极客时间运维进阶训练营第四周作业
1、部署 jenkins master 及多 slave 环境
部署master
apt update apt install -y openjdk-11-jdk root@jenkins:~# java -version openjdk version "11.0.17" 2022-10-18 OpenJDK Runtime Environment (build 11.0.17+8-post-Ubuntu-1ubuntu222.04) OpenJDK 64-Bit Server VM (build 11.0.17+8-post-Ubuntu-1ubuntu222.04, mixed mode, sharing) cd /usr/local/src/ &&\ curl -O https://mirrors.jenkins.io/debian-stable/jenkins_2.361.2_all.deb dpkg -c jenkins_2.361.2_all.deb dpkg -i jenkins_2.361.2_all.deb && systemctl stop jenkins sed -i s'/User=jenkins/User=root/g' /lib/systemd/system/jenkins.service sed -i s'/Group=jenkins/Group=root/g' /lib/systemd/system/jenkins.service sed -i s'/Environment="JAVA_OPTS=-Djava.awt.headless=true"/Environment="JAVA_OPTS=-Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true"/g' /lib/systemd/system/jenkins.service systemctl daemon-reload && systemctl restart jenkins.service ##检查可知已经生效完毕 root@jenkins:/tmp# ps -ef|grep jenkins root 12077 1 99 17:24 ? 00:01:17 /usr/bin/java -Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -jar /usr/share/java/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080
部署slave
apt update && apt install -y openjdk-11-jdk install -d /var/lib/jenkins
2、基于 jenkins 视图对 jenkins job 进行分类
3、总结 jenkins pipline 基本语法
stage :一个pipline可以划分为若干个stage,每个stage都是一个操作,是一个逻辑分组,可以是跨node执行不同的 stage
step: jenkins pipline的最小操作单元,一个stage可以有多个step
node: jenkins 工作节点,可以是master 也可以是slave,是执行step的 具体服务器
input: 在流水线中实现交互式操作
post:发送邮件,always success 常用
enviroment: 可以设置环境变量,通过$ 在流水线中引用
parameters:可以给step 传递参数,设置在Jenkinsfile即可生效
4、部署代码质量检测服务 sonarqube
部署PostgresSQL并设置数据库
apt update apt-cache madison postgresql apt install postgresql -y #初始化数据库 pg_createcluster --start 14 mycluster cp /etc/postgresql/14/mycluster/postgresql.conf{,.bak} echo "listen_addresses = '*'" >> /etc/postgresql/14/mycluster/postgresql.conf sed -i 's/max_connections\ =\ 100/max_connections\ =\ 4096/g' /etc/postgresql/14/mycluster/postgresql.conf cp /etc/postgresql/14/mycluster/pg_hba.conf{,.bak} sed -i '/host.*all.*all.*127.*32.*/d' /etc/postgresql/14/mycluster/pg_hba.conf echo "host all all 0.0.0.0/0 scram-sha-256" >> /etc/postgresql/14/mycluster/pg_hba.conf systemctl restart postgresql #postgressql 为sonar创建用户 su - postgres psql -U postgres #创建sonar数据库 CREATE DATABASE sonar; #创建sonar用户密码为123456 CREATE USER sonar WITH ENCRYPTED PASSWORD '123456'; #授权用户访 GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar; #执行变更 ALTER DATABASE sonar OWNER TO sonar;
安装sonar
apt update &&\ apt install -y openjdk-11-jdk echo "vm.max_map_count=524288" >> /etc/sysctl.conf echo "fs.file-max=131072" >> /etc/sysctl.conf sysctl -p #检查 sysctl -a |grep 524288 # vm.max_map_count = 524288 cd /usr/local/src/ &&\ curl -O https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.10.61524.zip &&\ unzip sonarqube-8.9.10.61524.zip BASE_DIR="/apps" if [[ ! -d "${BASE_DIR}" ]]; then mkdir -p "${BASE_DIR}" fi mv /usr/local/src/sonarqube-8.9.10.61524 /apps/ ln -sv /apps/sonarqube-8.9.10.61524 /apps/sonarqube useradd -r -m -s /bin/bash sonarqube chown sonarqube.sonarqube /apps -R su - sonarqube cp /apps/sonarqube/conf/sonar.properties{,.bak} tee -a /apps/sonarqube/conf/sonar.properties << "EOF" sonar.jdbc.username=sonar sonar.jdbc.password=123456 sonar.jdbc.url=jdbc:postgresql://192.168.56.106/sonar EOF #启动 /apps/sonarqube/bin/linux-x86-64/sonar.sh start #停止 /apps/sonarqube/bin/linux-x86-64/sonar.sh stop #配置systemd启动 tee -a /etc/systemd/system/sonarqube.service <<"EOF" [Unit] Description=SonarQube service After=syslog.target network.target [Service] Type=simple User=sonarqube Group=sonarqube PermissionsStartOnly=true ExecStart=/bin/nohup /usr/bin/java -Xms512m -Xmx512m -Djava.net.preferIPv4Stack=true -jar /apps/sonarqube/lib/sonar-application-8.9.10.61524.jar StandardOutput=syslog LimitNOFILE=131072 LimitNPROC=8192 TimeoutStartSec=5 Restart=always SuccessExitStatus=143 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl restart sonarqube && systemctl enable sonarqube
安装sonar scanner
cd /usr/local/src/ &&\ unzip sonar-scanner-cli-4.7.0.2747.zip if [[ ! -d /apps ]]; then mkdir /apps fi mv /usr/local/src/sonar-scanner-4.7.0.2747 /apps/ ln -sfv /apps/sonar-scanner-4.7.0.2747 /apps/sonar-scanner tee -a /apps/sonar-scanner/conf/sonar-scanner.properties << "EOF" sonar.host.url=http://192.168.56.105:9000 sonar.sourceEncoding=UTF-8 EOF
5、基于命令、shell 脚本和 pipline 实现代码质量检测
命令式
root@jenkins:~# tree python-test/ python-test/ ├── sonar-project.properties └── src └── test.py 1 directory, 2 files root@jenkins:~/python-test# cat sonar-project.properties # Required metadata sonar.projectKey=magedu-python sonar.projectName=magedu-python-app1 sonar.projectVersion=1.0 # Comma-separated paths to directories with sources (required) sonar.sources=src # Language sonar.language=py # Encoding of the source files sonar.sourceEncoding=UTF-8 root@jenkins:~/python-test# /apps/sonar-scanner/bin/sonar-scanner
shell 脚本
cd /data/gitdata/linux &&\ git clone git@gitlab.iclinux.com:linux/app2.git cd app2 &&\ /apps/sonar-scanner/bin/sonar-scanner /apps/sonar-scanner/bin/sonar-scanner -Dsonar.projectKey=iclinx -Dsonar.projectName=iclinux-python-app3 -Dsonar.projectVersion=1.3 -Dsonar.sources=./src -Dsonar.language=py -Dsonar.sourceEncoding=UTF-8
pipeline
pipeline { agent any parameters { string(name: 'BRANCH', defaultValue: 'develop', description: '分支选择') choice(name: 'DEPLOY_ENV', choices: ['develop', 'production'], description: '部署环境选择') } stages { stage('变量测试1'){ steps { sh "echo $env.WORKSPACE" sh "echo $env.JOB_URL" sh "echo $env.NODE_NAME" sh "echo $env.NODE_LABELS" sh "echo $env.JENKINS_URL" sh "echo $env.JENKINS_HOME" } } stage('代码克隆'){ steps { deleteDir() script { if ( env.BRANCH == 'main' ){ git branch: 'main', credentialsId: 'root', url: 'https://gitlab.iclinux.com/linux/app2.git' } else if ( env.BRANCH == 'develop' ) { git branch: 'develop', credentialsId: 'root', url: 'https://gitlab.iclinux.com/linux/app2.git' } else { echo 'BRANCH ERROR, please check it.' } GIT_COMMIT_TAG = sh(returnStdout: true, script: 'git rev-parse --shart HEAD').trim() } } } stage('python源代码质量扫描'){ steps { sh "cd $env.WORKSPACE && /apps/sonar-scanner/bin/sonar-scanner -Dsonar.projectKey=iclinx -Dsonar.projectName=iclinux-python-app3 -Dsonar.projectVersion=1.3 -Dsonar.sources=./src -Dsonar.language=py -Dsonar.sourceEncoding=UTF-8" } } } }