60-CICD持续集成-Jenkins连接Gitlab资源并且自动部署上线全流程
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了60-CICD持续集成-Jenkins连接Gitlab资源并且自动部署上线全流程相关的知识,希望对你有一定的参考价值。
Jenkins 实现 CICD
Jenkins 结合 GitLab 实现代码下载
- 导入项目
- Jenkins 安装和 Gitlab 相关的插件
在管理插件中搜索需要gitlab的相关插件并安装
- Jenkins 服务器创建访问GitLab的凭据
Jenkins所支持的凭证类型如下
用户名和密码(Username with password)
SSH用户名和私钥日(SSH Username with private key)
Github App
Secret file: 需要保密的文本文件,保存有Token等信息
Secret text:Token,串需要保密的文本,例如Github的API Token等
Certificate
其它凭证类型还有二进制数据,或者更复杂形式的项目,例如OAuth凭证等;
凭证的作用域决定了它可用的目标范围
系统:作用于Jenkins系统自身,仅可用于系统和后台任务,且一般用于连接到agent节点之上
全局:作用于Jenkins上的所有任务,以确保任务的正常执行
用户:作用于用户级别,仅生效于Jenkins中的线程代表该用户进行身份验证之时;
注意:在Jenkins内部,凭证被存放在JENKINS_ HOME目录下的secrets目录中,请务必确保该目录的访问权限进行了正确的设置
案例:添加基于用户名和密码类型的凭据
如果基于http协议则无需实现ssh key 凭证,而选择添加gitlab用户名和密码的形式
案例:创建基于 ssh key 的凭据
绑定jenkins公钥到gitlab项目用户下
[root@jenkins ~]#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:ZgW5CQ7rNgJXPvaxSJzVoVJpe7/jSt2BJALN+41BfrQ root@jenkins
The keys randomart image is:
+---[RSA 3072]----+
| .o.ooo |
| ooB.+.. |
| +.Bo*.+o. |
|. . O.=.*+E. |
| o + + =S*. . |
| . = ooo.o. . |
| o . . ... |
| . o |
| .o.. |
+----[SHA256]-----+
[root@jenkins ~]#ls ./.ssh/
authorized_keys id_rsa id_rsa.pub
[root@jenkins ~]#cat ./.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDS867202pW1hP3/DGJYCawE7Bh3ex/AEEZVrMM3+1jTyPKvd8pn97/8t4BCAK7DxSzO9QVKGeFqsyTMvBGwOYWtCSPJHwqsfQNbOh+Cg3HoTIkRJRCfUUs4v4oJpiB2taAtmatQryj0lDV3/dsJQCYUcARNB+TXFeEs/jnM4btqUcloriWOuKgdN+LBjfx+oRcftFpsXQ/0Aw9GQZchkbzfLjL9zoYE85rJrd5NqFfQdAmYqVjSpEZ3TBDOts9Ir8D5v5JTUxsWmf3jKC+3uSajr3j3u5EUnKq1zsMCoL8D92TIQOrC8jwBO8oe/kY7fsWnPYscyvFByoQmT5Vl7EqkF4MeoSrY00IdqK2iMUbef728qodTgSyq5SPFZwV+Yn3rbEasJS3Xbj2/Qr0kuY/UJ+ZZWC3wp69rbFo2goJSyD58SAgJhD7v3Aotw0814P37o4BGeASRAQhHKsHH6damGmwfdAl90I4V2kXw7bNHxPHLBLFjzlSW0eVXdTIcOM= root@jenkins
jenkins创建以ssh方式下载gitlab资源方式
- 托管服务器ssh私钥给jenkins
[root@jenkins ~]#cat ./.ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA0vOu9tNqVtYT9/wxiWAmsBOwYd3sfwBBGVazDN/tY08jyr3fKZ/e
//LeAQgCuw8UszvUFShnharMkzLwRsDmFrQkjyR8KrH0DWzofgoNx6EyJESUQn1FLOL+KC
aYgdrWgLZmrUK8o9JQ1d/3bCUAmFHAETQfk1xXhLP45zOG7alHJaK4ljrioHTfiwY38fqE
XH7RabF0P9AMPRkGXIZG83y4y/c6GBPOaya3eTahX0HQJmKlY0qRGd0wQzrbPSK/A+b+SU
1MbFpn94ygvt7kmo69497uRFJyqtc7DAqC/A/dkyEDqwvI8ATvKHv5GO37Fpz2LHMrxQcq
EJk+VZexKpBeDHqEq2NNCHaitojFG3n+9vKqHU4EsquUjxWcFfmJ962xGrCUt1249v0K9J
LmP1CfmWVgt8Keva2xaNoKCUsg+fEgICYQ+79wKLcNPNeD9+6OARngEkQEIRyrBx+nWphp
sH3QJfdCOFdpF8O2zR8TxywSxY85UltHlV3UyHDjAAAFiOmIXXbpiF12AAAAB3NzaC1yc2
EAAAGBANLzrvbTalbWE/f8MYlgJrATsGHd7H8AQRlWswzf7WNPI8q93ymf3v/y3gEIArsP
FLM71BUoZ4WqzJMy8EbA5ha0JI8kfCqx9A1s6H4KDcehMiRElEJ9RSzi/igmmIHa1oC2Zq
1CvKPSUNXf92wlAJhRwBE0H5NcV4Sz+Oczhu2pRyWiuJY64qB034sGN/H6hFx+0WmxdD/Q
DD0ZBlyGRvN8uMv3OhgTzmsmt3k2oV9B0CZipWNKkRndMEM62z0ivwPm/klNTGxaZ/eMoL
7e5JqOvePe7kRScqrXOwwKgvwP3ZMhA6sLyPAE7yh7+Rjt+xac9ixzK8UHKhCZPlWXsSqQ
Xgx6hKtjTQh2oraIxRt5/vbyqh1OBLKrlI8VnBX5ifetsRqwlLdduPb9CvSS5j9Qn5llYL
fCnr2tsWjaCglLIPnxICAmEPu/cCi3DTzXg/fujgEZ4BJEBCEcqwcfp1qYabB90CX3QjhX
aRfDts0fE8csEsWPOVJbR5Vd1Mhw4wAAAAMBAAEAAAGAFSY2O+vNRQB4hwvDQaUgq9WFgQ
JZZBA39pzhHaDTsXmtOnXXyloLZvjH9i2B7JQh/Kg6Zpai7l1F3lokictsJgmQgsNjKXqm
37O0CXLjl8ia+NThUlsx1MK7PXZFIvu4NrZSy/sdY4VB8ndeXHrHOP41NeRWaBVBdv3+Ld
vWIryuc+EBBZrIvtKI2OzaLgnyPD3ArAqM/5rRp0x7fUo/EclG07gpHGHb95UtntrxydWU
00xfjXlb2853uL3NXi897cGfKPdq4yVBN5XS9lwJeyXmjsFcf+GyagHpDRf4dphPlizU6k
MyxdS+JvA6LlZ6C4Bt9QclnFqlLkiPf92u47QsKRqAWqqGnfWSvAaaGhRtlN+iadNi/J/o
pDcqzYzQqULQknfgs+/1IhyhARJjxvpLDbNN8XTl6tXU38lMHXoWzclq6//drGQOVxp7Q+
9qzWgNrJtMNUBCseOMIoIrJzqdd2tPOwVuM/CaGLy90nG2znV9kGGd187ZPeweC20pAAAA
wBhQ/NATPeZbzDayVS/WlVp7hUEzlFfKCPEcauVuxAnZdzAbv+kjwWZRgz+wmfoF9hZu1e
j3e1oxkVb78xEYoG7Uu/gHbspwV0ajQPykX0nMADG94J0G8G0H/dQDgFMpQtekZxDA19Rt
MP52CrdwPZR2qluPd1Y1i7OjtQKM6hwnWn7B7T3rW4Wsi/nQcO7XCw+KD5ZW8AFS/TbzMN
rqIRJv/4VVnEwx5XrBPIJ4weNT0Z3yTe9o7k+efj8OWrZ/0QAAAMEA67m0zAeWer6+ySnS
aSw9titw1t17E9bqrD8X2fC9IjSN1/MT4fabUfmQ2EGnCvK0d3UlYc99Zn2qSkDZMmQAyG
zoXV06wx84QAyio4N4yXLHCAIQ/6SclsXFvy9hGn9R5oACOl8z7GRrg/awglNDV0YQm/ts
U6uQYULZ8byPBDwdGj97BuS/XFQeGI58Mk+NHsFIAMu11AVw0WXLN7CIiyyPFVtMxLZJVz
ygKSw4Jf5mSFnYRWky6V5nmAqMYSdpAAAAwQDlGIELtuauzVfBvR49HONan25Mf1iHpwVT
z6L4tXGD4FSaGpan+uWdSLb74TWwDrP4L0xDjdFqZB0bMfetMsNwsDwbXTUiTfds8Xuya7
RwedGqb6ldVV91frQ3NvCEdptW4eiRZvnSzIhMey0qIk3HkEtkGpVaOCjEpor1cV6gD6Wm
I2zmLyfiZ84Ssqwucm2wfJPXUYDkjhlauy27b0oU4VEbj/ifjDzzdp3xlCRF73p3xui+Zx
8xYarzoRdeOGsAAAAMcm9vdEBqZW5raW5zAQIDBAUGBw==
-----END OPENSSH PRIVATE KEY-----
*注意:由于第一次ssh连接需要同意将公钥上传至gitlab,需要在jenkins服务端先下载
[root@jenkins data]#git clone git@gitlab.mooreyxia.org:dev/wheel_of_fortune.git
Cloning into wheel_of_fortune...
The authenticity of host gitlab.mooreyxia.org (10.0.0.200) cant be established.
ED25519 key fingerprint is SHA256:D5IJqoQ+6HEwmjaWfYs8tPfgGdJbWsyMJ/fk/L83np4.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added gitlab.mooreyxia.org (ED25519) to the list of known hosts.
remote: Enumerating objects: 19, done.
remote: Counting objects: 100% (19/19), done.
remote: Compressing objects: 100% (19/19), done.
remote: Total 19 (delta 0), reused 19 (delta 0), pack-reused 0
Receiving objects: 100% (19/19), 863.40 KiB | 29.77 MiB/s, done.
- 下载的文件存放在jenkins的works文件下
[root@jenkins ~]#ll /var/lib/jenkins/workspace/
total 24
drwxr-xr-x 6 root root 4096 Feb 9 18:25 ./
drwxr-xr-x 14 jenkins jenkins 4096 Feb 9 18:26 ../
drwxr-xr-x 5 root root 4096 Feb 9 17:57 Wheel Of Fortune 01/
drwxr-xr-x 2 root root 4096 Feb 9 17:57 Wheel Of Fortune 01@tmp/
drwxr-xr-x 5 root root 4096 Feb 9 18:25 Wheel Of Fortune 02/
drwxr-xr-x 2 root root 4096 Feb 9 18:25 Wheel Of Fortune 02@tmp/
至此完成了从gitlab克隆资源到本地的全过程
配置 Jenkins 结合 GitLab 实现自动化部署
添加执行命令
#打通后端登录验证
[root@jenkins script]#ssh-copy-id 10.0.0.203
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 10.0.0.203 (10.0.0.203) cant be established.
ED25519 key fingerprint is SHA256:D5IJqoQ+6HEwmjaWfYs8tPfgGdJbWsyMJ/fk/L83np4.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:1: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.203s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 10.0.0.203"
and check to make sure that only the key(s) you wanted were added.
[root@jenkins script]#ssh-copy-id 10.0.0.204
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 10.0.0.204 (10.0.0.204) cant be established.
ED25519 key fingerprint is SHA256:D5IJqoQ+6HEwmjaWfYs8tPfgGdJbWsyMJ/fk/L83np4.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:1: [hashed name]
~/.ssh/known_hosts:4: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.204s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 10.0.0.204"
and check to make sure that only the key(s) you wanted were added.
#部署脚本
[root@jenkins script]#cat wheel-deploy.sh
#!/bin/bash
#
#********************************************************************
#FileName: wheel-deploy.sh
#Description: The test script
#********************************************************************
HOST_LIST="
10.0.0.203
10.0.0.204
"
APP=wheel
APP_PATH=/var/www/html --> nginx存放页面路径
DATA_PATH=/opt
DATE=`date +%F_%H-%M-%S`
deploy ()
for i in $HOST_LIST;do
ssh $i "rm -f $APP_PATH && mkdir -pv $DATA_PATH/$APP-$DATE"
scp -r * $i:$DATA_PATH/$APP-$DATE
ssh $i "ln -sv $DATA_PATH/$APP-$DATE $APP_PATH"
done
rollback()
for i in $HOST_LIST;do
CURRENT_VERISION=$(ssh $i "readlink $APP_PATH")
CURRENT_VERISION=$(basename $CURRENT_VERISION)
echo $CURRENT_VERISION
PRE_VERSION=$(ssh $i "ls -1 $DATA_PATH | grep -B1
$CURRENT_VERISION|head -n1 ")
echo $PRE_VERSION
ssh $i "rm -f $APP_PATH&& ln -sv $DATA_PATH/$PRE_VERSION$APP_PATH"
done
case $1 in
deploy)
deploy
;;
rollback)
rollback
;;
*)
exit
;;
esac
#验证脚本
[root@jenkins script]#bash wheel-deploy.sh deploy
mkdir: 已创建目录 /opt/wheel-2023-02-09_18-41-18
wheel-deploy.sh 100% 1031 399.6KB/s 00:00
/data/html -> /opt/wheel-2023-02-09_18-41-18
mkdir: 已创建目录 /opt/wheel-2023-02-09_18-41-18
wheel-deploy.sh 100% 1031 941.9KB/s 00:00
/data/html -> /opt/wheel-2023-02-09_18-41-18
#203
[root@ubuntu2204 ~]#ll /var/www/html/
总用量 16
drwxr-xr-x 2 root root 4096 2月 9 18:51 ./
drwxr-xr-x 5 root root 4096 2月 9 18:51 ../
-rw-r--r-- 1 root root 6 2月 9 18:51 index.html
#204
[root@ubuntu2204 wheel-2023-02-09_18-41-18]#ll /var/www/html
lrwxrwxrwx 1 root root 30 2月 9 18:51 /var/www/html -> /opt/wheel-2023-02-09_18-51-16/
- 开始自动化部署
[root@jenkins script]#ls wheel-deploy.sh
wheel-deploy.sh
#203 204
[root@ubuntu2204 html]#tree /opt/
/opt/
└── wheel-2023-02-09_19-06-27
├── images
│ ├── 1.png
│ ├── 2.png
│ ├── 3.png
│ ├── 4.png
│ ├── 5.png
│ ├── 6.png
│ ├── 7.png
│ ├── bgimg.png
│ ├── needle.png
│ ├── start1.png
│ ├── start2.png
│ └── start.png
├── index.html
└── js
├── jquery.min.js
└── turntable.js
6 directories, 19 files
[root@ubuntu2204 html]#ll /var/www/html
lrwxrwxrwx 1 root root 30 2月 9 19:06 /var/www/html -> /opt/wheel-2023-02-09_19-06-27/
我是moore,大家一起加油!
以上是关于60-CICD持续集成-Jenkins连接Gitlab资源并且自动部署上线全流程的主要内容,如果未能解决你的问题,请参考以下文章