写点什么

极客时间运维进阶训练营第三周作业

作者:Starry
  • 2022-11-13
    北京
  • 本文字数:15161 字

    阅读完需:约 50 分钟

1.实现对 Nginx+Tomcat Web 服务的单机编排

下载安装二进制的 docker-compose,版本 v2.12.1:

root@ubuntu200401:~# wget https://github.com/docker/compose/releases/download/v2.12.1/docker-compose-linux-x86_64root@ubuntu200401:~# chmod a+x docker-compose-linux-x86_64 root@ubuntu200401:~# mv docker-compose-linux-x86_64 /usr/local/bin/docker-composeroot@ubuntu200401:~# docker-compose -vDocker Compose version v2.12.1
复制代码


目前用的比较多的是 v1,我们就在另一台服务器安装 v1.29.2 版本。后面操作都基于此版本。

root@ubuntu200402:~# wget https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64root@ubuntu200402:~# chmod a+x docker-compose-Linux-x86_64 root@ubuntu200402:~# mv docker-compose-Linux-x86_64 /usr/local/bin/docker-composeroot@ubuntu200402:~# docker-compose -vdocker-compose version 1.29.2, build 5becea4c
复制代码


部署 nginx、tomcat、mysql,docker-compose.yml 编排文件如下:

version: '3.8'services:  nginx-server:    image: nginx:1.22.0-alpine    container_name: nginx-web1#    network_mode: bridge #网络1,使用docker安装后的默认网桥    expose:      - 80      - 443    ports:      - "80:80"      - "443:443"    networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有两块网卡      - front      - backend    links:      - tomcat-server
tomcat-server: #image: tomcat:7.0.93-alpine image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1 container_name: tomcat-app1 ##network_mode: bridge #网络1,使用docker安装后的默认网桥 #expose: # - 8080 #ports: # - "8080:8080" networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡 - backend links: - mysql-server
mysql-server: image: mysql:5.6.48 container_name: mysql-container# network_mode: bridge #网络1,使用docker安装后的默认网桥 volumes: - /data/mysql:/var/lib/mysql #- /etc/mysql/conf/my.cnf:/etc/my.cnf:ro environment: - "MYSQL_ROOT_PASSWORD=12345678" - "TZ=Asia/Shanghai" expose: - 3306 ports: - "3306:3306" networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡 - backend

networks: front: #自定义前端服务网络,需要docker-compose创建 driver: bridge backend: #自定义后端服务的网络,要docker-compose创建 driver: bridge default: #使用已经存在的docker0默认172.17.0.1/16的网络 external: name: bridge
复制代码


docker-compose 启动服务,查看服务状态:

root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker-compose up -droot@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker ps -aCONTAINER ID   IMAGE                                                           COMMAND                  CREATED          STATUS          PORTS                                                                      NAMESfc1489547c80   nginx:1.22.0-alpine                                             "/docker-entrypoint.…"   21 seconds ago   Up 19 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   nginx-web173e4bc62f81a   registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1   "/apps/tomcat/bin/do…"   21 seconds ago   Up 20 seconds   8080/tcp, 8443/tcp                                                         tomcat-app1b224301095b7   mysql:5.6.48                                                    "docker-entrypoint.s…"   23 seconds ago   Up 20 seconds   0.0.0.0:3306->3306/tcp, :::3306->3306/tcp                                  mysql-container
root@ubuntu200402:~/docker-compose-cases/case3-custom-network# brctl showbridge name bridge id STP enabled interfacesbr-9786484ce7ab 8000.024258078048 no veth7ab7e05 vethcb88b70 vethe71a506br-ee0b51380d98 8000.0242daab7cd6 no vethf6e7cdadocker0 8000.0242a9dd1a28 no
# 查看nginx-web1容器,有两块网卡,一个是front网络,一个是backend网络。root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker exec -it nginx-web1 sh/ # ifconfigeth0 Link encap:Ethernet HWaddr 02:42:AC:13:00:04 inet addr:172.19.0.4 Bcast:172.19.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1156 (1.1 KiB) TX bytes:0 (0.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:14:00:02 inet addr:172.20.0.2 Bcast:172.20.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1462 (1.4 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 172.19.0.1 0.0.0.0 UG 0 0 0 eth0172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0172.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1

复制代码


访问 nginx 页面成功。


测试 nginx-web1 容器内访问 tomcat 服务是否正常:

root@ubuntu200402:~/docker-compose-cases/case3-custom-network# docker exec -it nginx-web1 sh/ # curl tomcat-server:8080/myapp/index.jsp
<br />host: 73e4bc62f81a
<br />remoteAddr: 172.19.0.4<br />remoteHost: 172.19.0.4<br />sessionId: 3D94CB24DE60E2EEDCA3A1F08CA4C8DF<br />serverName:tomcat-server<br />scheme:http<br />
host : tomcat-server:8080<br />user-agent : curl/7.83.1<br />accept : */*<br />
复制代码


配置 nginx 反向代理,转发动态请求到后端 tomcat-app1 服务。

# 将nginx配置拷贝到宿主机,方便进行编辑。# docker cp nginx-web1:/etc/nginx/conf.d/default.conf .# 在default.conf中server段内增加指向tomcat-app1服务的路由# vi default.conf    location /myapp {        proxy_pass http://tomcat-server:8080;    }     将修改后的文件拷贝到nginx-web1容器内,并使nginx配置生效。# docker cp default.conf nginx-web1:/etc/nginx/conf.d/# docker exec nginx-web1 nginx -s reload
复制代码

浏览器访问 tomcat 应用成功。


2.安装 GitLab、创建 group、user 和 project 并授权

2.1 安装 gitlab

gitlab 采用二进制的方式安装。操作系统配置建议至少需要 8C/16C,16G/32G,SSD/NAS(万兆)。

查看操作系统对应的代号:

root@ubuntu200402:~# lsb_release -a

No LSB modules are available.

Distributor ID: Ubuntu

Description: Ubuntu 20.04.3 LTS

Release: 20.04

Codename: focal


下载 15.4.3 版本。

# wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/ubuntu/pool/focal/main/g/gitlab-ce/gitlab-ce_15.4.3-ce.0_amd64.deb# 查看包的内容,可以看到文件都在/opt/gitlab目录下。# dpkg -c gitlab-ce_15.4.3-ce.0_amd64.deb# 安装# dpkg -i gitlab-ce_15.4.3-ce.0_amd64.deb...Thank you for installing GitLab!GitLab was unable to detect a valid hostname for your instance.Please configure a URL for your GitLab instance by setting `external_url`configuration in /etc/gitlab/gitlab.rb file.Then, you can start your GitLab instance by running the following command:  sudo gitlab-ctl reconfigure
For a comprehensive list of configuration options please see the Omnibus GitLab readmehttps://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
Help us improve the installation experience, let us know how we did with a 1 minute survey:https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=15-4

复制代码


配置邮件发件配置。这里我们用 qq 邮箱,需要先获取一个授权码。

获取 QQ 邮箱授权码方式:

访问 mail.qq.com,输入 qq 用户名、密码进入邮箱。

点击【设置】-》【账户】

拖动右侧滚动条,找到 POP3/IMAP/SMTP/Exchange/CardDAV/CalDAV 服务区域,开启 POP3/SMTP 服务,会要求绑定手机号验证。按照提示操作,得到授权码“dudwfgfhqmzpcaeh”。

然后编辑/etc/gitlab/gitlab.rb 文件,并使配置生效。

root@ubuntu200402:~# grep -Ev '^$|^#' /etc/gitlab/gitlab.rbexternal_url 'http://10.0.0.132'gitlab_rails['smtp_enable'] = truegitlab_rails['smtp_address'] = "smtp.qq.com"gitlab_rails['smtp_port'] = 465gitlab_rails['smtp_user_name'] = "360159416@qq.com"gitlab_rails['smtp_password'] = "dudwfgfhqmzpcaeh"gitlab_rails['smtp_domain'] = "qq.com"gitlab_rails['smtp_authentication'] = :logingitlab_rails['smtp_enable_starttls_auto'] = truegitlab_rails['smtp_tls'] = truegitlab_rails['gitlab_email_from'] = "360159416@qq.com"user["git_user_email"] = "360159416@qq.com"
root@ubuntu200402:~# gitlab-ctl reconfigure...Notes:Default admin account has been configured with following details:Username: rootPassword: You didn't opt-in to print initial root password to STDOUT.Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.
NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
复制代码

首次登陆 gitlab,需要输入用户名密码。用户名可以输入 root 或邮箱号,密码是随机生成的,存储在/etc/gitlab/initial_root_password 里。登录成功后,进行一些简单的配置。


语言改成中文,点击保存。

右键“重新加载”,页面就显示中文了。

密码修改

在右上角下拉框中选择编辑个人资料,选择左侧密码,在右侧输入当前密码和新密码,新密码可设置为 12345678,保存。

修改密码成功后,会要求用新密码重新登录。重新登录后,在编辑个人资料中,设置电子邮件

邮箱会受到一个 确认说明 的邮件,需要点击确认。


通知 里的全局通知设置里邮箱改成自己的邮箱号。gitlab 产生事件通知时就会发给自己的邮箱号。


关闭注册功能:


2.2 创建 group、user 和 project 并授权


group 对应于公司的项目

user 对应公司的研发人员

project 对应公司项目中的服务

创建 group

【main menu】->【仪表板】-> 【新建群组】


输入群组名称,点击【创建群组】

创建 user

【main menu】->【仪表板】-> 【新建用户】

新建用户 user1,输入名称,用户名,电子邮件,其他保持默认,点击【创建用户】。

设置密码。



使用新创建的用户登录一次,修改密码。然后再用修改后的密码登录到 gitlab,确保能正常登录。

相同的方式创建用户 user2,并确保能正常登录。


创建 project

选择创建空白项目

会出现如下界面,界面中有使用介绍。


授权:

管理员界面,点击 group magedu。

将新建的 user1 加入 group,并选择权限,权限有 5 种,这里选开发者。


将 user2 也加入进来,设置权限为 owner,效果如下:


3. Git 命令的基本使用

user1 为 developer 权限,使用它来完成 git 的基本操作。

git add . # 添加当前目录下所有变化过的内容到暂存区

git commit -m "xxx" # 将代码提交到本地仓库

git push # 上传到 gitlab 服务器

# 本地克隆远程仓库代码到指定路径# mkdir /data# cd /dataroot@ubuntu200403:/data# git clone http://10.0.0.132/magedu/app1.gitCloning into 'app1'...Username for 'http://10.0.0.132': user1Password for 'http://user1@10.0.0.132': remote: Enumerating objects: 3, done.remote: Counting objects: 100% (3/3), done.remote: Compressing objects: 100% (2/2), done.remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0Unpacking objects: 100% (3/3), 2.77 KiB | 258.00 KiB/s, done.root@ubuntu200403:/data# ls -ltotal 4drwxr-xr-x 3 root root 4096 Nov 13 16:17 app1root@ubuntu200403:/data# ll app1total 20drwxr-xr-x 3 root root 4096 Nov 13 16:17 ./drwxr-xr-x 3 root root 4096 Nov 13 16:17 ../drwxr-xr-x 8 root root 4096 Nov 13 16:17 .git/-rw-r--r-- 1 root root 6177 Nov 13 16:17 README.mdroot@ubuntu200403:/data# 
# 新建文件index.htmroot@ubuntu200403:/data/app1# cat index.html <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <title>magedu 官网</title> </head> <body> <h1>当前版本v1</h1> </body></html>
# 查看当前分支root@ubuntu200403:/data/app1# git branch* main
# 查看当前修改root@ubuntu200403:/data/app1# git statusOn branch mainYour branch is up to date with 'origin/main'.
Untracked files: (use "git add <file>..." to include in what will be committed) index.html
nothing added to commit but untracked files present (use "git add" to track)
# 添加修改到暂存区root@ubuntu200403:/data/app1# git add .
# 将暂存区内容提交到本地仓库。root@ubuntu200403:/data/app1# git commit -m "add index.html"
*** Please tell me who you are.
Run
git config --global user.email "you@example.com" git config --global user.name "Your Name"
to set your account's default identity.Omit --global to set the identity only in this repository.
fatal: unable to auto-detect email address (got 'root@ubuntu200403.(none)')
# 按照提示配置git全局配置root@ubuntu200403:/data/app1# git config --global user.email "xhzhou@zshield.net"root@ubuntu200403:/data/app1# git config --global user.name "user1"root@ubuntu200403:/data/app1# git commit -m "add index.html"[main d29fe15] add index.html 1 file changed, 10 insertions(+) create mode 100644 index.html # user1为developer权限,提交到远程仓库失败root@ubuntu200403:/data/app1# git pushUsername for 'http://10.0.0.132': user1Password for 'http://user1@10.0.0.132': Enumerating objects: 4, done.Counting objects: 100% (4/4), done.Delta compression using up to 2 threadsCompressing objects: 100% (3/3), done.Writing objects: 100% (3/3), 401 bytes | 401.00 KiB/s, done.Total 3 (delta 0), reused 0 (delta 0)remote: GitLab: You are not allowed to push code to protected branches on this project.To http://10.0.0.132/magedu/app1.git ! [remote rejected] main -> main (pre-receive hook declined)error: failed to push some refs to 'http://10.0.0.132/magedu/app1.git'
# user2为owner权限,提交到远程仓库成功root@ubuntu200403:/data/app1# git pushUsername for 'http://10.0.0.132': user2Password for 'http://user2@10.0.0.132': Enumerating objects: 4, done.Counting objects: 100% (4/4), done.Delta compression using up to 2 threadsCompressing objects: 100% (3/3), done.Writing objects: 100% (3/3), 401 bytes | 401.00 KiB/s, done.Total 3 (delta 0), reused 0 (delta 0)To http://10.0.0.132/magedu/app1.git 7509d95..d29fe15 main -> main
复制代码


gitlab 上可以看到提交内容。


4. GitLab 服务的数据备份与恢复

备份

root@ubuntu200402:~# gitlab-ctl statusrun: alertmanager: (pid 15392) 8218s; run: log: (pid 15238) 8245srun: gitaly: (pid 15424) 8217s; run: log: (pid 14545) 8341srun: gitlab-exporter: (pid 15370) 8220s; run: log: (pid 15057) 8262srun: gitlab-kas: (pid 15342) 8222s; run: log: (pid 14816) 8328srun: gitlab-workhorse: (pid 15353) 8221s; run: log: (pid 14986) 8276srun: logrotate: (pid 29761) 1156s; run: log: (pid 14445) 8354srun: nginx: (pid 14981) 8276s; run: log: (pid 15015) 8274srun: node-exporter: (pid 15361) 8221s; run: log: (pid 15039) 8269srun: postgres-exporter: (pid 15409) 8218s; run: log: (pid 15288) 8237srun: postgresql: (pid 14670) 8338s; run: log: (pid 14755) 8335srun: prometheus: (pid 15378) 8219s; run: log: (pid 15204) 8251srun: puma: (pid 14900) 8291s; run: log: (pid 14908) 8288srun: redis: (pid 14475) 8350s; run: log: (pid 14487) 8347srun: redis-exporter: (pid 15372) 8220s; run: log: (pid 15115) 8257srun: sidekiq: (pid 14920) 8285s; run: log: (pid 14939) 8281s
# 停止unicorn sidekip服务root@ubuntu200402:~# gitlab-ctl stop unicorn sidekip
# 运行备份命令,备份账号信息和源代码root@ubuntu200402:~# gitlab-rake gitlab:backup:create2022-11-13 16:50:08 +0000 -- Dumping main_database ... Dumping PostgreSQL database gitlabhq_production ... [DONE]2022-11-13 16:50:11 +0000 -- Dumping main_database ... done2022-11-13 16:50:11 +0000 -- Dumping ci_database ... [DISABLED]2022-11-13 16:50:11 +0000 -- Dumping repositories ... {"command":"create","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"info","msg":"started create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.git","storage_name":"default","time":"2022-11-13T16:50:11.738Z"}{"command":"create","gl_project_path":"gitlab-instance-705695e4/Monitoring.wiki","level":"info","msg":"started create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.839Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"warning","msg":"skipped create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.git","storage_name":"default","time":"2022-11-13T16:50:11.844Z"}{"command":"create","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"info","msg":"started create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.design.git","storage_name":"default","time":"2022-11-13T16:50:11.844Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"gitlab-instance-705695e4/Monitoring","level":"warning","msg":"skipped create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.design.git","storage_name":"default","time":"2022-11-13T16:50:11.847Z"}{"command":"create","gl_project_path":"magedu/app1","level":"info","msg":"started create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git","storage_name":"default","time":"2022-11-13T16:50:11.847Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"gitlab-instance-705695e4/Monitoring.wiki","level":"warning","msg":"skipped create","relative_path":"@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.847Z"}{"command":"create","gl_project_path":"magedu/app1.wiki","level":"info","msg":"started create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.852Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"magedu/app1.wiki","level":"warning","msg":"skipped create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.wiki.git","storage_name":"default","time":"2022-11-13T16:50:11.860Z"}{"command":"create","gl_project_path":"magedu/app1","level":"info","msg":"started create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.design.git","storage_name":"default","time":"2022-11-13T16:50:11.860Z"}{"command":"create","error":"manager: repository empty: repository skipped","gl_project_path":"magedu/app1","level":"warning","msg":"skipped create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.design.git","storage_name":"default","time":"2022-11-13T16:50:11.864Z"}{"command":"create","gl_project_path":"magedu/app1","level":"info","msg":"completed create","relative_path":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git","storage_name":"default","time":"2022-11-13T16:50:11.886Z"}2022-11-13 16:50:11 +0000 -- Dumping repositories ... done2022-11-13 16:50:11 +0000 -- Dumping uploads ... 2022-11-13 16:50:11 +0000 -- Dumping uploads ... done2022-11-13 16:50:11 +0000 -- Dumping builds ... 2022-11-13 16:50:11 +0000 -- Dumping builds ... done2022-11-13 16:50:11 +0000 -- Dumping artifacts ... 2022-11-13 16:50:11 +0000 -- Dumping artifacts ... done2022-11-13 16:50:11 +0000 -- Dumping pages ... 2022-11-13 16:50:11 +0000 -- Dumping pages ... done2022-11-13 16:50:11 +0000 -- Dumping lfs objects ... 2022-11-13 16:50:11 +0000 -- Dumping lfs objects ... done2022-11-13 16:50:11 +0000 -- Dumping terraform states ... 2022-11-13 16:50:11 +0000 -- Dumping terraform states ... done2022-11-13 16:50:11 +0000 -- Dumping container registry images ... [DISABLED]2022-11-13 16:50:11 +0000 -- Dumping packages ... 2022-11-13 16:50:11 +0000 -- Dumping packages ... done2022-11-13 16:50:11 +0000 -- Creating backup archive: 1668358208_2022_11_13_15.4.3_gitlab_backup.tar ... 2022-11-13 16:50:11 +0000 -- Creating backup archive: 1668358208_2022_11_13_15.4.3_gitlab_backup.tar ... done2022-11-13 16:50:11 +0000 -- Uploading backup archive to remote storage ... [SKIPPED]2022-11-13 16:50:11 +0000 -- Deleting old backups ... [SKIPPED]2022-11-13 16:50:11 +0000 -- Deleting tar staging files ... 2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/backup_information.yml2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/db2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/repositories2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/uploads.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/builds.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/artifacts.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/pages.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/lfs.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/terraform_state.tar.gz2022-11-13 16:50:11 +0000 -- Cleaning up /var/opt/gitlab/backups/packages.tar.gz2022-11-13 16:50:11 +0000 -- Deleting tar staging files ... done2022-11-13 16:50:11 +0000 -- Deleting backups/tmp ... 2022-11-13 16:50:11 +0000 -- Deleting backups/tmp ... done2022-11-13 16:50:11 +0000 -- Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data and are not included in this backup. You will need these files to restore a backup.Please back them up manually.2022-11-13 16:50:11 +0000 -- Backup 1668358208_2022_11_13_15.4.3 is done.
配置文件需要单独备份,包括:nginx配置文件root@ubuntu200402:~# ls /var/opt/gitlab/nginx/conf/gitlab-health.conf gitlab-http.conf nginx.conf nginx-status.confgitlab配置文件root@ubuntu200402:~# ls /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rbkey文件root@ubuntu200402:~# ls /etc/gitlab/gitlab-secrets.json /etc/gitlab/gitlab-secrets.json
所以需要将/opt/gitlab整个目录备份。nginx配置文件可以不备份,恢复的时候会重新生成。
# 备份完成后,启动停止的服务root@ubuntu200402:~# gitlab-ctl start unicorn sidekip
复制代码


我们再次对 app1 仓库的代码进行修改提交,提交到 v2 版本,然后恢复到备份时的 v1 版本。

还原

查看要恢复的文件root@ubuntu200402:~# ll /var/opt/gitlab/backups/total 400drwx------  2 git  root   4096 Nov 13 16:50 ./drwxr-xr-x 21 root root   4096 Nov 13 14:29 ../-rw-------  1 git  git  399360 Nov 13 16:50 1668358208_2022_11_13_15.4.3_gitlab_backup.tar

停止写入服务root@ubuntu200402:~# gitlab-ctl stop unicorn sidekip
执行恢复命令root@ubuntu200402:~# gitlab-rake gitlab:backup:restore BACKUP=1668358208_2022_11_13_15.4.3按照提示输入yes最后会看到如下输出,表示恢复完成:2022-11-13 17:05:10 +0000 -- Restore task is done.
启动写入服务root@ubuntu200402:~# gitlab-ctl start unicorn sidekip

复制代码

查看 gitlab 上的代码,回到了 v1 版本,恢复成功。


5. 部署 Jenkins 服务器并安装 GitLab 插件、实现代码免秘钥代码 clone

5.1 安装 jenkins 服务,安装默认推荐的插件

安装 jdk11 和 jenkins

# 在线安装jdk11版本# apt install openjdk-11-jdk
# 下载jenkins deb包# wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/debian-stable/jenkins_2.361.3_all.deb
# 安装jenkins,然后停止jenkins服务,方便后面修改配置。root@ubuntu200403:~# dpkg -i jenkins_2.361.3_all.deb && systemctl stop jenkinsSelecting previously unselected package jenkins.(Reading database ... 73631 files and directories currently installed.)Preparing to unpack jenkins_2.361.3_all.deb ...Unpacking jenkins (2.361.3) ...dpkg: dependency problems prevent configuration of jenkins: jenkins depends on net-tools; however: Package net-tools is not installed.
dpkg: error processing package jenkins (--install): dependency problems - leaving unconfiguredProcessing triggers for systemd (245.4-4ubuntu3.15) ...Errors were encountered while processing: jenkins
# 根据报错提示安装net-toolsroot@ubuntu200403:~# apt install -y net-tools# 重新安装jenkinsroot@ubuntu200403:~# dpkg -i jenkins_2.361.3_all.deb && systemctl stop jenkins

复制代码

修改 jenkins.service 配置,并启动服务。

root@ubuntu200403:~# vi /lib/systemd/system/jenkins.service修改下面三处User=rootGroup=rootEnvironment="JAVA_OPTS=-Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true"
root@ubuntu200403:~# systemctl daemon-reloadroot@ubuntu200403:~# systemctl restart jenkins.serviceroot@ubuntu200403:~# ps -ef |grep jenkinsroot 9614 1 43 14:35 ? 00:00:17 /usr/bin/java -Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -jar /usr/share/javajenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080root 9757 6591 0 14:36 pts/1 00:00:00 grep --color=auto jenkinsroot@ubuntu200403:~# systemctl enable jenkins.serviceSynchronizing state of jenkins.service with SysV service script with /lib/systemd/systemd-sysv-install.Executing: /lib/systemd/systemd-sysv-install enable jenkins
复制代码


浏览器访问 jenkins: http://10.0.0.131:8080/

按照提示解锁 jenkins。

选择安装推荐的插件。系统会在线安装常用的插件。

安装完后,创建一个管理员账号 qa,并设置密码为 zx123456。

实例配置页面保持默认不做修改。


进入 jenkins 的 Dashboard 页面。右上角为新创建的用户。

安装的插件需要重启 jenkins 才能生效。可以重启 jenkins 服务,或者用 /restart api 重启。

这里我们彻底一点,重启 jenkins 服务,然后再来看页面。

# systemctl restart jenkins
复制代码

重新登录,页面如下。


配置邮件通知

【系统管理】-【系统配置】,打开 Configure System 页面。

jenkins Location 里配置系统管理员邮件地址:

邮件通知里所有项都要填,参考如下:


检查邮箱是否成功收到邮件。


5.2 安装 gitlab 插件

在 Dashboard 页面,选择【系统管理】,右边选择【插件管理】

在【已安装】tab 页检索 gitlab,查看到 gitlab 默认没有安装。

在【可选插件】tab 页 检索 gitlab,进行在线安装。


安装好后,已安装中可以检索到 gitlab plugin。


5.3 实现代码免秘钥代码 clone

gitlab 服务器: ubuntu200402 10.0.0.132

jenkins 服务器:ubuntu200403 10.0.0.131

jenkins 拉取 gitlab 仓库里的项目代码,下面介绍两种方法:shell 脚本拉取和 git 插件拉取。

通过 git 协议以非交互的方式去拉取代码,这需要配置 ssh 免密。

在 jenkins 服务器生成一对 ssh 密钥对,把公钥放到 gitlab 上,私钥放在 jenkins 服务器。这样就实现了免密认证。

jenkins 服务器上,在 root 用户下生成密钥对的方式如下:

root@ubuntu200403:~# ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsaYour public key has been saved in /root/.ssh/id_rsa.pubThe key fingerprint is:SHA256:qEiYMKJ7Q6+HABjkOZQ9/h4chuLV6pqwELkhAJ1SKx8 root@ubuntu200403The key's randomart image is:+---[RSA 3072]----+|o=+.             ||*.++             ||B*E +            ||BO.= + .         ||@ * = o S        ||oO + =           ||=.=.+ .          ||ooo+..           ||.oo.             |+----[SHA256]-----+root@ubuntu200403:~# root@ubuntu200403:~# ls -al ~/.ssh/total 20drwx------ 2 root root 4096 Nov 14 15:48 .drwx------ 7 root root 4096 Nov 14 14:46 ..-rw------- 1 root root    0 Oct 21 16:51 authorized_keys-rw------- 1 root root 2602 Nov 14 15:48 id_rsa-rw-r--r-- 1 root root  571 Nov 14 15:48 id_rsa.pub-rw-r--r-- 1 root root  444 Oct 30 09:42 known_hosts
复制代码


将公钥拷贝到 gitlab 服务器

# 拷贝公钥到gitlab服务器,会提示输入密码root@ubuntu200403:~# ssh-copy-id 10.0.0.132/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@10.0.0.132's password: 
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.0.0.132'"and check to make sure that only the key(s) you wanted were added.
# 验证免密是否生效。没有输入密码就登录成功了,说明生效了。root@ubuntu200403:~# ssh 10.0.0.132Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-131-generic x86_64)
* Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage
System information as of Mon 14 Nov 2022 03:55:00 PM UTC
System load: 0.83 Users logged in: 1 Usage of /: 47.8% of 23.95GB IPv4 address for br-9786484ce7ab: 172.19.0.1 Memory usage: 76% IPv4 address for br-ee0b51380d98: 172.20.0.1 Swap usage: 0% IPv4 address for docker0: 172.17.0.1 Processes: 337 IPv4 address for ens33: 10.0.0.132
* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s just raised the bar for easy, resilient and secure K8s cluster deployment.
https://ubuntu.com/engage/secure-kubernetes-at-the-edge
81 updates can be applied immediately.To see these additional updates run: apt list --upgradable
New release '22.04.1 LTS' available.Run 'do-release-upgrade' to upgrade to it.

Last login: Mon Nov 14 15:51:29 2022 from 10.0.0.1
# 验证通过后退出远程登录服务器,回到jenkins服务器root@ubuntu200402:~# exitlogoutConnection to 10.0.0.132 closed.
复制代码


将公钥放到 gitlab 上。操作如下:

root 账户登录到 gitlab,选择【偏好设置】-【SSH 秘钥】,将公钥(/root/.ssh/id_rsa.pub 里的内容)拷贝到秘钥文本框中。到期时间默认是一年的,可以手动修改。


配置后会出现秘钥信息页面。后面用 git 协议 clone 就不需要输入密码了。

现在我们就通过 jenkins 来 clone 代码。

新建自由风格的任务,在 Build Step 中选择执行 shell,输入克隆命令。

保存配置后选择立即构建,查看构建日志。

查看 jenkins 服务器上的 job 工程目录,app1 项目代码 clone 成功。

root@ubuntu200403:/var/lib/jenkins# cd workspace/root@ubuntu200403:/var/lib/jenkins/workspace# lstestroot@ubuntu200403:/var/lib/jenkins/workspace# cd test/root@ubuntu200403:/var/lib/jenkins/workspace/test# lsapp1root@ubuntu200403:/var/lib/jenkins/workspace/test# ls -al app1total 24drwxr-xr-x 3 root root 4096 Nov 14 16:13 .drwxr-xr-x 3 root root 4096 Nov 14 16:13 ..drwxr-xr-x 8 root root 4096 Nov 14 16:13 .git-rw-r--r-- 1 root root  157 Nov 14 16:13 index.html-rw-r--r-- 1 root root 6177 Nov 14 16:13 README.m
复制代码


以上是通过 shell 脚本方式克隆代码。

如果是用插件方式实现克隆,jenkins 任务界面中配置如下:



点击【添加】。添加好之后,选择这个私钥。



注意注释掉 Build Steps 中的执行 shell 里的内容。然后保存配置。

再次构建此 job。查看构建日志,显示成功。


用户头像

Starry

关注

还未添加个人签名 2018-12-10 加入

还未添加个人简介

评论

发布
暂无评论
极客时间运维进阶训练营第三周作业_Starry_InfoQ写作社区