安装前说明
Gitlab,Jenkins,Ansible部署在一台服务器上
- Gitlab通过默认的80端口访问
- Jenkins通过设置后的8090端口访问
安装前装备
# 查看操作系统版本
[root@gitlab ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
# 查看已经安装的gitlab版本
[root@gitlab ~]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
11.11.0
# 查看磁盘空间
[root@gitlab ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 50G 42G 8.6G 83% /
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 12K 1.9G 1% /dev/shm
tmpfs 1.9G 195M 1.7G 11% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/xvda1 1014M 336M 679M 34% /boot
/dev/mapper/centos-home 46G 33M 46G 1% /home
tmpfs 377M 0 377M 0% /run/user/0
安装最新版的Ansible
# 下载Centos7的EPEL
[root@gitlab ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@gitlab ~]# yum clean all && yum makecache
[root@gitlab ~]# yum install ansible
[root@gitlab ~]# ansible --version
ansible 2.9.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 9 2019, 14:30:50) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
# 如果有这个文件,则删除
[root@gitlab ansible]# rm -f /etc/ansible/.hosts.swp
[root@gitlab ~]# vim /etc/ansible/hosts
测试Ansible是否安装好,是否可以ping通客户机
[root@gitlab ansible]# ansible webservers -m ping
[email protected] | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
安装JDK
# 下载jdk安装包
[root@gitlab ~]# wget https://download.oracle.com/otn/java/jdk/8u45-b14/jdk-8u45-linux-x64.tar.gz
# 安装jdk
[root@gitlab ~]# tar zxvf jdk-8u45-linux-x64.tar.gz
[root@gitlab ~]# mv jdk1.8.0_45 /usr/local/
[root@gitlab ~]# mv jdk-8u45-linux-x64.tar.gz /usr/local/src/
#添加到系统的环境变量
[root@gitlab ~]# cat >>/etc/profile << EOF
> export JAVA_HOME=/usr/local/jdk1.8.0_45
> export JRE_HOME=\${JAVA_HOME}/jre
> export CLASSPATH=.:\${JAVA_HOME}/lib:\${JRE_HOME}/lib
> export PATH=\${JAVA_HOME}/bin:\$PATH
> EOF
#使profile文件生效,并查看java版本
[root@gitlab ~]# source /etc/profile
[root@gitlab ~]# java -version
java version "1.8.0_45"
安装Tomcat
# 下载tomcat安装包
[root@gitlab ~]# wget https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.4/bin/apache-tomcat-8.5.4.tar.gz
[root@gitlab ~]# tar zxvf apache-tomcat-8.5.4.tar.gz
[root@gitlab ~]# mv apache-tomcat-8.5.4 /usr/local/jenkins
[root@gitlab ~]# rm -rf /usr/local/jenkins/webapps/*
# 修改tomcat字符集及端口,端口其实可以不用改,加入字符集
[root@gitlab ~]# vim /usr/local/jenkins/conf/server.xml
<Connector port="8080" **URIEncoding="UTF-8"** protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
安装GitLab
# 配置yum源
[root@gitlab ~]# cat > /etc/yum.repos.d/gitlab-ce.repo << EOF
[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el\$releasever/
gpgcheck=0
enabled=1
EOF
#更新yum缓存
[root@gitlab ~]# yum clean all
[root@gitlab ~]# yum makecache
#安装GitLab依赖包
[root@gitlab ~]# yum install -y curl policycoreutils-python openssh-server iptables-services
#安装GitLab,安装过程中会出现下图的图案
[root@gitlab ~]# sudo yum -y install gitlab-ce
配置GitLab
# 编辑配置文件
[root@gitlab ~]# vim /etc/gitlab/gitlab.rb
# 修改访问地址
external_url 'http://xx.xx.xx.xx'
# 开启备份
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
gitlab_rails['backup_keep_time'] = 604800
# 初始化配置&启动服务
[root@gitlab ~]# gitlab-ctl reconfigure
# 查看状态
[root@gitlab ~]# gitlab-ctl status
# 查看gitlab版本号
[root@gitlab ~]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
11.1.2
# 开启防火墙
[root@gitlab ~]# systemctl stop firewalld
[root@gitlab ~]# systemctl disable firewalld
[root@gitlab ~]# systemctl start iptables
[root@gitlab ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[root@gitlab ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
# 访问gitlab, 第一次登陆会要求设置密码
浏览器打开 http://xx.xx.xx.xx
安装Jenkins
# 获取最新版jenkins安装包
[root@gitlab ~]# sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo
[root@gitlab ~]# sudo rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
# 安装jenkins
[root@gitlab ~]# yum install jenkins
# 查看jenkins所在的地方
[root@gitlab ~]# whereis jenkins
jenkins: /usr/lib/jenkins /usr/local/jenkins
[root@gitlab ~]# find / -name jenkins
find: ‘/proc/53884’: No such file or directory
/run/lock/subsys/jenkins
/etc/logrotate.d/jenkins
/etc/sysconfig/jenkins
/etc/rc.d/init.d/jenkins
/var/lib/yum/repos/x86_64/7/jenkins
/var/lib/jenkins
/var/log/jenkins
/var/cache/yum/x86_64/7/jenkins
/var/cache/jenkins
更改Jenkins端口
# 查看当前所有已经使用的端口情况
[root@gitlab ~]# netstat -nultp
# 发现jenkins默认的8080端口已经被占用,则更改Jenkins端口,并将对应端口开放,此处以8090为例
[root@gitlab ~]# vim /etc/sysconfig/jenkins
# 配置防火墙
> 如果没有安装iptables,在使用service iptables save会有问题,需要先按照如下步骤安装
# 1、安装或更新服务
[root@deploy ~]# yum install iptables-services
# 2、启用iptables
[root@deploy ~]# systemctl enable iptables
# 3、启动iptables
[root@deploy ~]# systemctl start iptables 打开iptables
[root@deploy ~]# iptables -I INPUT -p tcp --dport 8090 -j ACCEPT
[root@deploy ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
启动Jenkins
[root@deploy ~]# service jenkins start
Starting jenkins (via systemctl): [ OK ]
访问Jenkins
浏览器输入http://ip:8090
# 通过以下密码获取解锁密码
[root@deploy ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
Gitlab和Jenkins整合开始
在GitLab中新建一个用于测试GitLab和Jenkins是否打通的项目Ansible
在服务器上初始化GitLab上的测试项目Ansible
[root@gitlab ~]# mkdir -p /data/Ansible/
[root@gitlab ~]# cd /data/Ansible/
[root@gitlab Ansible]# git config --global http.sslVerify false
[root@gitlab Ansible]# git config --global user.name "Meiyan"
[root@gitlab Ansible]# git config --global user.email "[email protected]"
[root@gitlab Ansible]# git clone [email protected]:Meiyan/Ansible.git code
Cloning into 'code'...
warning: You appear to have cloned an empty repository.
[root@gitlab Ansible]# cd code/
[root@gitlab code]# echo "##### gitlab connect to jenkins test" > README.md
[root@gitlab code]# git add .
[root@gitlab code]# git commit -m 'add readme'
[root@gitlab code]# git push -u origin master
为root用户生成SSH免密访问webservers客户机的权限
[root@gitlab ~]# ssh-keygen
[root@gitlab ~]# ssh-copy-id -i /var/lib/jenkins/.ssh/id_rsa.pub [email protected]
[root@gitlab ~]# cat .ssh/id_rsa.pub
将公钥id_rsa.pub上传到gitlab
为jenkins用户生成SSH免密访问webservers客户机的权限
在Jenkins中默认是使用jenkins用户访问客户机的,所以需要先设置jenkins用户执行playbook需要的SSH免密访问权限
# 切换到jenkins用户
[root@gitlab ~]# su jenkins
bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/jenkins/.ssh/id_rsa.
Your public key has been saved in /var/lib/jenkins/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bdHpy9bQAVfatZTvyb4lBw0FHDi8gAK++Fq2KnkeHSQ [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| .. . ..o+==|
| . . . ..++o=o|
| E o . ..oo+.o|
| + . . o.. +.|
| . o S o o +.o|
| o . . . + +.|
| .. = + + o|
|o .= . . +.|
| ++.. ..|
+----[SHA256]-----+
bash-4.2$ ssh-copy-id -i /var/lib/jenkins/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/jenkins/.ssh/id_rsa.pub"
The authenticity of host 'xx.xx.xx.xx)' can't be established.
在GitLab中配置Jenkins相关属性
创建个人访问令牌
# 复制
Gitlab仓库地址
GitLab中刚刚生成的access token
备用
在Jenkins中安装GitLab相关插件
# 系统管理->管理插件->可选择插件->搜索 gitlab
配置GitLab plugin
配置 GitLab
`# 系统管理>系统配置>Gitlab`
配置Jenkins访问GitLab的全局凭证(点击【添加】后出现的此界面)
测试:在Jenkins中是否通过API token连通GitLab
新建一个用于测试GitLab+ Jenkins是否打通的任务gitlab_test_task
# 点击【添加】
创建用于访问GitLab中的项目全局凭证
配置Jenkins中测试任务git_test_task的【源码管理】部分
配置Jenkins中测试任务git_test_task的【构建触发器】部分
在GitLab中创建测试项目Ansible的Web钩子
如果出现以下报错
解决报错的方法如下:开启访问本地网络服务
测试刚创建的Web钩子
测试push代码时,Jenkins中测试任务gitlab_test_task是否会自动构建
[root@gitlab ~]# cd /data/Ansible/code/
[root@gitlab code]# echo "# test auto build in jenkins" > README.md
[root@gitlab code]# git add .
[root@gitlab code]# git commit -m 'add readme'
[root@gitlab code]# git push origin master
在GitLab上查看Web钩子最近调用的情况
也可以在Jenkins上查看最近自动构建的情况
Gitlab整合Jenkins完成
Jenkins整合Ansible开始
新建ansible playbook用于Jenkins中的测试任务
[root@gitlab ~]# mkdir -p /data/Ansible-playbook
[root@gitlab ~]# vim /data/Ansible-playbook/jenkins-mkdir.yml
---
- hosts: webservers
gather_facts: no
tasks:
- name: mkdir /home/future/data/jenkins-test-dir
file: path=/home/future/data/jenkins-test-dir state=directory
在Jenkins中安装Ansible相关插件
# 插件下载的镜像地址:http://mirror.xmission.com/jenkins/plugins/
新建一个用于测试GitLab+ Jenkins+Ansible是否打通的任务ansible-mkdir-task
在Jenkins中执行这个测试任务
查看执行结果
也可以在ansoble的服务器上测试playbook是否能成功执行(可选操作)
[root@gitlab Ansible-playbook]# ansible-playbook /data/Ansible-playbook/jenkins-mkdir.yml -f 5
PLAY [webservers] **************************************************************
TASK [mkdir /home/future/data2/jenkins-test-dir] *******************************
changed: [[email protected]]
PLAY RECAP *********************************************************************
[email protected] : ok=1 changed=1 unreachable=0 failed=0 s
查看在客户机执行的Gitlab+Jenkins+Ansible自动操作结果
# 确实自动新建了jenkins-test-dir目录
future@future:~$ tree data
data
└── jenkins-test-dir
Jenkins整合Ansible完成
安装过程中有可能遇到的问题& 参考操作的知识点
解决jenkins插件问题
# 如下图所属,部分插件没有安装成功
# 从以下地址将所有未安装的插件下载到本地
http://mirror.xmission.com/jenkins/plugins/
# 手动安装插件
# 重启jenkins命令
[root@gitlab ~]# systemctl restart jenkins.service
# 查看jenkins状态
[root@gitlab ~]# systemctl status jenkins.service
其他可选参考操作(没有影响)
# 关闭防火墙
# 停止firewall
[root@deploy ~]# systemctl stop firewalld.service
# 禁止firewall开机启动
[root@deploy ~]# systemctl disable firewalld.service
# 查看默认防火墙状态(关闭后显示not running,开启后显示running)
[root@deploy ~]# firewall-cmd --state
以上用的都是http的访问方式
因为在jenkins中配置gitlab是老师出现 NSS error -8156 (SEC_ERROR_CA_CERT_INVALID)Issuer certificate is invalid.报错,多次尝试加自签名证书都未成功,所以目前判断:自签名证书在此是不行的。所以,为了先把整个流程配通,将gitlab的访问方式从https改成了http。
# cat /etc/gitlab/gitlab.rb
## GitLab URL
将
external_url 'https://10.20.xxx.xx'
nginx['redirect_http_to_https'] = true
改成了
# external_url 'https://10.20.217.17'
# nginx['redirect_http_to_https'] = true
external_url 'http://10.20.xxx.xx'
nginx['redirect_http_to_https'] = false
# 修改配置文件后,需要重启GitLab,输入以下命令,这里也会等很长时间
gitlab-ctl reconfigure
gitlab-ctl restart
# 需要重启Jenkins
systemctl restart jenkins.service
卸载旧版Ansible
[root@gitlab ~]# yum remove ansible
安装最新版的Ansible
# 下载Centos7的EPEL
[root@gitlab ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@gitlab ~]# yum clean all && yum makecache
[root@gitlab ~]# yum install ansible
[root@gitlab ~]# ansible --version
ansible 2.9.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 9 2019, 14:30:50) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
# 如果有这个文件,则删除
[root@gitlab ansible]# rm -f /etc/ansible/.hosts.swp
[root@gitlab ~]# vim /etc/ansible/hosts
测试Ansible是否安装好,是否可以ping通客户机
[root@gitlab ansible]# ansible webservers -m ping
[email protected] | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
在Jenkins中配置Ansible时报错Failed to connect to the host via ssh: Host key verification failed
https://blog.csdn.net/GongMeiyan/article/details/104046497
报错:There was an issue creating /data as requested: [Errno 13] Permission denied: b’/data’", “path”: “/data/jenkin-test-dir”
[root@gitlab Ansible-playbook]# ansible-playbook /data/Ansible-playbook/jenkins-mkdir.yml -f 5
PLAY [webservers] ******************************************************************************************************************************************************************************
TASK [mkdir /data/jenkins-test-dir] ************************************************************************************************************************************************************
fatal: [[email protected]]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "There was an issue creating /data as requested: [Errno 13] Permission denied: b'/data'", "path": "/data/jenkin-test-dir"}
解决方法:路径不是绝对路径,所以访问不了,要改成:/home/future/data/jenkin-test-dir
运行yum系统提示Existing lock /var/run/yum.pid: another copy is running as pid
原因:就是yum在自动更新,所以再运行yum就会报这个错。
解决方法:关掉正在执行的yum更新就可以了就可以了,停止正在运行的yum进程,或者禁用开机自动启动yum进程。
# 停止yum进程
rm -f /var/run/yum.pid
# yum自动更新机制自动激活了yum进程,用下面的命令停止自动更新:
/etc/init.d/yum-updatesd stop
# 如果我们不需要自动更新服务,可以直接删除它。
yum remove yum-updatesd
# 不过删除该服务之后,以后的更新要用下面的命令手工来完成了。
yum update
报错:
[root@gitlab ~]# ansible all -m command -a "uptime"
xx.xx.xx.xx | FAILED! => {
"changed": false,
"module_stderr": "/bin/sh: 1: /usr/bin/python: not found\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 127
}
我的解决方法是:卸载当前的ansible2.4版本的,然后重装最新版ansible2.9后就成功了
网上提供的解决办法是:[https://www.jeffgeerling.com/blog/2018/fixing-unreachable-ssh-error-when-running-ansible-playbooks-against-ubuntu-1804-or-1604](https://www.jeffgeerling.com/blog/2018/fixing-unreachable-ssh-error-when-running-ansible-playbooks-against-ubuntu-1804-or-1604)
但是我从网上的方法反反复复尝试了很多都不能解决
Centos7 安装 python2.7.5
# 安装相关包
yum install gcc openssl-devel bzip2-devel
# 安装wget;
yum -y install wget
cd /usr/src
wget https://www.python.org/ftp/python/2.7.5/Python-2.7.5.tgz
tar -zxvf Python-2.7.5.tgz
# 安装 python 2.7
cd Python-2.7.5
./configure --enable-optimizations
make altinstall
# 查看安装版本
python -V
# 安装 pip
curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
python2.7 get-pip.py
CentOS7安装EPEL的两种方式
https://www.jianshu.com/p/1882cd3b2295
Centos7 yum安装、卸载、升级软件等命令
https://www.jianshu.com/p/164d46da187e
Ansible官网安装手册
https://ansible-tran.readthedocs.io/en/latest/docs/intro_installation.html#what-version
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora
解决https SSL自签名证书无效问题
