极客时间运维进阶训练营第三周作业
- 2022-11-13 北京
本文字数:15161 字
阅读完需:约 50 分钟
1.实现对 Nginx+Tomcat Web 服务的单机编排
下载安装二进制的 docker-compose,版本 v2.12.1:
root@ubuntu200401:~# wget https://github.com/docker/compose/releases/download/v2.12.1/docker-compose-linux-x86_64
root@ubuntu200401:~# chmod a+x docker-compose-linux-x86_64
root@ubuntu200401:~# mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
root@ubuntu200401:~# docker-compose -v
Docker Compose version v2.12.1
目前用的比较多的是 v1,我们就在另一台服务器安装 v1.29.2 版本。后面操作都基于此版本。
root@ubuntu200402:~# wget https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
root@ubuntu200402:~# chmod a+x docker-compose-Linux-x86_64
root@ubuntu200402:~# mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
root@ubuntu200402:~# docker-compose -v
docker-compose version 1.29.2, build 5becea4c
部署 nginx、tomcat、mysql,docker-compose.yml 编排文件如下:
version: '3.8'
services:
nginx-server:
image: nginx:1.22.0-alpine
container_name: nginx-web1
# network_mode: bridge #网络1,使用docker安装后的默认网桥
expose:
- 80
- 443
ports:
- "80:80"
- "443:443"
networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有两块网卡
- front
- backend
links:
- tomcat-server
tomcat-server:
#image: tomcat:7.0.93-alpine
image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1
container_name: tomcat-app1
##network_mode: bridge #网络1,使用docker安装后的默认网桥
#expose:
# - 8080
#ports:
# - "8080:8080"
networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡
- backend
links:
- mysql-server
mysql-server:
image: mysql:5.6.48
container_name: mysql-container
# network_mode: bridge #网络1,使用docker安装后的默认网桥
volumes:
- /data/mysql:/var/lib/mysql
#- /etc/mysql/conf/my.cnf:/etc/my.cnf:ro
environment:
- "MYSQL_ROOT_PASSWORD=12345678"
- "TZ=Asia/Shanghai"
expose:
- 3306
ports:
- "3306:3306"
networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡
- backend
networks:
front: #自定义前端服务网络,需要docker-compose创建
driver: bridge
backend: #自定义后端服务的网络,要docker-compose创建
driver: bridge
default: #使用已经存在的docker0默认172.17.0.1/16的网络
external:
name: bridge
docker-compose 启动服务,查看服务状态:
root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker-compose up -d
root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fc1489547c80 nginx:1.22.0-alpine "/docker-entrypoint.…" 21 seconds ago Up 19 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp nginx-web1
73e4bc62f81a registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1 "/apps/tomcat/bin/do…" 21 seconds ago Up 20 seconds 8080/tcp, 8443/tcp tomcat-app1
b224301095b7 mysql:5.6.48 "docker-entrypoint.s…" 23 seconds ago Up 20 seconds 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp mysql-container
root@ubuntu200402:~/docker-compose-cases/case3-custom-network# brctl show
bridge name bridge id STP enabled interfaces
br-9786484ce7ab 8000.024258078048 no veth7ab7e05
vethcb88b70
vethe71a506
br-ee0b51380d98 8000.0242daab7cd6 no vethf6e7cda
docker0 8000.0242a9dd1a28 no
# 查看nginx-web1容器,有两块网卡,一个是front网络,一个是backend网络。
root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker exec -it nginx-web1 sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:13:00:04
inet addr:172.19.0.4 Bcast:172.19.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1156 (1.1 KiB) TX bytes:0 (0.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:14:00:02
inet addr:172.20.0.2 Bcast:172.20.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1462 (1.4 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.19.0.1 0.0.0.0 UG 0 0 0 eth0
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
访问 nginx 页面成功。
测试 nginx-web1 容器内访问 tomcat 服务是否正常:
root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker exec -it nginx-web1 sh
/ # curl tomcat-server:8080/myapp/index.jsp
<br />
host: 73e4bc62f81a
<br />
remoteAddr: 172.19.0.4
<br />
remoteHost: 172.19.0.4
<br />
sessionId: 3D94CB24DE60E2EEDCA3A1F08CA4C8DF
<br />
serverName:tomcat-server
<br />
scheme:http
<br />
host : tomcat-server:8080
<br />
user-agent : curl/7.83.1
<br />
accept : */*
<br />
配置 nginx 反向代理,转发动态请求到后端 tomcat-app1 服务。
# 将nginx配置拷贝到宿主机,方便进行编辑。
# docker cp nginx-web1:/etc/nginx/conf.d/default.conf .
# 在default.conf中server段内增加指向tomcat-app1服务的路由
# vi default.conf
location /myapp {
proxy_pass http://tomcat-server:8080;
}
将修改后的文件拷贝到nginx-web1容器内,并使nginx配置生效。
# docker cp default.conf nginx-web1:/etc/nginx/conf.d/
# docker exec nginx-web1 nginx -s reload
浏览器访问 tomcat 应用成功。
2.安装 GitLab、创建 group、user 和 project 并授权
2.1 安装 gitlab
gitlab 采用二进制的方式安装。操作系统配置建议至少需要 8C/16C,16G/32G,SSD/NAS(万兆)。
查看操作系统对应的代号:
root@ubuntu200402:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
下载 15.4.3 版本。
# wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/ubuntu/pool/focal/main/g/gitlab-ce/gitlab-ce_15.4.3-ce.0_amd64.deb
# 查看包的内容,可以看到文件都在/opt/gitlab目录下。
# dpkg -c gitlab-ce_15.4.3-ce.0_amd64.deb
# 安装
# dpkg -i gitlab-ce_15.4.3-ce.0_amd64.deb
...
Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:
sudo gitlab-ctl reconfigure
For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
Help us improve the installation experience, let us know how we did with a 1 minute survey:
https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=15-4
配置邮件发件配置。这里我们用 qq 邮箱,需要先获取一个授权码。
获取 QQ 邮箱授权码方式:
访问 mail.qq.com,输入 qq 用户名、密码进入邮箱。
点击【设置】-》【账户】
拖动右侧滚动条,找到 POP3/IMAP/SMTP/Exchange/CardDAV/CalDAV 服务区域,开启 POP3/SMTP 服务,会要求绑定手机号验证。按照提示操作,得到授权码“dudwfgfhqmzpcaeh”。
然后编辑/etc/gitlab/gitlab.rb 文件,并使配置生效。
root@ubuntu200402:~# grep -Ev '^$|^#' /etc/gitlab/gitlab.rb
external_url 'http://10.0.0.132'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "360159416@qq.com"
gitlab_rails['smtp_password'] = "dudwfgfhqmzpcaeh"
gitlab_rails['smtp_domain'] = "qq.com"
gitlab_rails['smtp_authentication'] = :login
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = "360159416@qq.com"
user["git_user_email"] = "360159416@qq.com"
root@ubuntu200402:~# gitlab-ctl reconfigure
...
Notes:
Default admin account has been configured with following details:
Username: root
Password: You didn't opt-in to print initial root password to STDOUT.
Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.
NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
首次登陆 gitlab,需要输入用户名密码。用户名可以输入 root 或邮箱号,密码是随机生成的,存储在/etc/gitlab/initial_root_password 里。登录成功后,进行一些简单的配置。
语言改成中文,点击保存。
右键“重新加载”,页面就显示中文了。
密码修改
在右上角下拉框中选择编辑个人资料,选择左侧密码,在右侧输入当前密码和新密码,新密码可设置为 12345678,保存。
修改密码成功后,会要求用新密码重新登录。重新登录后,在编辑个人资料中,设置电子邮件。
邮箱会受到一个 确认说明 的邮件,需要点击确认。
通知 里的全局通知设置里邮箱改成自己的邮箱号。gitlab 产生事件通知时就会发给自己的邮箱号。
关闭注册功能:
2.2 创建 group、user 和 project 并授权
group 对应于公司的项目
user 对应公司的研发人员
project 对应公司项目中的服务
创建 group
【main menu】->【仪表板】-> 【新建群组】
输入群组名称,点击【创建群组】
创建 user
【main menu】->【仪表板】-> 【新建用户】
新建用户 user1,输入名称,用户名,电子邮件,其他保持默认,点击【创建用户】。
设置密码。
使用新创建的用户登录一次,修改密码。然后再用修改后的密码登录到 gitlab,确保能正常登录。
相同的方式创建用户 user2,并确保能正常登录。
创建 project
选择创建空白项目,
会出现如下界面,界面中有使用介绍。
授权:
管理员界面,点击 group magedu。
将新建的 user1 加入 group,并选择权限,权限有 5 种,这里选开发者。
将 user2 也加入进来,设置权限为 owner,效果如下:
3. Git 命令的基本使用
user1 为 developer 权限,使用它来完成 git 的基本操作。
git add . # 添加当前目录下所有变化过的内容到暂存区
git commit -m "xxx" # 将代码提交到本地仓库
git push # 上传到 gitlab 服务器
# 本地克隆远程仓库代码到指定路径
# mkdir /data
# cd /data
root@ubuntu200403:/data# git clone http://10.0.0.132/magedu/app1.git
Cloning into 'app1'...
Username for 'http://10.0.0.132': user1
Password for 'http://user1@10.0.0.132':
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (3/3), 2.77 KiB | 258.00 KiB/s, done.
root@ubuntu200403:/data# ls -l
total 4
drwxr-xr-x 3 root root 4096 Nov 13 16:17 app1
root@ubuntu200403:/data# ll app1
total 20
drwxr-xr-x 3 root root 4096 Nov 13 16:17 ./
drwxr-xr-x 3 root root 4096 Nov 13 16:17 ../
drwxr-xr-x 8 root root 4096 Nov 13 16:17 .git/
-rw-r--r-- 1 root root 6177 Nov 13 16:17 README.md
root@ubuntu200403:/data#
# 新建文件index.htm
root@ubuntu200403:/data/app1# cat index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>magedu 官网</title>
</head>
<body>
<h1>当前版本v1</h1>
</body>
</html>
# 查看当前分支
root@ubuntu200403:/data/app1# git branch
* main
# 查看当前修改
root@ubuntu200403:/data/app1# git status
On branch main
Your branch is up to date with 'origin/main'.
Untracked files:
(use "git add <file>..." to include in what will be committed)
index.html
nothing added to commit but untracked files present (use "git add" to track)
# 添加修改到暂存区
root@ubuntu200403:/data/app1# git add .
# 将暂存区内容提交到本地仓库。
root@ubuntu200403:/data/app1# git commit -m "add index.html"
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
fatal: unable to auto-detect email address (got 'root@ubuntu200403.(none)')
# 按照提示配置git全局配置
root@ubuntu200403:/data/app1# git config --global user.email "xhzhou@zshield.net"
root@ubuntu200403:/data/app1# git config --global user.name "user1"
root@ubuntu200403:/data/app1# git commit -m "add index.html"
[main d29fe15] add index.html
1 file changed, 10 insertions(+)
create mode 100644 index.html
# user1为developer权限,提交到远程仓库失败
root@ubuntu200403:/data/app1# git push
Username for 'http://10.0.0.132': user1
Password for 'http://user1@10.0.0.132':
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 2 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 401 bytes | 401.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: GitLab: You are not allowed to push code to protected branches on this project.
To http://10.0.0.132/magedu/app1.git
! [remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to 'http://10.0.0.132/magedu/app1.git'
# user2为owner权限,提交到远程仓库成功
root@ubuntu200403:/data/app1# git push
Username for 'http://10.0.0.132': user2
Password for 'http://user2@10.0.0.132':
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 2 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 401 bytes | 401.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To http://10.0.0.132/magedu/app1.git
7509d95..d29fe15 main -> main
gitlab 上可以看到提交内容。
4. GitLab 服务的数据备份与恢复
备份
root@ubuntu200402:~# gitlab-ctl status
run: alertmanager: (pid 15392) 8218s; run: log: (pid 15238) 8245s
run: gitaly: (pid 15424) 8217s; run: log: (pid 14545) 8341s
run: gitlab-exporter: (pid 15370) 8220s; run: log: (pid 15057) 8262s
run: gitlab-kas: (pid 15342) 8222s; run: log: (pid 14816) 8328s
run: gitlab-workhorse: (pid 15353) 8221s; run: log: (pid 14986) 8276s
run: logrotate: (pid 29761) 1156s; run: log: (pid 14445) 8354s
run: nginx: (pid 14981) 8276s; run: log: (pid 15015) 8274s
run: node-exporter: (pid 15361) 8221s; run: log: (pid 15039) 8269s
run: postgres-exporter: (pid 15409) 8218s; run: log: (pid 15288) 8237s
run: postgresql: (pid 14670) 8338s; run: log: (pid 14755) 8335s
run: prometheus: (pid 15378) 8219s; run: log: (pid 15204) 8251s
run: puma: (pid 14900) 8291s; run: log: (pid 14908) 8288s
run: redis: (pid 14475) 8350s; run: log: (pid 14487) 8347s
run: redis-exporter: (pid 15372) 8220s; run: log: (pid 15115) 8257s
run: sidekiq: (pid 14920) 8285s; run: log: (pid 14939) 8281s
# 停止unicorn sidekip服务
root@ubuntu200402:~# gitlab-ctl stop unicorn sidekip
# 运行备份命令,备份账号信息和源代码
root@ubuntu200402:~# gitlab-rake gitlab:backup:create
2022-11-13 16:50:08 +0000 -- Dumping main_database ...
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2022-11-13 16:50:11 +0000 -- Dumping main_database ... done
2022-11-13 16:50:11 +0000 -- Dumping ci_database ... [DISABLED]
2022-11-13 16:50:11 +0000 -- Dumping repositories ...
{"command":"create","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"info","msg":"started create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.git","storage_name":"default","time":"2022-11-13T16:50:11.738Z"}
{"command":"create","gl_project_path":"gitlab-instance-705695e4/Monitoring.wiki","level":"info","msg":"started create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.839Z"}
{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"warning","msg":"skipped create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.git","storage_name":"default","time":"2022-11-13T16:50:11.844Z"}
{"command":"create","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"info","msg":"started create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.design.git","storage_name":"default","time":"2022-11-13T16:50:11.844Z"}
{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"warning","msg":"skipped create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.design.git","storage_name":"default","time":"2022-11-13T16:50:11.847Z"}
{"command":"create","gl_project_path":"magedu/app1","level":"info","msg":"started create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git","storage_name":"default","time":"2022-11-13T16:50:11.847Z"}
{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"gitlab-instance-705695e4/Monitoring.wiki","level":"warning","msg":"skipped create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.847Z"}
{"command":"create","gl_project_path":"magedu/app1.wiki","level":"info","msg":"started create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.852Z"}
{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"magedu/app1.wiki","level":"warning","msg":"skipped create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.860Z"}
{"command":"create","gl_project_path":"magedu/app1","level":"info","msg":"started create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.design.git","storage_name":"default","time":"2022-11-13T16:50:11.860Z"}
{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"magedu/app1","level":"warning","msg":"skipped create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.design.git","storage_name":"default","time":"2022-11-13T16:50:11.864Z"}
{"command":"create","gl_project_path":"magedu/app1","level":"info","msg":"completed create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git","storage_name":"default","time":"2022-11-13T16:50:11.886Z"}
2022-11-13 16:50:11 +0000 -- Dumping repositories ... done
2022-11-13 16:50:11 +0000 -- Dumping uploads ...
2022-11-13 16:50:11 +0000 -- Dumping uploads ... done
2022-11-13 16:50:11 +0000 -- Dumping builds ...
2022-11-13 16:50:11 +0000 -- Dumping builds ... done
2022-11-13 16:50:11 +0000 -- Dumping artifacts ...
2022-11-13 16:50:11 +0000 -- Dumping artifacts ... done
2022-11-13 16:50:11 +0000 -- Dumping pages ...
2022-11-13 16:50:11 +0000 -- Dumping pages ... done
2022-11-13 16:50:11 +0000 -- Dumping lfs objects ...
2022-11-13 16:50:11 +0000 -- Dumping lfs objects ... done
2022-11-13 16:50:11 +0000 -- Dumping terraform states ...
2022-11-13 16:50:11 +0000 -- Dumping terraform states ... done
2022-11-13 16:50:11 +0000 -- Dumping container registry images ... [DISABLED]
2022-11-13 16:50:11 +0000 -- Dumping packages ...
2022-11-13 16:50:11 +0000 -- Dumping packages ... done
2022-11-13 16:50:11 +0000 -- Creating backup archive: 1668358208_2022_11_13_15.4.3_gitlab_backup.tar ...
2022-11-13 16:50:11 +0000 -- Creating backup archive: 1668358208_2022_11_13_15.4.3_gitlab_backup.tar ... done
2022-11-13 16:50:11 +0000 -- Uploading backup archive to remote storage ... [SKIPPED]
2022-11-13 16:50:11 +0000 -- Deleting old backups ... [SKIPPED]
2022-11-13 16:50:11 +0000 -- Deleting tar staging files ...
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/backup_information.yml
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/db
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/repositories
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/uploads.tar.gz
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/builds.tar.gz
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/artifacts.tar.gz
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/pages.tar.gz
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/lfs.tar.gz
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/terraform_state.tar.gz
2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/packages.tar.gz
2022-11-13 16:50:11 +0000 -- Deleting tar staging files ... done
2022-11-13 16:50:11 +0000 -- Deleting backups/tmp ...
2022-11-13 16:50:11 +0000 -- Deleting backups/tmp ... done
2022-11-13 16:50:11 +0000 -- Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
2022-11-13 16:50:11 +0000 -- Backup 1668358208_2022_11_13_15.4.3 is done.
配置文件需要单独备份,包括:
nginx配置文件
root@ubuntu200402:~# ls /var/opt/gitlab/nginx/conf/
gitlab-health.conf gitlab-http.conf nginx.conf nginx-status.conf
gitlab配置文件
root@ubuntu200402:~# ls /etc/gitlab/gitlab.rb
/etc/gitlab/gitlab.rb
key文件
root@ubuntu200402:~# ls /etc/gitlab/gitlab-secrets.json
/etc/gitlab/gitlab-secrets.json
所以需要将/opt/gitlab整个目录备份。nginx配置文件可以不备份,恢复的时候会重新生成。
# 备份完成后,启动停止的服务
root@ubuntu200402:~# gitlab-ctl start unicorn sidekip
我们再次对 app1 仓库的代码进行修改提交,提交到 v2 版本,然后恢复到备份时的 v1 版本。
还原
查看要恢复的文件
root@ubuntu200402:~# ll /var/opt/gitlab/backups/
total 400
drwx------ 2 git root 4096 Nov 13 16:50 ./
drwxr-xr-x 21 root root 4096 Nov 13 14:29 ../
-rw------- 1 git git 399360 Nov 13 16:50 1668358208_2022_11_13_15.4.3_gitlab_backup.tar
停止写入服务
root@ubuntu200402:~# gitlab-ctl stop unicorn sidekip
执行恢复命令
root@ubuntu200402:~# gitlab-rake gitlab:backup:restore BACKUP=1668358208_2022_11_13_15.4.3
按照提示输入yes
最后会看到如下输出,表示恢复完成:
2022-11-13 17:05:10 +0000 -- Restore task is done.
启动写入服务
root@ubuntu200402:~# gitlab-ctl start unicorn sidekip
查看 gitlab 上的代码,回到了 v1 版本,恢复成功。
5. 部署 Jenkins 服务器并安装 GitLab 插件、实现代码免秘钥代码 clone
5.1 安装 jenkins 服务,安装默认推荐的插件
安装 jdk11 和 jenkins
# 在线安装jdk11版本
# apt install openjdk-11-jdk
# 下载jenkins deb包
# wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/debian-stable/jenkins_2.361.3_all.deb
# 安装jenkins,然后停止jenkins服务,方便后面修改配置。
root@ubuntu200403:~# dpkg -i jenkins_2.361.3_all.deb && systemctl stop jenkins
Selecting previously unselected package jenkins.
(Reading database ... 73631 files and directories currently installed.)
Preparing to unpack jenkins_2.361.3_all.deb ...
Unpacking jenkins (2.361.3) ...
dpkg: dependency problems prevent configuration of jenkins:
jenkins depends on net-tools; however:
Package net-tools is not installed.
dpkg: error processing package jenkins (--install):
dependency problems - leaving unconfigured
Processing triggers for systemd (245.4-4ubuntu3.15) ...
Errors were encountered while processing:
jenkins
# 根据报错提示安装net-tools
root@ubuntu200403:~# apt install -y net-tools
# 重新安装jenkins
root@ubuntu200403:~# dpkg -i jenkins_2.361.3_all.deb && systemctl stop jenkins
修改 jenkins.service 配置,并启动服务。
root@ubuntu200403:~# vi /lib/systemd/system/jenkins.service
修改下面三处
User=root
Group=root
Environment="JAVA_OPTS=-Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true"
root@ubuntu200403:~# systemctl daemon-reload
root@ubuntu200403:~# systemctl restart jenkins.service
root@ubuntu200403:~# ps -ef |grep jenkins
root 9614 1 43 14:35 ? 00:00:17 /usr/bin/java -Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -jar /usr/share/javajenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080
root 9757 6591 0 14:36 pts/1 00:00:00 grep --color=auto jenkins
root@ubuntu200403:~# systemctl enable jenkins.service
Synchronizing state of jenkins.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable jenkins
浏览器访问 jenkins: http://10.0.0.131:8080/
按照提示解锁 jenkins。
选择安装推荐的插件。系统会在线安装常用的插件。
安装完后,创建一个管理员账号 qa,并设置密码为 zx123456。
实例配置页面保持默认不做修改。
进入 jenkins 的 Dashboard 页面。右上角为新创建的用户。
安装的插件需要重启 jenkins 才能生效。可以重启 jenkins 服务,或者用 /restart api 重启。
这里我们彻底一点,重启 jenkins 服务,然后再来看页面。
# systemctl restart jenkins
重新登录,页面如下。
配置邮件通知
【系统管理】-【系统配置】,打开 Configure System 页面。
jenkins Location 里配置系统管理员邮件地址:
邮件通知里所有项都要填,参考如下:
检查邮箱是否成功收到邮件。
5.2 安装 gitlab 插件
在 Dashboard 页面,选择【系统管理】,右边选择【插件管理】
在【已安装】tab 页检索 gitlab,查看到 gitlab 默认没有安装。
在【可选插件】tab 页 检索 gitlab,进行在线安装。
安装好后,已安装中可以检索到 gitlab plugin。
5.3 实现代码免秘钥代码 clone
gitlab 服务器: ubuntu200402 10.0.0.132
jenkins 服务器:ubuntu200403 10.0.0.131
jenkins 拉取 gitlab 仓库里的项目代码,下面介绍两种方法:shell 脚本拉取和 git 插件拉取。
通过 git 协议以非交互的方式去拉取代码,这需要配置 ssh 免密。
在 jenkins 服务器生成一对 ssh 密钥对,把公钥放到 gitlab 上,私钥放在 jenkins 服务器。这样就实现了免密认证。
jenkins 服务器上,在 root 用户下生成密钥对的方式如下:
root@ubuntu200403:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:qEiYMKJ7Q6+HABjkOZQ9/h4chuLV6pqwELkhAJ1SKx8 root@ubuntu200403
The key's randomart image is:
+---[RSA 3072]----+
|o=+. |
|*.++ |
|B*E + |
|BO.= + . |
|@ * = o S |
|oO + = |
|=.=.+ . |
|ooo+.. |
|.oo. |
+----[SHA256]-----+
root@ubuntu200403:~#
root@ubuntu200403:~# ls -al ~/.ssh/
total 20
drwx------ 2 root root 4096 Nov 14 15:48 .
drwx------ 7 root root 4096 Nov 14 14:46 ..
-rw------- 1 root root 0 Oct 21 16:51 authorized_keys
-rw------- 1 root root 2602 Nov 14 15:48 id_rsa
-rw-r--r-- 1 root root 571 Nov 14 15:48 id_rsa.pub
-rw-r--r-- 1 root root 444 Oct 30 09:42 known_hosts
将公钥拷贝到 gitlab 服务器
# 拷贝公钥到gitlab服务器,会提示输入密码
root@ubuntu200403:~# ssh-copy-id 10.0.0.132
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.132's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.0.0.132'"
and check to make sure that only the key(s) you wanted were added.
# 验证免密是否生效。没有输入密码就登录成功了,说明生效了。
root@ubuntu200403:~# ssh 10.0.0.132
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-131-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Mon 14 Nov 2022 03:55:00 PM UTC
System load: 0.83 Users logged in: 1
Usage of /: 47.8% of 23.95GB IPv4 address for br-9786484ce7ab: 172.19.0.1
Memory usage: 76% IPv4 address for br-ee0b51380d98: 172.20.0.1
Swap usage: 0% IPv4 address for docker0: 172.17.0.1
Processes: 337 IPv4 address for ens33: 10.0.0.132
* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
just raised the bar for easy, resilient and secure K8s cluster deployment.
https://ubuntu.com/engage/secure-kubernetes-at-the-edge
81 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
New release '22.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Mon Nov 14 15:51:29 2022 from 10.0.0.1
# 验证通过后退出远程登录服务器,回到jenkins服务器
root@ubuntu200402:~# exit
logout
Connection to 10.0.0.132 closed.
将公钥放到 gitlab 上。操作如下:
root 账户登录到 gitlab,选择【偏好设置】-【SSH 秘钥】,将公钥(/root/.ssh/id_rsa.pub 里的内容)拷贝到秘钥文本框中。到期时间默认是一年的,可以手动修改。
配置后会出现秘钥信息页面。后面用 git 协议 clone 就不需要输入密码了。
现在我们就通过 jenkins 来 clone 代码。
新建自由风格的任务,在 Build Step 中选择执行 shell,输入克隆命令。
保存配置后选择立即构建,查看构建日志。
查看 jenkins 服务器上的 job 工程目录,app1 项目代码 clone 成功。
root@ubuntu200403:/var/lib/jenkins# cd workspace/
root@ubuntu200403:/var/lib/jenkins/workspace# ls
test
root@ubuntu200403:/var/lib/jenkins/workspace# cd test/
root@ubuntu200403:/var/lib/jenkins/workspace/test# ls
app1
root@ubuntu200403:/var/lib/jenkins/workspace/test# ls -al app1
total 24
drwxr-xr-x 3 root root 4096 Nov 14 16:13 .
drwxr-xr-x 3 root root 4096 Nov 14 16:13 ..
drwxr-xr-x 8 root root 4096 Nov 14 16:13 .git
-rw-r--r-- 1 root root 157 Nov 14 16:13 index.html
-rw-r--r-- 1 root root 6177 Nov 14 16:13 README.m
以上是通过 shell 脚本方式克隆代码。
如果是用插件方式实现克隆,jenkins 任务界面中配置如下:
点击【添加】。添加好之后,选择这个私钥。
注意注释掉 Build Steps 中的执行 shell 里的内容。然后保存配置。
再次构建此 job。查看构建日志,显示成功。
Starry
还未添加个人签名 2018-12-10 加入
还未添加个人简介
评论