Jenkins+Ansible+Gitlab自動化部署三劍客

1、gitlab安裝

環境：centos 7 x64

一、關閉防火牆

systemctl stop firewalld
systemctl disable firewalld

 

二、禁用selinux

vim /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

改成SELINUX=disabled，而後重啓服務器，使用getenforce進行驗證

三、安裝環境依賴

yum install curl policycoreutils openssh-server openssh-clients postfix

四、下載倉庫文件

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

五、啓動郵件服務

systemctl start postfix
systemctl enable postfix

六、安裝gitlab-ce

yum install -y gitlab-ce

七、配置ssl

mkdir /etc/gitlab/ssl
cd /etc/gitlab/ssl
openssl genrsa -out /etc/gitlab/ssl/gitlab.example.com.key 2048
openssl req -new -key "gitlab.example.com.key" -out "gitlab.example.com.csr"
openssl x509 -req -days 3650 -in "gitlab.example.com.csr" -signkey "gitlab.example.com.key" -out "gitlab.example.com.crt"
openssl dhparam -out dhparams.pem 2048
chmod 600 *

八、配置gitlab.rb

vim /etc/gitlab/gitlab.rb

external_url 'https://gitlab.example.com'
//external_url 'https://192.168.71.128'

nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key" nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem" # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem

gitlab-ctl reconfigure

九、配置nginx

server {
  listen *:80;
  server_name gitlab.example.com;
  //server_name 192.168.71.128;

  rewrite ^(.*)$ https://$host$1 permanent;

  server_tokens off; ## Don't show the nginx version number, a security best practice

十、運維工程師使用

a、新建項目

b、用戶維護，建立regular用戶

c、給項目分配用戶及權限，分配dev用戶和maintainer用戶

十一、開發組長使用

//克隆倉庫

 git -c http.sslverify=false clone https://192.168.71.128/root/test-repo.git

處理合並申請

十二、開發人員使用

git -c http.sslverify=false clone https://192.168.71.128/root/test-repo.git

建立分支合併申請

 

2、ansible安裝

一、環境準備（python3.6.5安裝及virtualenvwrapper管理虛擬環境）

詳見：http://www.javashuo.com/article/p-uvixnvvd-bq.html

二、pip安裝

mkvirtualenv -p python3 env36
pip install ansible

三、git安裝

root用戶安裝git
yum -y install git nss curl

切換到普通用戶
su deploy
cd ~

git clone ansible（能夠將github源導入碼雲，而後再clone碼雲上的ansible,否則下載會很慢或失敗）
git clone https://github.com/ansible/ansible.git

進入env36環境
workon env36

安裝ansible依賴包
pip install paramiko PyYAML jinja2

將ansible移動到虛環境目錄下
mv ansible ~/.virtualenvs/env36.ansible/
cd ~/.virtualenvs/env36.ansible/ansible

切換分支
git checkout stable-2.5

安裝
source ~/.virtualenvs/env36.ansible/ansible/hacking/env-setup -q

驗證
ansible --version

View Code

 三、ansible使用

ansible主機：192.168.71.132

ssh-keygen -t rsa

ssh-copy-id -i id_rsa.pub root@192.168.71.133

 

測試機：192.168.71.133