CentOS7服务器的搭建记录(jenkins和开发方向)

前言:

作为一名负责任的服务器管理员,建设服务器的所有过程都应该有过程.

好处在于:

1. 方便再次复制,或经验传递,过程文字化

2. 也方便通过配置过程查找疑难故障

分享如下:

该服务器用于 CI (jenkins)和开发人员的云开发服务器.

CentOS7(64bit):

/*******************************

server maintenance

********************************/

#remote desktop

vnc-server:

yum -y install  tigervnc-server

sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

vim /etc/systemd/system/vncserver@:1.service

{

replace <UESR> to your_user

}

sudo systemctl enable vncserver@:1.service

sudo systemctl start vncserver@:1.service

/*

xrdp(is this necessary?)

rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm

*/

#network

ssh -fND localhost:10000 user@proxy_ip

sftp put polipo in server

cd polipo; make; sudo cp polipo /usr/bin

mkdir /etc/polipo; vim /etc/polipo/config  and add

daemonise=true

socksParentProxy=127.0.0.1:10000

socksProxyType=socks5

run polipo

export http_proxy=http://localhost:8123

export https_proxy=http://localhost:8123

(you can place http_proxy in your bashrc)

curl www.baidu.com   to test whether you are success (no ping, socks5 do not support ping)

#yum

(change to 163 source)

cd /etc/yum.repos.d

mv CentOS-Base.repo CentOS-Base.repo.backup

sudo wget http://mirrors.163.com/.help/CentOS7-Base-163.repo  (from http://mirrors.163.com/.help/centos.html)

mv CentOS7-Base-163.repo CentOS-Base.repo

yum clean all

yum makecache

#time:

(shanghai zone file is broken by me,so I use hong kong)

sudo timedatectl set-timezone Asia/Hong_Kong

(or sudo ln -s /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime)

(date -s localtime or date -u -s universal time)

#firewall:

sudo systemctl disable firewalld

sudo systemctl stop firewalld

(firewalld is written by python)

#selinux:

sudo vim /etc/sysconfig/selinux

SELINUX=disabled

/*******************************

development

********************************/

#cross-compile:

cp svn../tools/cross compiler to /opt and tar xzf it

add /opt/arm-2011.03/bin to PATH in /etc/bashrc ; add /opt/arm-2011.03/lib to LD_LIBRARY_PATH in /etc/bashrc too.

(you can make effort with . /etc/bashrc)

add /opt/arm-2011.03/arm-none-linux-gnueabi/libc/usr/lib/pkgconfig to PKG_CONFIG_PATH in /etc/bashrc

sudo yum -y install glibc.i686   (to fix /lib/ld-linux.so.2: bad ELF interpreter problem)

#cpputest:

sudo yum -y install sqlite-devel (to add sqlite3.pc)

sudo yum -y install glib2-devel   (to add glib-2.0.pc)

sudo yum -y install libxml2-devel  (to add libxml-2.0.pc)

sudo yum -y install net-snmp-devel

cd XX/unittest/cpputestxxxx

make distclean && ./configure && make && sudo make install

install libiconv(cd esmu/opensrc/ppp/;tar xzf libiconv...; ./configure && make && sudo make install)

install gsoap(the same as above)

install lcov

#svn(update to 1.8)

(if all other repoes have no priority, this will be run first)

vim /etc/yum.repos.d/wandisco-svn.repo

{

[WandiscoSVN]

name=Wandisco SVN Repo

baseurl=http://opensource.wandisco.com/centos/7/svn-1.8/RPMS/$basearch/

enabled=1

gpgcheck=0

}

sudo yum remove subversion

sudo yum remove subversion-libs.x86_64

sudo yum clean all

sudo yum install subversion

#dev user instance

svn checkout https://10.5.72.70:8443/power/ZXDUPA_PMSC(V1.X)/trunk

(enter your employee id and hr password)

#samba

yum -y install samba samba-client samba-common

sudo vim /etc/samba/smb.conf

{

workgroup = ZTE

hosts allow = 10.

max protocol = SMB2

[homes]

       comment = Home Directories

       path = /home/%S

       browseable = yes

       writable = yes

       printable = no

       valid users = %S

}

sudo systemctl restart smb nmb

sudo smbpasswd -a user_name

#cifs (mount windows share folder)

groupadd devgroup

sudo usermod -a -G devgroup xx_user

su

vim /etc/sudoers

{

mania   ALL=(ALL)       ALL

%devgroup  ALL=NOPASSWD: /usr/bin/mount, /usr/bin/umount

}

mkdir ~/win

sudo mount -t cifs -o username=employee_id,password=xxxxxx,dir_mode=0777,file_mode=0777 //win_ip/share_folder ~/win

#for dict2conf.py run(pmsc project)

sudo yum install python-pip

sudo pip install xlrd

sudo pip install xlutils

cd libsmi-0.5.0;configure && make && sudo make install

#others

yum install lftp

cp setupDocker into /usr/local/bin

add /home/mania/server_manage/add_users.py  (python add_users.py xx.txt)

/*******************************

jenkins master

********************************/

jenkins:

sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo

sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key

sudo yum install jenkins

sudo systemctl start jenkins

sudo systemctl enable jenkins

#set proxy

#update plugin, especially the subversion plugin!

yum install java

vim /etc/init.d/jenkins

{

export JENKINS_HOME="/home/jenkins"

#before run JENKINS_WAR

}

#install plugin:subversion,robot,xunit,publish-over-ftp,token-macro,email-ext,emailext-template,nsiqcollector

xunit:

use junit, not others!

jenkins->Manage Jenkins->System Log, add "xUnit Logger"(Logger:XUnitService Log Level:ALL)

#cpd:

/*******************************

docker

********************************/

#docker setup:

sudo tee /etc/yum.repos.d/docker.repo <<-'EOF'

[dockerrepo]

name=Docker Repository

baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/

enabled=1

gpgcheck=1

gpgkey=https://yum.dockerproject.org/gpg

EOF

sudo yum install docker-engine

sudo yum update

curl -sSL https://get.docker.com/ | sh

sudo usermod -aG docker jenkins

sudo systemctl enable docker

wget https://raw.githubusercontent.com/docker/docker/master/contrib/mkimage-yum.sh

./mkimage-yum.sh -y /etc/yum.conf centos7

# get network

cp ifconfig; cp polipo(and /etc/polipo/config); export http_proxy="http://localhost:8123"

/* docker operation */

#into docker bash

docker run --name=unique_name --net=host -itd -v host_folder:container_folder image_name /bin/bash

#rm docker container

docker rm container_name_or_id

#rm all

docker rm $(docker ps -aq)

#copy 

docker ps (get container_id)

docker cp container_id:docker_folder local_folder

docker cp local_folder container_id:docker_folder

#commit

docker commit contain_id repository_name

docker images (to see what images we own now)

docker inspect repo_name ( to check the image details)

#attach a running container 

docker exec -it container_id /bin/bash  (close the console never affect the running container)

/* pmsc docker image */

#yum error

rpm -q yum

(get yum pkg name)

rpm -e --nodeps yum-3.4.3-132.el7.centos.0.1.noarch

rpm -ivh yum-3.4.3-125.el7.centos.0.1.noarch

yum update

yum install gcc

yum install gcc-c++

yum install make

#install svn , reference centos svn installation

#install cross-compile

#install cpputest-dependant

yum install rsync

yum install openssl

yum install libgcc_s.so.1

yum install ftp

yum install gdb

yum install perl-Digest-MD5 (fix the geninfo error)

yum install pip

#others

sudo ln -sf /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime

export LC_CTYPE="zh_CN.GB2312" (fix "svn: Can't convert string from 'UTF-8' to native encoding" bug)

/*******************************

ftp server

********************************/

ftp

yum -y install vsftpd

sudo vim /etc/vsftpd/vsftpd.conf

{

local_umask=002   #as ftp-user has no shell login, so other user in ftp group must allow to delete rom for maintenance

chroot_local_user=YES

allow_writeable_chroot=YES

local_root=/home/ftp-user/rom

#listen_ipv6=YES

}

sudo setsebool -P allow_ftpd_full_access=1 (if you do not disable selinux)

sudo useradd -m ftp-user -g ftp -s /usr/sbin/nologin

sudo chown ftp-user:ftp /home/ftp-user

sudo mkdir /home/ftp-user/rom

sudo chmod 755 /home/ftp-user -R (not necessary)

/*******************************

klocwork

********************************/

#as jenkins user

bash kw-insight-cmd-installer.linux64.sh -a -i /home/jenkins/Klocwork/user

/*******************************

fortify

********************************/

#get license and place it somewhere

./HP_Fortify_SCA_and_Apps_4.30_linux_x64.run

#install to /opt/HP_Fortify/HP_Fortify_SCA_and_Apps_4.30

#all enter except:

#Do you want to migrate from a previous SCA installation? [y/N]:N

#Update security content after installation? [Y/n]: n

echo "export PATH=$PATH:/opt/HP_Fortify/HP_Fortify_SCA_and_Apps_4.30/bin">>/etc/profile

. /etc/profile

cd /opt/HP_Fortify/HP_Fortify_SCA_and_Apps_4.30/Core/config

mv rules rules.original

scp  share@10.47.7.209:/share/ISO/rules_linux rules

cd /opt/HP_Fortify/HP_Fortify_SCA_and_Apps_4.30/Core/config

vim fortify.properties

{

#modify

com.fortify.locale=zh_CN

}

vim fortify-sca.properties

{

#add

com.fortify.sca.compilers.arm-none-linux-gnueabi-cc    = com.fortify.sca.util.compilers.GccCompiler

com.fortify.sca.compilers.arm-none-linux-gnueabi-gcc    = com.fortify.sca.util.compilers.GccCompiler

com.fortify.sca.compilers.arm-none-linux-gnueabi-ld    = com.fortify.sca.util.compilers.GccCompiler

com.fortify.sca.compilers.arm-none-linux-gnueabi-ar    = com.fortify.sca.util.compilers.GccCompiler

}

/*******************************

others

********************************/

sudo ln -s /opt/sublime_text_3/sublime_text /usr/local/bin/subl

/*******************************

robot machine,not in CentOS

record here for laziness

********************************/

robot server(win7)

download get-pip.py

pip install pyserial

disable sleep(or else network will lose)

#I put env var into /etc/profile.d/env.sh