CentOS安装gitlab,gerrit,jenkins并配置ci流程
By Wenbin juandx@163.com 2016/4/9
这是我参考了网上很多的文档,配置了这三个软件在一个机器上,web分别访问8081,8082,8083端口,成功构建了一个ci流程。
版本都是目前最新的版本。
用户
Gitlab: root/wenbindevops , wenbin/12345678
Gerrit: gerrit/gerrit, wenbin/wenbin, jenkins/jenkins
Jenkins: jenkins/jenkins
主机192.168.1.100:root/wb, wenbin/wenbin, gerrit/gerrit, gitlab的用户没有,jenkins的用户在/var/lib/jenkins,但是su – jenkins默认使用的还是root
配置文件
/ect/hosts
192.168.1.100 gitlab.wb.com
192.168.1.100 gerrit.wb.com
192.168.1.100 jenkins.wb.com
$adduser wenbin
$su - wenbin
安装jenkins
源配置:
- sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
- sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key
- sudo yum install jenkins
安装java,1.7以上版本
sudo yum install java
开启服务设置开机启动
- sudo systemctl enable jenkins
- sudo systemctl start jenkins
防火墙设置
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload
firewall-cmd --list-all
最后访问 localhost:8080 即可访问
jenkins配置文件在vim /etc/sysconfig/jenkins
用户在/var/lib/jenkins/
可以修改访问的端口等设置
改为访问8083端口
安装gitlab
(VENV)[wenbin@mail ~]$ sudo yum install openssh-server postfix cronie
(VENV)[wenbin@mail ~]$ sudo systemctl enable postfix
(VENV)[wenbin@mail ~]$ sudo systemctl start postfix
使用清华大学同步的源,因为安装官网的教程访问不了,可以翻墙的请忽略
curl https://packages.gitlab.com/gpg.key 2> /dev/null | sudo apt-key add - &>/dev/null
sudo vi /etc/yum.repos.d/gitlab-ce.repo
[gitlab-ce]
name=gitlab-ce
baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key
sudo yum makecache
sudo yum install gitlab-ce
sudo vim /etc/gitlab/gitlab.rb
将external_url = 'http://git.example.com'修改为http://gitlab.wb.com:8081
sudo gitlab-ctl reconfigure
直接在浏览器访问刚才修改的自己的ip或者域名,就能看到gitlab的页面了,登陆用下面的用户名和密码。
Username: root
Password: 5iveL!fe
登陆后会要求你更改密码的。
配置smtp
改为wenbindevops
$ sudo vi /etc/gitlab/gitlab.rb
# Change the external_url to the address your users will type in their browser
external_url 'http://xxhost.com'
#Sending application email via SMTP
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_user_name'] = "xxuser@163.com"
gitlab_rails['smtp_password'] = "xxpassword"
gitlab_rails['smtp_domain'] = "163.com"
gitlab_rails['smtp_authentication'] = :login
gitlab_rails['smtp_enable_starttls_auto'] = true
##修改gitlab配置的发信人
gitlab_rails['gitlab_email_from'] = "xxuser@163.com"
user["git_user_email"] = xxuser@163.com
sudo gitlab-ctl reconfigure
[root@mail .ssh]# ssh-keygen -C littlexiaowen@163.com
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
8a:be:f6:ef:29:94:48:83:ba:50:e7:5c:27:50:5d:eb littlexiaowen@163.com
The key's randomart image is:
+--[ RSA 2048]----+
| ... .. |
| . . . |
| . . . |
| o + o .. |
| o = + +S E |
|o +.o. |
|.. ... |
|. .. . . |
| .oo.++ |
+-----------------+
[root@mail .ssh]#
[root@mail .ssh]# cat id_rsa
id_rsa id_rsa.pub
[root@mail .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnJh76O8cllIjybl5SOJt9PL08Oz146SHoi8hjiRTxyv3o2DW0aermehP5Y9cGhWRmWJV7UJWtPZwXjAlwYQ6MHy6lMqWrpRWnJ93tRGZ8moyQ1Z141EWQExO+0GK7L1B+5S9XkmPTongXEgD2ncFkx4A4+XoiqOKVghl9RSLsYUaDYUPI64aep6RVaf1MxeZ3ZO6lcP+9yU5o6nxV7oZY05g0enM2gmTws02lWRQ2NM2CKcxr1ds0rbLahjmgOsmweiuWfIaReOOivpP97zQDAH7A2doYYEBYGWqy5S3itggQqW/C/w2f8A4iGFnhcVfa48JP5MqGkpIq90waxyi1 littlexiaowen@163.com
[root@mail .ssh]#
密码是12345678
然后去邮箱确认。
[wenbin@mail ~]$ ssh-keygen -C littlexiaowen1@163.com
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wenbin/.ssh/id_rsa):
Created directory '/home/wenbin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wenbin/.ssh/id_rsa.
Your public key has been saved in /home/wenbin/.ssh/id_rsa.pub.
The key fingerprint is:
b8:16:48:86:b5:e0:a2:ae:ed:f9:1e:d2:e3:48:2a:31 littlexiaowen1@163.com
The key's randomart image is:
+--[ RSA 2048]----+
| . . |
| . + . |
|. o + |
|.. o . . |
|. . o S |
|E . o |
| +o + o |
|o+ = + |
|+.=o+ |
+-----------------+
[wenbin@mail ~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSAm+x3IJMFRQvMmXKke3vakAojTT0O6egaInMs578vQaQMZT2DpHr1iZ9gQy3mdkcapLQeZdHVnGa5Wp7S0wlAvSeUc11mKoRWa4gIbALxPb3n5wbpszMMvvZWLcaMUz8HtPeRHQIhATQj6b6Zz3Ef11HEJ9a4TzPzAHkLlFaB5EXTdnbMDK14r1vkuGw2aOsFF6y3D7pROv7zzb5pz2p24r84a9nXeo8wD9tmp7xb9pwLRgRs2IhklZoxlwl6COc9Zy1gMJPzOboCeEGlwr1zHn1IfMIs/DgedUM7WWS3ZcirE6jX39dRgFC6GK8unTK2WYJoUKLqNBcAmeii3AJ littlexiaowen1@163.com
安装gerrit
修改/etc/selinux/config 文件
将SELINUX=enforcing改为SELINUX=disabled
vim /etc/profile
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
reboot
安装配置mysql
su – wenbin
sudo wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
sudo rpm -ivh mysql-community-release-el7-5.noarch.rpm
sudo yum install mysql-server mysql-client libmysqlclient-dev
mysql_install_db
systemctl start mysqld.service
mysql –u root –p
drop database gerritdb;
create database gerritdb;
GRANT ALL PRIVILEGES ON gerritdb.* TO 'gerrituser'@'localhost' IDENTIFIED BY 'gerritpass';
GRANT ALL PRIVILEGES ON gerritdb.* TO 'gerrituser'@'%' IDENTIFIED BY 'gerritpass';
adduser gerrit
passwd gerrit
su – gerrit
wget https://www.gerritcodereview.com/download/gerrit-2.12.2.war
[gerrit@mail ~]$ java -jar gerrit-2.12.2.war init -d review_site
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
*** Gerrit Code Review 2.12.2
***
*** Git Repositories
***
Location of Git repositories [/home/gerrit/git]:
*** SQL Database
***
Database server type [mysql]:
Server hostname [localhost]:
Server port [(mysql default)]:
Database name [gerritdb]:
Database username [gerrituser]:
Change gerrituser's password [y/N]?
*** Index
***
Type [LUCENE/?]:
The index must be rebuilt before starting Gerrit:
java -jar gerrit.war reindex -d site_path
*** User Authentication
***
Authentication method [HTTP/?]:
Get username from custom HTTP header [y/N]? n
SSO logout URL :
Enable signed push support [y/N]? n
*** Email Delivery
***
SMTP server hostname [smtp.163.com]:
SMTP server port [25]:
SMTP encryption [NONE/?]:
SMTP username [gerritsdfl]: littlexiaowen@163.com
littlexiaowen@163.com's password :
confirm password :
*** Container Process
***
Run as [gerrit]:
Java runtime [/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64/jre]:
Upgrade review_site/bin/gerrit.war [Y/n]? y
Copying gerrit-2.12.2.war to review_site/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
*** HTTP Daemon
***
Behind reverse proxy [Y/n]? y
Proxy uses SSL (https://) [y/N]? n
Subdirectory on proxy server [/]:
Listen on address [*]:
Listen on port [8082]: 8088
Canonical URL [http://mail.wenbin.com/]: http://gerrit.wb.com:8082
*** Plugins
***
Installing plugins.
Install plugin singleusergroup version v2.12.2 [Y/n]? y
version v2.12.2 is already installed, overwrite it [Y/n]? y
Install plugin commit-message-length-validator version v2.12.2 [Y/n]? y
version v2.12.2 is already installed, overwrite it [Y/n]? y
Install plugin reviewnotes version v2.12.2 [Y/n]? y
version v2.12.2 is already installed, overwrite it [Y/n]? y
Install plugin replication version v2.12.2 [Y/n]? y
version v2.12.2 is already installed, overwrite it [Y/n]? y
Install plugin download-commands version v2.12.2 [Y/n]? y
version v2.12.2 is already installed, overwrite it [Y/n]? y
Initializing plugins.
No plugins found with init steps.
Initialized /home/gerrit/review_site
[gerrit@mail ~]$ htpasswd
Usage:
htpasswd [-cimBdpsDv] [-C cost] passwordfile username
htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password
htpasswd -n[imBdps] [-C cost] username
htpasswd -nb[mBdps] [-C cost] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-b Use the password from the command line rather than prompting for it.
-i Read password from stdin without verification (for script usage).
-m Force MD5 encryption of the password (default).
-B Force bcrypt encryption of the password (very secure).
-C Set the computing time used for the bcrypt algorithm
(higher is more secure but slower, default: 5, valid: 4 to 31).
-d Force CRYPT encryption of the password (8 chars max, insecure).
-s Force SHA encryption of the password (insecure).
-p Do not encrypt the password (plaintext, insecure).
-D Delete the specified user.
-v Verify password for the specified user.
On other systems than Windows and NetWare the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.
配置反向代理nginx
[gerrit@mail ~]$ htpasswd -cd review_site/etc/passwords admin
sudo yum install nginx
sudo vim /etc/nginx/nginx.conf
vim /etc/selinux/config
设置为disable
[gerrit]
basePath = /home/gerrit/git
canonicalWebUrl = http://gerrit.wb.com
[database]
type = mysql
hostname = localhost
database = gerritdb
username = gerrituser
[index]
type = LUCENE
[auth]
type = HTTP
[receive]
enableSignedPush = false
[sendemail]
smtpServer = smtp.163.com
smtpServerPort = 25
smtpUser = littlexiaowen@163.com
from=CodeReview<littlexiaowen@163.com>
[container]
user = gerrit
javaHome = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://127.0.0.1:8088/
[cache]
directory = cache
vim /etc/nginx/nginx.conf
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 8082;
server_name gerrit.wb.com;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
auth_basic "Gerrit Code Review";
auth_basic_user_file /passwords;
proxy_pass http://127.0.0.1:8088;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
sudo cp bin/gerrit.sh /etc/init.d/gerrit
sudo ln -snf /etc/init.d/gerrit /etc/rc2.d/S90gerrit
sudo ln -snf /etc/init.d/gerrit /etc/rc3.d/S90gerrit
reboot
[gerrit@mail ~]$ ssh-keygen -C littlexiaowen@163.com
Generating public/private rsa key pair.
Enter file in which to save the key (/home/gerrit/.ssh/id_rsa):
Created directory '/home/gerrit/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/gerrit/.ssh/id_rsa.
Your public key has been saved in /home/gerrit/.ssh/id_rsa.pub.
The key fingerprint is:
81:36:c4:93:cc:d6:78:8c:fb:1f:ea:fc:37:48:6d:87 littlexiaowen@163.com
The key's randomart image is:
+--[ RSA 2048]----+
| +.* |
| .X.+ |
| .++. |
| ... . |
| .S . . |
| . o E . |
| + + . |
| .. o o |
| .o... . |
+-----------------+
[gerrit@mail ~]$ cd .ssh/
[gerrit@mail .ssh]$ ll
total 8
c-rw-------. 1 gerrit gerrit 1675 Apr 7 00:34 id_rsa
-rw-r--r--. 1 gerrit gerrit 403 Apr 7 00:34 id_rsa.pub
[gerrit@mail .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvAaJsr/O0kY60Uu16h4NP/fhxbg0FPWuMWepOyy716kjy/GCCj9t2pZ92yS/AQBon5NCJcgiKCwE3520KCvZeKQfAQGsCuStdDyj71kUoHgITimSaqcS13VL2l36/pj9rfCVtV+7+kdBAyyskzRvba77ozFV7wf/J58IJgmQ61+b/kCjxq4GnBXp95uGXZGWvW0+j3/s6lNbGnqD9yDTcSxCbIRwj4RVGEQ29sq3T2tYAPDFEu1fT6xzbvDq14KtGN4W21d2vcM4hTs7ByLizbIUPchpPRB60jn4ZvEyvKd9ves4a1NRUYknaFqk+TS12AwQCiWNF4X3bI0gjBn33 littlexiaowen@163.com
[gerrit@mail .ssh]$
配置和jenkins对接
在gerrit创建jenkins用户
把jenkins用户加入Non-Interactive的组中
- Projects -> List -> All-Projects
- Projects -> Access -> Edit -> 找到 Reference: refs/heads/* 项 -> Add Permission -> Label Verified-> Group Name 里输入 Non-Interactive Users -> 回车 或者 点击Add 按钮 -> 在最下面点击 Save Changes 保存更改
保存后把jenkins加入这个group
[root@mail rc2.d]# htpasswd -m /passwords Jenkins
Su – wenbin
git clone git@gitlab.wb.com:devops/openstack.git
git config user.name 'admin'
[wenbin@mail openstack]$ git config user.email 'littlexiaowen@163.com'
vim .gitreview
[gerrit]
host=gerrit.wb.com
port=29418
project=openstack.git
git add .
git commit –m ‘add file gitreview’
git push origin master
gerrit和gitlab对接
su – gerrit
vim review_site/etc/replication.config
[remote "openstack"]
# Gerrit openstack
projects = openstack
url = git@gitlab.wb.com:devops/openstack.git
push = +refs/heads/*:refs/heads/*
push = +refs/tags/*:refs/tags/*
push = +refs/changes/*:refs/changes/*
threads = 3
sudo cp -r /root/.ssh/ /var/lib/jenkins/
sudo chown -R jenkins:jenkins /var/lib/jenkins/.ssh/
sudo vim /etc/init.d/gerrit
GERRIT_SITE=/home/gerrit/review_site
/etc/init.d/gerrit restart
ssh -p 29418 gerrit@gerrit.wb.com gerrit create-project openstack
cd git
rm -rf openstack.git/
把gerrit用户的公钥拷贝到gitlab的root用户的sshkey中
git clone --bare git@gitlab.wb.com:devops/openstack.git
jenkins配置
开启用户注册功能,点击 -> 系统管理 -> Configure Global Security -> 勾上启用安全
注册一个jenkins用户 Jenkins/jenkins
然后打开刚刚的页面,把允许用户注册勾掉
把/var/lib/jenkins下的公钥拷贝到gerrit的jenkins用户的sshkey
配置smtp:
Save后点一下下图的status,不然不会生效
创建gerrit的自动trigger
su – wenbin
htpasswd –m /passwords wenbin
然后登陆gerrit,用wenbin的账户登陆,添加wenbin的publickey
sudo yum install git-review gitweb
git clone ssh://wenbin@gerrit.wb.com:29418/openstack
git config user.name wenbin
(VENV)[wenbin@mail openstack]$ git config user.email 'littlexiaowen1@163.com'
vim test1
git add .
git commit –m ‘test1’
git review
配置ssh使得gerrit的replication生效
这时候发现gerrit的replication报错 gerrit Cannot replicate reject HostKey:
是因为ssh没有设置好
su – gerrit
cd .ssh/
vim config
Host gitlab.wb.com:
IdentityFile ~/.ssh/id_rsa
PreferredAuthentications publickey
ssh-keyscan -t rsa gitlab.wb.com >> /home/gerrit/.ssh/known_hosts
ssh-keygen -H -f /home/gerrit/.ssh/known_hosts
/etc/init.d/gerrit restart
然后应该replication就ok了
然后clone失败,就把刚才.ssh/config文件删除了,ok
如果replication报错replication faild reason: pre-receive hook declined
我就把gerrit的openstack.git删除,重新git clone –bare git@gitlab.wb.com:devops/openstack.git就好了
然后当你git review后就会发现jenkins会触发了,然后就可以review code,手动submit后就会自动同步到gitlab了,太nb了。。。
设置publish over ssh
在系统设置中 添加ssh server
在代码中添加 build/mkpkg.sh
#!/bin/bash
rm -rf myapp-new.tar.gz
tar cvzf /tmp/myapp-new.tar.gz . --exclude .git --exclude .gitreview --exclude .gitreview
cp /tmp/myapp-new.tar.gz ./
再配置一下构建
### service stop ###
#service httpd stop
#service celery-worker stop
### backup ###
cd /home/wenbin/myapp
tar czvf /root/myapp.tar.gz .
#mysqldump -u root -d mustang > /root/mustang.sql
#mysqldump -u root -t mustang > /root/mustang-table.sql
#cp mustang_conf.py /root/
### build ###
cd /home/wenbin/myapp
rm -rf *
tar xzvf /root/myapp-new.tar.gz
chown wenbin:wenbin ./ -R
#cp /root/mustang_conf.py .
### service start ###
#service httpd start
#service celery-worker start
当然先得在ssh的那个server上新建/home/wenbin/myapp目录
最后提示一点,gerrit的trigger的这个项目不能手动构建,因为分支不一样,手动构建会提示找不到分支,只能由git review后触发。
参考:
http://blog.csdn.net/stwstw0123/article/details/47615535