准备工作都做好了,现在就让所有的部署工作自动化吧!
安装Jenkins
官网安装文档:https://www.jenkins.io/doc/book/installing/#red-hat-centos
软件安装:
[root@jinkens ~]# curl -o /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 85 100 85 0 0 199 0 --:--:-- --:--:-- --:--:-- 199
[root@jinkens ~]# rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
[root@jinkens ~]# dnf upgrade
Jenkins-stable 8.7 kB/s | 19 kB 00:02
Dependencies resolved.
Nothing to do.
Complete!
[root@jinkens ~]# dnf install jenkins java-1.8.0-openjdk-devel
Last metadata expiration check: 0:00:27 ago on Fri 18 Sep 2020 02:21:13 PM CST.
Dependencies resolved.
====================================================================================================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================================================================================================
Installing:
java-1.8.0-openjdk-devel x86_64 1:1.8.0.262.b10-0.el8_2 AppStream 9.8 M
jenkins noarch 2.249.1-1.1 jenkins 64 M
Installing dependencies:
.... omitted for brevity
Transaction Summary
====================================================================================================================================================================================================================
Install 16 Packages
Total download size: 113 M
Installed size: 238 M
Is this ok [y/N]:
设置防火墙:
[root@jinkens ~]# YOURPORT=8080
[root@jinkens ~]# PERM="--permanent"
[root@jinkens ~]# SERV="$PERM --service=jenkins"
[root@jinkens ~]#
[root@jinkens ~]# firewall-cmd $PERM --new-service=jenkins
tcp
firewall-cmd $PERM --add-service=jenkins
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reloadError: NAME_CONFLICT: new_service(): 'jenkins'
[root@jinkens ~]# firewall-cmd $SERV --set-short="Jenkins ports"
success
[root@jinkens ~]# firewall-cmd $SERV --set-description="Jenkins port exceptions"
success
[root@jinkens ~]# firewall-cmd $SERV --add-port=$YOURPORT/tcp
Warning: ALREADY_ENABLED: '8080:tcp'
success
[root@jinkens ~]# firewall-cmd $PERM --add-service=jenkins
success
[root@jinkens ~]# firewall-cmd --zone=public --add-service=http --permanent
success
[root@jinkens ~]# firewall-cmd --reload
success
[root@jinkens ~]#
安装Nginx:
[root@jinkens ~]# vi /etc/yum.repos.d/nginx.repo
[root@jenkins ~]# cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@jinkens ~]# dnf install nginx
nginx stable repo 5.5 kB/s | 16 kB 00:02
Last metadata expiration check: 0:00:01 ago on Fri 18 Sep 2020 02:27:32 PM CST.
Dependencies resolved.
====================================================================================================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================================================================================================
Installing:
nginx x86_64 1:1.18.0-1.el8.ngx nginx-stable 806 k
Transaction Summary
====================================================================================================================================================================================================================
Install 1 Package
Total download size: 806 k
Installed size: 3.6 M
Is this ok [y/N]:
配置Nginx代理Jenkins:
[root@jinkens ~]# vi /etc/nginx/conf.d/jenkins.conf
[root@jinkens ~]# cat /etc/nginx/conf.d/jenkins.conf
server {
listen *:80;
server_name jenkins.example.com www.jenkins.example.com;
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
keepalive_timeout 5 5;
tcp_nodelay on;
location / {
# Use IPv4 upstream address instead of DNS name to avoid attempts by nginx to use IPv6 DNS lookup
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@jinkens ~]#
配置防火墙、SELinux并启动服务:
[root@jinkens ~]# setsebool -P httpd_can_network_connect 1
[root@jinkens ~]# firewall-cmd --permanent --zone=public --add-service=http
success
[root@jinkens ~]# firewall-cmd --permanent --zone=public --add-service=https
success
[root@jinkens ~]# firewall-cmd --reload
success
[root@jinkens ~]# systemctl start nginx jenkins
[root@jinkens ~]# systemctl enable nginx jenkins
jenkins.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable jenkins
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@jinkens ~]#
初始化Jenkins - 安装推荐的插件(jenkins.example.com):
登入:
Freestyle Job
步骤说明
- 创建任务,配置GibLab代码源用于拉取代码;
- 在GitLab上传Jenkins用户凭证,赋予Jenkins拉取代码的能力;
- 安装Rsync软件,用于同步代码拉取目录至部署环境;
- 配置GitLab插件,使得发生Pull操作时通知Jenkins进行自动部署。
步骤演示
首先创建一个自动部署Monitor网页应用的任务吧!
创建任务:
配置Git:
Jenkins服务默认以虚拟用户jenkins运行,无访问GitLab的权利:
[root@jinkens ~]# grep jenkins /etc/passwd
jenkins:x:993:990:Jenkins Automation Server:/var/lib/jenkins:/bin/false
[root@jinkens ~]# ps -ef | grep ……jenkins
jenkins 2496 1 4 14:28 ? 00:01:20 /etc/alternatives/java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20
[root@jinkens ~]#
登入jenkins用户生成SSH密钥:
[root@jinkens ~]# sudo su -s /bin/bash jenkins
bash-4.4$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa):
Created directory '/var/lib/jenkins/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/jenkins/.ssh/id_rsa.
Your public key has been saved in /var/lib/jenkins/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RyO/uroyUWc45y42qWFVzt23ZfTDY8XZSSo4oaTuEX4 jenkins@jinkens
The key's randomart image is:
+---[RSA 3072]----+
| . . . |
| o . o o.+|
| o oooo. . o=|
| o =++=.o. ..o|
| =.ES + . .=+|
| o.o .. . ..+o|
| oo o . . |
| .o.= .. |
| .=o=o. |
+----[SHA256]-----+
bash-4.4$ cat /var/lib/jenkins/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUlNumEY9uRphcsKHqplBVkiroX9mD6C2d8vTTMopJoVPejoxIe1cncBsZK1igouzsIAtJjgybNfnue1Th1i53waBfwvPkjzX5fE0osc884w5UjFqhxURl0FpopLwu5ql+kK7EDmKRp912JJI1P9TiWIWXEOeUHFXtrQMbjaQ3IFdzmC24+iSy3jAOPoOYebOB8j+o1Syx/vJGhkCX8TCMlYiaENXkpSFAs5rIiJauHe+kMUafvGckVkHRyhnr9JorJkFwjpky5AJX36MCjxFc8lfDoUIBTCHh4azWliPZb+avaDCmfND/SoZPAxlooH1HojtNN3c595dvdhdWxirtSq7LvlGU821BV7ux2PCVBV7VZEEcZ5ri0vhICkGwc4NVnjU/XyF8RJM74OXoemYUsuyAiWTYQoecO/pZ2IGBcj0GEwk7nAReSmhjHq7e95NJNrvhwZ8BY4ZVmkB6tWPdI4rRXtONUanpuHijfTwA7R2yFRS+RbqZq1aHzxaEk2k= jenkins@jinkens
bash-4.4$
上传Jenkins公钥到GitLab中:
做一下访问测试:
bash-4.4$ ssh -T git@gitlab.example.com
ssh: Could not resolve hostname gitlab.example.com: Name or service not known
bash-4.4$ exit
[root@jinkens ~]# grep gitlab /etc/hosts
13.13.2.2 gitlab gitlab.example.com
[root@jinkens ~]# sudo su -s /bin/bash jenkins
bash-4.4$ ssh -T git@gitlab.example.com
The authenticity of host 'gitlab.example.com (13.13.2.2)' can't be established.
ECDSA key fingerprint is SHA256:80qO4Q5ve/SjKvHlSqM8XoKR+IyBHhtob32cIz0lJeQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'gitlab.example.com,13.13.2.2' (ECDSA) to the list of known hosts.
Welcome to GitLab, @root!
bash-4.4$
这一步不可省略,因为第一次连接时需要手工确认一下连接(The authenticity of host '13.13.7.7 (13.13.7.7)' can't be established.
),之后jenkins会将远程主机信息添加到/var/lib/jenkins/.ssh/known_hosts :
bash-4.4$ cat /var/lib/jenkins/.ssh/known_hosts
gitlab.example.com,13.13.2.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB3nGx73JUAC2k4/zaVTbwFC+lHuMXXuHfd8u2oGlsVGZLkPQiGcCBdmLKEcdsHux5YQkCLegw/kLh3qOAhGm7g=
bash-4.4$
刷新创建任务的页面:
忘记装Git了:
[root@jinkens ~]# dnf install git
Last metadata expiration check: 0:42:31 ago on Fri 18 Sep 2020 02:27:32 PM CST.
Dependencies resolved.
====================================================================================================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================================================================================================
Installing:
git x86_64 2.18.4-2.el8_2 AppStream 186 k
Installing dependencies:
.... omitted for brevity
Transaction Summary
====================================================================================================================================================================================================================
Install 47 Packages
Total download size: 19 M
Installed size: 71 M
Is this ok [y/N]:
再次刷新新建任务的页面:
注:这里是第一步,确保Jenkins可以从GitLab上拉取到源码。
点击确认立即构建:
查看日志输出:
确保文件已拉取到Jenkins本地:
[root@jinkens ~]# ls /var/lib/jenkins/workspace/Monitor/
404.html calendar.html css energy_consumption.html form-elements.html img labels.html manual.html mstp_105_SuperAdmin.iml QHME.iml tables.html
alerts.html charts.html deviceManager.html file-manager.html form-examples.html index.html LICENSE media mstp_map.html readme.md typography.html
assets components.html dianfei.html fonts form-validation.html js list-view.html media.html other-components.html real-time.html userMng.html
buttons.html content-widgets.html efficiencyAnalysis.html form-components.html images-icons.html keyInfo.html login.html messages.html profile-page.html sa.html
[root@jinkens ~]#
第二步:文件已经拉取到本地,怎么部署到WebSrv服务器呢?
将jenkins的公钥分发到WebSrv服务器并验证(作免密登录):
[root@jinkens ~]# sudo su -s /bin/bash jenkins
bash-4.4$ ssh-
ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan
bash-4.4$ ssh-copy-id -i /var/lib/jenkins/.ssh/id_rsa.pub root@websrv
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/jenkins/.ssh/id_rsa.pub"
The authenticity of host 'websrv (13.13.4.4)' can't be established.
ECDSA key fingerprint is SHA256:80qO4Q5ve/SjKvHlSqM8XoKR+IyBHhtob32cIz0lJeQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@websrv's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@websrv'"
and check to make sure that only the key(s) you wanted were added.
bash-4.4$ ssh root@websrv
Last login: Fri Sep 18 15:50:17 2020 from 13.13.3.3
[root@websrv ~]# logout
Connection to websrv closed.
bash-4.4$
安装rsync软件(作同步目录用):
[root@jinkens ~]# dnf install rsync
Last metadata expiration check: 1:20:43 ago on Fri 18 Sep 2020 02:27:32 PM CST.
Dependencies resolved.
====================================================================================================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================================================================================================
Installing:
rsync x86_64 3.1.3-7.el8 BaseOS 404 k
Transaction Summary
====================================================================================================================================================================================================================
Install 1 Package
Total download size: 404 k
Installed size: 819 k
Is this ok [y/N]:
在WebSrv服务器也要安装rsync软件:
[root@websrv ~]# dnf install rsync
Last metadata expiration check: 1:09:27 ago on Fri 18 Sep 2020 02:46:27 PM CST.
Dependencies resolved.
====================================================================================================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================================================================================================
Installing:
rsync x86_64 3.1.3-7.el8 BaseOS 404 k
Transaction Summary
====================================================================================================================================================================================================================
Install 1 Package
Total download size: 404 k
Installed size: 819 k
Is this ok [y/N]:
尝试手工同步一下:
[root@jinkens ~]# rsync -az --delete /var/lib/jenkins/workspace/Monitor/ root@websrv:/usr/share/nginx/html/monitor/
[root@jinkens ~]# echo "test" > /var/lib/jenkins/workspace/Monitor/test
[root@jinkens ~]# rsync -avz --delete /var/lib/jenkins/workspace/Monitor/ root@websrv:/usr/share/nginx/html/monitor/
sending incremental file list
./
test
sent 10,930 bytes received 94 bytes 22,048.00 bytes/sec
total size is 19,274,510 speedup is 1,748.41
[root@jinkens ~]# rm -f /var/lib/jenkins/workspace/Monitor/test
[root@jinkens ~]# rsync -avz --delete /var/lib/jenkins/workspace/Monitor/ root@websrv:/usr/share/nginx/html/monitor/
sending incremental file list
deleting test
./
sent 10,859 bytes received 83 bytes 21,884.00 bytes/sec
total size is 19,274,505 speedup is 1,761.52
[root@jinkens ~]#
重新配置Jenkins任务,使其可以自动部署Monitor应用:
构建失败了:
是SELinux的问题:
[root@jinkens ~]# journalctl -xe
Sep 18 16:05:07 jinkens setroubleshoot[7568]: SELinux is preventing rsync from execute access on the file ssh. For complete SELinux messages run: sealert -l 761724c4-f54c-40f9-985d-8e8ff24ee43e
Sep 18 16:05:07 jinkens platform-python[7568]: SELinux is preventing rsync from execute access on the file ssh.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow rsync to client
Then you must tell SELinux about this by enabling the 'rsync_client' boolean.
Do
setsebool -P rsync_client 1
***** Plugin catchall (11.6 confidence) suggests **************************
If you believe that rsync should be allowed execute access on the ssh file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'rsync' --raw | audit2allow -M my-rsync
# semodule -X 300 -i my-rsync.pp
Sep 18 16:05:13 jinkens su[7391]: pam_unix(su:session): session closed for user jenkins
Sep 18 16:05:13 jinkens sudo[7389]: pam_unix(sudo:session): session closed for user root
[root@jinkens ~]# setsebool -P rsync_client 1
[root@jinkens ~]#
又失败了:
还是SELinux的问题(也可以试一下第一种建议:Plugin rsync_data (37.5 confidence) suggests
相对更安全一点):
[root@jinkens ~]# journalctl -xe
Sep 18 16:08:50 jinkens setroubleshoot[7652]: SELinux is preventing ssh from search access on the directory .ssh. For complete SELinux messages run: sealert -l 28911d6b-6cd5-4ea5-8946-7decf242fb6b
Sep 18 16:08:50 jinkens platform-python[7652]: SELinux is preventing ssh from search access on the directory .ssh.
***** Plugin rsync_data (37.5 confidence) suggests ************************
If .ssh should be shared via the RSYNC daemon
Then you need to change the label on .ssh
Do
# semanage fcontext -a -t rsync_data_t '.ssh'
# restorecon -v '.ssh'
***** Plugin catchall_boolean (30.1 confidence) suggests ******************
If you want to allow rsync to export all ro
Then you must tell SELinux about this by enabling the 'rsync_export_all_ro' boolean.
Do
setsebool -P rsync_export_all_ro 1
***** Plugin catchall_boolean (30.1 confidence) suggests ******************
If you want to allow rsync to full access
Then you must tell SELinux about this by enabling the 'rsync_full_access' boolean.
Do
setsebool -P rsync_full_access 1
***** Plugin catchall (4.20 confidence) suggests **************************
If you believe that ssh should be allowed search access on the .ssh directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'ssh' --raw | audit2allow -M my-ssh
# semodule -X 300 -i my-ssh.pp
[root@jinkens ~]# setsebool -P rsync_full_access 1
[root@jinkens ~]#
成功了:
好了,现在可以自动部署了。但还需要手动点一下自动构建,可以监控GitLab提交事件并自动化构建吗?
安装GitLab插件:
添加触发事件:
生成私钥:
配置到GitLab中:
测试一下:
配置GitLab的服务器的主机文件:
[root@gitlab ~]# vi /etc/hosts
[root@gitlab ~]# grep jenkins /etc/hosts
13.13.3.3 jenkins jenkins.example.com
[root@gitlab ~]#
再次测试成功:
Maven Job
步骤说明
- 配置Maven运行的必要环境及安装Jenkins对应插件;
- 创建项目并设置GitLab代码拉取源;
- 安装“Deploy to Container”插件,用来连接Jenkins和Tomcat;
- 配置Tomcat认证,赋予Jenkins访问Tomcat的权利;
- 配置GitLab触发器,当Pull操作发生时通知Jenkins自动打包部署到Tomcat。
步骤演示
普通的网页应用同步下目录就可以了,那Maven项目呢?
安装Maven软件:
[root@jinkens ~]# dnf install maven
Last metadata expiration check: 0:45:34 ago on Fri 18 Sep 2020 05:27:54 PM CST.
Dependencies resolved.
====================================================================================================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================================================================================================
Installing:
maven noarch 1:3.5.4-5.module_el8.0.0+39+6a9b6e22 AppStream 27 k
Installing dependencies:
.... omitted for brevity
Transaction Summary
====================================================================================================================================================================================================================
Install 44 Packages
Total download size: 9.4 M
Installed size: 12 M
Is this ok [y/N]:
修改Maven镜像源:
[root@jinkens ~]# cd /etc/maven/
[root@jinkens maven]# ls
logging settings.xml
[root@jinkens maven]# mv settings.xml{,.bak}
[root@jinkens maven]# scp root@websrv:/etc/maven/settings.xml ./
settings.xml 100% 11KB 7.9MB/s 00:00
[root@jinkens maven]# vi /etc/hosts
[root@jinkens maven]# grep nexus /etc/hosts
13.13.5.5 nexus nexus.example.com
[root@jinkens maven]#
安装Maven插件:
创建Maven项目:
源码管理:
Build:
构建成功(24s,Yummy ~ ):
查看输出文件:
[root@jinkens ~]# ls /var/lib/jenkins/workspace/Flamingo/target/
classes Flamingo-0.1.0-RELEASE Flamingo-0.1.0-RELEASE.war Flamingo-0.1.0-RELEASE.war.original generated-sources maven-archiver maven-status
[root@jinkens ~]#
第一步拉取代码打包完成了,怎么自动部署呢?
自动部署到WebSrv服务器的tomcat容器,下载一个插件:
配置Tomcat管理员用户密码:
[root@websrv conf]# cp tomcat-users.xml{,.bak}
[root@websrv conf]# vi tomcat-users.xml
[root@websrv conf]# cat tomcat-users.xml
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="manager-script"/>
<user username="manager" password="abcd1234.." roles="manager-script"/>
</tomcat-users>
[root@websrv conf]#
开放用户在其它主机进行登录(注释掉远程登录主机限制):
[root@websrv conf]# cd ../webapps/manager/META-INF/
[root@websrv META-INF]# cp context.xml{,.bak}
[root@websrv META-INF]# vi context.xml
[root@websrv META-INF]# cat context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
[root@websrv META-INF]# systemctl restart tomcat
[root@websrv META-INF]#
也可以
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|13.13.3.3"
只开放Jenkins哦。
构建后步骤:
添加Tomcat认证用户凭据:
Jenkins提示时间在2020-09-18T22:34:01+08:00部署成功:
再查看一下WebSrv服务器,也是这个时间哦,自动部署完成:
[root@websrv ~]# ll /usr/local/tomcat/webapps/
total 47560
drwxr-x---. 15 tomcat tomcat 4096 Sep 17 16:58 docs
drwxr-x---. 6 tomcat tomcat 83 Sep 17 16:58 examples
drwxr-x---. 5 tomcat tomcat 48 Sep 18 22:34 Flamingo-0.1.0-RELEASE
-rw-r-----. 1 tomcat tomcat 48696579 Sep 18 22:34 Flamingo-0.1.0-RELEASE.war
drwxr-x---. 5 tomcat tomcat 87 Sep 17 16:58 host-manager
drwxr-x---. 6 tomcat tomcat 114 Sep 17 16:58 manager
drwxr-x---. 3 tomcat tomcat 283 Sep 17 16:58 ROOT
[root@websrv ~]#
最后一步,配置自动触发吧!
同样的,配置触发器:
这次选了两个,
Build whenever a SNAPSHOT dependency is built
是说如果该项目POM中的依赖项目使用Jenkins打包构建的话,这个项目也会被触发重新构建哦。
配置GitLab钩子:
测试一下,触发成功(总共构建15次之多,多多犯错多多Google):