Jenkins+Gitlab+Ansible自動化部署(一)

時間 2019-12-01

標籤 jenkins+gitlab+ansible jenkins gitlab ansible 自動化部署欄目自動化構建简体版

原文原文鏈接

首先準備實驗環境node

虛擬機	主機名	IP地址	服務	系統版本	內核版本
Vmware Workstation 14	gitlab.example.com	192.168.244.130	gitlab	CentOS Linux release 7.5.1804 (Core)	3.10.0-862.el7.x86_64
	jenkins.example.com	192.168.244.131	jenkis
	ansible.example.com	192.168.244.132	asible

除此以外，還要在宿主機win10系統下的C:\Windows\System32\drivers\etc\hosts文件中添加以下內容python

192.168.244.130 gitlab.example.com
192.168.244.131 jenkins.example.com
192.168.244.132 ansible.example.com

關閉防火牆和selinuxlinux

[root@gitlab ~]# sed -i "s/enforcing/disabled/" /etc/selinux/config
[root@gitlab ~]# systemctl stop firewalld && systemmctl disable firewalld
[root@gitlab ~]# reboot
[root@gitlab ~]# getenforce
Permissive
[root@server01 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

安裝postfix並啓動nginx

[root@gitlab ~]# yum install postfix
[root@gitlab ~]# systemctl start postfix && systemctl enable postfix

安裝Gitlab組件及gitlab-cegit

[root@gitlab ~]# yum install curl policycoreutils openssh-server openssh-clients
[root@gitlab ~]# curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
[root@gitlab ~]# yum install -y gitlab-ce

也能夠去https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-10.0.0-ce.0.el7.x86_64.rpm安裝方法。redis

證書建立與配置加載sql

[root@gitlab ~]# mkdir -p /etc/gitlab/ssl 
建立私有密鑰 
[root@gitlab ~]# openssl genrsa -out "/etc/gitlab/ssl/gitlab.example.com.key"  2048
Generating RSA private key, 2048 bit long modulus
...............+++
...............................................................................+++
e is 65537 (0x10001)
建立私有證書
[root@gitlab ~]# openssl req -new -key "/etc/gitlab/ssl/gitlab.example.com.key"  -out "/etc/gitlab/ssl/gitlab.example.com.csr"
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sh
Locality Name (eg, city) [Default City]:sh
Organization Name (eg, company) [Default Company Ltd]:  #輸入空格，而後回車
Organizational Unit Name (eg, section) []:  #輸入空格，而後回車
Common Name (eg, your name or your server's hostname) []:gitlab.example.com
Email Address []:admin@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:  #直接回車
查看
[root@gitlab ~]# ll /etc/gitlab/ssl/
total 8
-rw-r--r-- 1 root root 1066 Jan  2 15:32 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 Jan  2 15:30 gitlab.example.com.key
接下來利用私有密鑰和私有證書建立CRT簽署證書
[root@gitlab ~]# openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.example.com.csr" -signkey "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.crt"
Signature ok
subject=/C=cn/ST=sh/L=sh/O= /OU= /CN=gitlab.example.com/emailAddress=admin@example.com
Getting Private key
查看
[root@gitlab ~]# ll /etc/gitlab/ssl/
total 12
-rw-r--r-- 1 root root 1265 Jan  2 15:39 gitlab.example.com.crt
-rw-r--r-- 1 root root 1066 Jan  2 15:32 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 Jan  2 15:30 gitlab.example.com.key
利用openssl命令輸出pem證書
[root@gitlab ~]# openssl dhparam -out /etc/gitlab/ssl/dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
........................................................+................................................................................+.....................................+..................................................................................+..............................................+..................................................................................................................................+..+........................................................................................................................................+..............................................................................................................................................................................+......+..............+.....................................................+.................+.......................................................................................+..+.................................................................................................................................................+..........................................................+.............+.........+...........................................................+........................................................................................................................................................................................................................................+...................................................................................................................................................................................................................................................................................................................++*++*
#  這個過程有點久
# 查看生成的證書
[root@gitlab ~]# ll /etc/gitlab/ssl/
total 16
-rw-r--r-- 1 root root  424 Jan  2 15:46 dhparam.pem
-rw-r--r-- 1 root root 1265 Jan  2 15:39 gitlab.example.com.crt
-rw-r--r-- 1 root root 1066 Jan  2 15:32 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 Jan  2 15:30 gitlab.example.com.key
更改文件權限
[root@gitlab ~]# chmod 600 /etc/gitlab/ssl/*
[root@gitlab ~]# ll /etc/gitlab/ssl/
total 16
-rw------- 1 root root  424 Jan  2 15:46 dhparam.pem
-rw------- 1 root root 1265 Jan  2 15:39 gitlab.example.com.crt
-rw------- 1 root root 1066 Jan  2 15:32 gitlab.example.com.csr
-rw------- 1 root root 1679 Jan  2 15:30 gitlab.example.com.key

配置gitlabchrome

[root@gitlab ~]# cp /etc/gitlab/gitlab.rb{,.bak}
[root@gitlab ~]# vim /etc/gitlab/gitlab.rb
## 更改以下
 13 external_url 'https://gitlab.example.com'  13行左右
952 nginx['redirect_http_to_https'] = true
964 nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt"
965 nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key"
979 # nginx['ssl_dhparam'] = /etc/gitlab/ssl/dhparam.pem # Path to dhparams.pem,      eg. /etc/gitlab/ssl/dhparams.pem

初始化gitlab相關服務配置vim

[root@gitlab ~]# gitlab-ctl reconfigure
Starting Chef Client, version 13.6.4
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - gitlab (0.0.1)
  - package (0.1.0)
  - postgresql (0.1.0)
  - redis (0.1.0)
  - mattermost (0.1.0)
  - registry (0.1.0)
  - gitaly (0.1.0)
  - consul (0.0.0)
  - nginx (0.1.0)
  - runit (0.14.2)
  - letsencrypt (0.1.0)
  - acme (3.1.0)
  - crond (0.1.0)
  - compat_resource (12.19.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: gitlab::default
  * directory[/etc/gitlab] action create
    - change mode from '0755' to '0775'
  Converging 493 resources
  * directory[/etc/gitlab] action create (up to date)
  * directory[Create /var/opt/gitlab] action create
    - create new directory /var/opt/gitlab
    - change mode from '' to '0755'
    - change owner from '' to 'root'
    - change group from '' to 'root'
  * directory[/opt/gitlab/embedded/etc] action create
    - create new directory /opt/gitlab/embedded/etc
    - change mode from '' to '0755'
    - change owner from '' to 'root'
    - change group from '' to 'root'
  * template[/opt/gitlab/embedded/etc/gitconfig] action create
    - create new file /opt/gitlab/embedded/etc/gitconfig
    - update content in file /opt/gitlab/embedded/etc/gitconfig from none to 987af3

。。。。過程有點長，須要等一會（看我的服務器配置了）
Running handlers:
Running handlers complete
Chef Client finished, 454/655 resources updated in 02 minutes 16 seconds
gitlab Reconfigured!
# 出現這個表示配置沒有問題！

對nginx配置瀏覽器

[root@gitlab ~]# cp /var/opt/gitlab/nginx/conf/gitlab-http.conf{,.bak}
[root@gitlab ~]# vim /var/opt/gitlab/nginx/conf/gitlab-http.conf
 37   server_name gitlab.example.com; #在此行下面添加38行的內容
 38   rewrite ^(.*)$ https://$host$1 permanent;

重啓gitlab

[root@gitlab ~]# gitlab-ctl restart
ok: run: alertmanager: (pid 6526) 1s
ok: run: gitaly: (pid 6543) 0s
ok: run: gitlab-monitor: (pid 6556) 0s
ok: run: gitlab-workhorse: (pid 6579) 1s
ok: run: logrotate: (pid 6589) 0s
ok: run: nginx: (pid 6597) 1s
ok: run: node-exporter: (pid 6681) 0s
ok: run: postgres-exporter: (pid 6687) 1s
ok: run: postgresql: (pid 6698) 0s
ok: run: prometheus: (pid 6706) 0s
ok: run: redis: (pid 6722) 0s
ok: run: redis-exporter: (pid 6856) 0s
ok: run: sidekiq: (pid 6866) 0s
ok: run: unicorn: (pid 6880) 0s
#  能夠看出gitlab的全部服務重啓完成

使用宿主機win10下的chrome瀏覽器訪問gitlab.example.com:80

開始使用gitlab

建立一個測試工程

複製倉庫地址

回到win10宿主機，從新打開一個git命令行窗口以下所示操做

# 粘貼倉庫地址回車後會彈出輸入帳戶和密碼的窗口

以後就會將空的測試倉庫克隆到本地宿主機的桌面上的repo目錄下

xueji@xueji MINGW64 ~/Desktop/repo
$ git -c http.sslVerify=false clone https://gitlab.example.com/root/test-repo.git
Cloning into 'test-repo'...
warning: You appear to have cloned an empty repository.

xueji@xueji MINGW64 ~/Desktop/repo
$ pwd
/c/Users/xueji/Desktop/repo

xueji@xueji MINGW64 ~/Desktop/repo
$ ls
test-repo/

xueji@xueji MINGW64 ~/Desktop/repo
$ ls test-repo/

在win10宿主機下的test-repo目錄下新建一個test.py文件，並上傳至gitlab

xueji@xueji MINGW64 ~/Desktop/repo
$ cd test-repo/

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ vi test.py

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git add .
warning: LF will be replaced by CRLF in test.py.
The file will have its original line endings in your working directory

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git commit -m"First Commit"
[master (root-commit) 93bd740] First Commit
 Committer: unknown <xueji@pin.com>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly. Run the
following command and follow the instructions in your editor to edit
your configuration file:

    git config --global --edit

After doing this, you may fix the identity used for this commit with:

    git commit --amend --reset-author

 1 file changed, 1 insertion(+)
 create mode 100644 test.py

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git config  --global user.email "admin@example.com"

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git config --global user.name "admin"

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git commit -m"First Commit"
On branch master
Your branch is based on 'origin/master', but the upstream is gone.
  (use "git branch --unset-upstream" to fixup)

nothing to commit, working tree clean

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git -c http.sslVerify=false push master
fatal: 'master' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)

報錯，跟據提示信息咱們進行以下操做

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git branch --unset-upstream
xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git add .

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git config --global user.email "admin@example.com"

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git config --global user.name "admin"

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git commit -m"First Commit"
On branch master
nothing to commit, working tree clean

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git commit -m"Second Commit"
On branch master
nothing to commit, working tree clean

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git -c http.sslVerify=false push origin master
Enumerating objects: 3, done.
Counting objects: 100% (3/3), done.
Writing objects: 100% (3/3), 242 bytes | 242.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To https://gitlab.example.com/root/test-repo.git
 * [new branch]      master -> master

回到gitlab的瀏覽器頁面，刷新查看

已經成功上傳到test-repo工程當中。

Gitlab應用

好比說Systeminfo

好比說日誌

須要咱們關注的是application.log和production.log兩項

好比說健康情況

建立開發人員及leader的帳號

開發人員帳號

其餘選項不要動，點擊建立便可。

建立leader的帳號

其餘也不要動。

建好後的帳戶

同理添加lead帳戶

更改兩個帳戶的密碼

其餘選項保持不變，而後點擊頁面最下面的save changes，同理更改lead的密碼

使用dev帳戶進行git命令行的提交操做

## 如下步驟也是在win10宿主機上進行的
xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ pwd
/c/Users/xueji/Desktop/repo/test-repo

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ cd ..

xueji@xueji MINGW64 ~/Desktop/repo
$ rm -rf test-repo/
$ git -c http.sslVerify=false clone https://gitlab.example.com/root/test-repo.git
Cloning into 'test-repo'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
#  這一步就很尷尬了，原本是想要驗證dev帳戶的，誰知道什麼都不須要輸入就直接能夠clone下來。
xueji@xueji MINGW64 ~/Desktop/repo
$ ls
test-repo/

xueji@xueji MINGW64 ~/Desktop/repo
$ ls test-repo/
test.py

xueji@xueji MINGW64 ~/Desktop/repo
$ cd test-repo/

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
$ git checkout -b release-1.0   #建立開發人員版本
Switched to a new branch 'release-1.0'
xueji@xueji MINGW64 ~/Desktop/repo/test-repo (release-1.0)
$ ls
test.py

xueji@xueji MINGW64 ~/Desktop/repo/test-repo (release-1.0)
$ vim test.py
xueji@xueji MINGW64 ~/Desktop/repo/test-repo (release-1.0)
$ cat test.py
print("This is a test python file for release-1.0!")
xueji@xueji MINGW64 ~/Desktop/repo/test-repo (release-1.0)
$ git -c http.sslVerify=false push origin release-1.0
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 4 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 287 bytes | 287.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: To create a merge request for release-1.0, visit:
remote:   https://gitlab.example.com/root/test-repo/merge_requests/new?merge_request%5Bsource_branch%5D=release-1.0
remote:
To https://gitlab.example.com/root/test-repo.git
 * [new branch]      release-1.0 -> release-1.0
#  我靠，估計版本不同，這一步不須要輸入帳戶名和密碼