Devops

gitlab

前提

需要有docker和docker-compose
docker version
docker-compose version

部署gitlab

version: '3.1'
services:gitlab:image: 'swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/gitlab/gitlab-ce:latest'container_name: gitlabrestart: alwaysenvironment:GITLAB_OMNIBUS_CONFIG: |external_url 'http://192.168.248.12:8929'gitlab_rails['gitlab_shell_ssh_port'] = 2224ports:- '8929:8929'- '2224:2224'volumes:- './config:/etc/gitlab'- './logs:/var/log/gitlab'- './data:/var/opt/gitlab'

git config --global user.name "Wise_Jenkins"
git config --global user.email wiseshark@yeah.net

访问

获取密码
docker exec -it gitlab bash
cat /etc/gitlab/initial_root_password

获取Token
Scopes: read_repository, write_repository
如果要配置给Jenkins使用，需要勾选：api

jenkins
glpat-FKDL6jW_ifTtrWkaRhkt

报错处理

执行：git remote add origin http://192.168.248.12:8929/root/wise_project.git
报错：fatal: not a git repository (or any of the parent directories): .git
原因：你当前的文件夹，不是 Git 仓库！
处理方式：git init # 初始化一个空的 Git 仓库

执行：git pull
报错：fatal: Unencrypted HTTP is not recommended for GitLab. Ensure the repository remote URL is using HTTPS or see https://aka.ms/gcm/unsaferemotes about how to allow unsafe remotes.
原因：GitLab不建议使用未加密的HTTP协议。确保仓库远程URL使用HTTPS
处理方式：

git config --global http.sslVerify false
git config --global credential.helper store

报错：remote: HTTP Basic: Access denied. If a password was provided for Git authentication, the password was incorrect or you're required to use a token instead of a password. If a token was provided, it was either incorrect, expired, or improperly scoped. See http://192.168.248.12:8929/help/topics/git/troubleshooting_git.md#error-on-git-fetch-http-basic-access-denied
原因：必须使用token而不是密码。
处理方式：git remote add origin http://oauth2:glpat-cFwREBkZknoLEy2uik7h@192.168.248.12:8929/root/wise_project.git

执行 git push orgin main
报错：error: src refspec main does not match any.
原因：本地分支名和远程分支名不一致
处理方式：git push origin main

maven

部署

tar -zxvf jdk-8u202-linux-x64.tar.gz -C /usr/local
tar -zxvf apache-maven-3.9.14-bin.tar.gz -C /usr/localmv jdk1.8.0_202/ jdk/
mv apache-maven-3.9.14/ maven/

修改配置

配置阿里云仓库地址

vi ./maven/conf/settings.xml

<mirror><id>alimaven</id><name>aliyun maven</name><url>http://maven.aliyun.com/nexus/content/groups/public/</url><mirrorOf>central</mirrorOf>
</mirror>

<mirrors><!-- 阿里云 Maven 仓库（HTTPS 新版地址，推荐）--><mirror><id>aliyunmaven</id><mirrorOf>central</mirrorOf><name>阿里云公共仓库</name><url>https://maven.aliyun.com/repository/public</url></mirror>
</mirrors>

配置jdk8编译插件配置

<profile><id>jdk8</id><activation><activeByDefault>true</activeByDefault><jdk>1.8</jdk></activation><properties><maven.compiler.source>1.8</maven.compiler.source><maven.compiler.target>1.8</maven.compiler.target><maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion></properties>
</profile>

docker

yum install -y yum-utils device-mapper-persistent-data lvm2
yum install -y docker-ce
yum install -y docker-compose

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose -v

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

Jenkins

version: "3.1"
services:jenkins:image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/jenkins/jenkins:2.541.2-ltscontainer_name: jenkinspull_policy: if_not_present   # 优先使用本地镜像，本地没有才去拉取ports:- 8080:8080- 50000:50000volumes:- ./data/:/var/jenkins_home/

docker-compose up -d

访问jenkins
http://192.168.248.10:8080/

故障处理

部署时可能会遇到

启动异常

现象：执行docker logs -f jenkins
报错：
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied解决方法：chmod -R 777 ./data

修改 /var/lib/jenkins/updates/default.json
jenkins 在下载插件之前会先检查网络连接，其会读取这个文件中的网址。默认是访问谷歌
改为<www.baidu.com>即可，更改完重启服务。  <www.qq.com都不行>
docker restart jenkins

密码问题

secrets/initialAdminPassword # 查看初始密码
如果没有这个文件，则

docker stop jenkinsvi /wise/jenkins_docker/data/config.xml
<useSecurity>true</useSecurity> --> <useSecurity>false</useSecurity>
docker start jenkins

现象：Failed to load: Variant Plugin (variant 70.va_d9f17f859e0) - Jenkins (2.479.1) or higher required
原因：Jenkins版本太低把swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/jenkins/jenkins:lts-jdk8改为swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/jenkins/jenkins:2.60.2修改confi.xml  <?xml version='1.1' encoding='UTF-8'?>
为<?xml version='1.0' encoding='UTF-8'?>

现象：无法下载插件
解决方法：
https://mirrors.ustc.edu.cn/jenkins/updates/update-center.json
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
http://mirror.esuni.jp/jenkins/updates/update-center.json# 修改数据卷中的hudson.model.UpdateCenter.xml文件
<?xml version='1.1' encoding='UTF-8'?>
<sites><site><id>default</id><url>https://updates.jenkins.io/update-center.json</url>  # 修改这里</site>
</sites>

配置

插件：publish over ssh

连接GitLab

1. gitlab生成令牌,勾选api权限
2. Manage Jenkins-->Syste-->GitLab

Connection name：gitlab
GitLab host URL：http://192.168.248.12:8929
勾选 Ignore SSL errors
Credentials: 添加GitLab API Token--API token填gitlab生成的

3. 创建项目

项目名称：wise_project
选择：Freestyle project
Sourc Code Management: Git
Repository URL: http://192.168.248.12:8929/root/wise_project.git
Credentials-->添加-->Username with password-->Username填gitlab的用户名<root>，密码填gitlab生成的token

4. Triggers
   勾选：Build when a change is pushed to GitLab
   记录下webhook URL
   Advanced（高级）--> Secret token --> Secret token

GitLab配置webhook

SSH Publishers
Source files：选择要上传的文件
Remote directory：要上传到的目录，./代表publish over ssh配置的目录
Exec command： 默认是在/root/下执行，所以需要先cd到要上传的目录

Jenkins配置截图

系统管理>>系统配置

config

cd /usr/local/test
for file in $(cat changed_yml_files.txt); dodocker-compose -f $file up -d
done

cd ${WORKSPACE}
git diff --name-only HEAD^ HEAD | grep -E '\.yaml$' > changed_yml_files.txt || true
echo "本次更新文件："
cat changed_yml_files.txt