目前持续集成的生态越来越完善,工具也有很多,开源的或商业的。如:
- 最最流行的,也是使用最多的 Jenkins
- 有着持续集成DNA的ThoughtWorks GO。理念:"Deployment as pipeline" (华为容器平台应该是基于GO做的二次开发实现)
- Atlassian工具链之一的Bamboo (数人云应该是基于Banboo实现的CI/CD)
- 与Gitlab紧密集成的Gitlab CI
- 专为开源打造的Travis CI,与Github紧密集成
- 使用 python 语言实现的Buildbot,相信 pythoner 看到会喜欢
jenkins安装
设置jenkins目录
在catalina.sh 中定义jenkins
$ export CATALINA_OPTS="-DJENKINS_HOME=/path/to/jenkins_home/ -Xmx512m"
$ catalina.sh start
在linux环境变量中定义jenkins
$ export JENKINS_HOME=/path/to/jenkins_home/
$ catalina.sh start
在 context中定义jenkins-home
<Context ...>
<Environment name="JENKINS_HOME" value="/path/to/jenkins_home/" type="java.lang.String"/>
</Context>
安装及初始化
wget http://mirrors.jenkins.io/war-stable/latest/jenkins.war
java -jar jenkins.war
http://localhost:8080
安装常用插件
开始安装
插件安装完成后,开始配置admin的用户名密码。
开始使用jenkins
更改jenkins的家目录
jenkins的家目录默认路径在/root/.jenkins/路径。根据启动方式的不同,修改方式略有不同。
- 你是直接命令行启动
java -jar jenkins.war。
cat >>/etc/profile<<EOF
export JENKINS_HOME=/data/db/jenkins/
EOF
source /etc/profile
- 使用tomcat容器启动
vim /data/app/tomcat/bin/catalina.sh
export JENKINS_HOME=/data/db/jenkins/
# OS specific support. $var _must_ be set to either true or false.
- 你也可以修改jenkins.war包(不推荐)
vim jenkins /web.xml
<!-- if specified, this value is used as the Hudson home directory -->
<env-entry>
<env-entry-name>HUDSON_HOME</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>/data/db/jenkins/</env-entry-value> #填入路径
</env-entry>
开始安装插件
jenkins最常用的就是插件,所有我们从安装插件开始。路径:系统管理-->管理插件,开始安装插件。
- Build Pipeline Plugin:build 流程配置插件。
- Gitlab Plugin :gitlab pull 插件。
- Gitlab Hook Plugin:gitlab 钩子插件。
- Build Authorization Token Root Plugin :用户权限验证插件。
- SonarQube Scanner for Jenkins :代码质量管理插件。
- Parameterized Remote Trigger Plugin :远程触发插件。
- AnsiColor(可选):这个插件可以让Jenkins的控制台输出的log带有颜色(就和linux控制台那样)
- Maven Integration plugin
- Extended Choice Parameter Plug-In: 图像界面配置多选参数
方法二
上传插件
Jenkins-插件管理-高级-上传插件
方法三
直接上传到文件目录(根据上文中密码文件的路径,可以知道jenkins的目录在/root/.jenkins/中)
/root/.jenkins/plugins
重启Jenkins
创建一个构建过程
输入项目名称--选择构建一个自由风格的软件项目
配置源码下载地址
添加gitlab的认证key,这里配置ssh的私钥。
gitlab中添加ssh-key的公钥
配置构建过程
这里有个需要注意的地方,比如我们想要在远端的机器上执行相关的脚本怎么办?
一个原理: jenkins 在执行过程中,使用的是jenkins的用户在执行。
两种方法:
- 所有服务器跟jenkins做无密钥登录。
- 所有服务器的root做无密钥登录。
推荐使用第二种,因为发布的脚本,可能涉及权限的问题,如果使用jenkins可能会出现权限不足的情况。
最佳方案
sudo ssh -p 52113 root@192.168.56.13 "/data/scripts/web-deploy.sh"
执行立即构建-查看控制台输出
解释说明:
- jenkins 会
git clone到jenkins的/workspace上。
[root@linux-node1 web-build16:29:46]#pwd
/root/.jenkins/workspace/web-build
[root@linux-node1 web-build16:29:56]#ls -a
. .. .git index.html README.md
[root@linux-node1 web-build16:29:58]#
[root@linux-node1 web-build16:31:49]#cat /tmp/1.txt
2017-03-01
Sonar 代码质量管理
安装sonar
cd /usr/local/src/
wget https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-5.6.6.zip
mv sonarqube-5.6.6 /data/app/
ln -s /data/app/sonarqube-5.6.6/ /data/app/sonarqube
安装数据库
# 下载mysql二进制包
cd /usr/local/src
wget http://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.30-linux-glibc2.5-x86_64.tar.gz
# 创建mysql用户
groupadd mysql
useradd -r -g mysql -s /bin/false mysql
# 解压mysql二进制包
cd /usr/local/src
tar zxf mysql-5.6.30-linux-glibc2.5-x86_64.tar.gz
mv mysql-5.6.30-linux-glibc2.5-x86_64 /usr/local/
chown -R mysql:mysql /usr/local/mysql-5.6.30-linux-glibc2.5-x86_64
# 初始化mysql
ln -s /usr/local/mysql-5.6.30-linux-glibc2.5-x86_64/ /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql
# 上传压缩包中的my.cnf到/usr/local/mysql目录下
#初始化 mysql数据库
/usr/local/mysql/scripts/mysql_install_db
--defaults-file=/usr/local/mysql/my.cnf
--user=mysql --basedir=/usr/local/mysql/
--datadir=/usr/local/mysql/data
# 启动mysql
chown -R mysql:mysql /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql-5.6.30-linux-glibc2.5-x86_64/
/usr/local/mysql/bin/mysqld --defaults-file=/usr/local/mysql/my.cnf &
# 连接mysql
/usr/local/mysql/bin/mysql -S /usr/local/mysql/mysql.sock
登录mysql创建相关的数据库
# mysql -uroot -p12345678
CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar@qw';
FLUSH PRIVILEGES;
sonar好像不支持MySQL 5.5,请安装mysql5.6 或者更高版本
2017.03.01 18:52:01 ERROR web[o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.ser
ver.platform.PlatformServletContextListener
org.sonar.api.utils.MessageException: Unsupported mysql version: 5.5. Minimal supported version is 5.6.
2017.03.01 18:52:01 ERROR web[o.a.c.c.StandardContext] One or more listeners failed to start. Full details will be found in the appropri
ate container log file
2017.03.01 18:52:01 ERROR web[o.a.c.c.StandardContext] Context [] startup failed due to previous errors
2017.03.01 18:52:01 WARN web[o.a.c.l.WebappClassLoaderBase] The web application [ROOT] appears to have started a thread named [Abandone
d connection cleanup thread] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
java.lang.Object.wait(Native Method)
java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:143)
com.mysql.jdbc.AbandonedConnectionCleanupThread.run(AbandonedConnectionCleanupThread.java:43)
2017.03.01 18:52:01 WARN web[o.a.c.l.WebappClassLoaderBase] The web application [ROOT] appears to have started a thread named [Timer-0]
but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
java.lang.Object.wait(Native Method)
java.util.TimerThread.mainLoop(Timer.java:552)
java.util.TimerThread.run(Timer.java:505)
编辑sonar的配置文件
编辑sonar连接数据库的方式
vim /data/app/sonarqube/conf/sonar.properties
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar@qw
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerf
ormance
配置sonar的监听ip和端口
vim /data/app/sonarqube/conf/sonar.properties
sonar.web.host=0.0.0.0
sonar.web.port=9000
启动sonar服务
/data/app/sonarqube/bin/linux-x86-64/sonar.sh start
配置sonar
浏览器登录sonar,用户名admin,密码:admin
第一步安装中文插件
第二步安装相关的语言插件(使用什么语言,安装什么选择器)
我们安装一个python的插件
接着把php,java的插件也安装上,然后重启。
SonarQube Scanner 安装
wget https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-2.8.zip
unzip sonar-scanner-2.8.zip
mv sonar-scanner-2.8 /data/app/
ln -s /data/app/sonar-scanner-2.8/ /data/app/sonar-scanner
编辑sonar scanner的配置文件
cat >>/data/app/sonar-scanner/conf/sonar-scanner.properties <<EOF
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar@qw
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8
EOF
soncar-scanner 在2.8版本的时候,可以不用配置,
soncar.jdbc.username,sonar.jdbc.password,sonar.jdbc.url。只需要配置soncar.host.url。
WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.password' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
下载官方测试包 Sonar-examples
cd /data/db/
git clone https://github.com/SonarSource/sonar-examples.git
需要scanner扫描的代码必须包含 sorna-project.properties
cd /data/db/sonar-examples-master/projects/languages/php/php-sonar-runner-unit-tests
vim sorna-project.properties
sonar.projectKey=org.sonarqube:php-ut-sq-scanner # sonar中的key,必须唯一。
sonar.projectName=PHP :: PHPUnit :: SonarQube Scanner ##在sonar中展示的名称
sonar.projectVersion=1.0 ##项目版本
sonar.sources=src ##源码路径
sonar.tests=tests
sonar.language=php ##源码语言
sonar.sourceEncoding=UTF-8 ##源码编译方式
# Reusing PHPUnit reports
sonar.php.coverage.reportPath=reports/phpunit.coverage.xml
sonar.php.tests.reportPath=reports/phpunit.xml
sonar.projectKey=org.sonarqube:example-it-jacoco-sonar-scanner
sonar.projectName=Java :: IT Coverage with JaCoCo :: SonarQube Scanner
sonar.projectVersion=1.0
sonar.sources=src
sonar.binaries=classes
sonar.language=java
sonar.sourceEncoding=UTF-8
sonar.jacoco.itReportPath=reports/jacoco.exec
开始扫描
我们什么都不指定就会在当面目录下扫描sonar-project.properties文件,根据配置文件进行扫描工作。扫描之后我们在web界面上就可以看到
pwd
# /data/db/sonar-examples-master/projects/languages/php/php-sonar-runner-unit-tests
/data/app/sonar-scanner/bin/sonar-scanner
登录sonar-在仪表盘中看到了我们刚刚运行的检查。
点开可以看到详细的信息
sonar和jenkins结合
安装Jenkins - sonar 插件
系统管理-系统配置中 添加sonar的信息
在系统管理--> Global Tool Configuration 中配置sonar Scanner的路径
开始构建相应的步骤
选择立即构建,构建完成后,就可以在控制台输出中看见内容了。
钩子脚本配置
jenkins和gitlab联合
配置身份验证令牌
openssl rand -hex 10
9c8fe5c5bbb56b909259
配置gitlab的钩子
官方的例子
Trigger the RevolutionTest job with the token TacoTuesday
buildByToken/build?job=RevolutionTest&token=TacoTuesday
Trigger the RevolutionTest job with the token TacoTuesday and parameter Type supplied with the value Mexican
buildByToken/buildWithParameters?job=RevolutionTest&token=TacoTuesday&Type=Mexican
根据官方的例子拼接URL
第一步:jenkins的URL:http://192.168.56.11:8080/jenkins/
第二步:拼接后端的URI:buildByToken/build?job=web-buildo&token=9c8fe5c5bbb56b909259
http://192.168.56.11:8080/jenkins/buildByToken/build?job=web-build&token=9c8fe5c5bbb56b909259
更新gitlab的内容,查看jenkins是否能够自动更新。
配置gitlab流水线操作
安装pipline的插件
jenkins pipline 设置
真实工作场景可能会有很多的job要执行。
编译-->单元测试-->从集群中下线服务器--环境部署--重启服务器--预热--上线测试--上线集群。
创建一个pipline。
根据刚才设置的第一个pipline,配置后续的构建过程。
选择【构建后操作】,接着选择【Trigger parameterized build on other projects】
查看pipline执行的结果。
在这里可以查看各个job的执行情况,绿色是表示执行通过的,黄色是正在执行的,蓝色是未执行的,还有红色是执行失败的。
交互式执行构建过程
jenkins配置slave
最近了解到Jenkins的节点功能,对于分布式构建非常方便!
Jenkins启动在Windows上,如果想要直接操作Linux上的东西,那么比较波折,Jenkins节点大大的方便了不同系统之间的调用构建;
创建节点方式如下:
1.系统管理-管理节点-新建节点
2.输入创建的节点名称,并勾选“Dumb Slave”
3.配置 1)Name需要填写
2)远程工作目录:slave.jar和job等目录
3)用法:只允许运行绑定到这台机器的Job
4)启动方法:Launch slave agents on Unix machines via SSH
5)高级:填写Host Credentials(用户名密码,需要通过Add添加)
4.其他默认即可,配置完毕保存后,进入此节点,通过点击Launch slave agent运行
此时Windows为master,Linux为slave,节点运行后,会在远程工作目录设定的路径下生成slave.jar,用于jenkins调用;
需要注意的是:job建立需要勾选Restrict where this project can be run选项,并在Label Expression处填写节点的名称。
报错汇总
http://10.10.0.176:8080/threadDump
参考
参考文档
Jenkins进阶系列之——16一个完整的JENKINS下的ANT BUILD.XML文件
build authorization token root plugin
jenkins自带的环境变量
BRANCH_NAME
For a multibranch project, this will be set to the name of the branch being built, for example in case you wish to deploy to production from master but not from feature branches; if corresponding to some kind of change request, the name is generally arbitrary (refer to CHANGE_ID and CHANGE_TARGET).
CHANGE_ID
For a multibranch project corresponding to some kind of change request, this will be set to the change ID, such as a pull request number, if supported; else unset.
CHANGE_URL
For a multibranch project corresponding to some kind of change request, this will be set to the change URL, if supported; else unset.
CHANGE_TITLE
For a multibranch project corresponding to some kind of change request, this will be set to the title of the change, if supported; else unset.
CHANGE_AUTHOR
For a multibranch project corresponding to some kind of change request, this will be set to the username of the author of the proposed change, if supported; else unset.
CHANGE_AUTHOR_DISPLAY_NAME
For a multibranch project corresponding to some kind of change request, this will be set to the human name of the author, if supported; else unset.
CHANGE_AUTHOR_EMAIL
For a multibranch project corresponding to some kind of change request, this will be set to the email address of the author, if supported; else unset.
CHANGE_TARGET
For a multibranch project corresponding to some kind of change request, this will be set to the target or base branch to which the change could be merged, if supported; else unset.
BUILD_NUMBER
The current build number, such as "153"
BUILD_ID
The current build ID, identical to BUILD_NUMBER for builds created in 1.597+, but a YYYY-MM-DD_hh-mm-ss timestamp for older builds
BUILD_DISPLAY_NAME
The display name of the current build, which is something like "#153" by default.
JOB_NAME
Name of the project of this build, such as "foo" or "foo/bar".
JOB_BASE_NAME
Short Name of the project of this build stripping off folder paths, such as "foo" for "bar/foo".
BUILD_TAG
String of "jenkins-${JOB_NAME}-${BUILD_NUMBER}". All forward slashes (/) in the JOB_NAME are replaced with dashes (-). Convenient to put into a resource file, a jar file, etc for easier identification.
EXECUTOR_NUMBER
The unique number that identifies the current executor (among executors of the same machine) that’s carrying out this build. This is the number you see in the "build executor status", except that the number starts from 0, not 1.
NODE_NAME
Name of the agent if the build is on an agent, or "master" if run on master
NODE_LABELS
Whitespace-separated list of labels that the node is assigned.
WORKSPACE
The absolute path of the directory assigned to the build as a workspace.
JENKINS_HOME
The absolute path of the directory assigned on the master node for Jenkins to store data.
JENKINS_URL
Full URL of Jenkins, like http://server:port/jenkins/ (note: only available if Jenkins URL set in system configuration)
BUILD_URL
Full URL of this build, like http://server:port/jenkins/job/foo/15/ (Jenkins URL must be set)
JOB_URL
Full URL of this job, like http://server:port/jenkins/job/foo/ (Jenkins URL must be set)
SVN_REVISION
Subversion revision number that's currently checked out to the workspace, such as "12345"
SVN_URL
Subversion URL that's currently checked out to the workspace.