你的位置:首页 > ASP.net教程

[ASP.net教程]CentOS安装gitlab,gerrit,jenkins并配置ci流程


CentOS安装gitlab,gerrit,jenkins并配置ci流程

By Wenbin juandx@163.com 2016/4/9

 

这是我参考了网上很多的文档,配置了这三个软件在一个机器上,web分别访问8081,8082,8083端口,成功构建了一个ci流程。

版本都是目前最新的版本。

 

用户

Gitlab:  root/wenbindevops , wenbin/12345678

Gerrit:  gerrit/gerrit, wenbin/wenbin, jenkins/jenkins

Jenkins:  jenkins/jenkins

 

主机192.168.1.100:root/wb, wenbin/wenbin, gerrit/gerrit,   gitlab的用户没有,jenkins的用户在/var/lib/jenkins,但是su – jenkins默认使用的还是root

 

配置文件

/ect/hosts

192.168.1.100 gitlab.wb.com

192.168.1.100 gerrit.wb.com

192.168.1.100 jenkins.wb.com

 

$adduser wenbin

$su - wenbin

安装jenkins

 

源配置:

  • sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
  • sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key
  • sudo yum install jenkins

 

安装java1.7以上版本

sudo yum install java



开启服务设置开机启动

  • sudo systemctlenable jenkins
  • sudosystemctl start jenkins

 

防火墙设置

firewall-cmd--zone=public --add-port=8080/tcp --permanent

firewall-cmd--zone=public --add-service=http --permanent

firewall-cmd --reload

firewall-cmd--list-all

 

最后访问 localhost:8080 即可访问

jenkins配置文件在vim /etc/sysconfig/jenkins

用户在/var/lib/jenkins/

可以修改访问的端口等设置

改为访问8083端口

 

安装gitlab

(VENV)[wenbin@mail ~]$ sudo yum installopenssh-server postfix cronie

 

(VENV)[wenbin@mail ~]$ sudo systemctlenable postfix

(VENV)[wenbin@mail ~]$ sudo systemctlstart  postfix

 

使用清华大学同步的源,因为安装官网的教程访问不了,可以FQ的请忽略

 

curl https://packages.gitlab.com/gpg.key2> /dev/null | sudo apt-key add - &>/dev/null

sudo vi /etc/yum.repos.d/gitlab-ce.repo

 

[gitlab-ce]

name=gitlab-ce

baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7

repo_gpgcheck=0

gpgcheck=0

enabled=1

gpgkey=https://packages.gitlab.com/gpg.key

 

 

sudo yum makecache

sudo yum install gitlab-ce

 

 

 

 

sudo vim /etc/gitlab/gitlab.rb

 

将external_url = 'http://git.example.com'修改为http://gitlab.wb.com:8081

 

sudo gitlab-ctlreconfigure

 

直接在浏览器访问刚才修改的自己的ip或者域名,就能看到gitlab的页面了,登陆用下面的用户名和密码。

Username: root

Password: 5iveL!fe

登陆后会要求你更改密码的。

配置smtp

改为wenbindevops

 

$ sudo vi/etc/gitlab/gitlab.rb                           

# Change theexternal_url to the address your users will type in their browser

external_url'http://xxhost.com'

 

#Sending applicationemail via SMTP

gitlab_rails['smtp_enable']= true

gitlab_rails['smtp_address']= "smtp.163.com"

gitlab_rails['smtp_port']= 25

gitlab_rails['smtp_user_name']= "xxuser@163.com"

gitlab_rails['smtp_password']= "xxpassword"

gitlab_rails['smtp_domain']= "163.com"

gitlab_rails['smtp_authentication']= :login

gitlab_rails['smtp_enable_starttls_auto']= true

 

##修改gitlab配置的发信人

gitlab_rails['gitlab_email_from']= "xxuser@163.com"

user["git_user_email"]= xxuser@163.com

 

sudo gitlab-ctlreconfigure

 

 

 

 

 

 

 

 

 

 

 

[root@mail .ssh]#ssh-keygen -C littlexiaowen@163.com

Generatingpublic/private rsa key pair.

Enter file in whichto save the key (/root/.ssh/id_rsa):

Enter passphrase(empty for no passphrase):

Enter same passphraseagain:

Your identificationhas been saved in /root/.ssh/id_rsa.

Your public key hasbeen saved in /root/.ssh/id_rsa.pub.

The key fingerprintis:

8a:be:f6:ef:29:94:48:83:ba:50:e7:5c:27:50:5d:eblittlexiaowen@163.com

The key's randomartimage is:

+--[ RSA 2048]----+

|     ... ..     |

|    .  .  .     |

|   . .   .      |

|  o + o ..      |

| o = + +S E      |

|o   +.o.        |

|..  ...         |

|.  .. . .       |

|   .oo.++       |

+-----------------+

[root@mail .ssh]#

 

 

[root@mail .ssh]# catid_rsa

id_rsa      id_rsa.pub 

[root@mail .ssh]# catid_rsa.pub

ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQCnJh76O8cllIjybl5SOJt9PL08Oz146SHoi8hjiRTxyv3o2DW0aermehP5Y9cGhWRmWJV7UJWtPZwXjAlwYQ6MHy6lMqWrpRWnJ93tRGZ8moyQ1Z141EWQExO+0GK7L1B+5S9XkmPTongXEgD2ncFkx4A4+XoiqOKVghl9RSLsYUaDYUPI64aep6RVaf1MxeZ3ZO6lcP+9yU5o6nxV7oZY05g0enM2gmTws02lWRQ2NM2CKcxr1ds0rbLahjmgOsmweiuWfIaReOOivpP97zQDAH7A2doYYEBYGWqy5S3itggQqW/C/w2f8A4iGFnhcVfa48JP5MqGkpIq90waxyi1littlexiaowen@163.com

[root@mail .ssh]#

 

 

 

 

 

 

 

 

密码是12345678

然后去邮箱确认。

 

 

[wenbin@mail ~]$ssh-keygen -C littlexiaowen1@163.com

Generatingpublic/private rsa key pair.

Enter file in whichto save the key (/home/wenbin/.ssh/id_rsa):

Created directory'/home/wenbin/.ssh'.

Enter passphrase(empty for no passphrase):

Enter same passphraseagain:

Your identificationhas been saved in /home/wenbin/.ssh/id_rsa.

Your public key hasbeen saved in /home/wenbin/.ssh/id_rsa.pub.

The key fingerprintis:

b8:16:48:86:b5:e0:a2:ae:ed:f9:1e:d2:e3:48:2a:31littlexiaowen1@163.com

The key's randomartimage is:

+--[ RSA 2048]----+

|  . .           |

| . + .           |

|. o +            |

|.. o . .         |

|.   . o S       |

|E  .  o         |

| +o + o          |

|o+ = +           |

|+.=o+            |

+-----------------+

[wenbin@mail ~]$ cat.ssh/id_rsa.pub

ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQDSAm+x3IJMFRQvMmXKke3vakAojTT0O6egaInMs578vQaQMZT2DpHr1iZ9gQy3mdkcapLQeZdHVnGa5Wp7S0wlAvSeUc11mKoRWa4gIbALxPb3n5wbpszMMvvZWLcaMUz8HtPeRHQIhATQj6b6Zz3Ef11HEJ9a4TzPzAHkLlFaB5EXTdnbMDK14r1vkuGw2aOsFF6y3D7pROv7zzb5pz2p24r84a9nXeo8wD9tmp7xb9pwLRgRs2IhklZoxlwl6COc9Zy1gMJPzOboCeEGlwr1zHn1IfMIs/DgedUM7WWS3ZcirE6jX39dRgFC6GK8unTK2WYJoUKLqNBcAmeii3AJlittlexiaowen1@163.com

 

 

 

 

 

 

 

 

 

 

安装gerrit

 

修改/etc/selinux/config文件

将SELINUX=enforcing改为SELINUX=disabled

 

vim /etc/profile

export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64

export JRE_HOME=$JAVA_HOME/jre

exportCLASSPATH=$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH

exportPATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH

 

 

reboot

 

安装配置mysql

 

su – wenbin

 

sudo wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm

 

 

sudo rpm -ivhmysql-community-release-el7-5.noarch.rpm

 

 

sudo yum install mysql-server mysql-client libmysqlclient-dev

 

 

 

mysql_install_db

 

 

 

systemctl start  mysqld.service

 

mysql –u root –p

 

drop database gerritdb;

create database gerritdb;

GRANT ALL PRIVILEGES ON gerritdb.* TO'gerrituser'@'localhost' IDENTIFIED BY 'gerritpass';

GRANT ALL PRIVILEGES ON gerritdb.* TO'gerrituser'@'%' IDENTIFIED BY 'gerritpass';

 

 

 

adduser gerrit

passwd gerrit

 

 

su – gerrit

wget https://www.gerritcodereview.com/download/gerrit-2.12.2.war

 

[gerrit@mail ~]$ java -jargerrit-2.12.2.war init -d review_site

Using secure store:com.google.gerrit.server.securestore.DefaultSecureStore

 

*** Gerrit Code Review 2.12.2

***

 

 

*** Git Repositories

***

 

Location of Git repositories   [/home/gerrit/git]:

 

*** SQL Database

***

 

Database server type           [mysql]:

Server hostname                [localhost]:

Server port                    [(mysql default)]:

Database name                  [gerritdb]:

Database username              [gerrituser]:

Change gerrituser's password   [y/N]?

 

*** Index

***

 

Type                           [LUCENE/?]:

 

The index must be rebuilt before startingGerrit:

 java -jar gerrit.war reindex -d site_path

 

*** User Authentication

***

 

Authentication method          [HTTP/?]:

Get username from custom HTTP header [y/N]?n

SSO logout URL                 :

Enable signed push support     [y/N]? n

 

*** Email Delivery

***

 

SMTP server hostname           [smtp.163.com]:

SMTP server port               [25]:

SMTP encryption                [NONE/?]:

SMTP username                  [gerritsdfl]:littlexiaowen@163.com

littlexiaowen@163.com's password :

              confirm password :

 

*** Container Process

***

 

Run as                         [gerrit]:

Java runtime                  [/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64/jre]:

Upgrade review_site/bin/gerrit.war [Y/n]? y

Copying gerrit-2.12.2.war toreview_site/bin/gerrit.war

 

*** SSH Daemon

***

 

Listen on address              [*]:

Listen on port                 [29418]:

 

*** HTTP Daemon

***

 

Behind reverse proxy           [Y/n]? y

Proxy uses SSL (https://)      [y/N]? n

Subdirectory on proxy server   [/]:

Listen on address              [*]:

Listen on port                 [8082]: 8088

Canonical URL                  [http://mail.wenbin.com/]:http://gerrit.wb.com:8082

 

*** Plugins

***

 

Installing plugins.

Install plugin singleusergroup versionv2.12.2 [Y/n]? y

version v2.12.2 is already installed,overwrite it [Y/n]? y

Install plugincommit-message-length-validator version v2.12.2 [Y/n]? y

version v2.12.2 is already installed,overwrite it [Y/n]? y

Install plugin reviewnotes version v2.12.2[Y/n]? y

version v2.12.2 is already installed,overwrite it [Y/n]? y

Install plugin replication version v2.12.2[Y/n]? y

version v2.12.2 is already installed,overwrite it [Y/n]? y

Install plugin download-commands versionv2.12.2 [Y/n]? y

version v2.12.2 is already installed,overwrite it [Y/n]? y

Initializing plugins.

No plugins found with init steps.

 

Initialized /home/gerrit/review_site

[gerrit@mail ~]$ htpasswd

Usage:

         htpasswd[-cimBdpsDv] [-C cost] passwordfile username

         htpasswd-b[cmBdpsDv] [-C cost] passwordfile username password

 

         htpasswd-n[imBdps] [-C cost] username

         htpasswd-nb[mBdps] [-C cost] username password

 -c Create a new file.

 -n Don't update file; display results on stdout.

 -b  Usethe password from the command line rather than prompting for it.

 -i  Readpassword from stdin without verification (for script usage).

 -m Force MD5 encryption of the password (default).

 -B Force bcrypt encryption of the password (very secure).

 -C  Setthe computing time used for the bcrypt algorithm

    (higher is more secure but slower, default: 5, valid: 4 to 31).

 -d Force CRYPT encryption of the password (8 chars max, insecure).

 -s Force SHA encryption of the password (insecure).

 -p  Donot encrypt the password (plaintext, insecure).

 -D Delete the specified user.

 -v Verify password for the specified user.

On other systems than Windows and NetWarethe '-p' flag will probably not work.

The SHA algorithm does not use a salt andis less secure than the MD5 algorithm.

 

配置反向代理nginx

 

[gerrit@mail ~]$ htpasswd -cdreview_site/etc/passwords admin

 

 

sudo yum install nginx

 

sudo vim /etc/nginx/nginx.conf

 

 

 

vim /etc/selinux/config

设置为disable

 

 

[gerrit]

       basePath = /home/gerrit/git

       canonicalWebUrl = http://gerrit.wb.com

[database]

       type = mysql

       hostname = localhost

       database = gerritdb

       username = gerrituser

[index]

       type = LUCENE

[auth]

       type = HTTP

[receive]

       enableSignedPush = false

[sendemail]

       smtpServer = smtp.163.com

       smtpServerPort = 25

       smtpUser = littlexiaowen@163.com

       from=CodeReview<littlexiaowen@163.com>

[container]

       user = gerrit

       javaHome =/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64/jre

[sshd]

       listenAddress = *:29418

[httpd]

       listenUrl = proxy-http://127.0.0.1:8088/

[cache]

       directory = cache

 

 

 

vim /etc/nginx/nginx.conf

# Load modular configuration files from the/etc/nginx/conf.d directory.

    #See http://nginx.org/en/docs/ngx_core_module.html#include

    #for more information.

   include /etc/nginx/conf.d/*.conf;

 

   server {

       listen       8082;

       server_name  gerrit.wb.com;

       root        /usr/share/nginx/html;

 

       # Load configuration files for the default server block.

       include /etc/nginx/default.d/*.conf;

 

       location / {

         auth_basic             "Gerrit Code Review";

         auth_basic_user_file   /passwords;

         proxy_pass             http://127.0.0.1:8088;

         proxy_set_header       X-Forwarded-For $remote_addr;

         proxy_set_header        Host$host;

       }

       error_page 404 /404.html;

           location = /40x.html {

       }

 

       error_page 500 502 503 504 /50x.html;

           location = /50x.html {

       }

    }

 

 

 

sudo cp bin/gerrit.sh /etc/init.d/gerrit

 

sudo ln -snf /etc/init.d/gerrit/etc/rc2.d/S90gerrit

sudo ln -snf /etc/init.d/gerrit/etc/rc3.d/S90gerrit

 

reboot

 

[gerrit@mail ~]$ ssh-keygen -Clittlexiaowen@163.com

Generating public/private rsa key pair.

Enter file in which to save the key(/home/gerrit/.ssh/id_rsa):

Created directory '/home/gerrit/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in/home/gerrit/.ssh/id_rsa.

Your public key has been saved in/home/gerrit/.ssh/id_rsa.pub.

The key fingerprint is:

81:36:c4:93:cc:d6:78:8c:fb:1f:ea:fc:37:48:6d:87littlexiaowen@163.com

The key's randomart image is:

+--[ RSA 2048]----+

|    +.*         |

|    .X.+        |

|    .++.        |

|    ... .       |

|      .S  . .   |

|       . o E .  |

|        + + .   |

|      .. o o    |

|      .o... .   |

+-----------------+

[gerrit@mail ~]$ cd .ssh/

[gerrit@mail .ssh]$ ll

total 8

c-rw-------. 1 gerrit gerrit 1675 Apr  7 00:34 id_rsa

-rw-r--r--. 1 gerrit gerrit  403 Apr 7 00:34 id_rsa.pub

[gerrit@mail .ssh]$ cat id_rsa.pub

ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQCvAaJsr/O0kY60Uu16h4NP/fhxbg0FPWuMWepOyy716kjy/GCCj9t2pZ92yS/AQBon5NCJcgiKCwE3520KCvZeKQfAQGsCuStdDyj71kUoHgITimSaqcS13VL2l36/pj9rfCVtV+7+kdBAyyskzRvba77ozFV7wf/J58IJgmQ61+b/kCjxq4GnBXp95uGXZGWvW0+j3/s6lNbGnqD9yDTcSxCbIRwj4RVGEQ29sq3T2tYAPDFEu1fT6xzbvDq14KtGN4W21d2vcM4hTs7ByLizbIUPchpPRB60jn4ZvEyvKd9ves4a1NRUYknaFqk+TS12AwQCiWNF4X3bI0gjBn33littlexiaowen@163.com

[gerrit@mail .ssh]$

 

配置和jenkins对接

 

 

在gerrit创建jenkins用户

把jenkins用户加入Non-Interactive的组中

  • Projects -> List -> All-Projects
  • Projects -> Access -> Edit ->找到 Reference: refs/heads/*  -> AddPermission -> Label Verified-> Group Name 里输入 Non-Interactive Users -> 回车 或者 点击Add 按钮 -> 在最下面点击 Save Changes 保存更改

 

 

 

 

 

 

 

 

 

 

 

 

 

 

保存后把jenkins加入这个group

 

 

 

 

 

 

[root@mail rc2.d]#  htpasswd -m /passwords Jenkins

 

 

Su – wenbin

git clonegit@gitlab.wb.com:devops/openstack.git


git config user.name 'admin'

[wenbin@mail openstack]$ git configuser.email 'littlexiaowen@163.com'

 

 

vim .gitreview

[gerrit]

host=gerrit.wb.com

port=29418

project=openstack.git

 

 

git add .

git commit –m ‘add file gitreview’

git push origin master

 

 

gerrit和gitlab对接

 

su – gerrit

vim review_site/etc/replication.config

[remote "openstack"]

# Gerrit openstack     

projects = openstack

url =git@gitlab.wb.com:devops/openstack.git

push = +refs/heads/*:refs/heads/*

push = +refs/tags/*:refs/tags/*

push = +refs/changes/*:refs/changes/*

threads = 3

 

 

sudo cp -r /root/.ssh/ /var/lib/jenkins/

sudo chown -R jenkins:jenkins/var/lib/jenkins/.ssh/

 

sudo vim /etc/init.d/gerrit

GERRIT_SITE=/home/gerrit/review_site

/etc/init.d/gerrit restart

 

ssh -p 29418 gerrit@gerrit.wb.com gerritcreate-project openstack

cd git

rm -rf openstack.git/

 

把gerrit用户的公钥拷贝到gitlab的root用户的sshkey中

 

git clone --bare git@gitlab.wb.com:devops/openstack.git

 

jenkins配置

开启用户注册功能,点击 -> 系统管理 -> Configure Global Security -> 勾上启用安全

 

 

 

 

注册一个jenkins用户   Jenkins/jenkins

 

然后打开刚刚的页面,把允许用户注册勾掉

 

 

 

 

 

 

 

 

 

把/var/lib/jenkins下的公钥拷贝到gerrit的jenkins用户的sshkey

 

配置smtp:

 

 

 

 

 

 

 

 

 

 

 

 

 

Save后点一下下图的status,不然不会生效

 

 

 

 

 

 

 

 

 

创建gerrit的自动trigger

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

su – wenbin

 

htpasswd –m /passwords wenbin

 

然后登陆gerrit,用wenbin的账户登陆,添加wenbin的publickey

 

 

sudo yum install git-review gitweb

 

 

git clonessh://wenbin@gerrit.wb.com:29418/openstack

 

 

git config user.name wenbin

(VENV)[wenbin@mail openstack]$ git configuser.email 'littlexiaowen1@163.com'

 

 

vim test1

git add .

git commit –m ‘test1’

git review

 

配置ssh使得gerrit的replication生效

 

这时候发现gerrit的replication报错gerrit Cannot replicate reject HostKey:

是因为ssh没有设置好

 

 

su – gerrit

 

cd .ssh/

vim config

Host gitlab.wb.com:

    IdentityFile ~/.ssh/id_rsa

PreferredAuthentications publickey

 

ssh-keyscan -t rsa gitlab.wb.com>> /home/gerrit/.ssh/known_hosts

ssh-keygen -H -f/home/gerrit/.ssh/known_hosts

 

/etc/init.d/gerrit restart

 

 

然后应该replication就ok了

 

 

然后clone失败,就把刚才.ssh/config文件删除了,ok

 

 

如果replication报错replication faild reason: pre-receive hook declined

 

我就把gerrit的openstack.git删除,重新git clone –bare git@gitlab.wb.com:devops/openstack.git就好了

 

 

 

 

然后当你git review后就会发现jenkins会触发了,然后就可以review code,手动submit后就会自动同步到gitlab了,nb了。。。

 

 

 

 

 

 

 

 

设置publish over ssh

 

在系统设置中添加ssh server

 

 

 

 

在代码中添加 build/mkpkg.sh

#!/bin/bash

 

rm -rf myapp-new.tar.gz

tar cvzf /tmp/myapp-new.tar.gz . --exclude.git --exclude .gitreview --exclude .gitreview

cp /tmp/myapp-new.tar.gz ./

 

 

 

再配置一下构建

 

 

 

 

 

 

 

 

 

### service stop ###

#service httpd stop

#service celery-worker stop

 

### backup ###

cd /home/wenbin/myapp

tar czvf /root/myapp.tar.gz .

#mysqldump -u root -d mustang >/root/mustang.sql

#mysqldump -u root -t mustang >/root/mustang-table.sql

#cp mustang_conf.py /root/

 

### build ###

cd /home/wenbin/myapp

rm -rf *

tar xzvf /root/myapp-new.tar.gz

chown wenbin:wenbin ./ -R

#cp /root/mustang_conf.py .

 

### service start ###

#service httpd start

#service celery-worker start

 

 

 

 

当然先得在ssh的那个server上新建/home/wenbin/myapp目录

 

最后提示一点,gerrit的trigger的这个项目不能手动构建,因为分支不一样,手动构建会提示找不到分支,只能由git review后触发。

 

 

参考:

http://blog.csdn.net/stwstw0123/article/details/47615535