一、部署Tomcat
1、部署jdk-1.8.0
[root@tomcat/usr/local]$ cat /etc/profile.d/jdk.sh JAVA_HOME=/usr/local/jdk1.8.0_341 JAVA_BIN=$JAVA_HOME/bin JRE_HOME=$JAVA_HOME/jre JRE_BIN=$JRE_HOME/bin PATH=$JAVA_BIN:$JRE_BIN:$PATH CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib export JAVA_HOME JRE_HOME PATH CLASSPATH [root@tomcat/usr/local]$ java -version java version "1.8.0_341" Java(TM) SE Runtime Environment (build 1.8.0_341-b10) Java HotSpot(TM) 64-Bit Server VM (build 25.341-b10, mixed mode)
2、配置Tomcat
# 添加 [root@tomcat/usr/local/tomcat]$ vim /usr/local/tomcat/conf/tomcat-users.xml <role rolename="admin-gui"/> <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="manager-status"/> <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="admin-gui,manager-gui,manager-script,manager-status,tomcat,role1"/> </tomcat-users> # 修改1 [root@tomcat/usr/local/tomcat]$ vim /usr/local/tomcat/webapps/host-manager/META-INF/context.xml <Context antiResourceLocking="false" privileged="true" > <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies="strict" /> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="10.0.0.*" /> <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> </Context> # 修改二 [root@tomcat/usr/local/tomcat]$ vim /usr/local/tomcat/webapps/manager/META-INF/context.xml <Context antiResourceLocking="false" privileged="true" > <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies="strict" /> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="10.0.0.*" /> <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> </Context>
一、部署GitLab代码托管平台
1、部署GitLab
# 安装依赖 [root@gitlab~]$ yum -y install policycoreutils policycoreutils-python [root@gitlab~]$ rpm -ivh gitlab-ce-14.4.1-ce.0.el7.x86_64.rpm [root@gitlab~]$ vim /etc/gitlab/gitlab.rb external_url 'http://10.0.0.17' # 修改为主机IP [root@gitlab~]$ gitlab-ctl reconfigure # 初始化
2、部署Jenkins
# 配置Java环境 [root@jenkins~]$ yum -y install java-11-openjdk # 基于War包部署 [root@jenkins~]$ java -jar jenkins.war [root@jenkins~/.jenkins]$ cat hudson.model.UpdateCenter.xml <?xml version='1.1' encoding='UTF-8'?> <sites> <site> <id>default</id> <url>http://updates.jenkins.io/update-center.json</url> </site> </sites> # 访问:http://10.0.0.18:8080/
2.1、部署maven
# 部署maven [root@jenkins/usr/local/maven]$ wget https://mirrors.tuna.tsinghua.edu.cn/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz [root@jenkins/usr/local/maven]$ tar xf apache-maven-3.6.3-bin.tar.gz -C /usr/local/ [root@jenkins/usr/local/maven]$ ln -s /usr/local/apache-maven-3.6.3/ /usr/local/maven [root@jenkins/usr/local/maven]$ echo 'PATH=/usr/local/maven/bin:$PATH' > /etc/profile.d/maven.sh [root@jenkins/usr/local/maven]$ echo 'export MAVEN_HOME=/usr/local/maven' >> /etc/profile.d/maven.sh [root@jenkins/usr/local/maven]$ . /etc/profile.d/maven.sh [root@jenkins/usr/local/maven]$ mvn -v Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f) Maven home: /usr/local/maven Java version: 1.8.0_372, vendor: Red Hat, Inc., runtime: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64/jre Default locale: en_US, platform encoding: UTF-8 OS name: "linux", version: "3.10.0-1160.el7.x86_64", arch: "amd64", family: "unix" #配置镜像加速 [root@jenkins/usr/local/maven]$ vim /usr/local/maven/conf/settings.xml <mirror> <id>nexus-aliyun</id> <mirrorOf>*</mirrorOf> <name>Nexus aliyun</name> <url>http://maven.aliyun.com/nexus/content/groups/public</url> </mirror>
[root@jenkins/home/jenkins/repo]$ vim /usr/local/maven/conf/settings.xml # 1) 添加阿里云私服地址 <mirror> <id>nexus-aliyun</id> <mirrorOf>*</mirrorOf> <name>Nexus aliyun</name> <url>http://maven.aliyun.com/nexus/content/groups/public</url> </mirror> # 2)本地仓库改为: <localRepository>/home/jenkins/repo</localRepository>
2.2、配置环境变量
2.3、配置凭证
-
Deploy to container
3、基于GIt Lab和Jenkins自动化部署Jpress
-
安装插件
Girlab
,Generic Webhook Trigger
# 将Jenkins公钥添加到GitLab上 [root@jenkins~]$ ssh-keygen [root@jenkins~]$ cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCm7igqHcacJPT6O2t7OgoKlIcvamcL92qjx6F09yivesIv+FL3A0iGNLGkWttxTtAH+ePlfD2Phmhm/Ji4PFGWr/PhmQ1mytopEUUe0NoNwNaDwjWVZd/tDqPM39uDBasak1+m0kgEmrHEJAKDlfdl18A3XKlplw/ZJ+kYHMaR4WesAI1F+0Em4EunWJRheB4fPEnMeObDc4Ek33j2YgDuLY0ZjjiURSbmNBG8ctfYlV+onk/Esb21la59c60fk45U6iD3EuoRFho6Gy8qWHBkTRlHVgLxIQedqvygC0zpHmxOeJalj+SrccDGDgIrXgMCCxoY5VLZ7njMvLCQ/f73 root@jenkins
4、Jenkins配置
5、基于宿主机Tomcat流水线部署Jpress(测试)
pipeline { agent any environment { DEST_IP='10.0.0.19' DEST_PATH='/usr/local/tomcat' SRC_PATH='/root/.jenkins/workspace/Jpress/starter-tomcat/target' } stages { stage('拉取代码') { steps { checkout scmGit(branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[url: 'http://10.0.0.17/root/jpress.git']]) } } stage('开始构建打包') { steps { sh '''echo "开始构建打包" /usr/bin/mvn clean package echo "建构打包结束"''' } } stage('推送war至tomcat') { steps { sh '''ssh ${DEST_IP} ${DEST_PATH}/bin/shutdown.sh scp ${SRC_PATH}/*.war ${DEST_IP}:${DEST_PATH}/webapps ssh ${DEST_IP} ${DEST_PATH}/bin/startup.sh''' } } } }
-
测试访问
三、部署Docker-ce
# Jenkins和Harbor仓库都要部署Docker # step 1: 安装必要的一些系统工具 yum install -y yum-utils device-mapper-persistent-data lvm2 # Step 2: 添加软件源信息 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # Step 3 sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo # Step 4: 更新并安装Docker-CE yum makecache fast yum -y install docker-ce # Step 4: 开启Docker服务 systemctl enable --now docker.service
四、部署harbor仓库
[root@harbor~]$ wget https://github.com/goharbor/harbor/releases/download/v2.9.3/harbor-offline-installer-v2.9.3.tgz [root@harbor~]$ tar xf harbor-offline-installer-v2.9.3-rc1.tgz -C /usr/local [root@harbor/usr/local/harbor]$ vim harbor.yml hostname: 10.0.0.19 # 修改为主机IP # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # 没有配置证书可以将以下注释掉 # https related config #https: # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path ... # 修改登录密码(可选) harbor_admin_password: 123456 # 需要安装python依赖 [root@harbor/usr/local/harbor]$ yum install -y python # 安装 [root@harbor/usr/local/harbor]$ ./install.sh # 登录 用户名:admin 密码:123456(上面自定义)
五、基于容器部署Jpress
1、构建Dockerfile
[root@docker~/tomcat-Dockerfile]$ cat Dockerfile FROM centos:centos7 LABEL version="tomcat-v1" ADD apache-tomcat-8.5.72.tar.gz /usr/local/ ADD jdk-8u341-linux-x64.tar.gz /usr/local/ ADD jdk.sh /etc/profile.d/jdk.sh ENV JAVA_HOME=/usr/local/jdk1.8.0_341 ENV JAVA_BIN=$JAVA_HOME/bin ENV JRE_HOME=$JAVA_HOME/jre ENV JRE_BIN=$JRE_HOME/bin ENV PATH=$JAVA_BIN:$JRE_BIN:$PATH ENV CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib ENV export JAVA_HOME JRE_HOME PATH CLASSPATH VOLUME /usr/local/apache-tomcat-8.5.72/webapps CMD /usr/local/apache-tomcat-8.5.72/bin/start-tomcat.sh EXPOSE 8080 8009 8005 [root@docker~/tomcat-Dockerfile]$ cat jdk.sh JAVA_HOME=/usr/local/jdk1.8.0_341 JAVA_BIN=$JAVA_HOME/bin JRE_HOME=$JAVA_HOME/jre JRE_BIN=$JRE_HOME/bin PATH=$JAVA_BIN:$JRE_BIN:$PATH CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib export JAVA_HOME JRE_HOME PATH CLASSPATH [root@docker~/tomcat-Dockerfile]$ cat build.sh docker build . -t myx/tomcat:v1 -f Dockerfile [root@docker~/tomcat-Dockerfile]$ ls apache-tomcat-8.5.72.tar.gz Dockerfile jdk.sh build.sh jdk-8u341-linux-x64.tar.gz # 启动 [root@docker/data/webapps]$ docker run -dit -p 8080:8080 -p 8009:8009 -p 8005:8005 -v /data/webapps:/usr/local/apache-tomcat-8.5.72/webapps --name Jpress myx/tomcat:v1
2、Jenkins 流水线配置文件
-
配置webhook
-
填写在这里
-
测试能看到
200
即为成功
-
流水线脚本
-
注意:docker 容器和 Jenkins 之间需要做免密认证
pipeline { agent any environment { DEST_IP = '10.0.0.20' DEST_PATH = '/data' SRC_PATH = '/root/.jenkins/workspace/Jpress/starter-tomcat/target' } stages { stage('拉取代码') { steps { checkout([$class: 'GitSCM', branches: [[name: '*/master']], userRemoteConfigs: [[url: 'http://10.0.0.17/root/jpress.git']]]) } } stage('开始构建打包') { steps { sh 'echo "开始构建打包"' sh '/usr/bin/mvn clean package' sh 'echo "构建打包结束"' } } stage('推送war至tomcat') { steps { sh "scp ${SRC_PATH}/*.war ${DEST_IP}:${DEST_PATH}/webapps" } } stage('打包镜像推送至harbor仓库') { steps { sh "bash /root/tomcat-Dockerfile/push_harbor.sh" } } } }
[root@jenkins~/tomcat-Dockerfile]$ cat push_harbor.sh newVersion_a=$(ssh 10.0.0.20 docker image ls 10.0.0.19/tomcat/jpress | grep -o 'v[0-9]*' | sed 's/v//' | sort -n | tail -1) newVersion_b=$(( $(ssh 10.0.0.20 "docker image ls 10.0.0.19/tomcat/jpress | grep -o 'v[0-9]*' | sed 's/v//' | sort -n | tail -1") + 1 )) ssh 10.0.0.20 docker tag 10.0.0.19/tomcat/jpress:v${newVersion_a} 10.0.0.19/tomcat/jpress:v${newVersion_b} ssh 10.0.0.20 docker push 10.0.0.19/tomcat/jpress:v${newVersion_b}
# 构建出来的 *.war 包会自动解压 [root@docker/data/webapps]$ ls docs host-manager ROOT starter-tomcat-5.0.war examples manager starter-tomcat-5.0 # 访问:http://10.0.0.20:8080/starter-tomcat-5.0/install
-
添加一行内容,测试webhook是否会自动拉取
-
自动拉取
-
推送成功
六、镜像打包,上传到harbor仓库
1、配置命令行登录
[root@docker/data/webapps]$ vim /etc/docker/daemon.json { "insecure-registries": ["10.0.0.19"] } [root@docker/data/webapps]$ systemctl restart docker [root@docker/data/webapps]$ docker login 10.0.0.19 -u admin Password: 【123456】 WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded # 登陆成功 [root@docker~]$ cat .docker/config.json { "auths": { "10.0.0.19": { "auth": "YWRtaW46MTIzNDU2" } } } # 打标签 [root@docker~]$ docker tag myx/tomcat:v1 10.0.0.19/tomcat/jpress:v1 # 查看镜像 [root@docker~]$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE 10.0.0.19/tomcat/jpress v1 e39f6d63184f 2 hours ago 866MB myx/tomcat v1 e39f6d63184f 2 hours ago 866MB # 推送镜像到harbor仓库 [root@docker~]$ docker push 10.0.0.19/tomcat/jpress:v1 The push refers to repository [10.0.0.19/tomcat/jpress] fe32ab94910e: Pushed cfd346540b75: Pushed 4e1e9ef95150: Pushed 174f56854903: Pushed v1: digest: sha256:91a500983678657e83a94ca9c68a5ed7e31aec600cd0baedf99a1abcf92a7970 size: 1162
-
查看
2、拉取镜像测试是否可用
# 删除所有镜像 [root@docker~]$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE # 拉取 [root@docker~]$ docker pull 10.0.0.19/tomcat/jpress:v1 v1: Pulling from tomcat/jpress 2d473b07cdd5: Already exists b66bc2edc967: Already exists f63d893af1f9: Already exists 167ba753243c: Already exists Digest: sha256:91a500983678657e83a94ca9c68a5ed7e31aec600cd0baedf99a1abcf92a7970 Status: Downloaded newer image for 10.0.0.19/tomcat/jpress:v1 10.0.0.19/tomcat/jpress:v1 # 查看 [root@docker~]$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE 10.0.0.19/tomcat/jpress v1 e39f6d63184f 2 hours ago 866MB # 启动容器 [root@docker~]$ docker run -dit -p 8080:8080 -p 8009:8009 -p 8005:8005 --name Jpress 10.0.0.19/tomcat/jpress:v1 7b188795996afc9c5ae925ae830352792e0e5fce32e73a7ceef2c6be1500c332 # 查看启动成功 [root@docker~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7b188795996a 10.0.0.19/tomcat/jpress:v1 "/bin/sh -c /usr/loc…" 7 seconds ago Up 1 second 0.0.0.0:8005->8005/tcp, :::8005->8005/tcp, 0.0.0.0:8009->8009/tcp, :::8009->8009/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp Jpress # 访问:http://10.0.0.20:8080/starter-tomcat-5.0/install
-
打开一个无痕浏览器测试
七、安装数据库
[root@docker/usr/local/src]$ cat install_mysql.sh SRC_DIR="/usr/local/src" #MYSQL="mysql-5.7.26-linux-glibc2.12-x86_64.tar.gz" #MYSQL="mysql-5.7.28-linux-glibc2.12-x86_64.tar.gz" MYSQL="mysql-5.7.42-linux-glibc2.12-x86_64.tar.gz" #MYSQL="mysql-8.0.20-linux-glibc2.12-x86_64.tar.gz" DATA="/data/mysql" COLOR="echo -e \E[32;1m" END="\E[0m" $COLOR"开始安装MySQL数据库"$END tar xvf $MYSQL -C $SRC_DIR ln -s `echo $MYSQL | sed -r "s#(.*[0-9]).*#\1#g"` $SRC_DIR/mysql id mysql &> /dev/null || { useradd -s /sbin/nologin -r mysql; $COLOR"创建mysql用户"$END; } mkdir -p $DATA chown -R mysql.mysql $DATA chown -R mysql.mysql $SRC_DIR/mysql/* echo "PATH=$PATH:$SRC_DIR/mysql/bin" > /etc/profile.d/lamp.sh source /etc/profile.d/lamp.sh $COLOR"开始初始化数据库"$END yum -y install libaio-devel $SRC_DIR/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=$SRC_DIR/mysql --datadir=$DATA cat >/etc/my.cnf<<-EDF [mysqld] user=mysql basedir=$SRC_DIR/mysql datadir=$DATA socket=/tmp/mysql.sock port=3306 skip_name_resolve=1 log-error=$DATA/mysql.log pid-file=$DATA/mysql.pid [mysql] socket=/tmp/mysql.sock EDF cat >/etc/systemd/system/mysqld.service<<-EOF [Unit] Description=MySQL Server After=network.target After=syslog.target [Install] WantedBY=multi-user.target [Service] User=mysql Group=mysql ExecStart=$SRC_DIR/mysql/bin/mysqld --defaults-file=/etc/my.cnf LimitNOFILE = 5000 EOF systemctl daemon-reload systemctl enable --now mysqld.service systemctl is-active mysqld.service &>/dev/null || { $COLOR"MYSQL 启动失败,退出!"$END ; exit; } $COLOR"MYSQL安装完成~~请ctrl+D重新远程连接,加载PATH变量!!!"$END
# 设置root用户登陆密码 mysql> set global validate_password_policy=0; mysql> set global validate_password_length=6; mysql> set password for 'root'@'localhost'=password('123456'); # 允许远程登陆 mysql> grant all on *.* to root@'%' identified by '123456';
-
发布一篇文章
-
查看