自动化部署三剑客（四）

Jenkins，Ansible，Gitlab实战

---

验证环境：

1.gitlab页面

2.Jenkins页面

3.jenkins主机已经集成了python的虚拟环境，且ansible在jenkins主机安装成功

[root@jenkins ~]# su - deploy
上一次登录：一 2月 25 17:07:14 CST 2019pts/0 上
[deploy@jenkins ~]$ source /home/deploy/.py3-a2.7.8-env/bin/activate
(.py3-a2.7.8-env) [deploy@jenkins ~]$ source /home/deploy/.py3-a2.7.8-env/ansible/hacking/env-setup -q
(.py3-a2.7.8-env) [deploy@jenkins ~]$ ansible --version
ansible 2.7.8.post0 (stable-2.7 8fba0ab199) last updated 2019/02/23 19:12:52 (GMT +800)
  config file = None
  configured module search path = ['/home/deploy/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/deploy/.py3-a2.7.8-env/ansible/lib/ansible
  executable location = /home/deploy/.py3-a2.7.8-env/ansible/bin/ansible
  python version = 3.7.2 (default, Feb 23 2019, 19:50:13) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
(.py3-a2.7.8-env) [deploy@jenkins ~]$ 

---

集成部署环节

1、拉取仓库，关闭git的ssl验证

qqq@qqq:~$ git -c http.sslVerify=false clone https://gitlab.example.com/root/ansible-playbook-repo.git
qqq@qqq:~/ansible-playbook-repo$ git config http.sslVerify false

2.目录结构

3.deploy.yml

4.dev

5.prod

6.health_check.sh

7.index.html文件

作为主页文件

8.nginx.conf.j2文件(作为模版文件)

qqq@qqq:~/ansible-playbook-repo/nginx_playbooks/roles/nginx/templates$ cat nginx.conf.j2 
# For more information on configuration, see: 
user              {{ user }};  
worker_processes  {{ worker_processes }};  
  
error_log  /var/log/nginx/error.log;  
  
pid        /var/run/nginx.pid;  
  
events {  
    worker_connections  {{ max_open_file }};  
}  
  
  
http {  
    include       /etc/nginx/mime.types;  
    default_type  application/octet-stream;  
  
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '  
                      '$status $body_bytes_sent "$http_referer" '  
                      '"$http_user_agent" "$http_x_forwarded_for"';  
  
    access_log  /var/log/nginx/access.log  main;  
  
    sendfile        on;  
    #tcp_nopush     on;  
  
    #keepalive_timeout  0;  
    keepalive_timeout  65;  
  
    #gzip  on;  
      
    # Load config files from the /etc/nginx/conf.d directory  
    # The default server is in conf.d/default.conf  
    #include /etc/nginx/conf.d/*.conf;  
    server {  
        listen       {{ port }} default_server;  
        server_name  {{ server_name }};  
  
        #charset koi8-r;  
  
        #access_log  logs/host.access.log  main;  
  
        location / {  
            root   {{ root }};  
            index  index.html index.htm;  
        }  
  
        error_page  404              /404.html;  
        location = /404.html {  
            root   /usr/share/nginx/html;  
        }  
  
        # redirect server error pages to the static page /50x.html  
        #  
        error_page   500 502 503 504  /50x.html;  
        location = /50x.html {  
            root   /usr/share/nginx/html;  
        }  
  
    }  
  
}

8.mail.yml(playbook脚本)

qqq@qqq:~/ansible-playbook-repo/nginx_playbooks/roles/nginx/tasks$ cat main.yml 
- name: Disable system firewall
  service: name=firewalld state=stopped

- name: Disable selinux
  selinux: state=disabled

- name: setup nginx yum source
  yum: pkg=epel-release state=latest

- name: write then nginx config file
  template: src=roles/nginx/templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf

- name: create nginx root folder
  file: 'path={{ root }} state=directory owner={{ user }} group={{ user }} mode=0755'

- name: copy index.html to remote
  copy: 'remote_src=nop src=roles/nginx/files/index.html dest=/www/index.html mode=0755'

- name: resytart nginx service
  service: name=nginx state=restarted

- name: run the health check locally
  shell: "sh roles/nginx/files/health_check.sh {{ server_name }}"
  delegate_to: localhost
  registry: health_status

- name: msg="{{ health_status.stdout }}"

 

---

编写playbook脚本实现静态网页远程部署

1.推送到git仓库

qqq@qqq:~/ansible-playbook-repo/nginx_playbooks/roles/nginx/tasks$ cd ../../../
qqq@qqq:~/ansible-playbook-repo/nginx_playbooks$ ls
deploy.retry  deploy.yml  inventory  roles
qqq@qqq:~/ansible-playbook-repo/nginx_playbooks$ git add .
qqq@qqq:~/ansible-playbook-repo/nginx_playbooks$ git config --global user.email "[email protected]"
qqq@qqq:~/ansible-playbook-repo/nginx_playbooks$ git config --global user.name "qqq"
qqq@qqq:~/ansible-playbook-repo/nginx_playbooks$ git commit -m "my first commit" 
[master 096700b] my first commit
 12 files changed, 148 insertions(+)
 create mode 100644 nginx_playbooks/.DS_Store
 create mode 100644 nginx_playbooks/deploy.retry
 create mode 100644 nginx_playbooks/deploy.yml
 create mode 100644 nginx_playbooks/inventory/dev
 create mode 100644 nginx_playbooks/inventory/prod
 create mode 100644 nginx_playbooks/roles/.DS_Store
 create mode 100644 nginx_playbooks/roles/nginx/.DS_Store
 create mode 100755 nginx_playbooks/roles/nginx/files/health_check.sh
 create mode 100644 nginx_playbooks/roles/nginx/files/index.html
 create mode 100644 nginx_playbooks/roles/nginx/tasks/main.yml
 create mode 100644 nginx_playbooks/roles/nginx/tasks/[email protected]
 create mode 100644 nginx_playbooks/roles/nginx/templates/nginx.conf.j2
qqq@qqq:~/ansible-playbook-repo/nginx_playbooks$ git push origin master
Username for 'https://gitlab.example.com': root
Password for 'https://[email protected]': 
对象计数中: 19, 完成.
压缩对象中: 100% (16/16), 完成.
写入对象中: 100% (19/19), 3.68 KiB | 538.00 KiB/s, 完成.
Total 19 (delta 2), reused 0 (delta 0)
To https://gitlab.example.com/root/ansible-playbook-repo.git
   5cfe0a7..096700b  master -> master

web刷新下：

2.进入jenkins，开始构建

• 2.1新建任务

2.2添加描述

2,3源码管理

2.4构建》添加构建步骤》执行shell

2.5添加参数

参数化构建过程》添加参数

选项参数

文本参数

2.6 Build with para

下面是报错信息：

如下：

又有报错，说是main.yml文件有误

修改，重新，push

报错：这个机器之前没有装nginx，所以没有目录

修改代码。push后，再次测试

由于test.example.com机器没有deploy用户，又报错，找不到deploy，手动创建该用户再来（[root@client ~]# useradd deploy）

然后mail又把remote_src=no写成了remote_src=nop，再来

终于成功了，没有报错

由用户 admin 启动
构建中 在工作空间 /var/lib/jenkins/jobs/nginx-freestyle-job/workspace 中
using credential 0acf3ea1-05d8-4705-8f9a-d72293a4813f
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://gitlab.example.com/root/ansible-playbook-repo.git # timeout=10
Fetching upstream changes from https://gitlab.example.com/root/ansible-playbook-repo.git
 > git --version # timeout=10
using GIT_ASKPASS to set credentials 
 > git fetch --tags --progress https://gitlab.example.com/root/ansible-playbook-repo.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 7d6a4e3315db6367716fc28bbd954fb9119d708f (refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 7d6a4e3315db6367716fc28bbd954fb9119d708f
Commit message: "modify main.yml"
 > git rev-list --no-walk 25b082912e8b7718fa3c0ceed5c9e0d05041e3f9 # timeout=10
[workspace] $ /bin/sh /tmp/jenkins9219050094760380548.sh
ansible 2.7.8.post0 (stable-2.7 8fba0ab199) last updated 2019/02/23 19:12:52 (GMT +800)
  config file = None
  configured module search path = ['/var/lib/jenkins/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/deploy/.py3-a2.7.8-env/ansible/lib/ansible
  executable location = /home/deploy/.py3-a2.7.8-env/ansible/bin/ansible
  python version = 3.7.2 (default, Feb 23 2019, 19:50:13) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
ansible-playbook 2.7.8.post0 (stable-2.7 8fba0ab199) last updated 2019/02/23 19:12:52 (GMT +800)
  config file = None
  configured module search path = ['/var/lib/jenkins/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/deploy/.py3-a2.7.8-env/ansible/lib/ansible
  executable location = /home/deploy/.py3-a2.7.8-env/ansible/bin/ansible-playbook
  python version = 3.7.2 (default, Feb 23 2019, 19:50:13) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
PLAY [nginx] *******************************************************************

TASK [Gathering Facts] *********************************************************
ok: [test.example.com]

TASK [nginx : Disable system firewall] *****************************************
ok: [test.example.com]

TASK [nginx : Disable selinux] *************************************************
ok: [test.example.com]

TASK [nginx : setup nginx yum source] ******************************************
ok: [test.example.com]

TASK [nginx : install nginx] ***************************************************
ok: [test.example.com]

TASK [nginx : write then nginx config file] ************************************
ok: [test.example.com]

TASK [nginx : create nginx root folder] ****************************************
ok: [test.example.com]

TASK [nginx : copy index.html to remote] ***************************************
changed: [test.example.com]

TASK [nginx : resytart nginx service] ******************************************
changed: [test.example.com]

TASK [nginx : run the health check locally] ************************************
changed: [test.example.com -> localhost]

TASK [nginx : debug] ***********************************************************
ok: [test.example.com] => {
    "msg": "The remote side is healthy"
}

PLAY RECAP *********************************************************************
test.example.com           : ok=11   changed=3    unreachable=0    failed=0   

Finished: SUCCESS

---

Pipeline Job实现Nginx +Mysql+PHP+Wordpress自动化部署交付

一、进入jenkins主机，加载python虚拟环境，加载ansible到虚拟环境

[root@jenkins ~]# su - deploy 
上一次登录：一 2月 25 17:08:29 CST 2019pts/2 上
[deploy@jenkins ~]$ source /home/deploy/.py3-a2.7.8-env/bin/activate
(.py3-a2.7.8-env) [deploy@jenkins ~]$ source .py3-a2.7.8-env/ansible/hacking/env-setup -q
(.py3-a2.7.8-env) [deploy@jenkins ~]$ ansible-playbook --version
ansible-playbook 2.7.8.post0 (stable-2.7 8fba0ab199) last updated 2019/02/23 19:12:52 (GMT +800)
  config file = None
  configured module search path = ['/home/deploy/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/deploy/.py3-a2.7.8-env/ansible/lib/ansible
  executable location = /home/deploy/.py3-a2.7.8-env/ansible/bin/ansible-playbook
  python version = 3.7.2 (default, Feb 23 2019, 19:50:13) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
(.py3-a2.7.8-env) [deploy@jenkins ~]$ 

二、可以免密连接test.example.com

(.py3-a2.7.8-env) [deploy@jenkins nginx_playbooks]$ ssh [email protected] 
Last login: Mon Feb 25 21:50:09 2019 from 10.0.3.80
[root@client ~]#

三、jenkins和gitlab web搭建完成，可以登录

四、编写playbook等（关闭全局ssl认证）

qqq@qqq:~/ansible-playbook-repo$ ls
nginx_playbooks  test_playbooks
qqq@qqq:~/ansible-playbook-repo$ cp -a nginx_playbooks wordpress_playbooks
qqq@qqq:~/ansible-playbook-repo$ git config http.sslVerify false

4.1目录结构（目录结构有误，忘了改，info.php还是index.php）

4.2deploy.yml

4.3dev

4.4 prod

4.5health_check.sh

4.6index.php

4.7 www.conf

4.8 nginx.conf.j2

qqq@qqq:~/ansible-playbook-repo/wordpress_playbooks/roles/wordpress/templates$ cat nginx.conf.j2 
# For more information on configuration, see: 
user              {{ user }};  
worker_processes  {{ worker_processes }};  
  
error_log  /var/log/nginx/error.log;  
  
pid        /var/run/nginx.pid;  
  
events {  
    worker_connections  {{ max_open_file }};  
}  
  
  
http {  
    include       /etc/nginx/mime.types;  
    default_type  application/octet-stream;  
  
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '  
                      '$status $body_bytes_sent "$http_referer" '  
                      '"$http_user_agent" "$http_x_forwarded_for"';  
  
    access_log  /var/log/nginx/access.log  main;  
  
    sendfile        on;  
    #tcp_nopush     on;  
  
    #keepalive_timeout  0;  
    keepalive_timeout  65;  
  
    #gzip  on;  
      
    # Load config files from the /etc/nginx/conf.d directory  
    # The default server is in conf.d/default.conf  
    #include /etc/nginx/conf.d/*.conf;  
    server {  
        listen       {{ port }} default_server;  
        server_name  {{ server_name }};  
        root         {{ root }};
        #charset koi8-r;  
  
        location / {  
            index  index.html index.htm index.php;  
        }  
  
        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
  
    }  
  
}

4.9  main.yml

qqq@qqq:~/ansible-playbook-repo/wordpress_playbooks/roles/wordpress/tasks$ vim main.yml 
qqq@qqq:~/ansible-playbook-repo/wordpress_playbooks/roles/wordpress/tasks$ cat main.yml 
- name: Update yum dependency
  shell: 'yum update -y warn=False'

- name: Disable system firewall
  service: name=firewalld state=stopped

- name: Disable SELINUX
  selinux: state=disabled

- name: Setup epel yum source for nginx and mariadb(mysql)
  yum: pkg=epel-release state=latest

- name: Setup webstatic yum source for php-fpm
  yum: name=https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

- name: Ensure nginx is at the latest version
  yum: pkg=nginx state=latest

- name: write the nginx config file
  template: src=roles/wordpress/templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf

- name: Create nginx root folder
  file: 'path={{ root }} state=directory owner={{ user }} group={{ user }} mode=0755'

- name: Copy info.php to remote
  copy: 'remote_src=no src=roles/wordpress/files/info.php dest=/data/www/info.php mode=0755'

- name: Restart nginx service
  service: name=nginx state=restarted

- name: Setup php-fpm
  command: 'yum install -y php70w php70w-fpm php70w-common php70w-mysql php70w-gd php70w-xml php70w-mbstring php70w-mcrypt warn=False'
- name: Restart php-fpm service
  service: name=php-fpm state=restarted

- name: Copy php-fpm config file to remote
  copy: 'remote_src=no src=roles/wordpress/files/www.conf dest=/etc/php-fpm.d/www.conf mode=0755 owner={{ user }} group={{ user }} force=yes'

- name: Restart PHP-fpm service
  service: name=php-fpm state=restarted

- name: Run the health check locally
  shell: "sh roles/wordpress/files/health_check.sh {{ server_name }} {{ port }}"
  delegate_to: localhost
  register: health_status

- debug: msg="{{ health_status.stdout }}"

4.10提交到gitlab仓库

qqq@qqq:~/ansible-playbook-repo/wordpress_playbooks/roles/wordpress/tasks$ cd ../../
qqq@qqq:~/ansible-playbook-repo/wordpress_playbooks/roles$ cd ..
qqq@qqq:~/ansible-playbook-repo/wordpress_playbooks$ ls
deploy.retry  deploy.yml  inventory  roles
qqq@qqq:~/ansible-playbook-repo/wordpress_playbooks$ git add .
qqq@qqq:~/ansible-playbook-repo/wordpress_playbooks$ git commit -m"First commit"
[master 675fbde] First commit
 13 files changed, 567 insertions(+)
 create mode 100644 wordpress_playbooks/.DS_Store
 create mode 100644 wordpress_playbooks/deploy.retry
 create mode 100644 wordpress_playbooks/deploy.yml
 create mode 100644 wordpress_playbooks/inventory/dev
 create mode 100644 wordpress_playbooks/inventory/prod
 create mode 100644 wordpress_playbooks/roles/.DS_Store
 create mode 100644 wordpress_playbooks/roles/wordpress/.DS_Store
 create mode 100755 wordpress_playbooks/roles/wordpress/files/health_check.sh
 create mode 100644 wordpress_playbooks/roles/wordpress/files/index.php
 create mode 100644 wordpress_playbooks/roles/wordpress/files/www.conf
 create mode 100644 wordpress_playbooks/roles/wordpress/tasks/main.yml
 create mode 100644 wordpress_playbooks/roles/wordpress/tasks/[email protected]
 create mode 100644 wordpress_playbooks/roles/wordpress/templates/nginx.conf.j2
qqq@qqq:~/ansible-playbook-repo/wordpress_playbooks$ git push origin master
Username for 'https://gitlab.example.com': root
Password for 'https://[email protected]': 
对象计数中: 17, 完成.
压缩对象中: 100% (15/15), 完成.
写入对象中: 100% (17/17), 8.33 KiB | 1.67 MiB/s, 完成.
Total 17 (delta 1), reused 0 (delta 0)
To https://gitlab.example.com/root/ansible-playbook-repo.git
   7d6a4e3..675fbde  master -> master

---

创建pipeline...

一、新建任务

二、添加描述

三、添加pipeline脚本

#!groovy

pipeline {
	agent {node {label 'master'}}

	environment {
		PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin"
	}

	parameters {
		choice(
			choices: 'dev\nrprod',
			description: 'Choose deploy environment',
			name: 'deploy_env'
		)
		string (name: 'branch', defaultValue: 'master', description: 'Fill in your ansible repo branch')
	}

	stages {
		stage ("Pull deploy code") {
			steps{
				sh 'git config --global http.sslVerify false'
				dir ("${env.WORKSPACE}"){
					git branch: 'master', credentialsId: '0acf3ea1-05d8-4705-8f9a-d72293a4813f', url: 'https://gitlab.example.com/root/ansible-playbook-repo.git'
				}
			}

		}

		stage ("Check env") {
			steps {
				sh """
				set +x
				user=`whoami`
				if [ $user == deploy ]
				then
					echo "[INFO] Current deployment user is $user"
					source /home/deploy/.py3-a2.7.8-env/bin/activate
					source /home/deploy/.py3-a2.7.8-env/ansible/hacking/env-setup -q
					echo "[INFO] Current python version"
					python --version
					echo "[INFO] Current ansible version"
					ansible-playbook --version
					echo "[INFO] Remote system disk space"
					ssh [email protected] df -h
					echo "[INFO] Rmote system RAM"
					ssh [email protected] free -m
				else
					echo "Deployment user is incorrect, please check"
				fi

				set -x
				"""
			}
		}

		stage ("Anisble deployment") {
			steps {
				input "Do you approve the deployment?"
				dir("${env.WORKSPACE}/wordpress_playbooks"){
					echo "[INFO] Start deployment"
					sh """
					set +x
					source /home/deploy/.py3-a2.7.8-env/bin/activate
					source /home/deploy/.py3-a2.7.8-env/ansible/hacking/env-setup -q
					ansible-playbook -i inventory/$deploy_env ./deploy.yml -e project=wordpress -e branch=$branch -e env=$deploy_env
					set -x
					"""
					echo "[INFO] Deployment finished..."
				}
			}
		}

	}

}

四、尝试构建

变成了build with para

点击开始构建

查看日志

 

勉强成功了

启动数据库

[root@client ~]# systemctl start mysqld

mysql> create database wordpress character set utf8;

把wordpress复制到/data/www

然后访问test.example.com:8080

因为dev定义的是8080端口

 

完结，撒花