jenkins之pipline基础

jenkins之pipline基础

搭建基于tomcat的webapp

节点信息

  • tomcat1:192.168.80.104
  • tomcat2:192.168.80.105
  • haproxy1+keepalived1:192.168.80.104
  • haproxy2+keepalived2:192.168.80.105

image-20201218154304160

安装jdk

  1. 安装openjdk

    [root@web1-ha1 ~]# yum install -y java-1.8.0-openjdk-devel
       
    
  2. 配置java环境变量

    [root@web1-ha1 ~]# vim /etc/profile.d/java.sh 
    [root@web1-ha1 ~]# cat /etc/profile.d/java.sh 
    export JAVA_HOME=/usr/lib/jvm/java-1.8.0
    export PATH=$JAVA_HOME/bin:$PATH
       
    [root@web1-ha1 ~]# source !$
    source /etc/profile.d/java.sh
    [root@web1-ha1 ~]# echo $JAVA_HOME
    /usr/lib/jvm/java-1.8.0
    [root@web1-ha1 ~]# java -version
    openjdk version "1.8.0_262"
    OpenJDK Runtime Environment (build 1.8.0_262-b10)
    OpenJDK 64-Bit Server VM (build 25.262-b10, mixed mode)
       
    另一台相同操作即可
    

安装tomcat

  1. 安装tomcat

    [root@web1-ha1 ~]# tar -xf apache-tomcat-8.5.57.tar.gz -C /usr/local/
    [root@web1-ha1 ~]# ll /usr/local/
       
    [root@web1-ha1 ~]# ln -sv /usr/local/apache-tomcat-8.5.57/ /usr/local/tomcat
    ‘/usr/local/tomcat’ -> ‘/usr/local/apache-tomcat-8.5.57/’
       
    
  2. 配置tomcat环境变量

    [root@web1-ha1 ~]# vim /etc/profile.d/tomcat.sh
    [root@web1-ha1 ~]# source !$
    source /etc/profile.d/tomcat.sh
       
    [root@web1-ha1 ~]# cat /etc/profile.d/tomcat.sh 
    export CATALINA_BASE=/usr/local/tomcat
    export CATALINA_HOME=/usr/local/tomcat
    export PATH=$CATALINA_BASE/bin:$PATH
       
       
    [root@web1-ha1 ~]# catalina.sh start
    Using CATALINA_BASE:   /usr/local/tomcat
    Using CATALINA_HOME:   /usr/local/tomcat
    Using CATALINA_TMPDIR: /usr/local/tomcat/temp
    Using JRE_HOME:        /usr/lib/jvm/java-1.8.0
    Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
    Tomcat started.
    [root@web1-ha1 ~]# ss -nlt
    State      Recv-Q Send-Q                          Local Address:Port                                         Peer Address:Port              
    LISTEN     0      128                                         *:22                                                      *:*                  
    LISTEN     0      100                                 127.0.0.1:25                                                      *:*                  
    LISTEN     0      1                            ::ffff:127.0.0.1:8005                                                   :::*                  
    LISTEN     0      100                                        :::8080                                                   :::*                  
    LISTEN     0      128                                        :::22                                                     :::*                  
    LISTEN     0      100                                       ::1:25                                                     :::*   
    
  3. 访问测试

    image-20201218160356589

自定义webapp应用

  1. 修改webapp的入口文件index.jsp

    [root@web2-ha2 ROOT]# cd /usr/local/tomcat/webapps/ROOT/
    [root@web2-ha2 ROOT]# mv index.jsp index.jsp.bak
    [root@web2-ha2 ROOT]# echo web2-ha2 > index.jsp
       
    [root@web1-ha1 ROOT]# cd /usr/local/tomcat/webapps/ROOT/
    [root@web1-ha1 ROOT]# mv index.jsp index.jsp.bak
    [root@web1-ha1 ROOT]# echo web1-ha1 > index.jsp
       
    # 2台tomcat webapp分别定义不同的首页,用于区分
    
  2. 重启测试

image-20201220110941441

image-20201220110919071

部署keepalived

  1. 安装keepalived1

    [root@web1-ha1 conf]# yum install -y keepalived
       
    
  2. 修改配置文件

    [root@web1-ha1 conf]# cat /etc/keepalived/keepalived.conf 
    ! Configuration File for keepalived
    ...
    vrrp_instance VI_1 {
        state MASTER
        interface eth0
        virtual_router_id 51
        priority 80
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.80.200 dev eth0 label eth0:0
        }
    }
       
    [root@web1-ha1 conf]# systemctl start keepalived
       
    
  3. 部署keepalived2

    [root@web2-ha2 ROOT]# yum install -y keepalived
    [root@web2-ha2 ROOT]# cat /etc/keepalived/keepalived.conf 
    ! Configuration File for keepalived
    ...
    vrrp_instance VI_1 {
        state MASTER
        interface eth0
        virtual_router_id 51
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.80.200 dev eth0 label eth0:0
        }
    }
       
    [root@web2-ha2 ROOT]# systemctl start keepalived
    [root@web2-ha2 ROOT]# ifconfig -a
       
    eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.80.200  netmask 255.255.255.255  broadcast 0.0.0.0
            ether 00:0c:29:a5:67:42  txqueuelen 1000  (Ethernet)
    # ha2的优先级比较高,所以ha2先获得vip        
    

部署haproxy

  1. 部署haproxy1

    yum install -y haproxy
       
     vim /etc/haproxy/haproxy.cfg 
     # 将2个tomcat的webapp定义一个后端主机组,进行转发
     listen tomcat_web
            bind 0.0.0.0:80
            mode http
            log global
            option httplog
            server 192.168.80.104 192.168.80.104:8080 check
            server 192.168.80.105 192.168.80.105:8080 check
       
    # 配置rsyslog接收haproxy的日志
    # Provides UDP syslog reception
    $ModLoad imudp
    $UDPServerRun 514
       
    # Provides TCP syslog reception
    $ModLoad imtcp
    $InputTCPServerRun 514
    local2.*                       /var/log/haproxy.log
       
       
    # 重启haproxy和rsyslog服务
       
    systemctl restart rsyslog
    systemctl restart haproxy
       
    
  2. 部署haproxy2

    和部署haproxy1完全一致,只是监听的是vip,只有vip所在的haproxy会收到流量,并进行转发
    
  3. 访问测试

    [root@dev-machine ~]# curl 192.168.80.200
    web1-ha1
    [root@dev-machine ~]# curl 192.168.80.200
    web2-ha2
    [root@dev-machine ~]# curl 192.168.80.200
    web1-ha1
    [root@dev-machine ~]# curl 192.168.80.200
    web2-ha2
    [root@dev-machine ~]# curl 192.168.80.200
    web1-ha1
    [root@dev-machine ~]# curl 192.168.80.200
    web2-ha2
    

Jenkins基础使用

安装gitlab相关插件

系统管理-》插件管理-》可选插件部分,搜索安装以下4个插件,(插件安装会自动安装依赖的插件)

image-20201220125434792

image-20201220125628805

用户权限管理

  1. 安装权限管理插件role-based authorization strategy

    image-20201221153205497

  2. 修改认证方式:系统管理-》全局安全配置

    image-20201221153349179

  3. 创建Jenkins角色,给角色配置权限,(全局或项目范围内的读、写、更新等)

    此时安全管理界面应该有管理用户和角色的选项,此处加了个custom-role,并赋予了全局范围内的读权限

    image-20201221153554826

    image-20201221153837976

  4. 创建Jenkins用户;

    image-20201221153954730

  5. 将用户关联到角色

    image-20201221154310911

  6. 新用户登陆测试

    image-20201221154339690

Jenkins邮箱配置

  1. 开启网易或qq邮箱的smtp服务,并获得授权密码
  2. 配置Jenkins:(在系统配置中)
    1. Jenkins location
    2. Jenkins的邮件通知
  3. 发送测试邮件,并查看

Jenkins location和邮件通知配置如下:

image-20201221161730631

image-20201221161544491

查看收到的测试邮件

image-20201221161213252

Jenkins配置ssh-key拉取gitlab代码

  1. Jenkins主机生成ssh-key

    [root@jenkins-1 ~]# ssh-keygen -t rsa
    [root@jenkins-1 ~]# cat .ssh/id_rsa.pub 
    
  2. 将Jenkins主机的key添加到gitlab中

    image-20201221163852994

  3. Jenkins主机拉取gitlab项目测试

    [root@jenkins-1 ~]# git clone git@192.168.80.102:mygroup1/myproject1.git
    Cloning into 'myproject1'...
       
    drwxr-xr-x  3 root root   53 Dec 21 16:35 myproject1
    

jenkins配置ssh-key类型凭证

  1. 安装credentials binding 插件

    image-20201221181943179

  2. 安全-》凭据配置里,管理员账户添加可以创建的:凭证的提供者,和其类型,(全选)

    image-20201221181910832

  3. 安全-》manage credential里,添加某类型的具体的凭证(截图有误,应该填入gitlab的ssh-key对应的私钥!)

    image-20201221181846530

  4. 创建测试项目test-demo1,没有报错,基本证实该key没有问题

    image-20201221182723347

  5. 点击立即构建,查看构建结果,Jenkins主机上的工作目录下,生成对应目录

    [root@jenkins-1 ~]# ll /var/lib/jenkins/workspace/
    total 0
    drwxr-xr-x 3 jenkins jenkins 53 Dec 21 18:27 test-demo1
    drwxr-xr-x 2 jenkins jenkins  6 Dec 21 18:27 test-demo1@tmp
    
  6. 查看,控制台输出,证明该凭证,可以正常使用

    image-20201221182920612

构建后shell脚本

shell脚本,将构建后的web包,(这里只有一个index.jsp模拟)拷贝到2台tomcat服务器上,重启tomcat,实现webapp的更新

脚本如下:

image-20201221190051776

保存后,点击立即构建,依次检查Jenkins控制台输出、Jenkins的工作目录、webapp的页面,发现shell执行结果均符合预期,下方为更新后tomcat app的访问截图:

image-20201221185947319

image-20201221185939578

Jenkins触发器

触发器简介

​ Jenkins的触发器可以实现,当满足特定的条件时,触发相应操作,eg:只有dev分支的代码设置触发器,当有新代码提交时,会触发Jenkins拉取代码,构建,然后自动部署到测试环境,而正式环境的代码需要手动确认后再部署到正式环境;

图示:

image-20201222103643458

触发器种类

  • 触发远程构建:gitlab在检测到某库提交代码后,通过jenkins给出的url和token发起调用,之后jenkins就可以来gitlab拉取代码,进行后续构建操作;
  • 其他工程构建后触发:build after other projects are build,
  • 定时构建:build periodlcally
  • 轮询scm,(对代码库轮询,检查是否有代码提交,对jenkins资源消耗较大)

触发器webhook设置

  1. gitlab上给项目,新建dev分支;

  2. jenkins安装插件:gitlab hook,gitlab authentication;

    image-20201222112951995

  3. 修改jenkins配置

    1. 登陆策略改为:登陆用户可以做任何事

      image-20201222113214450

    2. 取消勾选:防止跨站点请求伪造(263版本没找到,后续通过命令行关闭)

    3. 保存配置

  4. jenkins新建job,拉取代码选择分支为:dev

    image-20201222122842520

    1. 构建shell,使用echo一个环境变量用于测试

      image-20201222135751403

    2. openssl生成一个字符串做token

      [root@jenkins-1 ~]# openssl rand -hex 12
      5ea30da8af91cf0adc527336
            
      
    3. 配置jenkins job时选择:触发远程构建,将上步的token填入

      image-20201222135657676

  5. curl命令访问jenkins的url,curl访问会触发构建

    [root@gitlab ~]# curl http://192.168.80.101:8080/job/dev-webhook/build?token=5ea30da8af91cf0adc527336
    
  6. 查看项目下是否有新的构建序号#N

    image-20201222135418655

  7. gitlab配置webhook,在admin area-》system hook中配置

    image-20201222142827860

  8. gitlab测试webhook可用性

    首次测试异常:报错403,“Hook executed successfully but returned HTTP 403... No valid crumb was included in the request”

    image-20201222143110199

    根据google查得,是csrf没关闭的导致,本应在全局安全配置中可以关闭,但是Jenkins2.263.1版本没有找到该选项,另一种方法,命令方式关闭(在jenkins的命令行窗口输入以下命令,并执行)

    image-20201222141902445

    再次测试正常:

    image-20201222141719048

  9. 更新jenkins job的构建shell,为正式的构建、打包、部署命令

    cd /var/lib/jenkins/workspace/dev-webhook
    tar -czvf web1.tar.gz index.jsp
    scp web1.tar.gz root@192.168.80.104:/usr/local/tomcat/webapps/ROOT/
    scp web1.tar.gz root@192.168.80.105:/usr/local/tomcat/webapps/ROOT/
       
    ssh root@192.168.80.104 "catalina.sh stop && tar -xf /usr/local/tomcat/webapps/ROOT/web1.tar.gz -C /tmp/ && cp -a /tmp/index.jsp /usr/local/tomcat/webapps/ROOT/index.jsp"
    ssh root@192.168.80.105 "catalina.sh stop && tar -xf /usr/local/tomcat/webapps/ROOT/web1.tar.gz -C /tmp/ && cp -a /tmp/index.jsp /usr/local/tomcat/webapps/ROOT/index.jsp"
       
    ssh root@192.168.80.104 "catalina.sh start"
    ssh root@192.168.80.105 "catalina.sh start"
    
  10. gitlab提交代码到dev分支

    1、开发者本地生成密钥,并将密钥的公钥上传到自己gitlab账户的ssh-key中;

    2、项目经理赋予开发者某个项目的一定的权限,如开发权限;

    3、开发者本地配置user.name 和user.email,和gitlab账户保持一致;

    4、之后,开发者即可将某具有开发权限的项目拉取到本地、开发、提交、推送;

    [pm@dev-machine ~]$ cat .gitconfig 
    [user]
        name = pm
        email = pm@bo.com
    [pm@dev-machine ~]$ git clone git@192.168.80.102:mygroup1/myproject1.git
    Cloning into 'myproject1'...
        
        
    [pm@dev-machine ~]$ cd myproject1/
    [pm@dev-machine myproject1]$ vim index.jsp # 添加一行;and this is dev branch app
    [pm@dev-machine myproject1]$ git add index.jsp 
    [pm@dev-machine myproject1]$ git commit -m "add one line in dev branch"
        
    [pm@dev-machine myproject1]$ git push
        
    
  11. 查看jenkins是否被gitlab调用webhook从而触发自动构建

    gitlab已经更新

    image-20201222145705844

    jenkins随即进行了新的构建,说明webhook成功调用

    image-20201222145806495

  12. 访问tomcat,查看webapp是否更新

    image-20201222153408963

  13. 实验中问题:

    1. 2个tomcat未设置开机自启动,所以第一次构建总失败,因为catalina.sh stop会失败,后续脚本失败
    2. 开发提交的的是master分支,而之前设置的自动触发拉取的是dev分支,所以webapp总是不更新,
    3. 第四次提交,最终实现自动触发jenkins构建,并成功部署到tomcat 服务器;

构建后项目关联

​ 用于多个Jenkins的job关联执行,如job1执行后且成功执行后触发执行job2;

在构建后操作中配置,需要构建的其他相关job,且可以选择当前项目的构建状态处于什么情况下,触发构建其相关job

image-20201222154208757

  1. 点击立即构建

  2. 查看控制台输出

    image-20201222154516647

  3. 查看pm-project2是否被关联构建

    image-20201222154502371

Jenkins分布式集群构建

​ job增多时,单jenkins实例会影响项目的构建和部署效率,因此jenkins提供了Jenkins主从集群架构,将多个job分发给多个slave节点执行,挺高了并发能力,和执行效率;

配置slave节点

  1. 安装jdk环境,配置java环境变量

    [root@web1-ha1 ROOT]# java -version
    openjdk version "1.8.0_262"
    OpenJDK Runtime Environment (build 1.8.0_262-b10)
    OpenJDK 64-Bit Server VM (build 25.262-b10, mixed mode)
    [root@web1-ha1 ROOT]# echo $JAVA_HOME
    /usr/lib/jvm/java-1.8.0
       
    # 这里采用和tomcat服务器同一个机器
    
  2. 安装git,根据需要还可能安装maven等编译打包工具

    [root@web1-ha1 ROOT]# yum install -y git
       
    
  3. 创建jenkins的工作目录

       
    # 要和jenkins主节点的数据目录保持一致/var/lib/jenkins,注意权限
    
  4. 主节点上:

    1. 添加slave凭证,ssh类型,即slave节点的root用户和其登陆密码即可

      image-20201222160234405

    2. 添加slave节点

      image-20201222160458710

    3. 查看slave状态是否正常

      image-20201222160532068

  5. slave节点查看进程是否正常

    [root@web1-ha1 ROOT]# ps -ef|grep jenkins
    root       2105   2059  0 16:04 ?        00:00:00 bash -c cd "/var/lib/jenkins" && java  -jar remoting.jar -workDir /var/lib/jenkins -jar-cache /var/lib/jenkins/remoting/jarCache
    root       2112   2105 10 16:04 ?        00:00:08 java -jar remoting.jar -workDir /var/lib/jenkins -jar-cache /var/lib/jenkins/remoting/jarCache
       
    # slave节点不需要安装Jenkins,而是执行master节点的remoter.jar包即可
    
  6. 配置job在slave节点上执行

    image-20201222161212519

  7. 点击立即构建,并查看日志

    image-20201222161152581

  8. 构建后,slave节点也生成了相应的工作目录

    [root@web1-ha1 ROOT]# ll /var/lib/jenkins/remoting
    total 0
    drwxr-xr-x 17 root root 156 Dec 22 16:04 jarCache
    drwxr-xr-x  2 root root  54 Dec 22 16:04 logs
    [root@web1-ha1 ROOT]# ll /var/lib/jenkins/
    total 1488
    drwxr-xr-x 4 root root      34 Dec 22 16:04 remoting
    -rw-r--r-- 1 root root 1521553 Dec 22 16:04 remoting.jar
    drwxr-xr-x 4 root root      48 Dec 22 16:10 workspace
    [root@web1-ha1 ROOT]# ll /var/lib/jenkins/workspace/
    total 0
    drwxr-xr-x 3 root root 35 Dec 22 16:10 pm-project2
    drwxr-xr-x 2 root root  6 Dec 22 16:10 pm-project2@tmp
    [root@web1-ha1 ROOT]# ll /var/lib/jenkins/workspace/pm-project2
    total 4
    -rw-r--r-- 1 root root 21 Dec 22 16:10 README.m
    

pipline

简介

https://www.jenkins.io/doc/book/pipeline/

A continuous delivery (CD) pipeline is an automated expression of your process for getting software from version control right through to your users and customers. Every change to your software (committed in source control) goes through a complex process on its way to being released. This process involves building the software in a reliable and repeatable manner, as well as progressing the built software (called a "build") through multiple stages of testing and deployment.

Pipeline provides an extensible set of tools for modeling simple-to-complex delivery pipelines "as code" via the Pipeline domain-specific language (DSL) syntax. [1]

pipline支持2种方式,一是写在jenkins的job的piplin输入框内,适合测试;二是和代码一样写在ide中,并和代码一起提交到git等仓库中,方便管理,版本追踪等;

开发要写的几个文件:

程序配置文件:定义程序的运行时特性;

jenkinsfile:定义如何构建程序包;

sonar-project.properties:定义如何用sonar扫描代码;

dockerfile:定义程序包如何和基础镜像、依赖包打包成镜像;

k8s的yaml文件:定义打包后的镜像如何在k8s集群中运行成容器的行为特性;

pipline语法

常用的关键字:

  • node:定义在哪些节点运行任务
  • stage:定义都有哪些阶段,如构建阶段、打包阶段、测试阶段、部署阶段等
  • step:处于stage内部,stage就是由一个一个的step组成,如编译一个step,scp拷包一个step

pipline简单测试

1,新建demo项目

image-20201222162702295

2,写入pipline语句

image-20201222162922286

3,构建测试,成功

image-20201222163037525

image-20201222163028400

生成拉取代码的pipline语句

​ jenkins支持代码生成器,可以生成代码片段,只需稍作修改即可使用

  1. 生成拉取git仓库的代码

    image-20201222163915687

  2. 复制代码片段到脚本框中使用,点击构建

    image-20201222164342638

  3. 执行是在slave1上,

    image-20201222164421018

    [root@web1-ha1 ROOT]# ll /var/lib/jenkins/workspace/pipline-demo1
    total 8
    -rw-r--r-- 1 root root 93 Dec 22 16:41 index.jsp
    -rw-r--r-- 1 root root  1 Dec 22 16:41 README.md
       
    

pipline做完整的代码部署流程

  1. 更新gitlab代码

    image-20201222170259808

  2. 准备pipline脚本

    node {
        stage("code clone"){
            echo "code clone"
            sh 'rm -rf /var/lib/jenkins/workspace/pipline-demo1/*'
            git credentialsId: 'b20fdd14-dec6-4afa-b5d0-e14cb8e063a2', url: 'git@192.168.80.102:mygroup1/myproject1.git'
        }
           
        stage("code deploy"){
            echo "code build"
            sh 'cd /var/lib/jenkins/workspace/pipline-demo1/ && scp index.jsp root@192.168.80.104:/usr/local/tomcat/webapps/ROOT/index.jsp'
            sh 'cd /var/lib/jenkins/workspace/pipline-demo1/ && scp index.jsp root@192.168.80.105:/usr/local/tomcat/webapps/ROOT/index.jsp'
               
        }
        stage("tomcat restart"){
            sh 'ssh 192.168.80.104 "catalina.sh stop && catalina.sh start"'
            sh 'ssh 192.168.80.105 "catalina.sh stop && catalina.sh start"'
        }
         
    }
    
  3. slave1节点需要做到2个tomcat服务器的免密登陆,方便scp程序包

    [root@web1-ha1 ROOT]# ssh-copy-id 192.168.80.105
    [root@web1-ha1 ROOT]# ssh-copy-id 192.168.80.104
       
    
  4. 查看tomcat的webapp是否更新

    image-20201222170030916

  5. 指定运行节点:node中指定了master节点运行该job

    node("master") {
        stage("code clone"){
            echo "code clone"
            sh 'rm -rf /var/lib/jenkins/workspace/pipline-demo1/*'
            git credentialsId: 'b20fdd14-dec6-4afa-b5d0-e14cb8e063a2', url: 'git@192.168.80.102:mygroup1/myproject1.git'
        }
           
        stage("code deploy"){
            echo "code build"
            sh 'cd /var/lib/jenkins/workspace/pipline-demo1/ && scp index.jsp root@192.168.80.104:/usr/local/tomcat/webapps/ROOT/index.jsp'
            sh 'cd /var/lib/jenkins/workspace/pipline-demo1/ && scp index.jsp root@192.168.80.105:/usr/local/tomcat/webapps/ROOT/index.jsp'
               
        }
        stage("tomcat restart"){
            sh 'ssh 192.168.80.104 "catalina.sh stop && catalina.sh start"'
            sh 'ssh 192.168.80.105 "catalina.sh stop && catalina.sh start"'
        }
         
    }
    

    image-20201222170440452

Jenkins视图

​ jenkins可以将job进行分类归档,方便查看,如一个业务的所有job做一个视图,当前用户能查看的所有job放在一个视图(默认具有);主要有三类视图:

  • pipline视图
  • 列表视图
  • 我的视图

pipline视图

  1. 安装build pipline插件;

    image-20201222171115778

  2. 创建pipline类型的视图;

    image-20201222171838919

  3. 查看视图;视图当中列出了所有构建

    image-20201222172033337

列表视图

创建时选择类型为:列表视图

image-20201222175734878

我的视图

image-20201222175644276

Jenkins基于脚本实现参数化代码部署与回滚

参考博客

updatedupdated2020-12-242020-12-24
加载评论