CICD全流程
Jenkins 的安装
#关闭防火墙和SELinux
#设置语言环境,防止后期Jenkins汉化出问题
[root@ubuntu2204 ~]#localectl set-locale LANG=en_US.UTF-8
[root@ubuntu2204 ~]#localectl status
System Locale: LANG=en_US.UTF-8
VC Keymap: n/a
X11 Layout: us
X11 Model: pc105
#jenkins基于JAVA实现,安装jenkins前需要先安装 JDK
[root@ubuntu2004 ~]#apt -y install openjdk-11-jdk
#Ubuntu二进制包安装jenkins脚本
-------------------------------------------------
#!/bin/bash
JENKINS_VERSION=2.375.2
URL="https://mirrors.tuna.tsinghua.edu.cn/jenkins/debian-stable/jenkins_${JENKINS_VERSION}_all.deb"
GREEN="echo -e \E[32;1m"
END="\E[0m"
HOST=`hostname -I|awk '{print $1}'`
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_java(){
if [ $ID = "centos" -o $ID = "rocky" ];then
#yum -y install java-1.8.0-openjdk
yum -y install java-11-openjdk
else
apt update
#apt -y install openjdk-8-jdk
apt -y install openjdk-11-jdk
fi
if [ $? -eq 0 ];then
color "安装java完成!" 0
else
color "安装java失败!" 1
exit
fi
}
install_jenkins() {
wget -P /usr/local/src/ $URL || { color "下载失败!" 1 ;exit ; }
if [ $ID = "centos" -o $ID = "rocky" ];then
yum -y install /usr/local/src/${URL##*/}
systemctl enable jenkins
systemctl start jenkins
else
apt -y install daemon net-tools || { color "安装依赖包失败!" 1 ;exit ; }
dpkg -i /usr/local/src/${URL##*/}
fi
if [ $? -eq 0 ];then
color "安装Jenkins完成!" 0
else
color "安装Jenkins失败!" 1
exit
fi
}
start_jenkins() {
while :;do
[ -f /var/lib/jenkins/secrets/initialAdminPassword ] && \
{ key=`cat /var/lib/jenkins/secrets/initialAdminPassword` ; break; }
sleep 1
done
color "Jenkins安装完成!" 0
echo "-------------------------------------------------------------------"
echo -e "访问链接: \c"
${GREEN}"http://$HOST:8080/"${END}
echo -e "登录秘钥: \c"
${GREEN}$key${END}
}
install_java
install_jenkins
start_jenkins
-------------------------------------------------
bash 执行上述脚本
...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
Selecting previously unselected package jenkins.
(Reading database ... 69202 files and directories currently installed.)
Preparing to unpack .../src/jenkins_2.375.2_all.deb ...
Unpacking jenkins (2.375.2) ...
Setting up jenkins (2.375.2) ...
Created symlink /etc/systemd/system/multi-user.target.wants/jenkins.service → /lib/systemd/system/jenkins.service.
安装Jenkins完成! [ OK ]
Jenkins安装完成! [ OK ]
-------------------------------------------------------------------
访问链接: http://10.0.0.202:8080/
登录秘钥: 9f6f12195cac4d67a86a09a7c2461783
创建 Jenkins 管理员,系统默认有一个管理员帐号admin,继续即可
#用户信息保存在下面目录
[root@jenkins ~]#ls /var/lib/jenkins/users/
Jenkins 基础配置
- 如果因为防火墙等原因导致安装插件失败或者安装插件缓慢,可以更改 Jenkins 的镜像源为国内镜像站
[root@jenkins ~]#sed -i.bak 's#updates.jenkins.io/download#mirror.tuna.tsinghua.edu.cn/jenkins#g' /var/lib/jenkins/updates/default.json
[root@jenkins ~]#sed -i 's#www.google.com#www.baidu.com#g' /var/lib/jenkins/updates/default.json
#注意:如果是tomcat运行war包方式需要下面路径
[root@jenkins ~]#sed -i.bak
's#https://updates.jenkins.io/download#https://mirror.tuna.tsinghua.edu.cn/jenkins#g' /root/.jenkins/updates/default.json
将升级站点URL替换成下面国内镜像地址
将升级站点URL替换成下面国内镜像地址,提交后再次安装插件即可
#查看镜像源
http://mirrors.jenkins-ci.org/status.html
#默认镜像源
https://updates.jenkins.io/update-center.json
#国内镜像源
https://mirror.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
https://mirrors.aliyun.com/jenkins/updates/update-center.json
重启jenkins
[root@jenkins ~]#systemctl restart jenkins
[root@jenkins ~]#systemctl status jenkins
● jenkins.service - Jenkins Continuous Integration Server
Loaded: loaded (/lib/systemd/system/jenkins.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-02-09 11:07:49 CST; 5s ago
Main PID: 4128 (java)
Tasks: 50 (limit: 4534)
Memory: 213.3M
CPU: 8.326s
CGroup: /system.slice/jenkins.service
└─4128 /usr/bin/java -Djava.awt.headless=true -jar /usr/share/java/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080
Feb 09 11:07:49 jenkins jenkins[4128]: 2023-02-09 03:07:49.227+0000 [id=29] INFO jenkins.InitReactorRunner$1#onAttained: Loaded all jobs
Feb 09 11:07:49 jenkins jenkins[4128]: 2023-02-09 03:07:49.229+0000 [id=29] INFO jenkins.InitReactorRunner$1#onAttained: Configuration for all jobs updated
Feb 09 11:07:49 jenkins jenkins[4128]: WARNING: An illegal reflective access operation has occurred
Feb 09 11:07:49 jenkins jenkins[4128]: WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v7.Java7$1 (file:/var/cache/jenkins/war/WEB-INF/lib/groovy-all-2.4.21.ja
r) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
Feb 09 11:07:49 jenkins jenkins[4128]: WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.vmplugin.v7.Java7$1
Feb 09 11:07:49 jenkins jenkins[4128]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Feb 09 11:07:49 jenkins jenkins[4128]: WARNING: All illegal access operations will be denied in a future release
Feb 09 11:07:49 jenkins jenkins[4128]: 2023-02-09 03:07:49.511+0000 [id=30] INFO jenkins.InitReactorRunner$1#onAttained: Completed initialization
Feb 09 11:07:49 jenkins jenkins[4128]: 2023-02-09 03:07:49.528+0000 [id=22] INFO hudson.lifecycle.Lifecycle#onReady: Jenkins is fully up and running
Feb 09 11:07:49 jenkins systemd[1]: Started Jenkins Continuous Integration Server.
- 修改 Jenkins 的启动用户为 root
默认Jenkins以jenkins的用户身份运行,会导致权限受限,可以修改service文件设为root身份运行解决此问题
[root@jenkins ~]#vim /lib/systemd/system/jenkins.service
[root@jenkins ~]#cat /lib/systemd/system/jenkins.service |grep root
User=root
Group=root
[root@jenkins ~]#systemctl daemon-reload
[root@jenkins ~]#systemctl restart jenkins
- 优化配置
默认只能并行2个任务,建议根据CPU核心数,将执行者数量修改为CPU的核数
[root@jenkins ~]#lscpu
架构: x86_64
CPU 运行模式: 32-bit, 64-bit
Address sizes: 45 bits physical, 48 bits virtual
字节序: Little Endian
CPU: 8
在线 CPU 列表: 0-7
- Jenkins 的备份还原
Jenkins的相关数据都是放在主目录中, 将主目录备份即可实现Jenkins的备份,必要时用于还原另外如果有相关脚本等,也需要进行备份
#以下除了特别的文件根据需要课不备份,其他的都需要备份存档
[root@jenkins ~]#ll /var/lib/jenkins/
总用量 124
drwxr-xr-x 13 root root 4096 2月 8 14:20 ./
drwxr-xr-x 28 root root 4096 2月 7 15:59 ../
drwxr-xr-x 4 jenkins jenkins 4096 2月 7 16:00 .cache/
-rw-r--r-- 1 root root 1691 2月 8 14:20 config.xml
-rw-r--r-- 1 root root 186 2月 8 14:20 hudson.model.UpdateCenter.xml
-rw-r--r-- 1 root root 76 2月 7 20:32 hudson.tasks.Shell.xml
-rw-r--r-- 1 root root 216 2月 7 20:32 hudson.triggers.SCMTrigger.xml
-rw------- 1 jenkins jenkins 1680 2月 7 17:45 identity.key.enc
drwxr-xr-x 3 jenkins jenkins 4096 2月 7 16:00 .java/
-rw-r--r-- 1 root root 277 2月 7 20:32 jenkins.fingerprints.GlobalFingerprintConfiguration.xml
-rw-r--r-- 1 jenkins jenkins 7 2月 8 14:20 jenkins.install.InstallUtil.lastExecVersion
-rw-r--r-- 1 jenkins jenkins 7 2月 7 17:33 jenkins.install.UpgradeWizard.state
-rw-r--r-- 1 root root 159 2月 7 20:32 jenkins.model.ArtifactManagerConfiguration.xml
-rw-r--r-- 1 root root 253 2月 7 20:32 jenkins.model.GlobalBuildDiscarderConfiguration.xml
-rw-r--r-- 1 root root 261 2月 7 20:32 jenkins.model.JenkinsLocationConfiguration.xml
-rw-r--r-- 1 root root 86 2月 7 20:32 jenkins.security.ResourceDomainConfiguration.xml
-rw-r--r-- 1 root root 179 2月 7 20:32 jenkins.tasks.filters.EnvVarsFilterGlobalConfiguration.xml
-rw-r--r-- 1 jenkins jenkins 171 2月 7 16:00 jenkins.telemetry.Correlator.xml
-----------------------
jobs配置需要备份(config.xml, nextBuildNumber), builds目录(build logs等)根据需求而定
-----------------------
drwxr-xr-x 4 jenkins jenkins 4096 2月 7 21:17 jobs/
-rw-r--r-- 1 jenkins jenkins 0 2月 8 14:20 .lastStarted
------------------------
插件logs,根据需求而定,可以不备份
------------------------
drwxr-xr-x 3 root root 4096 2月 7 21:23 logs/
------------------------
nodeMonitors可以不备份,插件会实时生成监控数据
------------------------
-rw-r--r-- 1 root root 907 2月 8 14:20 nodeMonitors.xml
drwxr-xr-x 2 jenkins jenkins 4096 2月 7 16:00 nodes/
-rw-r--r-- 1 jenkins jenkins 3 2月 8 20:52 .owner
-----------------------
plugins需要备份 *.jpi及 *.hpi,可以不备份每个插件子目录,jenkins启动后会更新插件子目录
-----------------------
drwxr-xr-x 12 jenkins jenkins 4096 2月 7 17:45 plugins/
-rw-r--r-- 1 root root 129 2月 7 23:00 queue.xml.bak
-rw-r--r-- 1 jenkins jenkins 64 2月 7 16:00 secret.key
-rw-r--r-- 1 jenkins jenkins 0 2月 7 16:00 secret.key.not-so-secret
drwx------ 2 jenkins jenkins 4096 2月 7 21:08 secrets/
drwxr-xr-x 2 jenkins jenkins 4096 2月 7 17:36 updates/
-----------------------
userContent用户上传内容,可以根据需要备份
-----------------------
drwxr-xr-x 2 jenkins jenkins 4096 2月 7 16:00 userContent/
-----------------------
users用户缓存信息,最好备份
-----------------------
drwxr-xr-x 3 jenkins jenkins 4096 2月 7 16:00 users/
drwxr-xr-x 4 root root 4096 2月 7 21:18 workspace/
我是moore,大家一起加油!