持續集成之③:將代碼自動部署至測試環境
一:本文在上一篇文章的基礎之上繼續進行操作,上一篇實現了從git獲取代碼並進行代碼測試,本文將在上一篇的基礎之上實現將代碼部署至測試環境。
1.1:新建一個項目叫web-demo-deploy用於代碼發布,上一個項目web-demo可用於代碼測試,當測試階段出現問題的時候也不會立即進行發布,只有當測試通過之后才執行發布的項目即可:
1.2:如何將代碼發布到web服務器:
1.2.1:可以通過執行命令或腳本的方式進行代碼發布,在各web服務器創建一個www用戶,用於啟動web服務並進行代碼發布:
# useradd www # echo "123456" | passwd --stdin www # su - www $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/www/.ssh/id_rsa): Created directory '/home/www/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/www/.ssh/id_rsa. Your public key has been saved in /home/www/.ssh/id_rsa.pub. The key fingerprint is: bc:51:20:7d:cc:bb:de:e8:e4:11:d3:f7:1b:ec:0c:0d www@node1.chinasoft.com The key's randomart image is: +--[ RSA 2048]----+ | ...o | | ...+ | | ... | | . ... | | S o..E. | | o.o .+. | | ..oo . +.| | oo.. + o| | .o + | +-----------------+ [www@node1 ~]$ cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIvExDg2tXu3+XZVdjxuur/orC0C9G1vGFKd5c67mOkiJE+OI1eyDl4yoqsabJbp7aHJEDomfO7MjoJSQEQdhebgpCvG7/ron5IoF7Ql3RllhObDHmRmjhSuHbZqJCpM2qqIejkdwM4qpnkFcJUxOZLgdKfiVfNIaAjkY3BUbyKrt64GZ4pykoZXqTLX7fDHAOqzUJqy3IuCLhk0judRdlUWayWnrXOrBGXfuKiBuXiFIxhKbDvDr93ZldqcGXXCmscTLIlQ+yFAEeb11K+/z0uEQU6l9sKD4i8v5503KiFSVWSSfL40ZBFWcP20nK3prRH5CFD2piWbLPQBYVhzpL www@node1.chinasoft.com
1.2.2:在git服務器將www用戶的公鑰添加至部署key,將root的公鑰添加至ssh key,以讓www用戶有獲取代碼權限,讓root用戶有提交代碼的權限:
ssh keys和deploy keys區別:
github賬戶的SSH keys,相當於這個賬號的最高級key,只要是這個賬號有的權限(任何項目),都能進行操作。
倉庫的Deploy keys,顧名思義就是這個倉庫的專有key,用這個key,只能操作這個項目,其他項目都沒有權限。
說白了就相當於你有一所大別墅,SSH key能開別墅中的任何一個房間。而Deploy key只能開進別墅中的一個單間。
1.2.4:確認www用戶有拉取代碼權限:
1.3:關於shell腳本執行權限:
#稍后會通過jenkins執行一個腳本,從而完成代碼的發布,但是默認執行的用戶是jenkins,需要賦予jenkins一定的權限,另外發布的腳本可能在本機也可能不在本機,本次設想不在本機保存腳本,則設置如下:
1.3.1:解決腳本運行問題:
#將腳本放在www用戶家目錄/home/www,git代碼也放在家目錄,因此需要jenkins服務器遠程到代碼發布服務器執行遠程命令,需要做免登陸認證,將jenkins服務器root和www用戶的公鑰放在代碼部署服務器的www用戶家目錄.ssh/authorized_keys文件中,使jenkins服務器能夠不輸入密碼就可以調用部署服務器的腳本:
jenkins服務器:192.168.3.199
deploy部署服務器:192.168.3.12
$ chmod 600 authorized_keys $ cat authorized_keys [www@192.168.3.12 ~]$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIvExDg2tXu3+XZVdjxuur/orC0C9G1vGFKd5c67mOkiJE+OI1eyDl4yoqsabJbp7aHJEDomfO7MjoJSQEQdhebgpCvG7/ron5IoF7Ql3RllhObDHmRmjhSuHbZqJCpM2qqIejkdwM4qpnkFcJUxOZLgdKfiVfNIaAjkY3BUbyKrt64GZ4pykoZXqTLX7fDHAOqzUJqy3IuCLhk0judRdlUWayWnrXOrBGXfuKiBuXiFIxhKbDvDr93ZldqcGXXCmscTLIlQ+yFAEeb11K+/z0uEQU6l9sKD4i8v5503KiFSVWSSfL40ZBFWcP20nK3prRH5CFD2piWbLPQBYVhzpL www@node1.chinasoft.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsYf1pLYFBUhThXz5pqPMl9TVJxzKEkB/6vImEcDnBqDhrWZe+OqIWp+GTbkHNcXDejD1pBvvQScPIuxlz/r7OEBRTpTjmZOAaLCRMljhx2iMsgTdyjSqZFXMAXRI+F/ZPKKypDW2ZLMLjyqB6ZHK+9/SIMVGwzw/Ey3kqAQovI7UQMoL/59xjah+9zNGboTpZI613LX5vrgCghWUS5NHxU/DNUWjaxFuYJqr7ELKVrG/vZJcbtwmGpRDcCq03Kl2Mz0lHhkGZVDHWqhIPcyRjKrDh0/WqaTlPuIYZ3bZu33aQSxXV5GMGv6VqfIkYVU0uFewL4znPKFPa1z4mAJpR root@node1.chinasoft.com
1.3.2:確認可以免密碼遠程登陸:
使用root和www用戶測試一下是否可以免秘鑰登陸,以便讓部署服務器將用戶的key添加到know_keys,否則報錯Host key verification failed
ssh www@192.168.3.12 ssh www@192.168.3.13
1.3.3:解決jenkins沒有權限的問題,在jenkins服務器192.168.3.199上操作:
# vim /etc/sudoers #Defaults requiretty #注釋掉,不需要tty jenkins ALL=(ALL) NOPASSWD: /usr/bin/ssh
1.3.3:配置jenkins項目執行shell腳本:
1.3.3.1:腳本內容(需要放在部署服務器192.168.3.12的/home/www目錄下):
www@192.168.3.12 $ vim dep.sh #!/bin/bash cd /home/www/web-demo_deploy/ #進入到本地代碼庫 git pull #從git服務器更新代碼 scp -r ./* www@192.168.3.12:/webroot/web_www #將代碼部署至web服務器 scp -r ./* www@192.168.3.13:/webroot/web_www www@192.168.3.12 $ chmod +x dep.sh
1.3.3.2:在jenkins調用腳本:
#在項目的構建步驟調用,項目-配置-構建-增加構建步驟-Execute shell
訪問web頁面測試:
在git倉庫創建代碼並更新至git服務器:
[www@master web-demo_deploy]$ vim index.html # 添加www.chinasoft.com [www@master web-demo_deploy]$ git add index.html [www@master web-demo_deploy]$ git commit -m 'edit index.html add www.chinasoft.com' [master 51f8f11] edit index.html add www.chinasoft.com 1 file changed, 1 insertion(+), 1 deletion(-) [www@master web-demo_deploy]$ git push origin master Counting objects: 5, done. Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 313 bytes | 0 bytes/s, done. Total 3 (delta 2), reused 0 (delta 0) To git@192.168.3.198:web/web-demo_deploy.git ac41e81..51f8f11 master -> master
再次在jenkins執行項目構建
可以看到剛剛更新的代碼獲取成功
1.4:讓代碼測試項目管理代碼發布項目,當代碼測試的項目執行成功之后自動調用代碼發布的項目完成代碼部署:
1.4.1:安裝插件,jenkins的插件默認安裝路徑
# ll /var/lib/jenkins/plugins/
tomcat版本的安裝路徑:
/usr/local/tomcat/webapps/jenkins/WEB-INF/detached-plugins/
如果插件在線安裝不成功可以下載插件到此目錄然后把屬主屬組改成jenkins再重啟jenkins服務即可完成安裝:
#系統管理-管理插件-可選插件,搜索Parameterized:
1.4.2:配置項目demo的構建后操作,demo構建完成后自動構建demp-deploy項目:
#jenkins-->web-demo-->配置-->構建后操作:
1.4.3:配置如下:
1.5:測試,執行代碼測試項目成功之后是否會自動執行代碼部署項目:
控制台輸出
Started by user admin Building in workspace /home/jenkins/.jenkins/workspace/web-demo > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url git@192.168.3.198:web/web-demo.git # timeout=10 Fetching upstream changes from git@192.168.3.198:web/web-demo.git > git --version # timeout=10 using GIT_SSH to set credentials gitlab_web-demo > git fetch --tags --progress git@192.168.3.198:web/web-demo.git +refs/heads/*:refs/remotes/origin/* > git rev-parse refs/remotes/origin/master^{commit} # timeout=10 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10 Checking out Revision b8f3be4385efdf64606158c23f9f1992bb2da1d3 (refs/remotes/origin/master) Commit message: "add www.chinasoft.com" > git config core.sparsecheckout # timeout=10 > git checkout -f b8f3be4385efdf64606158c23f9f1992bb2da1d3 > git rev-list b8f3be4385efdf64606158c23f9f1992bb2da1d3 # timeout=10 [web-demo] $ /usr/local/sonar-scanner/bin/sonar-scanner -e -Dsonar.host.url=http://192.168.3.199:9000/ -Dsonar.language=php -Dsonar.projectName=web-demo -Dsonar.projectVersion=1.0 -Dsonar.sourceEncoding=UTF-8 -Dsonar.projectKey=web-demo -Dsonar.sources=./ -Dsonar.projectBaseDir=/home/jenkins/.jenkins/workspace/web-demo INFO: Scanner configuration file: /usr/local/sonar-scanner/conf/sonar-scanner.properties INFO: Project root configuration file: NONE INFO: SonarQube Scanner 2.6.1 INFO: Java 1.8.0_111 Oracle Corporation (64-bit) INFO: Linux 3.10.0-514.el7.x86_64 amd64 INFO: Error stacktraces are turned on. INFO: User cache: /home/jenkins/.sonar/cache INFO: Load global repositories INFO: Load global repositories (done) | time=172ms WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database. WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database. WARN: Property 'sonar.jdbc.password' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database. INFO: User cache: /home/jenkins/.sonar/cache INFO: Load plugins index INFO: Load plugins index (done) | time=3ms INFO: SonarQube server 5.6.6 INFO: Default locale: "en_US", source code encoding: "UTF-8" INFO: Process project properties INFO: Load project repositories INFO: Load project repositories (done) | time=97ms INFO: Load quality profiles INFO: Load quality profiles (done) | time=34ms INFO: Load active rules INFO: Load active rules (done) | time=380ms WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project. INFO: Publish mode INFO: ------------- Scan web-demo INFO: Language is forced to php INFO: Load server rules INFO: Load server rules (done) | time=71ms INFO: Base dir: /home/jenkins/.jenkins/workspace/web-demo INFO: Working dir: /home/jenkins/.jenkins/workspace/web-demo/.sonar INFO: Source paths: . INFO: Source encoding: UTF-8, default locale: en_US INFO: Index files INFO: 0 files indexed INFO: Quality profile for php: Sonar way INFO: Sensor Lines Sensor INFO: Sensor Lines Sensor (done) | time=0ms INFO: Sensor SCM Sensor INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it. INFO: Sensor SCM Sensor (done) | time=0ms INFO: Sensor Analyzer for "php.ini" files INFO: Sensor Analyzer for "php.ini" files (done) | time=3ms INFO: Sensor SonarJavaXmlFileSensor INFO: Sensor SonarJavaXmlFileSensor (done) | time=0ms INFO: Sensor Zero Coverage Sensor INFO: Sensor Zero Coverage Sensor (done) | time=0ms INFO: Sensor Code Colorizer Sensor INFO: Sensor Code Colorizer Sensor (done) | time=0ms INFO: Sensor CPD Block Indexer INFO: DefaultCpdBlockIndexer is used for php INFO: Sensor CPD Block Indexer (done) | time=0ms INFO: Calculating CPD for 0 files INFO: CPD calculation finished INFO: Analysis report generated in 47ms, dir size=8 KB INFO: Analysis reports compressed in 7ms, zip size=3 KB INFO: Analysis report uploaded in 47ms INFO: ANALYSIS SUCCESSFUL, you can browse http://192.168.3.199:9000/dashboard/index/web-demo INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report INFO: More about the report processing at http://192.168.3.199:9000/api/ce/task?id=AV0YJcbrykzBCcoFv4Mt INFO: ------------------------------------------------------------------------ INFO: EXECUTION SUCCESS INFO: ------------------------------------------------------------------------ INFO: Total time: 43.045s INFO: Final Memory: 42M/137M INFO: ------------------------------------------------------------------------ Warning: you have no plugins providing access control for builds, so falling back to legacy behavior of permitting any downstream builds to be triggered Triggering a new build of web-demo_deploy Finished: SUCCESS
1.6:pipeline插件:
1.6.1:#安裝插件,系統管理-管理插件-可安裝插件:
1.6.2:創建視圖:
1.6.3:自定義名稱:
1.6.4:配置pipeline信息,點擊OK之后,彈出如下視圖
點擊保存之后顯示的最終界面:
