Jenkins+Ansible+GitLab持续交付平台搭建-第7篇
这篇文章将继续给大家介绍Jenkins+Ansible+GitLab持续交付平台搭建。
Jenkins+Ansible+GitLab持续交付平台搭建-第1篇
Jenkins+Ansible+GitLab持续交付平台搭建-第2篇
Jenkins+Ansible+GitLab持续交付平台搭建-第3篇
Jenkins+Ansible+GitLab持续交付平台搭建-第4篇
Jenkins+Ansible+GitLab持续交付平台搭建-第5篇
Jenkins+Ansible+GitLab持续交付平台搭建-第6篇
Jenkins,ansible,gitlab三剑客
Freestyle job案例
三剑客环境搭建
###搭建平台
# ssh root@172.16.87.89
# su - deploy
$ source /home/deploy/.py3-a2.5-env/bin/activate
###加载py3虚拟环境
$ source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q
##验证ansible是否已经加载成功
$ ansible --version
到此三剑客平台已经就绪
##创建freetyle-job工程
#描述:This is my frist nginx job
#参数化构建过程
选择参数:
名称:deploy_env
选择:dev&test&prod
文本参数:
名称:branch
默认值:master
源代码管理:GitLab项目仓库url/仓库密码
##创建Ansible与目标主机ssh key公钥认证
编写playbook脚本实现静态网页远程部署
编写playbooks脚本
nginx_playbooks/ ----->脚本目标
├── deploy.retry
├── deploy.yml --->主入口文件
├── inventory ---->详细目标
│ ├── dev
│ └── prod
└── roles ---->主任务文件
└── nginx
├── files
│ ├── health_check.sh
│ └── index.html
├── tasks
│ └── main.yml --->ansible-playbook主任务文件
└── templates
└── nginx.conf.j2
6 directories, 8 files
将playbook部署脚本提交到Gitllab仓库
##将GitLab仓库代码克隆到本地
# git -c http.sslverify=false clone https://gitlab.example.com/root/ansible-playbooks.git
##上传代码
# git add .
##提交,注释提交内容
# git commit -m "First commit"
# git -c http.sslverify=false push origin master 或git push origin master
Freestyle任务构建和自动化部署
shell脚本
#!/bin/sh
set +x
source /home/deploy/.py3-a2.5-env/bin/activate
source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q
cd $WORKSPACE/nginx_playbooks
ansible --version
ansible-playbook --version
ansible-playbook -i inventory/$deploy_env ./deploy.yml -e project=nginx -e branch=$branch -e env=$deploy_env
jenkins pipeline job案例
###pipeline job实现:nginx+mysql+php+WordPress自动化部署交付
预先搭建环境:
1.三剑客平台初始化环境构建
2.编写ansible playbook脚本实现WordPress远程部署工作
3.将WordPress源码与playbook部署脚本提交到GitLab仓库
4.编写pipeline job脚本实现jenkins流水线持续交付流程
5.jenkins集成ansible与GitLab实现WordPress的自动化部署
##ssh链接jenkins后台服务器
# ssh root@172.16.87.89
# su -deploy
$ source /home/deploy/.py3-a2.5-env/bin/activate
###加载py3虚拟环境
$ source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q
##验证ansible是否已经加载成功
$ ansible --version
##验证ansible环境是否免秘钥远程登录目标服务器
# ssh root@report.example.com(目标服务器DNS)
##编写ansible playbook脚本
##打开Git Bash在本地编写脚本
###为了避免克隆或者推送GitLab仓库时报证书错误,关闭Git安全认证
### git config --global http.sslverify fales
# git -c http.sslverify=false clone https://gitlab.example.com/root/ansible-playbooks.git
# cd ansible-playbooks/
# cp -a nginx_playbooks/ wordpress_playbooks
# 编写本地wordpressss_playbooks脚本
wls案例
##Freestyle job+GitLab+ansible+weblogic
1.环境准备
GitLab代码仓库托管服务器172.16.87.88(本地DNSgitlab.example.com)
ansible+jenkins持续构建集成服务器172.16.87.89
weblogic服务器:172.16.87.105
2.创建一个自由风格流水线job,命名项目名称规则
项目名称:report
参数化构建过程:
选项参数名称deploy_env
选项:dev、test、prod
文本参数名称:branch
默认值master
源码托管Git
项目仓库Url地址https://gitlab.example.com/root/report2.git
构建:Maven
执行shell:
#!/bin/sh
set +x
#su - deploy
source /home/deploy/.py3-a2.5-env/bin/activate
source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q
cd /home/deploy
ansible --version
ansible-playbook --version
cd playbook
#cp /home/deploy/.jenkins/workspace/report2.0/portal/target/portal.war roles/testbox/files/
ansible-playbook -i inventory/testenv ./deploy.yml
##jenkins启动停止脚本
#!/bin/bash
DEPLOY_UID=1000
java -jar /opt/jenkins.war >> $log_path/home/deploy/apache.log 2>&1 &
if [ "$UID" -eq "${DEPLOY_UID}" ]
then
echo "Message: deploy jenkins has started. "
echo
else
echo
echo "Message: You are not the weblogic user, execute the command with deploy user."
echo
fi
#!/bin/bash
DEPLOY_UID=1000
ps -aux | grep jenkins | grep java |awk '{print $2}'|xargs kill >> $log_path/home/deploy/apache.log
if [ "$UID" -eq "${DEPLOY_UID}" ]
then
echo "Message: The log file apache.log does not exis"
echo
else
echo
echo "Message: You are not the weblogic user, execute the command with deploy user."
echo
fi
3.Ansib脚本编写
📎playbook.zip
- name: print server name and user to remste testbox
shell: "echo 'Currently {{ user }} is logining {{ server_name }}' > {{ output }}"
#- name: create a file
# file: 'path=/root/foo.txt state=touch mode=0755 owner=root group=root'
#- name: "kill掉weblogic"
# shell: "ps -ef | grep weblogic | grep -v grep | awk '{print $2}' |xargs kill -9"
- name: "删除老版本的war&文件"
shell: "rm -rf {{ war_file }}/123.txt"
- name: copy a file
copy: 'remote_src=no src=roles/testbox/files/portal.war dest={{ war_file }}/portal.war mode=0644 force=yes'
#- name: start weblogic service
# shell: "nohup {{ service }}/startWebLogic.sh &"
- name: "查看weblogic请求判断 weblogic service starts"
shell: echo $(ps -ef | grep weblogic | wc -l)
register: 'weblogic_stat'
- debug: msg="weblogic_stat"
when: weblogic_stat.stdout |int >= 2
- name: copy a file
copy: 'remote_src=no src=roles/testbox/files/stopwls.sh dest=/root/stopwls.sh mode=0777 force=yes'
- name: "source profile && 卸载应用"
shell: "source /etc/profile && sh /root/stopwls.sh"
- name: "source profile && 装载应用"
shell: "source /etc/profile && sh /root/startwls.sh"
#- name: "卸载部署应用"
# script: 'sh /home/wls.sh'
# register: script_stat
#- debug: msg="foo.sh exists"
# when: script_stat.stat.exists
#- name: run the script
# command: "sh /root/foo.sh"[testservers]
report.example.com
[testservers:vars]
server_name= report.example.com
user=root
output=/root/weblogic_state.txt
service=/home/weblogic/Middleware/Oracle_Home/user_projects/domains/base_domain/bin
war_file=/root
#server_name=report.example.com
port=80
user=deploy
worker_processes=4
max_open_file=65505
root=/www
jenkins与SonarQube平台代码扫描
SonarQube安装
SonarQube安装
1.环境准备
sonarQube 下载地址https://www.sonarqube.org/downloads/(官网最新版本下载特别慢,可选择其他版本下载)
sonarQube Scanners 下载地址https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
安装jdk1.8(根据官网信息,需要用到jdk1.8,如果你的环境已经配置了JAVA_HOME是jdk1.7可以手动指定sonar的运行jdk为1.8)
安装mysql,可以是远程连接(注:mysql版本需要是5.6+)
2.安装
指定jdk1.8(如果系统环境变量已经是1.8忽略此步)
下载好sonarQube后,解压打开conf目录,修改 wrapper.conf
##jdk配置
# tar -zxvf jdk-8u77-linux-x64.tar.gz -C /usr/java/
#配置root用户java环境变量
# vi ~/.bashrc
export JAVA_HOME=/usr/java/jdk1.8.0_77
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
##使环境变量立即生效
# source ~/.bashrc
##解压sonarqube-7.4.zip
# unzip sonarqube-7.4.zip
##创建用户启动es
# adduser deploy
# chown -R deploy:deploy sonarqube
#配置deploy用户的java环境变量(172.16.87.85未配置deploy环境变量)
# vi ~/.bashrc
###set sonar java ###
export JAVA_HOME=/usr/java/jdk1.8.0_77
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
# source ~/.bashrc
##mysql安装(Cenos7)
##下载并安装MySQL官方的 Yum Repository
# wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
##yum 安装Yum Repository
# yum -y install mysql57-community-release-el7-10.noarch.rpm
##安装mysql服务器
# yum -y install mysql-community-server
###mysql数据库设置
##启动mysql
# systemctl start mysqld.service
#查看mysql运行状态
# systemctl status mysqld.service
##在log中查看root密码
#grep "password" /var/log/mysqld.log
##登录
mysql> mysql -uroot -p
##修改mysql密码
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '123456';(注修改不成功的话,查看grep "password" /var/log/mysqld.log按照那里面密码修改)
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '.+i=ikbkb8aU';
##查看mysql初始化密码规则
mysql> set global validate_password_policy=0;
mysql> set global validate_password_length=1;
###最后卸载删除Yum Repository,避免以后每次操作yum的自动更新
# yum -y remove mysql57-community-release-el7-10.noarch
3.SonarQube配置
###mysql 添加sonar用户
sonarQube配置mysql,修改/conf/sonar.properties
重启服务,观察日志
##配置sonarqube目标conf下的sonar.properties
$ vim sonarqube/conf/sonar.properties
##配置wrapper.conf文件
$ vim sonarqube/conf/sonar.properties
wrapper.java.command=/usr/java/jdk1.8.0_77/bin/java
##创建sonar数据库
# mysql -u sonar -p
Enter password:
mysql> CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> CREATE USER 'sonar' IDENTIFIED BY 'sonar';
mysql> GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar';
mysql> GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar';
mysql> FLUSH PRIVILEGES;
###启动启动sonar
# su - sonar
# ./bin/linux-x86-64/sonar.sh start
# tail -200f ./logs/sonar.log
##访问http://172.16.87.85:9000
##http://172.16.87.85:9000/about
##mysql查看sonar数据库信息状态
mysql> show databases
mysql> use sonar;
mysql> show tables;
##配置sonarqube-7.4启动脚本
#!/bin/bash
DEPLOY_UID=1001
./sonarqube-7.4//bin/linux-x86-64/sonar.sh start >> $log_path/home/deploy/sonar.log 2>&1 &
if [ "$UID" -eq "${DEPLOY_UID}" ]
then
echo "Message: deploy SonarQube has started. "
echo
else
echo
echo "Message: You are not the deploy user, execute the command with deploy user."
echo
fi
4. SonarQube汉化
下载sonar-l10n-zh-plugin-1.21.jar 放在/opt/sonarqube/extensions/plugins目标下,重新启动sonarqube(注意jar包组权限)
或者是在SonarQube平台安装中文插件--->配置-->Plugins-->搜索-->chinese
https://blog.csdn.net/qq_21816375/article/details/80787993
Sonar-scanner扫描器安装配置
(root用户配置其他用户执行须配置java环境变量)
Sonar通过扫描器进行代码质量分析,即扫描器的具体工作就是扫描代码:
###解压sonar-scanner-3.2.0.1227-linux
# su - root
# cd /opt
# 编辑/conf下的sonar-scanner.properties文件
# cd /opt/sonar-scanner-3.2.0.1227-linux/conf
# grep "^[a-Z]" sonar-scanner.properties
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8
onar.jdbc.username=sonar
sonar.jdbc.password=sonar
sonar.login=admin
sonar.password=admin
##配置sonar-scanner-3.2环境变量
# vi ~/.bashrc
###set sonar-scanner###
export SONAR_RUNNER_HOME=/opt/sonar-scanner-3.2.0.1227-linux
export PATH=$SONAR_RUNNER_HOME/bin:$PATH
export SONAR_SCANNER_OPTS="-Xms512m -Xmx2048m"
# source ~/.bashrc
##测试sonar-scanner环境变量
# sonar-scanner -h
###安装apache-maven
下载:wget http://mirrors.tuna.tsinghua.edu.cn/apache/maven/maven-3/3.6.0/binaries/apache-maven-3.6.0-bin.zip
# unzip apache-maven-3.6.0-bin.zip
验证maven版本:# ./apache-maven-3.6.0/bin/mvn -version
###在项目的根目录中创建配置文件:sonar -project.properties
sonar.projectKey=report(项目的唯一标识,类似主键自定义)
sonar.projectVersion=1.0.0(项目的版本)
sonar.sources=.
sonar.projectName=report(项目名称)
sonar.ce.workCount=1
sonar.language=java(项目编码)
sonar.source=src(项目路径)
sonar.java.binaries=/opt/report/report/src,/opt/report/portal/src,/opt/report/krm-sso/src,/opt/report/krm-common/src
sonar.sourceEncoding=UTF-8
sonar.ce.javaOpts=-Xms=512 -Xmx=2048 -XX:+HeapDumpOnOutOfMenonyError
# must be unique in a given SonarQube instance
sonar.projectKey=report
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
#sonar.projectName=My project #项目名称
sonar.projectVersion=1.0.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
# Encoding of the source code. Default is default is defasonar.ce.javaOpts= -Xmx=2560 -Xms=853 -XX:+HeapDumpOnOutOfMenonyError
sonar.projectName=report
sonar.ce.workCount=1
sonar.language=java
sonar.source=src
sonar.java.binaries=/opt/report/report/src,/opt/report/portal/src,/opt/report/krm-sso/src,/opt/report/krm-common/src
sonar.sourceEncoding=UTF-8
sonar.ce.javaOpts=-Xms=512 -Xmx=2048 -XX:+HeapDumpOnOutOfMenonyError
##suona Qpu 的服务器
##代码扫描 suona sigai 特
SonarQube代码扫描
###从项目基目录运行以下命令以启动分析:
1.手动执行分析(在项目根目标中操作)
# /opt/apache-maven-3.5.4/bin/mvn clean package
2.cd 进入report到项目根目标(在项目文件中操作)
# sonar-scanner
Java堆空间错误或java.lang.OutOfMemoryError故障:通过SONAR_SCANNER_OPTS环境变量增加内存:
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
export SONAR_SCANNER_OPTS="-Xmx512m"
##FindBugs配置
https://blog.csdn.net/aya19880214/article/details/41958445
SonarQube扫描小案例
https://github.com/SonarSource/sonar-scanning-examples
https://blog.csdn.net/aya19880214/article/details/41958445
平台集成
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins
SonarQube扫描规则自定义
此系列会在我们TestOps公众号定期更新,请随时关注哟~