简介
CI(持续集成)
Continuous Integration是一种软件开发实践,即团队开发成员经常集成他们的工作,通常每个成员每天至少集成一次,也就意味着每天可能会发生多次集成。每次集成都通过自动化的构建(包括编译,发布,自动化测试)来验证,从而尽快地发现集成错误。
CD(持续交付)
Continuous Delivery一种软件工程方法,通过自动化构建、测试和部署过程,使软件在短时间内可靠、快速地交付给用户。
SCM(版本管理工具)
源码控制管理软件,版本控制;常用的有Git、SVN
Jenkins
概述
Jenkins一个开源的、提供友好操作界面的持续集成(CI)工具,起源于Hudson(Hudson是商用的),主要用于持续、自动的构建/测试软件项目、监控一些定时执行的任务。Jenkins用Java语言编写,可在Tomcat等流行的servlet容器中运行,也可独立运行。jenkins通常与版本管理工具(SCM)、构建工具结合使用;jenkins构建工具有Maven、Ant、Gradle。
目标
持续、自动地构建/测试软件项目;监控软件开发流程,快速问题定位及处理,提高开发效率
特性
- 易于安装:只要把jenkins.war部署到servlet容器,不需要数据库支持。
- 易于配置:所有配置都是通过其提供的web界面实现。
- 集成RSS/E-mail通过RSS发布构建结果或当构建完成时通过e-mail通知。
- 生成JUnit/TestNG测试报告。
- 分布式构建支持Jenkins能够让多台计算机一起构建/测试。
- 文件识别:Jenkins能够跟踪哪次构建生成哪些jar,哪次构建使用哪个版本的jar等。
- 插件支持:支持扩展插件,你可以开发适合自己团队使用的工具。
实验(Jenkins+Maven+Gitlab+Tomcat)
准备
192.168.29.141【主机名Gitlab】——Gitlab16.0 代码管理
192.168.29.142【主机名Jenkins】——Jenkins2.401.1 + Maven3.9.2 + JDK11.0.13 + Git2.27 持续集成
192.168.29.143【主机名Tomcat】——Tomcat9.0.76 + JDK11.0.13 应用服务器
192.168.29.144【主机名Git】——Git2.27 模拟个人开发机
Gitlab主机安装Gitlab
安装脚本;GItlab安装过程参考http://t.csdn.cn/SsGdC
#!/bin/bash
yum install -y curl policycoreutils openssh-server openssh-clients
yum -y install postfix
systemctl enable --now postfix.service
curl -fsSL https://packages.gitlab.cn/repository/raw/scripts/setup.sh | /bin/bash
EXTERNAL_URL="http://192.168.29.141:8080" yum install -y gitlab-jh
#将默认的密码文件另外保存一份
cat /etc/gitlab/initial_root_password > gitlabPWD.txt
#处理访问Gitlab时的502错误
sed -i "s/^.*puma.*8080/puma['port'] = 8989/g" /etc/gitlab/gitlab.rb
gitlab-ctl reconfigure
gitlab-ctl restart访问http://192.168.29.141:8080;用户名:root 密码:cat gitlabPWD.txt
创建组 exampleForJenkins
创建一个项目 One
创建一个普通用户,作为开发组成员,后面Jenkins使用此用户wenzi从Gitlab拉取代码
也可使用root用户修改普通用户密码
把新用户加入到exampleForJenkins群组
邀请时设置新用户角色权限,也可先邀请后续再设置
- Guest:访客;拥有最小的权限。可发表留言
- Reporter:报告者;可clone代码,不能commit
- Developer:开发者;可clone、commit、push等
- Maintainer:维护者;可创建编辑项目、调整分支、调整项目成员等
- Owner:所有者;拥有最大的权限;可调整所有成员权限、删除项目等
退出使用新用户wenzi登录Gitlab,查看自己是否能访问到项目
Git主机安装Git
[root@Git ~]#yum -y install git
#配置SSH秘钥
[root@Git ~]#ssh-keygen
[root@Git ~]#cat .ssh/id_rsa.pub将公钥复制到Gitlab中
#克隆Gitlab项目
[root@Git ~]#git clone git@192.168.29.141:exampleforjenkins/one.git
[root@Git ~]#cd one/
[root@Git one]#ll
total 8
-rw-r--r-- 1 root root 6214 Jun 24 03:19 README.md
[root@Git one]#echo "123" > test1.txt
[root@Git one]#git config --global user.email "邮箱@qq.com"
[root@Git one]#git config --global user.name "wenzi"
[root@Git one]#git add test1.txt
[root@Git one]#git commit -m "This is test"
[root@Git one]#git push origin main
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 277 bytes | 277.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
To 192.168.29.141:exampleforjenkins/one.git
a55b791..0015149 main -> main
踩坑:
[root@Git one]#git push origin main
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 277 bytes | 277.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
remote: GitLab: You are not allowed to push code to protected branches on this project.
To 192.168.29.141:exampleforjenkins/one.git
! [remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to '192.168.29.141:exampleforjenkins/one.git'
Jenkins受保护的分支默认Developer没有权限push。
使用root登录Gitlab,进入项目——settings——Repository——Protected branches,在Allowed to push and merge中勾选Developer+Maintainer
Tomcat主机安装Tomcat
#安装jdk11
[root@Tomcat ~]#ll
total 175796
-rw-------. 1 root root 1279 May 15 01:30 anaconda-ks.cfg
-rw-r--r-- 1 root root 11677655 Jun 23 10:10 apache-tomcat-9.0.76.tar.gz
-rw-r--r-- 1 root root 168329081 Jun 30 03:22 jdk-11.0.13_linux-x64_bin.tar.gz
[root@Tomcat ~]#tar -zx -f jdk-11.0.13_linux-x64_bin.tar.gz -C /usr/local/
[root@Tomcat ~]#ln -s /usr/local/jdk-11.0.13/ /usr/local/java
[root@Tomcat ~]#vim /etc/profile
...
#JDK11
JAVA_HOME=/usr/local/java
export PATH=$PATH:$JAVA_HOME/bin
[root@Tomcat ~]#source /etc/profile
[root@Tomcat ~]#java --version
java 11.0.13 2021-10-19 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.13+10-LTS-370)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.13+10-LTS-370, mixed mode)
#安装Tomca
[root@Tomcat ~]#tar -zx -f apache-tomcat-9.0.76.tar.gz -C /usr/local/
[root@Tomcat ~]#ln -s /usr/local/apache-tomcat-9.0.76/ /usr/local/tomcat
[root@Tomcat ~]#vim /etc/profile
...
#Tomcat
export CATALINA_HOME=/usr/local/tomcat
export PATH=$PATH:$CATALINA_HOME/bin
[root@Tomcat ~]#source /etc/profile
[root@Tomcat ~]#version.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/java
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Using CATALINA_OPTS:
NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
Server version: Apache Tomcat/9.0.76
Server built: Jun 5 2023 07:17:04 UTC
Server number: 9.0.76.0
OS Name: Linux
OS Version: 4.18.0-193.el8.x86_64
Architecture: amd64
JVM Version: 11.0.13+10-LTS-370
JVM Vendor: Oracle CorporationJenkins主机安装Jenkins
配置Jenkins
官方文档Redhat Jenkins Packages
2.357(2022年6月)及更新的Java 11或Java 17
2.164(2019年2月)及更新的Java 8或Java 11
2.54(2017年4月)及更新的Java 8
1.612(2015年5月)及更新的Java 7
Jenkins默认端口8080;默认密码存储在 /var/lib/jenkins/secrets/initialAdminPassword
[root@Jenkins ~]#wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
[root@Jenkins ~]#rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
[root@Jenkins ~]#yum -y install fontconfig java-11-openjdk
[root@Jenkins ~]#yum -y install jenkins
[root@Jenkins ~]#systemctl enable --now jenkins.service
[root@Jenkins ~]#systemctl status jenkins.service
● jenkins.service - Jenkins Continuous Integration Server
Loaded: loaded (/usr/lib/systemd/system/jenkins.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-06-23 11:35:03 CST; 41s ago
Main PID: 11433 (java)
Tasks: 42 (limit: 4840)
Memory: 340.7M
CGroup: /system.slice/jenkins.service
└─11433 /usr/bin/java -Djava.awt.headless=true -jar /usr/share/java/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080
Jun 23 11:34:37 Jenkins jenkins[11433]: Jenkins initial setup is required. An admin user has been created and a password generated.
Jun 23 11:34:37 Jenkins jenkins[11433]: Please use the following password to proceed to installation:
Jun 23 11:34:37 Jenkins jenkins[11433]: 59753a60d30d415f9289bcce37d6430e
Jun 23 11:34:37 Jenkins jenkins[11433]: This may also be found at: /var/lib/jenkins/secrets/initialAdminPassword
Jun 23 11:34:37 Jenkins jenkins[11433]: *************************************************************
Jun 23 11:35:03 Jenkins jenkins[11433]: 2023-06-23 03:35:03.870+0000 [id=29] INFO jenkins.InitReactorRunner$1#onAttained: Completed initialization
Jun 23 11:35:03 Jenkins jenkins[11433]: 2023-06-23 03:35:03.941+0000 [id=22] INFO hudson.lifecycle.Lifecycle#onReady: Jenkins is fully up and running
Jun 23 11:35:03 Jenkins systemd[1]: Started Jenkins Continuous Integration Server.
Jun 23 11:35:08 Jenkins jenkins[11433]: 2023-06-23 03:35:08.949+0000 [id=44] INFO h.m.DownloadService$Downloadable#load: Obtained the updated data file for >
Jun 23 11:35:08 Jenkins jenkins[11433]: 2023-06-23 03:35:08.949+0000 [id=44] INFO hudson.util.Retrier#start: Performed the action check updates server succe>
#查看Jenkins默认密码
[root@Jenkins ~]#cat /var/lib/jenkins/secrets/initialAdminPassword访问http://192.168.29.142:8080
根据提示设置管理员
Jenkins URL
配置Git
因为Jenkins需要从Gitlab拉取镜像
[root@Jenkins ~]#yum -y install git
[root@Jenkins ~]#which git
/usr/bin/git配置Maven
可从阿里云镜像站下载 apache-maven-maven-3-3.9.2-binaries安装包下载_开源镜像站-阿里云
[root@Jenkins ~]#ll
total 9040
-rw-------. 1 root root 1279 May 15 01:30 anaconda-ks.cfg
-rw-r--r-- 1 root root 9248920 Jun 23 14:36 apache-maven-3.9.2-bin.tar.gz
[root@Jenkins ~]#tar -zx -f apache-maven-3.9.2-bin.tar.gz -C /usr/local/
[root@Jenkins ~]#ln -s /usr/local/apache-maven-3.9.2/ /usr/local/maven
[root@Jenkins ~]#ll /usr/local/maven/
total 36
drwxr-xr-x 2 root root 97 Jun 23 14:37 bin
drwxr-xr-x 2 root root 76 Jun 23 14:37 boot
drwxr-xr-x 3 root root 63 May 8 17:04 conf
drwxr-xr-x 4 root root 4096 Jun 23 14:37 lib
-rw-r--r-- 1 root root 18652 May 8 17:04 LICENSE
-rw-r--r-- 1 root root 5036 May 8 17:04 NOTICE
-rw-r--r-- 1 root root 2533 May 8 17:04 README.txt
#配置环境变量
[root@Jenkins ~]#vim /etc/profile
...
#maven
export MAVEN_HOME=/usr/local/maven
export PATH=$PATH:$MAVEN_HOME/bin
[root@Jenkins ~]#source /etc/profile
[root@Jenkins ~]#mvn --version
Apache Maven 3.9.2 (c9616018c7a021c1c39be70fb2843d6f5f9b8a1c)
Maven home: /usr/local/maven
Java version: 11.0.13, vendor: Red Hat, Inc., runtime: /usr/lib/jvm/java-11-openjdk-11.0.13.0.8-4.el8_5.x86_64
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "4.18.0-193.el8.x86_64", arch: "amd64", family: "unix"
Jenkins插件管理
不可操作的行是已经升级,等待重启的。灰暗但可以选择的行是正在升级或升级失败的。
本地语言包
Jenkins根据浏览器的语言显示文本。它可以检测internet浏览器的语言。
请注意,根据浏览器和语言的不同,您可能需要下载插件。
您还可以通过使用Locale插件更改系统语言(在执行构建时使用)以及所有用户的用户界面语言。
在【安装推荐的插件】步骤时,自动安装了中文语言包
也可以自己再次安装Locale插件,选择 install without restart
Credentials相关
凭据相关插件,在【安装推荐的插件】步骤时,已自动安装
Role-based Authorization Strategy
使用基于角色的策略,启用用户授权,角色可全局定义 。Jenkins Role-based Authorization Strategy基于角色的访问权限控制_运维@小兵的博客-CSDN博客
Git client
为Jenkins插件提供Git接口。fetch, checkout, branch, list, merge, tag
GitClient接口为git访问提供了主要入口点。它支持使用HTTP和HTTPS协议访问git存储库的用户名/密码凭证(例如,https://github.com/jenkinsci/git-client-plugin或https://git.example.com/your-repo.git)。它支持使用SSH协议访问git存储库的私钥凭证(例如,git@github.com:jenkinsci/git-client-plugin.git或SSH://git@github.com/jenkinsci/git-client-plugin.git)。凭证支持是由Jenkins Credentials Plugin提供的。
Git
为Jenkins项目提供基本的Git操作。poll, fetch, checkout, branch, list, merge, tag, push
Gitlab
允许Gitlab触发Jenkins构建并在Gitlab UI中显示
Gitlab API
为其它插件提供Gitlab API
Maven Integration
Jenkins利用Maven编译打包所需插件
Deploy to container
项目构建后可选择Deploy war/ear to a container自动化将生成的war部署到Tomcat容器;
Publish Over SSH
项目构建后可选择Send build artifacts over SSH将编译好的war/jar文件上传到远程linux指定的目录下,在远程执行脚本将拷贝的文件复制到tomcat的webapps文件夹下,重启tomact。
系统配置
tools工具
同时修改maven配置文件 /usr/local/maven/conf/settings.xml 中的maven本地仓库位置和maven下载jar包的源;Jenkins主机创建maven本地仓库目录 /jenkins/maven/repo
JDK,若配置有多个JDK,继续新增JDK。不勾选自动安装。按照官方安装步骤,在安装Jenkins时安装了JDK11,家目录位于/usr/lib/jvm/java-11-openjdk-11.0.13.0.8-4.el8_5.x86_64
[root@Jenkins ~]#vim /etc/profile
...
#JDK11
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.13.0.8-4.el8_5.x86_64
Maven
[root@Jenkins ~]#vim /etc/profile
...
#JDK11
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.13.0.8-4.el8_5.x86_64
#MAVEN
export MAVEN_HOME=/usr/local/maven/
export PATH=$PATH:$MAVEN_HOME/bin
Git
credential凭据
用来存储第三方应用的Gitlab、GitHub、Docker等的密码、秘钥、证书等,以便和其交互
Jenkins凭证/凭据管理详解_jenkins 凭据_运维@小兵的博客-CSDN博客
Jenkins主机创建秘钥,将公钥配置到Gitlab中,将私钥配置到Jenkins中
Gitlab配置公钥
Jenkins配置私钥
使用 SSH username with private key
给Jenkins指定项目地址
若出现红字报错
Failed to connect to repository : Command "git ls-remote -h git@xxx.git HEAD" returned status code 128:
stdout:
stderr: Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rightsand the repository exists.
设置如下
若还不行,可尝试登录Jenkins主机,切换到Jenkins用户,使用Jenkins用户生成秘钥,将公钥配置到Gitlab中。
Jenkins存放秘钥位置: /var/lib/jenkins/.ssh
#将秘钥复制到Jenkins下
[root@Jenkins ~]#cd /var/lib/jenkins/.ssh/
[root@Jenkins .ssh]#cp /root/.ssh/id_rsa ./
[root@Jenkins .ssh]#chown jenkins:jenkins id_rsa
[root@Jenkins .ssh]#ll
total 8
-rw------- 1 jenkins jenkins 2602 Jul 1 13:15 id_rsa
-rw-r--r-- 1 jenkins jenkins 176 Jun 30 07:09 known_hosts
#将公钥传送至Tomcat
[root@Jenkins ~]#ssh-copy-id -i .ssh/id_rsa.pub root@192.168.29.143
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '192.168.29.143 (192.168.29.143)' can't be established.
ECDSA key fingerprint is SHA256:xSb6S5d6vUXcMbChlCKJyoCAQHH1hqHuH+tm+pV1Elk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.29.143's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.29.143'"
and check to make sure that only the key(s) you wanted were added.
最终测试
重建Gitlab项目,文件https://github.com/bingyue/easy-springmvc-maven
在控制台输出中可以看到详细信息
构建成功,验证各个文件
