Gitlab+Jenkins学习之路(十四)之自动化脚本部署实践
目录
一、环境说明和准备
1、环境说明
主机名 | IP地址 | 角色 | 系统 |
---|---|---|---|
deploy-server | 192.168.56.12 | 发布 | Centos 7.4 |
web | 192.168.56.13 | web服务器,nfs服务器 | Centos 7.4 |
2、服务器准备工作
(1)发布机前期准备
a.增加普通用户并配置密码
[root@deploy-server ~]# useradd www
[root@deploy-server ~]# id www
uid=1000(www) gid=1000(www) groups=1000(www)
[root@deploy-server ~]# passwd www
[root@deploy-server ~]# yum install -y git tree
b.创建部署需要的目录并初始化git目录
[root@deploy-server ~]# mkdir -pv /deploy/{code/{www,jxs,wap,gys,glzx,yyzx},config,tar,tmp}
[root@deploy-server ~]# chown -R www.www /deploy
[www@deploy-server ~]$ tree /deploy
/deploy
├── code
│ ├── glzx
│ ├── gys
│ ├── jxs
│ ├── wap
│ ├── www
│ └── yyzx
├── config
├── tar
└── tmp
[www@deploy-server ~]$ cd /deploy/code/www && git init
c.创建配置文件config.php
[www@deploy-server ~]$ vim /deploy/config/config.php
this is config.php
[www@deploy-server ~]$ tree /deploy
/deploy
├── code
│ ├── glzx
│ ├── gys
│ ├── jxs
│ ├── wap
│ ├── www
│ └── yyzx
├── config
│ └── config.php
├── tar
└── tmp
d.配置发布机和目标机的ssh通信
[www@deploy-server deploy]$ cat /home/www/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzM3AW6/X+djvKJTsdFbY3ik+mlradxpD3COoTP5h6x509unksuCdduV7awPjEGHvK2GVjJmvckxdvLkMc23p7bsctHlturPN2VozJTrYwXMAbmxf97cKE/fpKhjPXG8HlWBLpEaTM8PITgvdcyaeAUaIN+/h5VrA8TZKFAgbxDLxtgwqPzYIG9nqCO7MMCgzhJxI6PDQ6KVU9rHal/p4XKTIy4Rq4FzZTav2tS4zNJ7kX9+e6EO0JTooPanJXBTltLOJJsKxnlA7tc20rq6+0XVqbUBKYahL/8ZzkxZozNrNq7wtIuuJo0WTDFzDdPcJyAGlRWLuwct7y4p4UApVz www@deploy-server
[www@deploy-server ~]$ ssh-copy-id www@192.168.56.13
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/www/.ssh/id_rsa.pub"
The authenticity of host '192.168.56.13 (192.168.56.13)' can't be established.
ECDSA key fingerprint is SHA256:ahG6dBy/Z1nUIUWhQQrylsiwBlnDKC/jz8rnaPU2eF0.
ECDSA key fingerprint is MD5:6e:58:0b:02:1c:a4:41:51:e8:7d:33:4d:46:bb:a0:68.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
www@192.168.56.13's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'www@192.168.56.13'"
and check to make sure that only the key(s) you wanted were added.
[www@deploy-server ~]$ ssh 192.168.56.13
Last login: Fri Nov 2 18:01:02 2018
[www@web ~]$
e.将ssh公钥复制到github或gitlab
(2)web服务器准备
a.部署NFS服务器
[root@web ~]# yum install -y nfs-utils rpcbind
[root@web ~]# vim /etc/exports
/nas/www 192.168.56.0/24(rw,sync,no_root_squash)
/nas/jxs 192.168.56.0/24(rw,sync,no_root_squash)
/nas/wap 192.168.56.0/24(rw,sync,no_root_squash)
/nas/glzx 192.168.56.0/24(rw,sync,no_root_squash)
/nas/yyzx 192.168.56.0/24(rw,sync,no_root_squash)
/nas/gys 192.168.56.0/24(rw,sync,no_root_squash)
[root@web ~]# systemctl start rpcbind
[root@web ~]# systemctl start nfs
[root@web ~]# showmount -e
Export list for web:
/nas/gys 192.168.56.0/24
/nas/yyzx 192.168.56.0/24
/nas/glzx 192.168.56.0/24
/nas/wap 192.168.56.0/24
/nas/jxs 192.168.56.0/24
/nas/www 192.168.56.0/24
b.挂载共享目录
[root@web ~]# mkdir /webroot/{www,jxs,wap,gys,glzx,yyzx}
[root@web ~]# chown -R www.www /webroot
[root@web ~]# mount -f nfs 192.168.56.13:/nas/www /webroot/www
[root@web ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 18G 1.7G 16G 10% /
devtmpfs 482M 0 482M 0% /dev
tmpfs 493M 0 493M 0% /dev/shm
tmpfs 493M 6.8M 486M 2% /run
tmpfs 493M 0 493M 0% /sys/fs/cgroup
/dev/sda1 497M 171M 326M 35% /boot
tmpfs 99M 0 99M 0% /run/user/0
192.168.56.13:/nas/www 18G 1.7G 16G 10% /webroot/www
c.部署nginx+php
[root@web ~]# useradd www
[root@web ~]# passwd www
[root@web ~]# yum install -y nginx php php-fpm
[root@web ~]# vim /etc/nginx/nginx.conf
user www;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
[root@web ~]# mkdir /data/web -pv && chown -R www.www /data
[root@web ~]# vim /etc/nginx/nginx.conf
server {
listen 80;
server_name localhost;
root /data/web/www;
index index.php index.htm index.html;
client_max_body_size 20m;
location / {
proxy_read_timeout 150;
try_files $uri $uri/ /index.php;
}
location ~* .*\.php$ {
#try_files $uri =404;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
[root@web ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web ~]# systemctl start nginx
[root@web ~]# vim /etc/php-fpm.d/www.conf
user www
group www
....
[root@web ~]# php-fpm -t
[03-Nov-2018 10:16:18] NOTICE: configuration file /etc/php-fpm.conf test is successful
[root@web ~]# systemctl start php-fpm
[root@web ~]# curl localhost -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Sat, 03 Nov 2018 02:16:36 GMT
Content-Type: text/html
Content-Length: 35
Last-Modified: Sat, 03 Nov 2018 02:07:00 GMT
Connection: keep-alive
ETag: "5bdd02c4-23"
Accept-Ranges: bytes
二、发布脚本编写
1、自动化部署流程设计
- 发布机获取代码(直接拉取),从svn或git仓库进行拉取
- 发布机编译代码(可选,java语言需要编译,PHP无需编译)
- 将配置文件拷贝到代码文件(由于配置文件有数据库等机密信息,需要独立处理)
- 代码打包(将代码进行压缩打包)
- SCP到目标服务器目录
- 将目标服务器移除集群
- 在目标服务器上进行解压传过来的代码
- 解压后,对代码根目录进行软链接到刚才的目录文件,实现版本链接
- 重启(可选,tomcat需要重启)
- 测试
- 加入集群
2、自动化部署脚本编写
#!/bin/bash
#deploy-server create dir as root
#[ -d /deploy ] && mkdir -pv /deploy/{code/web-demo,config,tar,tmp} && chown -R www.www /deploy
#node-server create dir as root
#[ -d /data ] && mkdir -pv /data/web && chown -R www.www /data
#nfs dir /nas/www mount to /webroot
#Node List
NODE="192.168.56.13"
#Shell ENV
SHELL_NAME="deploy.sh"
SHELL_DIR="/home/www"
SHELL_LOG="${SHELL_DIR}/${SHELL_NAME}.log"
#Code ENV
PRO_NAME="www"
CODE_DIR="/deploy/code/www"
CONFIG_DIR="/deploy/config"
TMP_DIR="/deploy/tmp"
TAR_DIR="deploy/tar"
LOCK_FILE="/tmp/deploy.lock"
#Date/Time ENV
LOG_DATE='date "+%Y-%m-%d"'
LOG_TIME='date "+%H-%M-%S"'
CDATE=$(date "+%Y-%m-%d")
CTIME=$(date "+%H-%M-%S")
useage(){
echo $"Useage: $0 { deploy |rollback [ list | version ] }"
}
url_test(){
URL=$1
curl -s --head $URL |grep '200 OK'
if [ $? -ne 0 ];then
shell_unlock;
writelog "test error" && exit;
fi
}
writelog(){
LOGINFO=$1
echo "${CDATE} ${CTIME}: ${SHELL_NAME} : ${LOGINFO} " >> ${SHELL_LOG}
}
code_get(){
writelog "code_get";
cd ${CODE_DIR} && git pull git@github.com:kin08200/learngit.git
cp -r ${CODE_DIR} ${TMP_DIR}
API_VERL=$(git show |grep commit |cut -d ' ' -f2 )
API_VER=$(echo ${API_VERL:0:6})
echo $API_VER
}
code_config(){
writelog "code_config"
/bin/cp -r ${CONFIG_DIR}/* ${TMP_DIR}/${PRO_NAME}
PKG_NAME=${PRO_NAME}_"${API_VER}"_"${CDATE}-${CTIME}"
cd ${TMP_DIR} && mv ${PRO_NAME} ${PKG_NAME}
}
code_tar(){
writelog "code_tar"
cd ${TMP_DIR} && tar -czf ${PKG_NAME}.tar.gz ${PKG_NAME}
writelog "${PKG_NAME}.tar.gz"
}
code_scp(){
writelog "code_scp"
scp ${TMP_DIR}/${PKG_NAME}.tar.gz $NODE:/webroot/www
}
code_deploy(){
writelog "code_deploy"
ssh $NODE "cd /webroot/www && tar -zxf ${PKG_NAME}.tar.gz"
ssh $NODE "rm -rf /data/web/www && ln -s /webroot/www/${PKG_NAME} /data/web/www"
}
code_test(){
url_test "http://192.168.56.13"
}
rollback_fun(){
ssh $NODE "rm -rf /data/web/www && ln -s /webroot/www/$1 /data/web/www"
}
rollback(){
if [ -z $1 ];then
shell_unlock;
echo "Please input rollback version." && exit;
fi
case $1 in
list)
ls -l /deploy/tmp/*.tar.gz
;;
*)
rollback_fun $1
;;
esac
}
shell_lock(){
touch ${LOCK_FILE}
}
shell_unlock(){
rm -f ${LOCK_FILE}
}
main(){
if [ -f ${LOCK_FILE} ];then
echo "Deploy is running" && exit
fi
DEPLOY_METHOD=$1
ROLLBACK_VER=$2
case $DEPLOY_METHOD in
deploy)
shell_lock;
code_get;
code_config;
code_tar;
code_scp;
code_deploy;
code_test;
shell_unlock;
;;
rollback)
shell_lock;
rollback $ROLLBACK_VER;
shell_unlock;
;;
*)
useage;
;;
esac
}
main $1 $2
三、发布测试
1、开发机和github添加ssh信任
[www@localhost ~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+ta7tkljnIgqvgEugQvIfVxH/a+geX250ZhOpe+14Q8EBQSI+qGyXCeihln+0aQpzIERvNBZ7JjWCg5XeQlgPBgCmqoQKNTWl/NUBT+uY/NY9fIGdRCVBvVcDC554Be48zB57mtapKQEkqm/8kmq7sPRQDv98l5wvFvYOPxocmjnioDZr3GeYmgdFPNJ5WGg6yY29IHXgh2v3eCXLwX2Z2eUdKCpV1LS42wdAN8TqHFCEmthREIq2r86ZKPOovD6Micq7wa2yJqtA/hkv+DvEhRzOIVznfW5EptOyKYcittGu63JGMSbCr1uCdW7PLUQ8aIWDDlip+/EcIt0KkuJJ www@localhost.localdomain
2、克隆项目到开发机进行开发测试
[www@localhost ~]$ mkdir dev && cd dev
[www@localhost dev]$ git clone git@github.com:kin08200/learngit.git
[www@localhost dev]$ ll
total 4
drwxrwxr-x 3 www www 4096 Nov 2 22:02 learngit
[www@localhost dev]$ cd learngit
3、修改index.html文件
[www@localhost learngit]$ ll
total 8
-rw-rw-r-- 1 www www 0 Nov 2 04:31 123
-rw-rw-r-- 1 www www 35 Nov 2 22:02 index.html
-rw-rw-r-- 1 www www 80 Nov 2 04:31 readme.txt
[www@localhost learngit]$ echo "<h1> welcome to Beijing </h1>" > index.html
4、提交代码
[www@localhost learngit]$ git add .
[www@localhost learngit]$ git commit -m "modify index.html"
[www@localhost learngit]$ git push origin master
5、发布代码
[www@deploy-server ~]$ ./deploy.sh deploy
remote: Enumerating objects: 5, done.
remote: Counting objects: 100% (5/5), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 3 (delta 0), pack-reused 0
Unpacking objects: 100% (3/3), done.
From github.com:kin08200/learngit
* branch HEAD -> FETCH_HEAD
Updating 9a781b2..683a440
Fast-forward
index.html | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
683a44
www_683a44_2018-11-03-10-06-56.tar.gz 100% 22KB 9.3MB/s 00:00
HTTP/1.1 200 OK
6、测试访问
[www@deploy-server ~]$ curl 192.168.56.13
<h1>
welcome to Beijing!!!!
</h1>
7、回滚测试
[root@web ~]# ll /data/web/
total 0
lrwxrwxrwx 1 www www 43 Nov 3 10:46 www -> /webroot/www/www_683a44_2018-11-03-10-06-56
测试访问如下,下面进行查看版本列表,并选择回滚到www_9a781b_2018-11-03-09-59-44版本
[www@deploy-server ~]$ ./deploy.sh rollback list
-rw-rw-r-- 1 www www 22686 Nov 3 10:07 /deploy/tmp/www_683a44_2018-11-03-10-06-56.tar.gz
-rw-rw-r-- 1 www www 22685 Nov 3 10:44 /deploy/tmp/www_683a44_2018-11-03-10-43-55.tar.gz
-rw-rw-r-- 1 www www 22222 Nov 3 09:48 /deploy/tmp/www_9a781b_2018-11-03-09-48-36.tar.gz
-rw-rw-r-- 1 www www 22231 Nov 3 09:52 /deploy/tmp/www_9a781b_2018-11-03-09-52-32.tar.gz
-rw-rw-r-- 1 www www 22228 Nov 3 09:58 /deploy/tmp/www_9a781b_2018-11-03-09-58-15.tar.gz
-rw-rw-r-- 1 www www 22234 Nov 3 09:59 /deploy/tmp/www_9a781b_2018-11-03-09-59-44.tar.gz
[www@deploy-server ~]$ ./deploy.sh rollback www_9a781b_2018-11-03-09-59-44
[root@web ~]# ll /data/web/
total 0
lrwxrwxrwx 1 www www 43 Nov 3 10:48 www -> /webroot/www/www_9a781b_2018-11-03-09-59-44
再进行访问测试:
Don't forget the beginner's mind