极客时间运维进阶训练营第四周作业
1、部署 jenkins master 及多 slave 环境
部署master
apt update apt install -y openjdk-11-jdk root@jenkins:~# java -version openjdk version "11.0.17" 2022-10-18 OpenJDK Runtime Environment (build 11.0.17+8-post-Ubuntu-1ubuntu222.04) OpenJDK 64-Bit Server VM (build 11.0.17+8-post-Ubuntu-1ubuntu222.04, mixed mode, sharing) cd /usr/local/src/ &&\ curl -O https://mirrors.jenkins.io/debian-stable/jenkins_2.361.2_all.deb dpkg -c jenkins_2.361.2_all.deb dpkg -i jenkins_2.361.2_all.deb && systemctl stop jenkins sed -i s'/User=jenkins/User=root/g' /lib/systemd/system/jenkins.service sed -i s'/Group=jenkins/Group=root/g' /lib/systemd/system/jenkins.service sed -i s'/Environment="JAVA_OPTS=-Djava.awt.headless=true"/Environment="JAVA_OPTS=-Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true"/g' /lib/systemd/system/jenkins.service systemctl daemon-reload && systemctl restart jenkins.service ##检查可知已经生效完毕 root@jenkins:/tmp# ps -ef|grep jenkins root 12077 1 99 17:24 ? 00:01:17 /usr/bin/java -Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -jar /usr/share/java/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080
部署slave
apt update && apt install -y openjdk-11-jdk install -d /var/lib/jenkins
2、基于 jenkins 视图对 jenkins job 进行分类
3、总结 jenkins pipline 基本语法
stage :一个pipline可以划分为若干个stage,每个stage都是一个操作,是一个逻辑分组,可以是跨node执行不同的 stage
step: jenkins pipline的最小操作单元,一个stage可以有多个step
node: jenkins 工作节点,可以是master 也可以是slave,是执行step的 具体服务器
input: 在流水线中实现交互式操作
post:发送邮件,always success 常用
enviroment: 可以设置环境变量,通过$ 在流水线中引用
parameters:可以给step 传递参数,设置在Jenkinsfile即可生效
4、部署代码质量检测服务 sonarqube
部署PostgresSQL并设置数据库
apt update
apt-cache madison postgresql
apt install postgresql -y
#初始化数据库
pg_createcluster --start 14 mycluster
cp /etc/postgresql/14/mycluster/postgresql.conf{,.bak}
echo "listen_addresses = '*'" >> /etc/postgresql/14/mycluster/postgresql.conf
sed -i 's/max_connections\ =\ 100/max_connections\ =\ 4096/g' /etc/postgresql/14/mycluster/postgresql.conf
cp /etc/postgresql/14/mycluster/pg_hba.conf{,.bak}
sed -i '/host.*all.*all.*127.*32.*/d' /etc/postgresql/14/mycluster/pg_hba.conf
echo "host all all 0.0.0.0/0 scram-sha-256" >> /etc/postgresql/14/mycluster/pg_hba.conf
systemctl restart postgresql
#postgressql 为sonar创建用户
su - postgres
psql -U postgres
#创建sonar数据库
CREATE DATABASE sonar;
#创建sonar用户密码为123456
CREATE USER sonar WITH ENCRYPTED PASSWORD '123456';
#授权用户访
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
#执行变更
ALTER DATABASE sonar OWNER TO sonar;
安装sonar
apt update &&\
apt install -y openjdk-11-jdk
echo "vm.max_map_count=524288" >> /etc/sysctl.conf
echo "fs.file-max=131072" >> /etc/sysctl.conf
sysctl -p
#检查
sysctl -a |grep 524288
# vm.max_map_count = 524288
cd /usr/local/src/ &&\
curl -O https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.10.61524.zip &&\
unzip sonarqube-8.9.10.61524.zip
BASE_DIR="/apps"
if [[ ! -d "${BASE_DIR}" ]]; then
mkdir -p "${BASE_DIR}"
fi
mv /usr/local/src/sonarqube-8.9.10.61524 /apps/
ln -sv /apps/sonarqube-8.9.10.61524 /apps/sonarqube
useradd -r -m -s /bin/bash sonarqube
chown sonarqube.sonarqube /apps -R
su - sonarqube
cp /apps/sonarqube/conf/sonar.properties{,.bak}
tee -a /apps/sonarqube/conf/sonar.properties << "EOF"
sonar.jdbc.username=sonar
sonar.jdbc.password=123456
sonar.jdbc.url=jdbc:postgresql://192.168.56.106/sonar
EOF
#启动
/apps/sonarqube/bin/linux-x86-64/sonar.sh start
#停止
/apps/sonarqube/bin/linux-x86-64/sonar.sh stop
#配置systemd启动
tee -a /etc/systemd/system/sonarqube.service <<"EOF"
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=simple
User=sonarqube
Group=sonarqube
PermissionsStartOnly=true
ExecStart=/bin/nohup /usr/bin/java -Xms512m -Xmx512m -Djava.net.preferIPv4Stack=true -jar /apps/sonarqube/lib/sonar-application-8.9.10.61524.jar
StandardOutput=syslog
LimitNOFILE=131072
LimitNPROC=8192
TimeoutStartSec=5
Restart=always
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl restart sonarqube && systemctl enable sonarqube
安装sonar scanner
cd /usr/local/src/ &&\
unzip sonar-scanner-cli-4.7.0.2747.zip
if [[ ! -d /apps ]]; then
mkdir /apps
fi
mv /usr/local/src/sonar-scanner-4.7.0.2747 /apps/
ln -sfv /apps/sonar-scanner-4.7.0.2747 /apps/sonar-scanner
tee -a /apps/sonar-scanner/conf/sonar-scanner.properties << "EOF"
sonar.host.url=http://192.168.56.105:9000
sonar.sourceEncoding=UTF-8
EOF
5、基于命令、shell 脚本和 pipline 实现代码质量检测
命令式
root@jenkins:~# tree python-test/
python-test/
├── sonar-project.properties
└── src
└── test.py
1 directory, 2 files
root@jenkins:~/python-test# cat sonar-project.properties
# Required metadata
sonar.projectKey=magedu-python
sonar.projectName=magedu-python-app1
sonar.projectVersion=1.0
# Comma-separated paths to directories with sources (required)
sonar.sources=src
# Language
sonar.language=py
# Encoding of the source files
sonar.sourceEncoding=UTF-8
root@jenkins:~/python-test# /apps/sonar-scanner/bin/sonar-scanner
shell 脚本
cd /data/gitdata/linux &&\ git clone git@gitlab.iclinux.com:linux/app2.git cd app2 &&\ /apps/sonar-scanner/bin/sonar-scanner /apps/sonar-scanner/bin/sonar-scanner -Dsonar.projectKey=iclinx -Dsonar.projectName=iclinux-python-app3 -Dsonar.projectVersion=1.3 -Dsonar.sources=./src -Dsonar.language=py -Dsonar.sourceEncoding=UTF-8
pipeline
pipeline {
agent any
parameters {
string(name: 'BRANCH', defaultValue: 'develop', description: '分支选择')
choice(name: 'DEPLOY_ENV', choices: ['develop', 'production'], description: '部署环境选择')
}
stages {
stage('变量测试1'){
steps {
sh "echo $env.WORKSPACE"
sh "echo $env.JOB_URL"
sh "echo $env.NODE_NAME"
sh "echo $env.NODE_LABELS"
sh "echo $env.JENKINS_URL"
sh "echo $env.JENKINS_HOME"
}
}
stage('代码克隆'){
steps {
deleteDir()
script {
if ( env.BRANCH == 'main' ){
git branch: 'main', credentialsId: 'root', url: 'https://gitlab.iclinux.com/linux/app2.git'
} else if ( env.BRANCH == 'develop' ) {
git branch: 'develop', credentialsId: 'root', url: 'https://gitlab.iclinux.com/linux/app2.git'
} else {
echo 'BRANCH ERROR, please check it.'
}
GIT_COMMIT_TAG = sh(returnStdout: true, script: 'git rev-parse --shart HEAD').trim()
}
}
}
stage('python源代码质量扫描'){
steps {
sh "cd $env.WORKSPACE && /apps/sonar-scanner/bin/sonar-scanner -Dsonar.projectKey=iclinx -Dsonar.projectName=iclinux-python-app3 -Dsonar.projectVersion=1.3 -Dsonar.sources=./src -Dsonar.language=py -Dsonar.sourceEncoding=UTF-8"
}
}
}
}
浙公网安备 33010602011771号