jenkins通过自由风格及pipeline实现代码自动部署
#环境:
ip 主机名 服务
10.0.0.150 gitlab gitlab v15.3
10.0.0.160 jenkins-master jenkins v2.346.3
10.0.0.170 jenkins-slave1 jenkins haproxy keepalived
10.0.0.180 jenkins-slave2 jenkins haproxy keepalived
10.0.0.190 web1 tomcat
10.0.0.200 web2 tomcat
#1.在10.0.0.150,gitlab上操作
创建用户tan
创建组linux39
创建项目web1
在linux39的组中添加用户tan并给予owner权限
登录tan用户,创建文件index.html
<h1>test v1</h1>
#2.准备10.0.0.190 web1主机,测试克隆代码,修改代码,提交代码
[root@web1 ~]#git clone http://10.0.0.150/linux39/web1.git
输入用户tan,密码12345678
[root@web1 ~]#cd web1/
[root@web1 web1]#ls
index.html README.md
[root@web1 web1]#cat index.html
<h1>test v1</h1>
[root@web1 web1]#vim index.html
[root@web1 web1]#cat index.html
<h1>test v1</h1>
<h1>test v2</h1>
[root@web1 web1]#git add .
[root@web1 web1]#git commit -m "v2"
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
fatal: unable to auto-detect email address (got 'root@web1.(none)')
[root@web1 web1]#git config --global user.email "1538885062@qq.com"
[root@web1 web1]# git config --global user.name "tan"
[root@web1 web1]#git commit -m "v2"
[main 2030517] v2
1 file changed, 1 insertion(+)
[root@web1 web1]#git push
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 285 bytes | 285.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
To http://10.0.0.150/linux39/web1.git
b6dcccf..2030517 main -> main
#3.部署web环境
#keepalived+haproxy代理tomcat
#在10.0.0.190和10.0.0.200上部署tomcat
[root@web1 ~]#ls apache-tomcat-8.5.82.tar.gz jdk-8u212-linux-x64.tar.gz tomcat.sh
apache-tomcat-8.5.82.tar.gz jdk-8u212-linux-x64.tar.gz tomcat.sh
[root@web1 ~]#cat tomcat.sh
#!/bin/bash
#================================================================
# Copyright (C) 2022 IEucd Inc. All rights reserved.
#
# 文件名称:tomcat.sh
# 创 建 者:TanLiang
# 创建日期:2022年09月02日
# 描 述:This is a test file
#
#================================================================
. /etc/init.d/functions
DIR=`pwd`
JDK_FILE="jdk-8u212-linux-x64.tar.gz"
TOMCAT_FILE="apache-tomcat-8.5.82.tar.gz"
JDK_DIR="/usr/local"
TOMCAT_DIR="/usr/local"
install_jdk(){
if ! [ -f "$DIR/$JDK_FILE" ];then
action "$JDK_FILE 文件不存在" false
exit;
else
[ -d "$JDK_DIR" ] || mkdir -pv $JDK_DIR
fi
tar xvf $DIR/$JDK_FILE -C $JDK_DIR
cd $JDK_DIR && ln -s jdk1.8.* jdk
cat > /etc/profile.d/jdk.sh <<EOF
export JAVA_HOME=$JDK_DIR/jdk
export JRE_HOME=\$JAVA_HOME/jre
export CLASSPATH=\$JAVA_HOME/lib/:\$JRE_HOME/lib/
export PATH=\$PATH:\$JAVA_HOME/bin
EOF
. /etc/profile.d/jdk.sh
java -version && action "JDK 安装完成" || { action "JDK 安装失败" false ; exit; }
}
install_tomcat(){
if ! [ -f "$DIR/$TOMCAT_FILE" ];then
action "$TOMCAT_FILE 文件不存在" false
exit;
elif [ -d $TOMCAT_DIR/tomcat ];then
action "TOMCAT 已经安装" false
exit
else
[ -d "$TOMCAT_DIR" ] || mkdir -pv $TOMCAT_DIR
fi
tar xf $DIR/$TOMCAT_FILE -C $TOMCAT_DIR
cd $TOMCAT_DIR && ln -s apache-tomcat-*/ tomcat
echo "PATH=$TOMCAT_DIR/tomcat/bin:"'$PATH' > /etc/profile.d/tomcat.sh
id tomcat &> /dev/null || useradd -r -s /sbin/nologin tomcat
cat > $TOMCAT_DIR/tomcat/conf/tomcat.conf <<EOF
JAVA_HOME=$JDK_DIR/jdk
EOF
chown -R tomcat.tomcat $TOMCAT_DIR/tomcat/
cat > /lib/systemd/system/tomcat.service <<EOF
[Unit]
Description=Tomcat
#After=syslog.target network.target remote-fs.target nss-lookup.target
After=syslog.target network.target
[Service]
Type=forking
EnvironmentFile=$TOMCAT_DIR/tomcat/conf/tomcat.conf
ExecStart=$TOMCAT_DIR/tomcat/bin/startup.sh
ExecStop=$TOMCAT_DIR/tomcat/bin/shutdown.sh
RestartSec=3
PrivateTmp=true
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now tomcat.service
systemctl is-active tomcat.service &> /dev/null && action "TOMCAT 安装完成" || {
action "TOMCAT 安装失败" false ; exit; }
}
install_jdk
install_tomcat
[root@web1 ~]#bash tomcat.sh
[root@web2 ~]#bash tomcat.sh
[root@web1 ~]#id tomcat
uid=973(tomcat) gid=972(tomcat) groups=972(tomcat)
[root@web2 ~]#id tomcat
uid=973(tomcat) gid=972(tomcat) groups=972(tomcat)
#说明:tomcat_appdir是web压缩包,tomcat_webdir是解压后的web目录,tomcat_webapps是server.xml文件中定义的app加载目录
[root@web1 ~]#mkdir /data/tomcat/tomcat_{appdir,webdir,webapps} -pv
[root@web1 ~]#mkdir /data/tomcat/tomcat_webapps/myapp
[root@web1 ~]#chown tomcat.tomcat /data/tomcat/ -R
[root@web1 ~]#cat /usr/local/tomcat/conf/server.xml |grep webapps
<Host name="localhost" appBase="/data/tomcat/tomcat_webapps" unpackWARs="false" autoDeploy="false">
[root@web1 ~]#echo "`hostname`" >> /data/tomcat/tomcat_webapps/myapp/index.html
[root@web1 ~]#curl localhost:8080/myapp/index.html
web1
[root@web2 ~]#mkdir /data/tomcat/tomcat_{appdir,webdir,webapps} -pv
mkdir: created directory '/data'
mkdir: created directory '/data/tomcat'
mkdir: created directory '/data/tomcat/tomcat_appdir'
mkdir: created directory '/data/tomcat/tomcat_webdir'
mkdir: created directory '/data/tomcat/tomcat_webapps'
[root@web2 ~]#mkdir /data/tomcat/tomcat_webapps/myapp
[root@web2 ~]#chown tomcat.tomcat /data/tomcat/ -R
[root@web2 ~]#vim /usr/local/tomcat/conf/server.xml
[root@web2 ~]#cat /usr/local/tomcat/conf/server.xml |grep webapps
<Host name="localhost" appBase="/data/tomcat/tomcat_webapps" unpackWARs="false" autoDeploy="false">
[root@web2 ~]#echo "`hostname`" >> /data/tomcat/tomcat_webapps/myapp/index.html
[root@web2 ~]#systemctl restart tomcat
[root@web2 ~]#curl localhost:8080/myapp/index.html
web2
[root@jenkins-slave1 ~]#yum install -y keepalived haproxy
[root@jenkins-slave1 ~]#cat /etc/keepalived/keepalived.conf | grep -B1 -A5 label
virtual_ipaddress {
10.0.0.248 dev eth0 label eth0:1
}
}
[root@jenkins-slave1 ~]#tail -n6 /etc/haproxy/haproxy.cfg
listen linux-web1-80
bind 10.0.0.248:80
mode http
server 10.0.0.190 10.0.0.190:8080 check inter 3000 fall 2 rise 5
server 10.0.0.200 10.0.0.200:8080 check inter 3000 fall 2 rise 5
[root@jenkins-slave1 ~]#systemctl start keepalived.service
[root@jenkins-slave1 ~]#systemctl stary haproxy.service
[root@jenkins-slave1 ~]#systemctl enable keepalived.service haproxy.service
[root@jenkins-slave2 ~]#yum install -y keepalived haproxy
[root@jenkins-slave1 ~]#cat /etc/keepalived/keepalived.conf | grep -B1 -A5 label
virtual_ipaddress {
10.0.0.248 dev eth0 label eth0:1
}
}
[root@jenkins-slave1 ~]#tail -n6 /etc/haproxy/haproxy.cfg
listen linux-web1-80
bind 10.0.0.248:80
mode http
server 10.0.0.190 10.0.0.190:8080 check inter 3000 fall 2 rise 5
server 10.0.0.200 10.0.0.200:8080 check inter 3000 fall 2 rise 5
[root@jenkins-slave2 ~]#echo "net.ipv4.ip_nonlocal_bind = 1" >/etc/sysctl.conf
[root@jenkins-slave2 ~]#sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@jenkins-slave1 ~]#systemctl start keepalived.service
[root@jenkins-slave1 ~]#systemctl stary haproxy.service
[root@jenkins-slave1 ~]#systemctl enable keepalived.service haproxy.service
[root@web1 ~]#curl 10.0.0.248:80/myapp/index.html
web1
[root@web1 ~]#curl 10.0.0.248:80/myapp/index.html
web2
#4.通过创建自由风格的软件项目实现代码自动部署
#安装jenkins在10.0.0.160上
#jenkins官网:https://www.jenkins.io/zh/
[root@jenkins-master ~]#wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
[root@jenkins-master ~]#rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
[root@jenkins-master ~]#yum install fontconfig java-11-openjdk
[root@jenkins-master ~]#yum install jenkins
[root@jenkins-master ~]#systemctl daemon-reload
[root@jenkins-master ~]#systemctl enable jenkins
Synchronizing state of jenkins.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable jenkins
Created symlink /etc/systemd/system/multi-user.target.wants/jenkins.service → /usr/lib/systemd/system/jenkins.service.
[root@jenkins-master ~]#systemctl start jenkins
[root@jenkins-master ~]#systemctl status jenkins
● jenkins.service - Jenkins Continuous Integration Server
Loaded: loaded (/usr/lib/systemd/system/jenkins.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2022-09-03 13:44:22 CST; 24s ago
#查看密码并浏览器登录10.0.0.160:8080jenkins图形界面
[root@jenkins-master ~]#cat /var/lib/jenkins/secrets/initialAdminPassword
bdbb7a735c9744d69ccaa0b2994fa425
#在图形界面安装推荐插件,然后创建第一个管理员用户jenkinsadmin/123456
#查看插件数量
[root@jenkins-master ~]#ll /var/lib/jenkins/plugins/ |wc -l
175
#在图形界面安装git插件,登录jenkins后,点击左边manage jenkins菜单,在右边选择manage plugins,在可选插件中搜索gitlab,安装gitlab和blue ocean插件
#配置jenkins权限管理:安装role-based插件
基于角色的权限管理,先创建角色和用户,给角色授权,然后把用户关联到角色
#新建用户
jenkins-系统管理-管理用户-新建用户,新建两个用户tan,liang
#更改认证方式:
jenkins-系统管理-全局安全配置-授权策略,修改“登录可以做任何事”改为"role-based strategy"
#新建任务
jenkins-新建任务 新建linux39-app1,linux39-app2,linux40-app1,linux40-app2
#创建角色
jenkins-系统管理-Manage and Assign Roles(管理和分配角色)-manage roles-add
global roles中创建两个角色Linux39,linux40给只读权限
item roles中创建两个角色tan,liang,pattern分别填写linux39.*和linux40.*,点击linux.*会弹出框匹配到linux39-app1和linux39-app2表示匹配到。给任务和运行的所有权限。
#分配角色
jenkins-系统管理-Manage and Assign Roles(管理和分配角色)-assign roles
global roles中,分别添加tan,liang用户,分别勾选linux39和linux40来和global role关联
item roles中,分别添加tan,liang用户,分别勾选tan和liang来和item role关联
#测试普通用户登录,tan用户只能看到linux39开头的任务,liang用户只能看到linux40开头的任务
#jenkins邮箱配置
jenkins-系统管理-系统配置
找到jenkins location,配置系统管理员邮件地址:1538885062@qq.com
最下面找到邮件通知,smtp服务器:smtp.qq.com,用户默认邮件后缀:@qq.com,点开高级,勾选使用smtp认证,用户名:1538885062@qq.com,密码:xxxx,勾选使用ssl协议,smtp端口:465,Reply-To Address:1538885062@qq.com,勾选“通过发送测试邮件测试配置”,输入邮件点击测试。
#基于ssh key拉取代码
在10.0.0.160上生成密钥对
[root@jenkins-master ~]#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vpJAUMnKWWz0vjJozgMGJ0mG+CuRbq8BWcO/dE5EoxE root@jenkins-master
The key's randomart image is:
+---[RSA 3072]----+
|o =Eoo |
|o+. *= . |
|o=+*. o |
|*o*o.o |
|=+ oo + S |
|++.o.= o |
|o++ +.o.. |
| +o. oo . |
| .+. .. |
+----[SHA256]-----+
[root@jenkins-master ~]#
[root@jenkins-master ~]#cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC44f0BsEh3pKb79qTdJ2cbp1DPhTBLGPR2BBaivuFRGJL+PGK5Aw5wd2nT5+XCNZg7zgah383KFDUv3j2pRBOlwg2mdP7ZirUQFQWRGoIux9OBk3mHLIoZf+KF5aF5L2UcFt/Kxak32efYMKWl/XvV/aIqHx+aLefhFrVqhIfeAetk3EoeZ1tKOfhukX40QFtsi1UamLSIbDpECyIHAC+r/e4hMtX6cx5F33gBPyPE0OAO1r8sNylAmxZ2ha6U1ORcgepWr0Sjw3D4YiRkeIXAQzg7GnrEdktjUxltY0W2eTnfm/lO2fffLqzFnTY84JcnHMBA3zIK3mnzjnaTkI/AsAxsisVGASqL46COcXNMtiTCH7/VyKfczv7zcWVorWmPUu8Uadu8fdb2GriV5GWi0OdzQZke8Oh2fdvxLCd4MIIryfg3xwdk2dmsjuHxrmUx1hoJUkGP+/CZ93F53Mf0tygvOH04fkhjAEI35+jg+LH6ozp1u2Pp97oxgjZ9/BE= root@jenkins-master
#复制ssh-rsa开头的内容。登录10.0.0.150到gitlab,找到用户设置,SSH Keys,添加key。
#测试
[root@jenkins-master ~]#git clone git@10.0.0.150:linux39/web1.git
Cloning into 'web1'...
remote: Enumerating objects: 12, done.
remote: Counting objects: 100% (12/12), done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 12 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (12/12), done.
#配置jenkins到gitlab非交互拉去代码
jenkins服务器添加证书
jenkins-凭据-jenkins-全局凭据-添加凭据
jenkins-linux-app1-配置-源码管理-git-地址和credentials(id_rsa的内容)为root
#更改jenkins服务启动用户为root,防止后面权限问题。
[root@jenkins-master ~]#vim /lib/systemd/system/jenkins.service
User=root
Group=root
[root@jenkins-master ~]#systemctl daemon-reload
[root@jenkins-master ~]#systemctl restart jenkins
[root@jenkins-master ~]#ps aux |grep jenkins
root 38534 89.7 10.5 3814592 423484 ? Ssl 17:28 0:21 /usr/bin/java -Djava.awt.headless=true -jar /usr/share/java/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080
#在10.0.0.160上配置到web1,web2的免密登录
[root@jenkins-master linux39-app1]#useradd www -u 2020
[root@jenkins-master linux39-app1]#echo 123456 |passwd --stdin www
[root@jenkins-master linux39-app1]#ssh-copy-id www@10.0.0.190
[root@jenkins-master linux39-app1]#ssh-copy-id www@10.0.0.200
#web1,web2上配置www用户
[root@web2 ~]#useradd www -u 2020
[root@web2 ~]#echo 123456 |passwd --stdin www
[root@web2 ~]#vim /lib/systemd/system/tomcat.service
User=www
Group=www
[root@web2 ~]#chown -R www.www /usr/local/tomcat/
[root@web2 ~]#chown -R www.www /data/tomcat/
[root@web2 ~]#systemctl daemon-reload
[root@web2 ~]#systemctl restart tomcat
#web1上同样的配置。
#验证远程权限,保证后期拷贝的文件是www属主和属组
[root@jenkins-master linux39-app1]#ssh www@10.0.0.190 "touch 1.txt"
[root@web1 ~]#ll /home/www/1.txt
-rw-rw-r-- 1 www www 0 Sep 3 19:32 /home/www/1.txt
#在jenkins任务配置界面,构建--增加构建步骤,执行shell
cd /data/git/linux39 && rm -rf web1 && git clone git@10.0.0.150:linux39/web1.git
ssh 10.0.0.190 "systemctl stop tomcat"
ssh 10.0.0.200 "systemctl stop tomcat"
scp -r /data/git/linux39/web1/* www@10.0.0.190:/data/tomcat/tomcat_webapps/myapp/
scp -r /data/git/linux39/web1/* www@10.0.0.200:/data/tomcat/tomcat_webapps/myapp/
ssh 10.0.0.190 "systemctl restart tomcat"
ssh 10.0.0.200 "systemctl restart tomcat"
#保存后,立即构建
#先访问后端tomcat
[root@jenkins-master ~]#curl 10.0.0.190:8080/myapp/index.html
<h1>test v1</h1>
<h1>test v2</h1>
#拉取,修改,上传代码后重新执行构建linux39-app1任务
[root@jenkins-master ~]#cd web1/
[root@jenkins-master web1]#ls
index.html README.md
[root@jenkins-master web1]#vim index.html
[root@jenkins-master web1]#cat index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
[root@jenkins-master web1]#git add .
[root@jenkins-master web1]#git config --global user.email "root"
[root@jenkins-master web1]#git config --global user.name "root"
[root@jenkins-master web1]#git commit -m "v3"
[main 3b94594] v3
1 file changed, 1 insertion(+)
[root@jenkins-master web1]#git push
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 2 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 248 bytes | 248.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0), pack-reused 0
To 10.0.0.150:linux39/web1.git
85f447f..3b94594 main -> main
[root@jenkins-master web1]#curl 10.0.0.190:8080/myapp/index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
[root@jenkins-master web1]#curl 10.0.0.200:8080/myapp/index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
##linux39-app1任务再次构建完成后,访问tomcat,验证代码已经升级成功。
##或者利用上面代码仓库的配置,默认工作目录是/var/lib/jenkins/workspace/linux39-app1
[root@jenkins-master web1]#vim index.html
[root@jenkins-master web1]#cat index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
<h1>test v4</h1>
[root@jenkins-master web1]#git add .
[root@jenkins-master web1]#git commit -m "v4"
[main db0b8f9] v4
1 file changed, 1 insertion(+)
[root@jenkins-master web1]#git push
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 2 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 250 bytes | 250.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0), pack-reused 0
To 10.0.0.150:linux39/web1.git
3b94594..db0b8f9 main -> main
#修改linux39-app1的任务配置,配置好源码管理-git,构建执行shell内容如下:
rm -rf web1
ssh 10.0.0.190 "systemctl stop tomcat"
ssh 10.0.0.200 "systemctl stop tomcat"
scp -r * www@10.0.0.190:/data/tomcat/tomcat_webapps/myapp/
scp -r * www@10.0.0.200:/data/tomcat/tomcat_webapps/myapp/
ssh 10.0.0.190 "systemctl restart tomcat"
ssh 10.0.0.200 "systemctl restart tomcat"
[root@jenkins-master web1]#curl 10.0.0.200:8080/myapp/index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
<h1>test v4</h1>
[root@jenkins-master web1]#curl 10.0.0.190:8080/myapp/index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
<h1>test v4</h1>
##验证后端tomcat代码升级完毕
###利用压缩包拷贝数据实现代码升级
#修改代码并上传到gitlab
#修改linux39-app1的任务配置,配置好源码管理-git,构建执行shell内容如下:
rm -rf myapp.tar.gz && tar czvf myapp.tar.gz ./*
ssh www@10.0.0.190 "rm -rf /data/tomcat/tomcat_appdir/*"
ssh www@10.0.0.200 "rm -rf /data/tomcat/tomcat_appdir/*"
scp -r myapp.tar.gz www@10.0.0.190:/data/tomcat/tomcat_appdir
scp -r myapp.tar.gz www@10.0.0.200:/data/tomcat/tomcat_appdir
ssh 10.0.0.190 "systemctl stop tomcat"
ssh 10.0.0.200 "systemctl stop tomcat"
ssh www@10.0.0.190 "tar xvf /data/tomcat/tomcat_appdir/myapp.tar.gz -C /data/tomcat/tomcat_webapps/myapp"
ssh www@10.0.0.200 "tar xvf /data/tomcat/tomcat_appdir/myapp.tar.gz -C /data/tomcat/tomcat_webapps/myapp"
ssh 10.0.0.190 "systemctl restart tomcat"
ssh 10.0.0.200 "systemctl restart tomcat"
###多次执行,验证是可以升级成功的。
#5.gitlab分支管理,代码合并,main和develop分支代码部署
#步骤一览:
keepalived生成两个vip,10.0.0.248和10.0.0.249
haproxy将访问10.0.0.248:80的请求转发到测试环境10.0.0.190:8080
haproxy将访问10.0.0.249:80的请求转发到测试环境10.0.0.200:8080
gitlab基于main主分支,创建develop开发分支
普通开发用户ll从develop分支clone代码,修改后提交代码
jenkins创建develop开发环境代码自动部署任务,main生产环境自动部署任务
jenkins立即构建develop开发环境代码自动部署任务
测试人员访问10.0.0.248:80进行测试访问
多次修改代码,多次部署到10.0.0.190开发测试环境,来测试代码,
测试无问题后ll普通用户发起代码合并,tan用户开发主管同意合并代码
代码合并到main分支后,部署到10.0.0.200的生产环境
#配置keepalived和haproxy。10.0.0.170和10.0.0.180上配置一样,这里不再重复表述。
[root@jenkins-slave1 ~]#vim /etc/keepalived/keepalived.conf
virtual_ipaddress {
10.0.0.248 dev eth0 label eth0:1
10.0.0.249 dev eth0 label eth0:2
}
}
[root@jenkins-slave1 ~]#vim /etc/haproxy/haproxy.cfg
listen linux-web1-main-80
bind 10.0.0.248:80
mode http
server 10.0.0.190 10.0.0.190:8080 check inter 3000 fall 2 rise 5
listen linux-web1-develop-80
bind 10.0.0.298:80
mode http
server 10.0.0.200 10.0.0.200:8080 check inter 3000 fall 2 rise 5
[root@jenkins-slave1 ~]#systemctl restart keepalived.service
[root@jenkins-slave1 ~]#systemctl restart haproxy.service
#在gitlab点击web1项目,点击files,点击main主分支旁边的加号,选择new branch,branch name为develop,create from main。可以看到develop分支数据和main主分支数据一样。
#点击gitlab--Menu--Admin--Groups,将tan用户以owner权限加入进来,将ll用户以develop权限加入进来
#以ll用户从develop分支克隆代码,修改并上传
[root@jenkins-master ~]#git clone -b develop http://10.0.0.150/linux39/web1.git
Cloning into 'web1'...#输入用户名ll,密码123456789
remote: Enumerating objects: 21, done.
remote: Counting objects: 100% (21/21), done.
remote: Compressing objects: 100% (18/18), done.
remote: Total 21 (delta 5), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (21/21), 4.31 KiB | 2.15 MiB/s, done.
[root@jenkins-master ~]#ll
total 12
-rw-------. 1 root root 1314 Jul 19 2021 anaconda-ks.cfg
-rw------- 1 root root 603 Aug 16 2021 dead.letter
-rw-r--r--. 1 root root 1602 Jul 19 2021 initial-setup-ks.cfg
drwxr-xr-x 2 root root 191 Aug 18 2021 scripts
drwxr-xr-x 3 root root 71 Sep 4 14:18 web1
[root@jenkins-master ~]#ls
anaconda-ks.cfg dead.letter initial-setup-ks.cfg scripts web1
[root@jenkins-master ~]#cd web1/
[root@jenkins-master web1]#ls
index.html README.md
[root@jenkins-master web1]#cat index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
<h1>test v4</h1>
<h1>test v5</h1>
[root@jenkins-master web1]#vim index.html
#添加一行<h1>test v6</h1>
[root@jenkins-master web1]#git add .
[root@jenkins-master web1]#git commit -m "v6"
[develop 25a6d18] v6
1 file changed, 1 insertion(+)
[root@jenkins-master web1]#git push
#输入用户名ll,密码123456789
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 2 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 265 bytes | 265.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0), pack-reused 0
remote:
remote: To create a merge request for develop, visit:
remote: http://10.0.0.150/linux39/web1/-/merge_requests/new?merge_request%5Bsource_branch%5D=develop
remote:
To http://10.0.0.150/linux39/web1.git
bff5722..25a6d18 develop -> develop
#可以在gitlab图形界面查看,main主分支代码是v5,develop分支代码是v6
#在jenkins重命名上面的linux39-app1任务名称为linux39-web1-develop任务、linux39-app1为linux39-web1-main任务
#配置linux39-web1-develop任务,源码管理,git,repository url和credentials不变,指定分支为*/develop
#构建执行shell
rm -rf myapp.tar.gz && tar czvf myapp.tar.gz ./*
ssh www@10.0.0.190 "rm -rf /data/tomcat/tomcat_appdir/*"
scp -r myapp.tar.gz www@10.0.0.190:/data/tomcat/tomcat_appdir
ssh 10.0.0.190 "systemctl stop tomcat"
ssh www@10.0.0.190 "tar xvf /data/tomcat/tomcat_appdir/myapp.tar.gz -C /data/tomcat/tomcat_webapps/myapp"
ssh 10.0.0.190 "systemctl restart tomcat"
#配置linux39-web1-develop任务,源码管理,git,repository url和credentials不变,指定分支为*/main
#构建执行shell
rm -rf myapp.tar.gz && tar czvf myapp.tar.gz ./*
ssh www@10.0.0.200 "rm -rf /data/tomcat/tomcat_appdir/*"
scp -r myapp.tar.gz www@10.0.0.200:/data/tomcat/tomcat_appdir
ssh 10.0.0.200 "systemctl stop tomcat"
ssh www@10.0.0.200 "tar xvf /data/tomcat/tomcat_appdir/myapp.tar.gz -C /data/tomcat/tomcat_webapps/myapp"
ssh 10.0.0.200 "systemctl restart tomcat"
#执行构建linux39-web1-develop完成后验证。测试环境已经升级到v6代码,生产环境还是v5版本。
[root@jenkins-master web1]#curl 10.0.0.248/myapp/index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
<h1>test v4</h1>
<h1>test v5</h1>
<h1>test v6</h1>
[root@jenkins-master web1]#curl 10.0.0.249/myapp/index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
<h1>test v4</h1>
<h1>test v5</h1>
#ll用户提交代码合并请求。
#gitlab--web1--merge request--new merge request--assignee填写开发领导tan用户,reviewer填写tan--create merge request
#登录tan用户,merge合并。
#查看main主分支代码数据已经升级到v6版本
#执行构建linux39-web1-main完成后验证。10.0.0.249对应的生产环境已经升级到v6版本成功。
[root@jenkins-master web1]#curl 10.0.0.249/myapp/index.html
<h1>test v1</h1>
<h1>test v2</h1>
<h1>test v3</h1>
<h1>test v4</h1>
<h1>test v5</h1>
<h1>test v6</h1>
#6.jenkins触发器,项目关联,jenkins视图(用的不多,触发器不安全,项目一般是一个job完成)
#6.1jenkins触发器使用在开发环境或者测试环境,用于提交代码后自动出发部署。因不安全不要用于生产环境部署使用,注意以下几点。
安装插件gitlab webhook和gitlab authentication
在jenkins系统管理-全局安全设置,认证改为登录用户可以做任何事情
取消跨站请求伪造保护的勾选项
gitlab hook plugin以纯文本形式存储和显示gitlab api令牌
#配置完在”jenkins系统管理-全局安全设置,认证改为登录用户可以做任何事情、取消跨站请求伪造保护的勾选项“后,生成token认证
[root@jenkins-master ~]#openssl rand -hex 12
588bfd7b6c7c7017fabffda4
#在linux39-web1-develop任务中,构建触发器--触发远程构建--身份令牌--588bfd7b6c7c7017fabffda4
#在任何可以访问10.0.0.160的服务器执行curl 这个地址就可以出发远程构建。
http://10.0.0.160:8080/job/linux39-web1-develop/build?token=588bfd7b6c7c7017fabffda4
#在jenkins上查看已经触发构建。
#在gitlab--menu--admin--system hooks,输入以上url,配置存储库更新出发钩子
# 会有以下报错,实现gitlab存储更新自动出发远程构建部署失败,可能是jenkins新版本不能取消跨站请求伪造保护的选项导致。
Hook executed successfully but returned HTTP 403 <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 403 No valid crumb was included in the request</title> </head> <body><h2>HTTP ERROR 403 No valid crumb was included in the request</h2> <table> <tr><th>URI:</th><td>/job/linux39-web1-develop/build</td></tr> <tr><th>STATUS:</th><td>403</td></tr> <tr><th>MESSAGE:</th><td>No valid crumb was included in the request</td></tr> <tr><th>SERVLET:</th><td>Stapler</td></tr> </table> <hr/><a href="https://eclipse.org/jetty">Powered by Jetty:// 9.4.45.v20220203</a><hr/> </body> </html>
#推荐使用第二种可行的方法使用webhook。
#第一步:在gitlab--admin--setting--network--Outbound requests--勾选“Allow requests to the local network from web hooks and services”
#第二步:在jenkins--自己的job--构建触发器--勾选“Build when a change is pushed to GitLab. GitLab webhook URL: http://10.0.0.160:8080/project/linux39-web1-develop”--点开高级--Secret token--生成令牌。
#第三步:在gitlab--自己的项目--setting--webhook--填写url和令牌,是第二步的http://10.0.0.160:8080/project/linux39-web1-develop和生成的令牌。勾选推送事件就是出发push操作后立即构建,勾选合并请求后就是合并分支后立刻构建。测试push。
#第四步:在jenkins查看job构建完成。
#6.2项目关联,用于将构建任务拆分开来,分为各个任务,停服务,拷贝代码,启服务等等,可以重复调用某个任务。通过在第一个任务后添加“构建后操作--构建其他工程”来关联其他任务。
#6.3视图,在jenkins--dashboard--新建视图,默认有我的视图和列表视图
#我的视图,创建后和默认的所有视图一样,没必要创建了
#列表视图用于分类所有视图,可以按项目分类,linux39开头的任务创建一个列表视图。
#可以安装build pipeline插件,此视图可以按管道显示,可以看到关联关系。一个任务创建一个build pipeline view,创建时选择初始作业和默认显示的版本就可以了
#7.jenkins分布式实现代码部署和回滚
#在众多 Job 的场景下,单台 jenkins master 同时执行代码 clone、编译、打包及构建,其性能可能会出现瓶颈从而会影响代码部署效率,jenkins 官方提供了 jenkins 分布式构建,将众多 job 分散运行到不同的 jenkins slave 节点,大幅提高并行 job 的处理能力。
#7.1配置slave节点java环境,在10.0.0.170,10.0.0.180上配置
[root@jenkins-slave1 ~]#yum install fontconfig java-11-openjdk
[root@jenkins-slave2 ~]#yum install fontconfig java-11-openjdk
[root@jenkins-slave1 ~]#mkdir -p /var/lib/jenkins
[root@jenkins-slave2 ~]#mkdir -p /var/lib/jenkins
#7.2添加slave节点(不用在网上下载jenkins agent的war包,直接在jenkins添加节点即可)
jenkins-系统管理-节点管理-新建节点,节点名称,固定节点,下一步
名字:jenkins-slave1
描述:jenkins-slave1
并发构建数:4
远程工作目录:/var/lib/jenkins
标签:jenkins-slave1
用法:只允许运行绑定到这台机器的job
启动方式:launch agent via ssh
主机:10.0.0.170
crdentials:添加,用户密码方式,root,123456,描述10.0.0.170-jenkins-slave1
host key verification strategy:non verifiying verification strategy
可用性:尽量保持代理在线
保存
#10.0.0.180添加时可以复制现有节点配置
#7.3验证
[root@jenkins-slave1 ~]#ps aux |grep jenkins
root 41857 1.1 5.6 3132412 112532 ? Ssl 19:03 0:05 java -jar remoting.jar -workDir /var/lib/jenkins -jar-cache /var/lib/jenkins/remoting/jarCache
root 42001 0.0 0.0 12112 1076 pts/0 S+ 19:11 0:00 grep --color=auto jenkins
#7.4在slave1和slave2节点配置到后端tomcat服务器的免密登录,使其可以拷贝文件以及安装git命令来克隆代码
[root@jenkins-slave1 ~]#yum install -y git
[root@jenkins-slave1 ~]#ssh-keygen
[root@jenkins-slave1 ~]#ssh-copy-id www@10.0.0.190
[root@jenkins-slave1 ~]#ssh-copy-id 10.0.0.190
[root@jenkins-slave1 ~]#ssh-copy-id www@10.0.0.200
[root@jenkins-slave1 ~]#ssh-copy-id 10.0.0.200
[root@jenkins-slave2 ~]#yum install -y git
[root@jenkins-slave2 ~]#ssh-keygen
[root@jenkins-slave2 ~]#ssh-copy-id www@10.0.0.190
[root@jenkins-slave2 ~]#ssh-copy-id 10.0.0.190
[root@jenkins-slave2 ~]#ssh-copy-id www@10.0.0.200
[root@jenkins-slave2 ~]#ssh-copy-id 10.0.0.200
#8.基于pipeline实现代码部署
#jenkins--dashboard--新建任务--pipeline任务
名称:jenkins-web1-pipeline
流水线:
定义:pipeline script
脚本:
node("jenkins-slave1"){
stage("clone 代码"){
sh 'rm -rf /var/lib/jenkins/workspace/jenkins-web1-pipeline/*'
git branch: 'develop', credentialsId: '35d2956c-3733-4041-bd95-5f48567e7adf', url: 'git@10.0.0.150:linux39/web1.git'
}
stage("代码构建"){
sh 'cd /var/lib/jenkins/workspace/jenkins-web1-pipeline/ && tar czvf code.tar.gz ./index.html'
}
stage("代码复制"){
sh 'cd /var/lib/jenkins/workspace/jenkins-web1-pipeline/ && scp code.tar.gz www@10.0.0.190:/data/tomcat/tomcat_appdir/'
}
stage("停止 tomcat 服务"){
sh 'ssh 10.0.0.190 "systemctl stop tomcat"'
}
stage("代码部署"){
sh 'ssh www@10.0.0.190 "rm -rf /data/tomcat/tomcat_webdir/myapp/* && cd /data/tomcat/tomcat_appdir && tar xvf code.tar.gz -C /data/tomcat/tomcat_webapps/myapp/"'
}
stage("启动 tomcat 服务"){
sh 'ssh 10.0.0.190 "systemctl start tomcat"'
}
}
#立即构建,构建成功,验证代码升级完毕。
代码部署流程图:
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY