极客时间运维进阶训练营第三周作业

作者：Starry

2022-11-13
北京
本文字数：15161 字
阅读完需：约 50 分钟

1.实现对 Nginx+Tomcat Web 服务的单机编排

下载安装二进制的 docker-compose，版本 v2.12.1：

root@ubuntu200401:~# wget https://github.com/docker/compose/releases/download/v2.12.1/docker-compose-linux-x86_64root@ubuntu200401:~# chmod a+x docker-compose-linux-x86_64 root@ubuntu200401:~# mv docker-compose-linux-x86_64 /usr/local/bin/docker-composeroot@ubuntu200401:~# docker-compose -vDocker Compose version v2.12.1

复制代码

目前用的比较多的是 v1，我们就在另一台服务器安装 v1.29.2 版本。后面操作都基于此版本。

root@ubuntu200402:~# wget https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64root@ubuntu200402:~# chmod a+x docker-compose-Linux-x86_64 root@ubuntu200402:~# mv docker-compose-Linux-x86_64 /usr/local/bin/docker-composeroot@ubuntu200402:~# docker-compose -vdocker-compose version 1.29.2, build 5becea4c

复制代码

部署 nginx、tomcat、mysql，docker-compose.yml 编排文件如下：

version: '3.8'services:  nginx-server:    image: nginx:1.22.0-alpine    container_name: nginx-web1#    network_mode: bridge #网络1，使用docker安装后的默认网桥    expose:      - 80      - 443    ports:      - "80:80"      - "443:443"    networks: #网络2，使用自定义的网络，如果网络不存在则会自动创建该网络并分配子网,并且容器会有两块网卡      - front      - backend    links:      - tomcat-server
  tomcat-server:    #image: tomcat:7.0.93-alpine    image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1    container_name: tomcat-app1    ##network_mode: bridge #网络1，使用docker安装后的默认网桥    #expose:    #  - 8080    #ports:    #  - "8080:8080"    networks: #网络2，使用自定义的网络，如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡      - backend    links:      - mysql-server
  mysql-server:    image: mysql:5.6.48    container_name: mysql-container#    network_mode: bridge #网络1，使用docker安装后的默认网桥    volumes:      - /data/mysql:/var/lib/mysql      #- /etc/mysql/conf/my.cnf:/etc/my.cnf:ro    environment:      - "MYSQL_ROOT_PASSWORD=12345678"      - "TZ=Asia/Shanghai"    expose:      - 3306    ports:      - "3306:3306"    networks: #网络2，使用自定义的网络，如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡      - backend

networks:  front: #自定义前端服务网络,需要docker-compose创建    driver: bridge  backend:  #自定义后端服务的网络,要docker-compose创建    driver: bridge  default: #使用已经存在的docker0默认172.17.0.1/16的网络    external:      name: bridge

复制代码

docker-compose 启动服务，查看服务状态：

root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker-compose up -droot@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker ps -aCONTAINER ID   IMAGE                                                           COMMAND                  CREATED          STATUS          PORTS                                                                      NAMESfc1489547c80   nginx:1.22.0-alpine                                             "/docker-entrypoint.…"   21 seconds ago   Up 19 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   nginx-web173e4bc62f81a   registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1   "/apps/tomcat/bin/do…"   21 seconds ago   Up 20 seconds   8080/tcp, 8443/tcp                                                         tomcat-app1b224301095b7   mysql:5.6.48                                                    "docker-entrypoint.s…"   23 seconds ago   Up 20 seconds   0.0.0.0:3306->3306/tcp, :::3306->3306/tcp                                  mysql-container
root@ubuntu200402:~/docker-compose-cases/case3-custom-network# brctl showbridge name	bridge id		STP enabled	interfacesbr-9786484ce7ab		8000.024258078048	no		veth7ab7e05							vethcb88b70							vethe71a506br-ee0b51380d98		8000.0242daab7cd6	no		vethf6e7cdadocker0		8000.0242a9dd1a28	no		
# 查看nginx-web1容器，有两块网卡，一个是front网络，一个是backend网络。root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker exec -it nginx-web1 sh/ # ifconfigeth0      Link encap:Ethernet  HWaddr 02:42:AC:13:00:04            inet addr:172.19.0.4  Bcast:172.19.255.255  Mask:255.255.0.0          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:14 errors:0 dropped:0 overruns:0 frame:0          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0           RX bytes:1156 (1.1 KiB)  TX bytes:0 (0.0 B)
eth1      Link encap:Ethernet  HWaddr 02:42:AC:14:00:02            inet addr:172.20.0.2  Bcast:172.20.255.255  Mask:255.255.0.0          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:17 errors:0 dropped:0 overruns:0 frame:0          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0           RX bytes:1462 (1.4 KiB)  TX bytes:0 (0.0 B)
lo        Link encap:Local Loopback            inet addr:127.0.0.1  Mask:255.0.0.0          UP LOOPBACK RUNNING  MTU:65536  Metric:1          RX packets:0 errors:0 dropped:0 overruns:0 frame:0          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
/ # route -nKernel IP routing tableDestination     Gateway         Genmask         Flags Metric Ref    Use Iface0.0.0.0         172.19.0.1      0.0.0.0         UG    0      0        0 eth0172.19.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0172.20.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth1

复制代码

访问 nginx 页面成功。

测试 nginx-web1 容器内访问 tomcat 服务是否正常：

root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker exec -it nginx-web1 sh/ # curl tomcat-server:8080/myapp/index.jsp
<br />host: 73e4bc62f81a
<br />remoteAddr: 172.19.0.4<br />remoteHost: 172.19.0.4<br />sessionId: 3D94CB24DE60E2EEDCA3A1F08CA4C8DF<br />serverName:tomcat-server<br />scheme:http<br />
host : tomcat-server:8080<br />user-agent : curl/7.83.1<br />accept : */*<br />

复制代码

配置 nginx 反向代理，转发动态请求到后端 tomcat-app1 服务。

# 将nginx配置拷贝到宿主机，方便进行编辑。# docker cp nginx-web1:/etc/nginx/conf.d/default.conf .# 在default.conf中server段内增加指向tomcat-app1服务的路由# vi default.conf    location /myapp {        proxy_pass http://tomcat-server:8080;    }     将修改后的文件拷贝到nginx-web1容器内，并使nginx配置生效。# docker cp default.conf nginx-web1:/etc/nginx/conf.d/# docker exec nginx-web1 nginx -s reload

复制代码

浏览器访问 tomcat 应用成功。

2.安装 GitLab、创建 group、user 和 project 并授权

2.1 安装 gitlab

gitlab 采用二进制的方式安装。操作系统配置建议至少需要 8C/16C,16G/32G，SSD/NAS(万兆)。

查看操作系统对应的代号：

root@ubuntu200402:~# lsb_release -a

No LSB modules are available.

Distributor ID: Ubuntu

Description: Ubuntu 20.04.3 LTS

Release: 20.04

Codename: focal

下载 15.4.3 版本。

# wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/ubuntu/pool/focal/main/g/gitlab-ce/gitlab-ce_15.4.3-ce.0_amd64.deb# 查看包的内容,可以看到文件都在/opt/gitlab目录下。# dpkg -c gitlab-ce_15.4.3-ce.0_amd64.deb# 安装# dpkg -i gitlab-ce_15.4.3-ce.0_amd64.deb...Thank you for installing GitLab!GitLab was unable to detect a valid hostname for your instance.Please configure a URL for your GitLab instance by setting `external_url`configuration in /etc/gitlab/gitlab.rb file.Then, you can start your GitLab instance by running the following command:  sudo gitlab-ctl reconfigure
For a comprehensive list of configuration options please see the Omnibus GitLab readmehttps://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
Help us improve the installation experience, let us know how we did with a 1 minute survey:https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=15-4

复制代码

配置邮件发件配置。这里我们用 qq 邮箱，需要先获取一个授权码。

获取 QQ 邮箱授权码方式：

访问 mail.qq.com，输入 qq 用户名、密码进入邮箱。

点击【设置】-》【账户】

拖动右侧滚动条，找到 POP3/IMAP/SMTP/Exchange/CardDAV/CalDAV 服务区域，开启 POP3/SMTP 服务，会要求绑定手机号验证。按照提示操作，得到授权码“dudwfgfhqmzpcaeh”。

然后编辑/etc/gitlab/gitlab.rb 文件，并使配置生效。

root@ubuntu200402:~# grep -Ev '^$|^#' /etc/gitlab/gitlab.rbexternal_url 'http://10.0.0.132'gitlab_rails['smtp_enable'] = truegitlab_rails['smtp_address'] = "smtp.qq.com"gitlab_rails['smtp_port'] = 465gitlab_rails['smtp_user_name'] = "360159416@qq.com"gitlab_rails['smtp_password'] = "dudwfgfhqmzpcaeh"gitlab_rails['smtp_domain'] = "qq.com"gitlab_rails['smtp_authentication'] = :logingitlab_rails['smtp_enable_starttls_auto'] = truegitlab_rails['smtp_tls'] = truegitlab_rails['gitlab_email_from'] = "360159416@qq.com"user["git_user_email"] = "360159416@qq.com"
root@ubuntu200402:~# gitlab-ctl reconfigure...Notes:Default admin account has been configured with following details:Username: rootPassword: You didn't opt-in to print initial root password to STDOUT.Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.
NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

复制代码

首次登陆 gitlab，需要输入用户名密码。用户名可以输入 root 或邮箱号，密码是随机生成的，存储在/etc/gitlab/initial_root_password 里。登录成功后，进行一些简单的配置。

语言改成中文，点击保存。

右键“重新加载”，页面就显示中文了。

密码修改

在右上角下拉框中选择编辑个人资料，选择左侧密码，在右侧输入当前密码和新密码，新密码可设置为 12345678，保存。

修改密码成功后，会要求用新密码重新登录。重新登录后，在编辑个人资料中，设置电子邮件。

邮箱会受到一个确认说明的邮件，需要点击确认。

通知里的全局通知设置里邮箱改成自己的邮箱号。gitlab 产生事件通知时就会发给自己的邮箱号。

关闭注册功能：

2.2 创建 group、user 和 project 并授权

group 对应于公司的项目

user 对应公司的研发人员

project 对应公司项目中的服务

创建 group

【main menu】->【仪表板】-> 【新建群组】

输入群组名称，点击【创建群组】

创建 user

【main menu】->【仪表板】-> 【新建用户】

新建用户 user1，输入名称，用户名，电子邮件，其他保持默认，点击【创建用户】。

设置密码。

使用新创建的用户登录一次，修改密码。然后再用修改后的密码登录到 gitlab，确保能正常登录。

相同的方式创建用户 user2，并确保能正常登录。

创建 project

选择创建空白项目，

会出现如下界面，界面中有使用介绍。

授权：

管理员界面，点击 group magedu。

将新建的 user1 加入 group，并选择权限，权限有 5 种，这里选开发者。

将 user2 也加入进来，设置权限为 owner，效果如下：

3. Git 命令的基本使用

user1 为 developer 权限，使用它来完成 git 的基本操作。

git add . # 添加当前目录下所有变化过的内容到暂存区

git commit -m "xxx" # 将代码提交到本地仓库

git push # 上传到 gitlab 服务器

# 本地克隆远程仓库代码到指定路径# mkdir /data# cd /dataroot@ubuntu200403:/data# git clone http://10.0.0.132/magedu/app1.gitCloning into 'app1'...Username for 'http://10.0.0.132': user1Password for 'http://user1@10.0.0.132': remote: Enumerating objects: 3, done.remote: Counting objects: 100% (3/3), done.remote: Compressing objects: 100% (2/2), done.remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0Unpacking objects: 100% (3/3), 2.77 KiB | 258.00 KiB/s, done.root@ubuntu200403:/data# ls -ltotal 4drwxr-xr-x 3 root root 4096 Nov 13 16:17 app1root@ubuntu200403:/data# ll app1total 20drwxr-xr-x 3 root root 4096 Nov 13 16:17 ./drwxr-xr-x 3 root root 4096 Nov 13 16:17 ../drwxr-xr-x 8 root root 4096 Nov 13 16:17 .git/-rw-r--r-- 1 root root 6177 Nov 13 16:17 README.mdroot@ubuntu200403:/data# 
# 新建文件index.htmroot@ubuntu200403:/data/app1# cat index.html <!DOCTYPE html><html lang="en">	<head>		<meta charset="UTF-8">		<title>magedu 官网</title>	</head>	<body>		<h1>当前版本v1</h1>	</body></html>
# 查看当前分支root@ubuntu200403:/data/app1# git branch* main
# 查看当前修改root@ubuntu200403:/data/app1# git statusOn branch mainYour branch is up to date with 'origin/main'.
Untracked files:  (use "git add <file>..." to include in what will be committed)	index.html
nothing added to commit but untracked files present (use "git add" to track)
# 添加修改到暂存区root@ubuntu200403:/data/app1# git add .
# 将暂存区内容提交到本地仓库。root@ubuntu200403:/data/app1# git commit -m "add index.html"
*** Please tell me who you are.
Run
  git config --global user.email "you@example.com"  git config --global user.name "Your Name"
to set your account's default identity.Omit --global to set the identity only in this repository.
fatal: unable to auto-detect email address (got 'root@ubuntu200403.(none)')
# 按照提示配置git全局配置root@ubuntu200403:/data/app1# git config --global user.email "xhzhou@zshield.net"root@ubuntu200403:/data/app1# git config --global user.name "user1"root@ubuntu200403:/data/app1# git commit -m "add index.html"[main d29fe15] add index.html 1 file changed, 10 insertions(+) create mode 100644 index.html  # user1为developer权限，提交到远程仓库失败root@ubuntu200403:/data/app1# git pushUsername for 'http://10.0.0.132': user1Password for 'http://user1@10.0.0.132': Enumerating objects: 4, done.Counting objects: 100% (4/4), done.Delta compression using up to 2 threadsCompressing objects: 100% (3/3), done.Writing objects: 100% (3/3), 401 bytes | 401.00 KiB/s, done.Total 3 (delta 0), reused 0 (delta 0)remote: GitLab: You are not allowed to push code to protected branches on this project.To http://10.0.0.132/magedu/app1.git ! [remote rejected] main -> main (pre-receive hook declined)error: failed to push some refs to 'http://10.0.0.132/magedu/app1.git'
# user2为owner权限，提交到远程仓库成功root@ubuntu200403:/data/app1# git pushUsername for 'http://10.0.0.132': user2Password for 'http://user2@10.0.0.132': Enumerating objects: 4, done.Counting objects: 100% (4/4), done.Delta compression using up to 2 threadsCompressing objects: 100% (3/3), done.Writing objects: 100% (3/3), 401 bytes | 401.00 KiB/s, done.Total 3 (delta 0), reused 0 (delta 0)To http://10.0.0.132/magedu/app1.git   7509d95..d29fe15  main -> main

复制代码

gitlab 上可以看到提交内容。

4. GitLab 服务的数据备份与恢复

备份

root@ubuntu200402:~# gitlab-ctl statusrun: alertmanager: (pid 15392) 8218s; run: log: (pid 15238) 8245srun: gitaly: (pid 15424) 8217s; run: log: (pid 14545) 8341srun: gitlab-exporter: (pid 15370) 8220s; run: log: (pid 15057) 8262srun: gitlab-kas: (pid 15342) 8222s; run: log: (pid 14816) 8328srun: gitlab-workhorse: (pid 15353) 8221s; run: log: (pid 14986) 8276srun: logrotate: (pid 29761) 1156s; run: log: (pid 14445) 8354srun: nginx: (pid 14981) 8276s; run: log: (pid 15015) 8274srun: node-exporter: (pid 15361) 8221s; run: log: (pid 15039) 8269srun: postgres-exporter: (pid 15409) 8218s; run: log: (pid 15288) 8237srun: postgresql: (pid 14670) 8338s; run: log: (pid 14755) 8335srun: prometheus: (pid 15378) 8219s; run: log: (pid 15204) 8251srun: puma: (pid 14900) 8291s; run: log: (pid 14908) 8288srun: redis: (pid 14475) 8350s; run: log: (pid 14487) 8347srun: redis-exporter: (pid 15372) 8220s; run: log: (pid 15115) 8257srun: sidekiq: (pid 14920) 8285s; run: log: (pid 14939) 8281s
# 停止unicorn sidekip服务root@ubuntu200402:~# gitlab-ctl stop unicorn sidekip
# 运行备份命令，备份账号信息和源代码root@ubuntu200402:~# gitlab-rake gitlab:backup:create2022-11-13 16:50:08 +0000 -- Dumping main_database ... Dumping PostgreSQL database gitlabhq_production ... [DONE]2022-11-13 16:50:11 +0000 -- Dumping main_database ... done2022-11-13 16:50:11 +0000 -- Dumping ci_database ... [DISABLED]2022-11-13 16:50:11 +0000 -- Dumping repositories ... {"command":"create","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"info","msg":"started create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.git","storage_name":"default","time":"2022-11-13T16:50:11.738Z"}{"command":"create","gl_project_path":"gitlab-instance-705695e4/Monitoring.wiki","level":"info","msg":"started create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.839Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"warning","msg":"skipped create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.git","storage_name":"default","time":"2022-11-13T16:50:11.844Z"}{"command":"create","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"info","msg":"started create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.design.git","storage_name":"default","time":"2022-11-13T16:50:11.844Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"warning","msg":"skipped create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.design.git","storage_name":"default","time":"2022-11-13T16:50:11.847Z"}{"command":"create","gl_project_path":"magedu/app1","level":"info","msg":"started create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git","storage_name":"default","time":"2022-11-13T16:50:11.847Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"gitlab-instance-705695e4/Monitoring.wiki","level":"warning","msg":"skipped create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.847Z"}{"command":"create","gl_project_path":"magedu/app1.wiki","level":"info","msg":"started create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.852Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"magedu/app1.wiki","level":"warning","msg":"skipped create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.860Z"}{"command":"create","gl_project_path":"magedu/app1","level":"info","msg":"started create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.design.git","storage_name":"default","time":"2022-11-13T16:50:11.860Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"magedu/app1","level":"warning","msg":"skipped create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.design.git","storage_name":"default","time":"2022-11-13T16:50:11.864Z"}{"command":"create","gl_project_path":"magedu/app1","level":"info","msg":"completed create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git","storage_name":"default","time":"2022-11-13T16:50:11.886Z"}2022-11-13 16:50:11 +0000 -- Dumping repositories ... done2022-11-13 16:50:11 +0000 -- Dumping uploads ... 2022-11-13 16:50:11 +0000 -- Dumping uploads ... done2022-11-13 16:50:11 +0000 -- Dumping builds ... 2022-11-13 16:50:11 +0000 -- Dumping builds ... done2022-11-13 16:50:11 +0000 -- Dumping artifacts ... 2022-11-13 16:50:11 +0000 -- Dumping artifacts ... done2022-11-13 16:50:11 +0000 -- Dumping pages ... 2022-11-13 16:50:11 +0000 -- Dumping pages ... done2022-11-13 16:50:11 +0000 -- Dumping lfs objects ... 2022-11-13 16:50:11 +0000 -- Dumping lfs objects ... done2022-11-13 16:50:11 +0000 -- Dumping terraform states ... 2022-11-13 16:50:11 +0000 -- Dumping terraform states ... done2022-11-13 16:50:11 +0000 -- Dumping container registry images ... [DISABLED]2022-11-13 16:50:11 +0000 -- Dumping packages ... 2022-11-13 16:50:11 +0000 -- Dumping packages ... done2022-11-13 16:50:11 +0000 -- Creating backup archive: 1668358208_2022_11_13_15.4.3_gitlab_backup.tar ... 2022-11-13 16:50:11 +0000 -- Creating backup archive: 1668358208_2022_11_13_15.4.3_gitlab_backup.tar ... done2022-11-13 16:50:11 +0000 -- Uploading backup archive to remote storage  ... [SKIPPED]2022-11-13 16:50:11 +0000 -- Deleting old backups ... [SKIPPED]2022-11-13 16:50:11 +0000 -- Deleting tar staging files ... 2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/backup_information.yml2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/db2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/repositories2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/uploads.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/builds.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/artifacts.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/pages.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/lfs.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/terraform_state.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/packages.tar.gz2022-11-13 16:50:11 +0000 -- Deleting tar staging files ... done2022-11-13 16:50:11 +0000 -- Deleting backups/tmp ... 2022-11-13 16:50:11 +0000 -- Deleting backups/tmp ... done2022-11-13 16:50:11 +0000 -- Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data and are not included in this backup. You will need these files to restore a backup.Please back them up manually.2022-11-13 16:50:11 +0000 -- Backup 1668358208_2022_11_13_15.4.3 is done.
配置文件需要单独备份，包括：nginx配置文件root@ubuntu200402:~# ls /var/opt/gitlab/nginx/conf/gitlab-health.conf  gitlab-http.conf  nginx.conf  nginx-status.confgitlab配置文件root@ubuntu200402:~# ls /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rbkey文件root@ubuntu200402:~# ls /etc/gitlab/gitlab-secrets.json /etc/gitlab/gitlab-secrets.json
所以需要将/opt/gitlab整个目录备份。nginx配置文件可以不备份，恢复的时候会重新生成。
# 备份完成后，启动停止的服务root@ubuntu200402:~# gitlab-ctl start unicorn sidekip

复制代码

我们再次对 app1 仓库的代码进行修改提交，提交到 v2 版本，然后恢复到备份时的 v1 版本。

还原

查看要恢复的文件root@ubuntu200402:~# ll /var/opt/gitlab/backups/total 400drwx------  2 git  root   4096 Nov 13 16:50 ./drwxr-xr-x 21 root root   4096 Nov 13 14:29 ../-rw-------  1 git  git  399360 Nov 13 16:50 1668358208_2022_11_13_15.4.3_gitlab_backup.tar

停止写入服务root@ubuntu200402:~# gitlab-ctl stop unicorn sidekip
执行恢复命令root@ubuntu200402:~# gitlab-rake gitlab:backup:restore BACKUP=1668358208_2022_11_13_15.4.3按照提示输入yes最后会看到如下输出，表示恢复完成：2022-11-13 17:05:10 +0000 -- Restore task is done.
启动写入服务root@ubuntu200402:~# gitlab-ctl start unicorn sidekip

复制代码

查看 gitlab 上的代码，回到了 v1 版本，恢复成功。

5. 部署 Jenkins 服务器并安装 GitLab 插件、实现代码免秘钥代码 clone

5.1 安装 jenkins 服务，安装默认推荐的插件

安装 jdk11 和 jenkins

# 在线安装jdk11版本# apt install openjdk-11-jdk
# 下载jenkins deb包# wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/debian-stable/jenkins_2.361.3_all.deb
# 安装jenkins，然后停止jenkins服务，方便后面修改配置。root@ubuntu200403:~# dpkg -i jenkins_2.361.3_all.deb && systemctl stop jenkinsSelecting previously unselected package jenkins.(Reading database ... 73631 files and directories currently installed.)Preparing to unpack jenkins_2.361.3_all.deb ...Unpacking jenkins (2.361.3) ...dpkg: dependency problems prevent configuration of jenkins: jenkins depends on net-tools; however:  Package net-tools is not installed.
dpkg: error processing package jenkins (--install): dependency problems - leaving unconfiguredProcessing triggers for systemd (245.4-4ubuntu3.15) ...Errors were encountered while processing: jenkins
# 根据报错提示安装net-toolsroot@ubuntu200403:~# apt install -y net-tools# 重新安装jenkinsroot@ubuntu200403:~# dpkg -i jenkins_2.361.3_all.deb && systemctl stop jenkins

复制代码

修改 jenkins.service 配置，并启动服务。

root@ubuntu200403:~# vi /lib/systemd/system/jenkins.service修改下面三处User=rootGroup=rootEnvironment="JAVA_OPTS=-Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true"
root@ubuntu200403:~# systemctl daemon-reloadroot@ubuntu200403:~# systemctl restart jenkins.serviceroot@ubuntu200403:~# ps -ef |grep jenkinsroot        9614       1 43 14:35 ?        00:00:17 /usr/bin/java -Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -jar /usr/share/javajenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080root        9757    6591  0 14:36 pts/1    00:00:00 grep --color=auto jenkinsroot@ubuntu200403:~# systemctl enable jenkins.serviceSynchronizing state of jenkins.service with SysV service script with /lib/systemd/systemd-sysv-install.Executing: /lib/systemd/systemd-sysv-install enable jenkins

复制代码

浏览器访问 jenkins： http://10.0.0.131:8080/

按照提示解锁 jenkins。

选择安装推荐的插件。系统会在线安装常用的插件。

安装完后，创建一个管理员账号 qa，并设置密码为 zx123456。

实例配置页面保持默认不做修改。

进入 jenkins 的 Dashboard 页面。右上角为新创建的用户。

安装的插件需要重启 jenkins 才能生效。可以重启 jenkins 服务，或者用 /restart api 重启。

这里我们彻底一点，重启 jenkins 服务，然后再来看页面。

# systemctl restart jenkins

复制代码

重新登录，页面如下。

配置邮件通知

【系统管理】-【系统配置】，打开 Configure System 页面。

jenkins Location 里配置系统管理员邮件地址：

邮件通知里所有项都要填，参考如下：

检查邮箱是否成功收到邮件。

5.2 安装 gitlab 插件

在 Dashboard 页面，选择【系统管理】，右边选择【插件管理】

在【已安装】tab 页检索 gitlab，查看到 gitlab 默认没有安装。

在【可选插件】tab 页检索 gitlab，进行在线安装。

安装好后，已安装中可以检索到 gitlab plugin。

5.3 实现代码免秘钥代码 clone

gitlab 服务器： ubuntu200402 10.0.0.132

jenkins 服务器：ubuntu200403 10.0.0.131

jenkins 拉取 gitlab 仓库里的项目代码，下面介绍两种方法：shell 脚本拉取和 git 插件拉取。

通过 git 协议以非交互的方式去拉取代码，这需要配置 ssh 免密。

在 jenkins 服务器生成一对 ssh 密钥对，把公钥放到 gitlab 上，私钥放在 jenkins 服务器。这样就实现了免密认证。

jenkins 服务器上，在 root 用户下生成密钥对的方式如下：

root@ubuntu200403:~# ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsaYour public key has been saved in /root/.ssh/id_rsa.pubThe key fingerprint is:SHA256:qEiYMKJ7Q6+HABjkOZQ9/h4chuLV6pqwELkhAJ1SKx8 root@ubuntu200403The key's randomart image is:+---[RSA 3072]----+|o=+.             ||*.++             ||B*E +            ||BO.= + .         ||@ * = o S        ||oO + =           ||=.=.+ .          ||ooo+..           ||.oo.             |+----[SHA256]-----+root@ubuntu200403:~# root@ubuntu200403:~# ls -al ~/.ssh/total 20drwx------ 2 root root 4096 Nov 14 15:48 .drwx------ 7 root root 4096 Nov 14 14:46 ..-rw------- 1 root root    0 Oct 21 16:51 authorized_keys-rw------- 1 root root 2602 Nov 14 15:48 id_rsa-rw-r--r-- 1 root root  571 Nov 14 15:48 id_rsa.pub-rw-r--r-- 1 root root  444 Oct 30 09:42 known_hosts

复制代码

将公钥拷贝到 gitlab 服务器

# 拷贝公钥到gitlab服务器，会提示输入密码root@ubuntu200403:~# ssh-copy-id 10.0.0.132/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@10.0.0.132's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh '10.0.0.132'"and check to make sure that only the key(s) you wanted were added.
# 验证免密是否生效。没有输入密码就登录成功了，说明生效了。root@ubuntu200403:~# ssh 10.0.0.132Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-131-generic x86_64)
 * Documentation:  https://help.ubuntu.com * Management:     https://landscape.canonical.com * Support:        https://ubuntu.com/advantage
  System information as of Mon 14 Nov 2022 03:55:00 PM UTC
  System load:  0.83               Users logged in:                  1  Usage of /:   47.8% of 23.95GB   IPv4 address for br-9786484ce7ab: 172.19.0.1  Memory usage: 76%                IPv4 address for br-ee0b51380d98: 172.20.0.1  Swap usage:   0%                 IPv4 address for docker0:         172.17.0.1  Processes:    337                IPv4 address for ens33:           10.0.0.132
 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s   just raised the bar for easy, resilient and secure K8s cluster deployment.
   https://ubuntu.com/engage/secure-kubernetes-at-the-edge
81 updates can be applied immediately.To see these additional updates run: apt list --upgradable
New release '22.04.1 LTS' available.Run 'do-release-upgrade' to upgrade to it.

Last login: Mon Nov 14 15:51:29 2022 from 10.0.0.1
# 验证通过后退出远程登录服务器，回到jenkins服务器root@ubuntu200402:~# exitlogoutConnection to 10.0.0.132 closed.

复制代码

将公钥放到 gitlab 上。操作如下：

root 账户登录到 gitlab，选择【偏好设置】-【SSH 秘钥】，将公钥（/root/.ssh/id_rsa.pub 里的内容）拷贝到秘钥文本框中。到期时间默认是一年的，可以手动修改。

配置后会出现秘钥信息页面。后面用 git 协议 clone 就不需要输入密码了。

现在我们就通过 jenkins 来 clone 代码。

新建自由风格的任务，在 Build Step 中选择执行 shell，输入克隆命令。

保存配置后选择立即构建，查看构建日志。

查看 jenkins 服务器上的 job 工程目录，app1 项目代码 clone 成功。

root@ubuntu200403:/var/lib/jenkins# cd workspace/root@ubuntu200403:/var/lib/jenkins/workspace# lstestroot@ubuntu200403:/var/lib/jenkins/workspace# cd test/root@ubuntu200403:/var/lib/jenkins/workspace/test# lsapp1root@ubuntu200403:/var/lib/jenkins/workspace/test# ls -al app1total 24drwxr-xr-x 3 root root 4096 Nov 14 16:13 .drwxr-xr-x 3 root root 4096 Nov 14 16:13 ..drwxr-xr-x 8 root root 4096 Nov 14 16:13 .git-rw-r--r-- 1 root root  157 Nov 14 16:13 index.html-rw-r--r-- 1 root root 6177 Nov 14 16:13 README.m