詹金斯搭建
I’ve built multiple Django projects and deployed on servers for testing on a production like environment. Now there was an admin overhead that came with that. Anytime I made a code change I had to connect to the server, use version control to update the code and restart services like nginx and gunicorn in order for my changes to reflect on the frontend. Now imagine doing that a hundred times (**pulling hair and screaming in agony**). Luckily for the past year I’ve been learning about DevOps and some nice tools that come with it. **DrumRoll** Introducing Jenkins, this is a CI/CD tool that removes the admin overhead that comes with repetitive tasks. Now let’s try removing that admin overhead I complained about earlier.
我已经构建了多个Django项目,并部署在服务器上以在类似生产的环境中进行测试。 现在随之而来的是管理费用。 每当我进行代码更改时,都必须连接到服务器,使用版本控制来更新代码并重新启动服务(如nginx和gunicorn),以便我的更改反映在前端。 现在想象一下这样做一百次( **拉扯头发并痛苦地尖叫** )。 幸运的是,在过去的一年中,我一直在学习DevOps及其附带的一些不错的工具。 ** DrumRoll **简介Jenkins,这是一个CI / CD工具,它消除了重复性任务带来的管理开销。 现在,让我们尝试消除我之前抱怨的管理开销。
先决条件 (Prerequisites)
You’ll need a VPS. You can get one on AWS or GCP. I’ll be using AWS in this article. You can refer to my article on setting up a VPS on AWS and also configuring a swap space for your VPS. While setting up the server security groups on AWS, open the following ports 22, 80 and 8080. This will allow you connect to the Jenkins UI and the sample website we’ll be using. We’ll be using a CentOS 7 image for this deployment. Make sure you have a normal user with sudo privileges to perform all the installation and setup. You can refer to this article on how to create a normal user.
您需要一个VPS。 您可以在AWS或GCP上获得一个。 我将在本文中使用AWS。 您可以参考我有关在AWS上设置VPS以及为VPS配置交换空间的文章。 在AWS上设置服务器安全组时,打开以下端口22、80和8080。这将允许您连接到Jenkins UI和我们将使用的示例网站。 我们将在此部署中使用CentOS 7映像。 确保您具有sudo特权的普通用户来执行所有安装和设置。 您可以参考本文,了解如何创建普通用户。
Step 1: Install Jenkins and extra packages
步骤1:安装Jenkins和其他软件包
We’ll be using a repository that I’ve setup with all the necessary scripts and also the Jenkins pipeline. This project was set up for the use case in this article but using the configuration in this repo you can create a CI/CD for any project. Go through the README to understand the workings in the project. You can check it out here. Open the repository and check out the contents of initial-setup.sh . This helps you install some necessary packages. Copy the contents of the file to the server.
我们将使用一个已安装了所有必需脚本以及Jenkins管道的存储库。 该项目是针对本文中的用例设置的,但是使用此存储库中的配置,您可以为任何项目创建CI / CD。 阅读自述文件以了解项目中的工作原理。 您可以在这里查看。 打开存储库,并检查initial-setup.sh的内容。 这可以帮助您安装一些必要的软件包。 将文件内容复制到服务器。
$ vi Save and close the file. Run the script to install the packages.
保存并关闭文件。 运行脚本以安装软件包。
$ chmod +x $ ./Once the script is done, visit your servers public IP on port 8080 to view the Jenkins dashboard (http://<YOUR SERVER’S IP>:8080). You’ll see a screen like the one below.
脚本完成后,请在端口8080上访问服务器的公共IP,以查看Jenkins仪表板( http:// <您的服务器的IP>:8080 )。 您会看到类似下面的屏幕。
To get your administrator password, run this command to get it.
要获取管理员密码,请运行此命令以获取密码。
$ sudo cat /var/lib/jenkins/secrets/initialAdminPasswordThis will output your administrator password. The username associated with this password is admin incase you want to log in with this user. Once you input your administrator password you get a page asking for installation of plugins.
这将输出您的管理员密码。 如果您要使用此密码登录,则与此密码关联的用户名是admin 。 输入管理员密码后,您会看到一个页面,要求安装插件。
Select Install suggested plugins to install some standard plugins that will help during your pipeline setup. Once the installation is done you are asked to create a normal user.
选择安装建议的插件以安装一些标准的插件,这些插件将在管道设置过程中提供帮助。 安装完成后,系统会要求您创建一个普通用户。
After creating the user, you are asked to set your Jenkins URL. Leave it as default and now you should be logged in.
创建用户后,要求您设置您的詹金斯URL。 将其保留为默认值,现在您应该已经登录。
Step 2: Disable SELinux and extra Jenkins configuration
步骤2:停用SELinux和额外的Jenkins配置
SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy. But when trying to debug permission problems, it might make sense to temporarily disable SELinux. In this case, you can opt to have SELinux run in permissive mode, either for the entire system, or for a specific (set of) types or disable it. Run this command to check the status of SELinux:
SELinux为系统上的应用程序,进程和文件定义访问控制。 它使用安全策略(这些策略告诉SELinux可以访问或不能访问什么)来强制执行策略允许的访问。 但是,当尝试调试权限问题时,暂时禁用SELinux可能很有意义。 在这种情况下,您可以选择让SELinux在许可模式下运行,无论是针对整个系统,还是针对特定的(一组)类型,或将其禁用。 运行以下命令以检查SELinux的状态:
$ sestatusIf it is enabled and set to enforcing mode, then we’ll change it to permissive mode. Nginx might not get access to your socket file if these instructions are not carried out. Open the SELinux configuration file:
如果启用并设置为强制模式,则将其更改为宽松模式。 如果不执行这些指示,Nginx可能无法访问您的套接字文件。 打开SELinux配置文件:
$ sudo vi /etc/selinux/configChange enforced to permissive
强制变更为宽松
// Remove
SELINUX=enforcing// Replace with
SELINUX=permissiveSave and close the file. We are meant to reboot the server for the changes to take effect but before that let’s do some Jenkins configuration for ease of use. Using Jenkins on CentOS is a hassle. One reason is that the Jenkins user is set up as a service account instead of a user account. This prevents the Jenkins user from having superuser-like privileges. This is different on Ubuntu where the Jenkins user is a user account and I can grant the user sudo privileges by using visudo. For your jobs to run smoothly on CentOS, you have to switch the user running the jobs from Jenkins to a user with sudo privilege. I’ll be switching to centos user. Open up the this script (using VI or other editor):
保存并关闭文件。 我们打算重新引导服务器以使更改生效,但是在此之前,我们先进行一些Jenkins配置以简化使用。 在CentOS上使用Jenkins很麻烦。 原因之一是Jenkins用户被设置为服务帐户而不是用户帐户。 这样可以防止Jenkins用户拥有类似超级用户的特权。 这在Ubuntu上是不同的,在Ubuntu中,Jenkins用户是用户帐户,我可以使用visudo授予用户sudo特权。 为了使作业在CentOS上顺利运行,您必须将运行作业的用户从Jenkins切换到具有sudo特权的用户。 我将切换到centos用户。 打开以下脚本(使用VI或其他编辑器):
$ sudo vi /etc/sysconfig/jenkinsFind this line and change to “centos” or any user you prefer:
找到这一行并更改为“ centos”或您喜欢的任何用户:
$JENKINS_USER="centos"Then change the ownership of Jenkins home, webroot and logs:
然后更改Jenkins主页,webroot和日志的所有权:
$ sudo chown -R centos:centos /var/lib/jenkins $ sudo chown -R centos:centos /var/cache/jenkins$ sudo chown -R centos:centos /var/log/jenkinsRestart Jenkins and check the user has been changed:
重新启动Jenkins,并检查用户是否已更改:
$ sudo /etc/init.d/jenkins restart $ ps -ef | grep jenkinsNow you should be able to run the Jenkins jobs as the centos user. Now you can reboot the server:
现在,您应该能够以centos用户身份运行Jenkins作业。 现在您可以重新启动服务器:
$ sudo shutdown now -rReconnect back to your instance and check the status of SELinux:
重新连接回您的实例并检查SELinux的状态:
$ sestatusIf it has changed to permissive then you’re good to go.
如果它已更改为宽松,那么您就很好了。
Step 3: Setup Jenkins Pipeline
步骤3:设定Jenkins管道
We’re almost ready to setup the Jenkins pipeline. We have to do a little bit of housekeeping. Log in to the Jenkins dashboard
我们几乎准备好设置Jenkins管道。 我们必须做一点家务。 登录到Jenkins仪表板
On the left sidebar click on Manage Jenkins. This opens the Management dashboard of Jenkins. Click on ‘Configure Global Security’. Scroll down and enable ‘Enable proxy compatibility’ on the ‘CSRF Protection’. Apply and Save.
在左侧边栏上,单击管理詹金斯。 这将打开Jenkins的管理仪表板。 单击“配置全局安全性”。 向下滚动并在“ CSRF保护”上启用“启用代理兼容性”。 应用并保存。
Now we can setup the Jenkins pipeline. Go to Jenkins home and Click on New Item. Enter Name and select Pipeline:
现在,我们可以设置Jenkins管道。 转到詹金斯家,然后单击“新建项目”。 输入名称,然后选择管道:
Go on to the next page. Scroll down, switch pipeline definition to ‘Pipeline Script from SCM’, Select Git as the SCM and Input your repository URL.
转到下一页。 向下滚动,将管道定义切换到“来自SCM的管道脚本”,选择Git作为SCM,然后输入存储库URL。
Add a trigger to the pipeline to rerun when there’s a new commit. This is what updates the code changes to your application automatically without you manually running the commands. You can add multiple triggers like running at different times of the day. The triggers makes use of the linux cron job string format. You can read more about it here.
将触发器添加到管道中,以在有新提交时重新运行。 这就是更新代码后自动更改为您的应用程序的功能,而无需您手动运行命令。 您可以添加多个触发器,例如在一天中的不同时间运行。 触发器使用linux cron作业字符串格式。 您可以在此处了解更多信息。
Once all this is done you can Apply and Save. Your Pipeline should start running anytime soon. If you check the README of the project used in this article there are some prerequisite steps that should be carried out to have everything running smoothly.
完成所有这些操作后,您可以应用和保存。 您的管道应尽快开始运行。 如果检查本文中使用的项目的自述文件,则应执行一些先决条件步骤,以使一切顺利运行。
The pipeline ran successfully. Though this doesn’t guarantee that everything is okay. You can check the logs of the stages in the pipeline to verify that everything is working.
管道成功运行。 尽管这不能保证一切正常。 您可以检查管道中各阶段的日志,以验证一切正常。
After checking the logs of all stages looks like everything ran fine. Now I can visit the webpage using the IP Address of the server.
在检查了所有阶段的日志后,看起来一切正常。 现在,我可以使用服务器的IP地址访问该网页。
Now with the way the pipeline was configured if there’s a new commit on the repository, it’ll pull the changes and redeploy your application without your manual intervention.
现在,如果在存储库上有新的提交,则采用配置管道的方式,它可以拉出更改并重新部署应用程序,而无需您手动干预。
恭喜!!! (Congrats!!!)
We’ve been able to eliminate the admin overhead that comes with testing your Django project in a production like environment. This will allow you make changes and see the effects almost immediately. Goodluck!!!
我们已经消除了在像生产这样的生产环境中测试Django项目所带来的管理开销。 这将使您进行更改并几乎立即看到效果。 祝好运!!!
参考链接: (REFERENCE Links:)
1) https://medium.com/fusiontec/how-to-run-jenkins-using-the-root-user-in-linux-centos-79d96749ca5a
1) https://medium.com/fusiontec/how-to-run-jenkins-using-the-root-user-in-linux-centos-79d96749ca5a
2) https://stackoverflow.com/questions/17940612/authentication-error-in-jenkins-on-using-sudo
2) https://stackoverflow.com/questions/17940612/authentication-error-in-jenkins-on-using-sudo
翻译自: https://medium.com/@vahiwe/build-a-django-ci-cd-pipeline-using-jenkins-e90cbe098970
詹金斯搭建
扫一扫
299
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
