4w/PZzo1
o3ko5TJ//k8HhrpVR6KT+p9KbgvoNjxTywn1C5vSfiaUSTUQhV6BGdzFtQd6JB2fyqvcyT
S0LO046x4QhPM0dsFlCwsmy68Km7B1xkWq1ukCbxAAAFiOM92dvjPdnbAAAAB3NzaC1yc2
EAAAGBALoBNvxYv7NM6Fg2TAkqv7F9pnlBt8sHHJpFi1w73vtPrJIO/UwOYFcLQQsE4TTH
8/Jpze7kgH42MuwozreJjNJeuqTRPOOCsJczzll2cneaoLBo5rTG3bEVh67Q/HPmjoI75t
9+B+gicQgEefjhRqIkszWpR3KgjGby8oRpYXlll4O/KXyz3nZ27Q2ABB5GvvRohKpEVN9k
zmti2Ql5DWv/c7R+6/lVtuSUmms6J36+JfA8gBMuey17hMwV43R1ZbvnZZJ9inFH9ds9Yt
5nStO7d+siEsKxM6k9nKgu9HAntKmovI+kvELeZNjKw97rr9WZIHoCQ55vP1sMdZ2wKLIc
XrJXxGXow8eKKVhb6fNZXjwyPmZU7skwDl64U0yyA2oX3TwdL1zOMPz2c6NaN5KOUyf/5P
B4a6VUeik/qfSm4L6DY8U8sJ9Qub0n4mlEk1EIVegRncxbUHeiQdn8qr3Mk0tCztOOseEI
TzNHbBZQsLJsuvCpuwdcZFqtbpAm8QAAAAMBAAEAAAGBAIn7preyeptfXSk7NlLClKvto1
Zmixqg7vX+yzAj9fmGlGVRm1QVgiBwZ9Ltzsch4fUdyjgC6NM4D7SjXR5IeuAAiAMGeV3p
MGkqdFRniujxG21ilGrc786TQzFLNUwhZ+xy1YVL8D+jdShWcclQDN7xzMPtDOSa9yzT41
aY+kddNvX0FKm+oTROavJN2kA/iR60fl31DOUf2gVNseXWGD/apBHs6c7waBnPp3IOFQhv
tKMvrm8MVzJZZB0ly7Mz9n2ZPQuTLQfWV8zN9uVfJgfAd0nyPpnkmEH1a9i7G1RHzD9y94
/60Ub9cCwyzoXXm7zT6TS2hpci1LM+moCkro8YlfF5YgbP1STQhCbF+l+EjvgWnJMT50yY
WSOwT9jdt6QDTMspl1fabUX/H3Jk4QztEiphMGg0/tT4fx+3Jm2SbTmyLZkQJwce86qt+h
21A+AbQSfVG/frMiMOqbcI2dqzbiz7B3W+SYsRdvTpFX4QDPczSvzUGak8FgY99EO6AQAA
AMEA00nbSP1zG9FfHCA2WDCSRqKPYduOLdyQUf1gPIavF//0HHOBIJyQ8pp9oTvArZCW20
V0n10yxxFwS/GqJ8isMBELM9rnJ5gYVp7t31oV+n9gqqPgjXvmTtqiqotOCOXCTTjryNBe
goUzMqTwqnUNnJy4JC2tGLG8QUJA5v+Ajx2H9EaZmKNwU69wZdXXuoNA7Oqnt/W/qey91l
DCe0pp2vlsrWARnrRwkq747JDuQZgfJ8FR7VQ0PwnShYddPhgsAAAAwQDanDLFQGQlAEGf
9Xaa0hvpDy8rAgpW02t0j/uwedmrrjKa9l3MHjEb42iO3FSsWSVUnGNjdDAXlubGWpfG6Q
VJDuwHYujppIjq2GCipmrS5E7eriLQyMR3009DEF4AJvWvLyoVs951O9ThC/VKZXfiaMAP
67aDyxQg0cLCeAJHQJW4yc6hgp1uEhru5ViRCOxsag6z1s4q0Y8lPcHbInzCtRCEPC5+8G
C/K1JTRbcKznwGUciQ6IGYqbC0gFE9OdEAAADBANnRZTXzS7Ml17HmxJylS0XRmKpBC64Y
vEay8AUdMLfJ/Z1SKq54tD8T2AFQHRTlANd7jmpWjxebJ6AuzlCGIgFvMaWzG5wE5RuMCj
/yhPgTS6HrRNIzM0BBjQQG2P1sgUPeaWhQcD5NrIzUmL3QA2ZqohEzNSmXNHLWXbHd2VQf
DMbIUyjjdQw3eIADpuLpOx7RnI9JhOE1ns84mKE7OIfAaDssqbsdl2UsiSprq8V4/vjNpr
4u5QnBxUrmz2pDIQAAAAxyb290QGplbmtpbnMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
- 在jenkins服务器上配置好git,生成公私钥发给gitlab
- 在jenkins服务器里做好配置,和凭证,写入私钥
Https 协议连接方式
1.获取仓库地址
https://gitee.com/sound-of-birds-chirpingg/test_git.git
2.安装gitee插件,并在安装完成之后重启jenkins服务
添加凭据
此时,gitee仓库更新内容,而jenkins还是之前的内容,没有同步
这个时候,只需要在jenkins 服务器上在构建一次,就完成了代码仓库的同步更新
[root@jenkins guan_jenkins_job]# ls
git.txt guan12319.txt guan.txt hello.txt
[root@jenkins guan_jenkins_job]# ls
git.txt guan12319.txt guan.txt hello.txt README.md
[root@jenkins guan_jenkins_job]#
三、Jenkins 部署静态网站
自动化部署静态站点
1.手动或自动部署一个nginx集群
2.开发提交代码到代码托管平台,gitee
3.运维开发shell脚本,交给jenkins去执行这个脚本,jenkins再去获取代码,推送到nginx集群下
实验准备:使用了2台服务器,一台是运行jenkins服务,另一台运行web服务
1.在web服务器部署一个nginx web 集群
yum install -y nginx
2.修改nginx的配置文件
[root@web ~]# vim /www/server/nginx/conf/nginx.conf
server
{
listen 888; //修改端口
server_name phpmyadmin;
index index.html index.htm index.php;
root /www/server/phpmyadmin;
location ~ /tmp/ {
return 403;
}
创建页面
[root@web ~]# cd /www/server/phpmyadmin
[root@web phpmyadmin]# ls
[root@web phpmyadmin]# echo "hello guan12319" > index.html
[root@web phpmyadmin]# ls
index.html
在浏览器访问页面
[root@web phpmyadmin]# cat index.html
hello guan12319 ----> 你好,世界
在网页文件输入中文出现乱码
解决办法,在网页文件加入如下内容
[root@web phpmyadmin]# cat index.html
<meta charset=utf8>
hello guan12319 ---- 你好,世界
模拟开发推送代码带gitee或者gitlab或者GitHub
- 开发将代码提交到仓库
- 运维通过jenkins从gitee或gitlab拉取代码,然后在jenkins通过使用shell部署到nginx服务器上。
- 在jenkins上创建心的job,然后填入内容,用于执行一个脚本
sh -x /scripts/deploy_nginx.sh
- 在jenkins服务器上部署好脚本
[root@jenkins ~]# mkdir /scripts/
[root@jenkins ~]# touch /scripts/deploy_nginx.sh
[root@jenkins ~]# cat /scripts/deploy_nginx.sh
#1,进入代码目录,打包传输
DATE=$(date +%Y-%m-%d-%H-%M-%S)
#web_server="154.9.228.2 154.9.228.3 154.9.228.4"
web_server="154.9.228.2"
# 定义部署的功能函数
# $WORKSPACE 是 jenkins 特有的变量,取得当前job的工作绝对路径
get_code(){
cd $WORKSPACE && tar -czf /opt/web-${DATE}.tar.gz *
}
# 2.代码发送给web集群组
scp_web_server(){
for hosts in $web_server
do
# jenkins执行如下命令,将自己本地代码压缩文件,scp发送给nginx服务器
scp /opt/web-${DATE}.tar.gz root@$hosts:/opt/
# jenkins服务器,利用ssh命令,远程执行命令
ssh root@$hosts "mkdir -p /nginx_web_html/web-${DATE} && \
tar -zxf /opt/web-${DATE}.tar.gz -C /nginx_web_html/web-${DATE} && \
rm -rf /nginx_web_html/web && \
ln -s /nginx_web_html/web-${DATE} /nginx_web_html/web"
done
}
# nginx 服务器上的网页根目录是: /nginx_web_html/web
# 3.函数执行
deploy(){
get_code
scp_web_server
}
# 4.执行入口
deploy
#给脚本赋予执行权限
[root@jenkins ~]# chmod 777 /scripts/deploy_nginx.sh
脚本直接执行,如果权限不够,可能是因为jenkins这个服务是jenkins用户运行的,像要操作目录权限不够,所以需要修改jenkins的用户为root
[root@jenkins ~]# grep root /etc/sysconfig/jenkins
JENKINS_USER="root"
Host key verification failed 和 Pwemisssion denied -> 这说明我们需要用jenkins的用户做免密将公钥发给目标服务器
解决jenkins账户无法切换+jenkins免密登录+ssh免密登录+scp免密远程复制的问题
1.解决jenkins账户无法切换
[root@jenkins ~]# vim ~/.bash_profile
# 在最后一行添加如下一行,并保存退出
export PS1='[\u@\h \W]\$'
[root@jenkins ~]# source ~/.bash_profile // 再刷新.bash_profile文件,使其起作用
2.jenkins免密登录
[root@jenkins ~]# vim /etc/sudoers
# 在最后一行添加如下一行,为jenkins用户添加免密码,然后并wq!强制保存退出
jenkins ALL=(ALL) NOPASSWD: ALL
[root@jenkins ~]# /etc/init.d/jenkins restart
Restarting jenkins (via systemctl):
[ OK ]
[root@jenkins ~]#
[root@jenkins ~]# su jenkins //成功切换到jenkins用户下,且无需密码
[jenkins@jenkins root]$
3.ssh免密登录
scp的免密执行其实取决于ssh的免密登录。假如ssh能够免密登录的话那么jenkins就可以直接调用scp不用输入密码了,当然就可以自动执行不用人工干预了。
# 安装ssh,默认已安装好
# yum install ssh
# 启动ssh服务器端
# systemctl start sshd
# systemctl status sshd
当我想要远程登录或者scp拷贝文件给目标服务器每次输入密码登录十分麻烦,有没有一种方式可以让服务器能够确定我的身份,无需输入密码可以直接通过认证?
ssh除了使用密码验证外,还提供了一种公私密钥的验证方式。客户端生成一个私钥,并生成一个与之对应的公钥,然后将公钥上传到服务器上。操作如下:
#要先切换到jenkins的账户
[root@jenkins ~]# su jenkins
[jenkins@jenkins root]$
[jenkins@jenkins root]$ ssh-keygen -t rsa
-t指定要创建的密钥类型,默认是rsa,所以跟执行ssh-keygen是一样的
期间会提示你输入你私钥的加密密码。如果想要完全做到不需要密码登录,此处可留空,直接回车,否则以后每次连接都需要输入密码。
完成后,会当前用户的主目录下的~/.ssh/路径下生成两个文件id_rsa与id_rsa.pub分别是私钥与公钥。
接下来,要把生成的公钥上传到服务器上,同样还是在客户端执行以下的代码
[jenkins@jenkins root]$ # ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.2
执行完成后,即可看到公钥了
[jenkins@jenkins root]$ cat /var/lib/jenkins/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBMDVDdhOsrp2vmERAhyn8h1aUwR+A7t1wxPMCuIj3pXobkj/HybI7ccKRIb/v2aNX9f2Rahmm8shImY+r+b+VQXG1vQaZN8cSekazNQqiEH044axqS0L/MvPxxFu0Y6qQVCQjau2qnYU/EKe50UTUlrR2zgJIFOuIIqhBRqXR7VruPzk6guCAJ8wjMZ1ZN4/HO2hkCxNQk2dWE7cV3O7CB3/gKocMQkjfWvn/u7swLxxoJa9kQAFqjZWGgmpFLvqZ0HYHMavsXdAwfoHpa719JegDqaqVqIXyvTkgWe9YfILexRWgMws2h6xHmNysKJZsRRF9ZXyObQbJqoSfzOIaqsiyCsMrgrhSIykQnocnDPBSY86cBQUIVM5sjLunYQ23QujHfPqjaPQMgakYcOkfTmzbMs1FemsSgcdcU+JhXvslARf4GAgJbu3VlHK16wWOEqpJzfTXga2hpt/UNRAYqcZfXHF9n0ZgX0UdjhWqCNamPn9PltQorqDPSjQHqwPV4tN2aGy5UuzH5a5yG6ti8esm0Tn3N8bDfEDUtYTIsPHu6gu+a4omXI6JzOBZfPW72Zl3MynkEeYTYnsPpEonvD7sV/YfUxDNSaDkTT8Qz3lDOWmHMz1BhHu893GIpKln+vwy33TfBU/21pjzFJrnZgYyPbbVtEUeR59rfLcjhw== jenkins@jenkins
接下来,测试一下 ssh远程登录到目标机器来看看是否免密成功:
[jenkins@jenkins root]$ ssh -p 当前服务器的ssh端口(默认是22) 你要登录的目标服务器账号(通常为root)@远程ip地址
当看到成功登录对方服务器,免密就成功了
[jenkins@jenkins root]$ ssh -p 22 root@154.9.228.2
RainYun Cloud Services
Check out the latest activities or get help from: https://www.rainyun.com
Activate the web console with: systemctl enable --now cockpit.socket
Last failed login: Wed Aug 9 12:28:55 CST 2023 from 218.92.0.76 on ssh:notty
There were 3089 failed login attempts since the last successful login.
Last login: Wed Aug 9 03:14:38 2023 from 154.9.228.2
[root@web ~]#
[root@web ~]# exit
logout
Connection to 154.9.228.1 closed.
[jenkins@jenkins root]$
将生成的公钥发给目标服务器
ssh-copy-id -i /var/lib/jenkins/.ssh/id_rsa.pub root@目标ip地址
[jenkins@jenkins root]$ ssh-copy-id -i /var/lib/jenkins/.ssh/id_rsa.pub root@154.9.228.2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '154.9.228.175 (154.9.228.2)' can't be established.
ECDSA key fingerprint is SHA256:owTLa6pSR6GuEAU2pjUJuFGOiUbPFbAGh25BbwHzfRk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@154.9.228.2's password: //输入目标服务器的密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@154.9.228.2'"
and check to make sure that only the key(s) you wanted were added.
[jenkins@jenkins root]$ ssh root@154.9.228.2 //ssh远程登录目标服务器测试一下
RainYun Cloud Services
Check out the latest activities or get help from: https://www.rainyun.com
Activate the web console with: systemctl enable --now cockpit.socket
Last failed login: Wed Aug 9 12:37:33 CST 2023 from 180.101.88.219 on ssh:notty
There were 52 failed login attempts since the last successful login.
Last login: Wed Aug 9 12:28:57 2023 from 154.9.228.2
[root@web ~]# exit
logout
Connection to 154.9.228.1 closed.
[jenkins@jenkins root]$
好了到这里,jenkins用户的免密完成了
构建成功之后即可,访问网页了
网页文件准备完成
[root@web web-2023-08-09-03-43-54]# cat /nginx_web_html/web-2023-08-09-03-43-54/index.html
<!DOCTYPE html>
<meta charset=utf8>
<html>
<head>
<title>我的网页</title>
</head>
<body>
<h1>欢迎来到我的网页!</h1>
<p>这是一个用HTML编写的网页示例。</p>
</body>
</html>
访问网站