Jenkins+Gitlab+Ansible自动化部署(六)
Jenkins+Gitlab+Ansible自动化部署(2021-08-12)
- Pipeline Job实现Nginix+MySQL+PHP+Wordpress实现自动化部署交付
一、环境准备
- 编写ansible playbook脚本实现Wordpress远程部署
- 将wordpress源码与playbook部署脚本提交到gitlab仓库
- 编写pipeline job脚本实现Jenkins流水线持续交付流程
- Jenkins集成Ansible与gitlab实现wordpress的自动化部署
二、验证环境
1、登录 Jenkins主机
[root@jenkins ~]# su - deploy
Last login: Wed Aug 11 20:04:22 CST 2021 on pts/0
[deploy@jenkins ~]$ ansible --version
ansible [core 2.11.3]
config file = None
configured module search path = ['/home/deploy/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
ansible collection location = /home/deploy/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.9.1 (default, Aug 11 2021, 11:57:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
jinja version = 3.0.1
libyaml = True
[deploy@jenkins ~]$ scp /etc/hosts [email protected]:/etc/hosts
[deploy@jenkins ~]$ ssh [email protected]
Last login: Thu Aug 12 15:29:16 2021 from 192.168.200.158
[root@test ~]# yum -y install git
2、登录Jenkins web管理页
3、登录gitlab web管理页
三、ansible playbook 项目准备
1、定义配置文件
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~
$ cd ansible-playbook-repo/
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo (main)
$ ll
total 1
-rw-r--r-- 1 qiufeng.li 197121 12 Aug 12 10:41 ansible-playbook.txt
drwxr-xr-x 1 qiufeng.li 197121 0 Aug 12 10:45 nginx_playbooks/
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo (main)
$ mkdir wordpress_playbooks
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo (main)
$ cd wordpress_playbooks/
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ mkdir inventory
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ mkdir -p roles/wordpress/{files,tasks,templates}
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ ll
total 0
drwxr-xr-x 1 qiufeng.li 197121 0 Aug 12 13:49 inventory/
drwxr-xr-x 1 qiufeng.li 197121 0 Aug 12 13:49 roles/
2、配置deploy.yml
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ vim deploy.yml
- hosts: wordpress
gather_facts: true
remote_user: root
vars:
backup_to: "{{root}}_{{branch}}_{{ansible_date_time.epoch}}"
roles:
- wordpress
3、配置dev
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ vim inventory/dev
[wordpress]
test.example.com
[wordpress:vars]
server_name=test.example.com
port=8080
user=deploy
worker_processes=2
max_open_file=30000
root=/data/www
gitlab_user='root'
gitlab_pass='1234.com'
4、配置prod
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ vim inventory/prod
[wordpress]
test.example.com
[wordpress:vars]
server_name=test.example.com
port=80
user=deploy
worker_processes=4
max_open_file=65505
root=/data/www
gitlab_user='root'
gitlab_pass='1234.com'
5、配置health_check.sh和info.php
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ vim roles/wordpress/files/health_check.sh
#!/bin/sh
URL=$1
PORT=$2
curl -Is http://$URL:$PORT/info.php > /dev/null && echo "The remote side is healthy" || echo "The remote side is failed, please check"
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ echo "" >> roles/wordpress/files/info.php
6、配置www.conf
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ vim roles/wordpress/files/www.conf
; Start a new pool named 'www'.
[www]
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = deploy
; RPM: Keep a group allowed to write in log dir.
group = deploy
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php-fpm.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = deploy
listen.group = deploy
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 50
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 5
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 35
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: @EXPANDED_DATADIR@/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/www-slow.log
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
7、配置main.yml
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ vim roles/wordpress/tasks/main.yml
- name: Update yum dependency
shell: 'yum update -y warn=False'
- name: Disable system firewall
service: name=firewalld state=stopped
- name: Disable SELINX
selinux: state=disabled
- name: Setup epel yum source for nginx and mariadb(mysql)
yum: pkg=epel-release state=latest
- name: Setup webtatic yum source for php-fpm
yum: name=https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
- name: Ensure nginx is at the latest version
yum: pkg=nginx state=latest
- name: Write the nginx config file
template: src=roles/wordpress/templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: Create nginx root folder
file: 'path={{ root }} state=directory owner={{ user }} group={{ user }} mode=0755'
- name: Copy info.php to remote
copy: 'remote_src=no src=roles/wordpress/files/info.php dest=/data/www/info.php mode=0755'
- name: Restart nginx service
service: name=nginx state=restarted
- name: Setup php-fpm
command: 'yum install -y php70w php70w-fpm php70w-common php70w-mysql php70w-gd php70w-xml php70w-mbstring php70w-mcrypt warn=False'
- name: Restart php-fpm service
service: name=php-fpm state=restarted
- name: Copy php-fpm config file to remote
copy: 'remote_src=no src=roles/wordpress/files/www.conf dest=/etc/php-fpm.d/www.conf mode=0755 owner={{ user }} group={{ user }} force=yes'
- name: Restart php-fpm service
service: name=php-fpm state=restarted
- name: Run the health check locally
shell: "sh roles/wordpress/files/health_check.sh {{ server_name }} {{ port }}"
delegate_to: localhost
register: health_status
- debug: msg="{{ health_status.stdout }}"
- name: Setup mariadb(mysql)
command: "yum install -y mariadb mariadb-server warn=False"
- name: Backup current www folder
shell: 'mv {{ root }} {{ backup_to }}'
- name: Close git ssl verification
shell: 'git config --global http.sslVerify false'
- name: Clone WordPress repo to remote
git: "repo=https://{{ gitlab_user | urlencode }}:{{ gitlab_pass | urlencode }}@gitlab.example.com/root/Wordpress-project.git dest=/data/www version={{ branch }}"
when: project == 'wordpress'
- name: Change www folder permission
file: "path=/data/www mode=0755 owner={{ user }} group={{ user }}"
8、配置nginx.conf.j2
Luoyi@Mr_Eden MINGW64 ~/Desktop/repo/ansible-playbook-repo/wordpress_playbooks (master)
$ vim roles/wordpress/templates/nginx.conf.j2
# For more information on configuration, see:
user {{ user }};
worker_processes {{ worker_processes }};
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections {{ max_open_file }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
#include /etc/nginx/conf.d/*.conf;
server {
listen {{ port }} default_server;
server_name {{ server_name }};
root {{ root }};
#charset koi8-r;
location / {
index index.html index.htm index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
9、提交代码到 gitlab
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo/wordpress_playbooks (main)
$ pwd
/c/Users/qiufeng.li/ansible-playbook-repo/wordpress_playbooks
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo (main)
$ git add .
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo (main)
$ git commit -m"second commit"
On branch main
Your branch is ahead of 'origin/main' by 2 commits.
(use "git push" to publish your local commits)
nothing to commit, working tree clean
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/ansible-playbook-repo (main)
$ git push origin main
warning: ----------------- SECURITY WARNING ----------------
warning: | TLS certificate verification has been disabled! |
warning: ---------------------------------------------------
warning: HTTPS connections may not be secure. See https://aka.ms/gcmcore-tlsverify for more information.
warning: ----------------- SECURITY WARNING ----------------
warning: | TLS certificate verification has been disabled! |
warning: ---------------------------------------------------
warning: HTTPS connections may not be secure. See https://aka.ms/gcmcore-tlsverify for more information.
Enumerating objects: 20, done.
Counting objects: 100% (20/20), done.
Delta compression using up to 4 threads
Compressing objects: 100% (15/15), done.
Writing objects: 100% (18/18), 8.82 KiB | 1.26 MiB/s, done.
Total 18 (delta 0), reused 0 (delta 0), pack-reused 0
To https://gitlab.example.com/root/ansible-playbook-repo.git
4313c15..c5efa88 main -> main
10、gitlab 查看确认
11、创建 Wordpress 项目
-
创建Wordpress-project仓库
-
下载 wordpress 项目文件解压(wordpress官网下载项目包)
-
提交wordpress 项目代码到 gitlab
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~
$ ls
ansible-playbook-repo/
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~
$ git clone https://gitlab.example.com/root/wordpress-project.git
Cloning into 'wordpress-project'...
warning: ----------------- SECURITY WARNING ----------------
warning: | TLS certificate verification has been disabled! |
warning: ---------------------------------------------------
warning: HTTPS connections may not be secure. See https://aka.ms/gcmcore-tlsverify for more information.
warning: ----------------- SECURITY WARNING ----------------
warning: | TLS certificate verification has been disabled! |
warning: ---------------------------------------------------
warning: HTTPS connections may not be secure. See https://aka.ms/gcmcore-tlsverify for more information.
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~
$ ls
ansible-playbook-repo/ wordpress-project/
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~
$ cd wordpress-project/
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/wordpress-project (main)
$ git config --global http.sslVerify false
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/wordpress-project (main)
$ ls
README.md
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/wordpress-project (main)
$ mv ../Desktop/wordpress/* .
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/wordpress-project (main)
$ ls
README.md wp-admin/ wp-cron.php wp-mail.php
index.php wp-blog-header.php wp-includes/ wp-settings.php
license.txt wp-comments-post.php wp-links-opml.php wp-signup.php
readme.html wp-config-sample.php wp-load.php wp-trackback.php
wp-activate.php wp-content/ wp-login.php xmlrpc.php
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/wordpress-project (main)
$ git add .
warning: LF will be replaced by CRLF in index.php.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in readme.html.
The file will have its original line endings in your working directory
.......
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/wordpress-project (main)
$ git commit -m 'first commit'
[main 1da59c7] first commit
2254 files changed, 1204686 insertions(+)
create mode 100644 index.php
create mode 100644 license.txt
create mode 100644 readme.html
create mode 100644 wp-activate.php
.........
qiufeng.li@DESKTOP-JC7QDVB MINGW64 ~/wordpress-project (main)
$ git push origin main
Enumerating objects: 2541, done.
Counting objects: 100% (2541/2541), done.
Delta compression using up to 4 threads
Compressing objects: 100% (2454/2454), done.
Writing objects: 100% (2540/2540), 15.93 MiB | 3.78 MiB/s, done.
Total 2540 (delta 269), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (269/269), done.
To https://gitlab.example.com/root/wordpress-project.git
fb2912b..1da59c7 main -> main
四、jenkins 自动部署 wordpress
-
登录到 Jenkins web 管理页
-
点击“New 任务”
- 添加描述
-
输入 pipeline 脚本
-
pipeline script脚本内容(注意credentialsId要查看本地设置的凭据中的ID,复制过来替换掉即可)
# 虚拟 ansibel 环境脚本
#!groovy
pipeline {
agent {node {label 'master'}}
environment {
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin"
}
parameters {
choice(
choices: 'dev\nrprod',
description: 'Choose deploy environment',
name: 'deploy_env'
)
string (name: 'branch', defaultValue: 'master', description: 'Fill in your ansible repo branch')
}
stages {
stage ("Pull deploy code") {
steps{
sh 'git config --global http.sslVerify false'
dir ("${env.WORKSPACE}"){
git branch: 'master', credentialsId: '2e6fa379-1a4b-4e0c-8075-efeb7ffb530e', url: 'https://gitlab.example.com/root/ansible-playbook-repo.git'
}
}
}
stage ("Check env") {
steps {
sh """
set +x
user=`whoami`
if [ $user == deploy ]
then
echo "[INFO] Current deployment user is $user"
source /home/deploy/.py3-a2.9-env/bin/activate
source /home/deploy/.py3-a2.9-env/ansible/hacking/env-setup -q
echo "[INFO] Current python version"
python --version
echo "[INFO] Current ansible version"
ansible-playbook --version
echo "[INFO] Remote system disk space"
ssh [email protected] df -h
echo "[INFO] Rmote system RAM"
ssh [email protected] free -m
else
echo "Deployment user is incorrect, please check"
fi
set -x
"""
}
}
stage ("Anisble deployment") {
steps {
input "Do you approve the deployment?"
dir("${env.WORKSPACE}/wordpress_playbooks"){
echo "[INFO] Start deployment"
sh """
set +x
source /home/deploy/.py3-a2.9-env/bin/activate
source /home/deploy/.py3-a2.9-env/ansible/hacking/env-setup -q
ansible-playbook -i inventory/$deploy_env ./deploy.yml -e project=wordpress -e branch=$branch -e env=$deploy_env
set -x
"""
echo "[INFO] Deployment finished..."
}
}
}
}
}
# pip 安装 ansible 脚本
#!groovy
pipeline {
agent {node {label 'master'}}
environment {
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin"
}
parameters {
choice(
choices: 'dev\nrprod',
description: 'Choose deploy environment',
name: 'deploy_env'
)
string (name: 'branch', defaultValue: 'master', description: 'Fill in your ansible repo branch')
}
stages {
stage ("Pull deploy code") {
steps{
sh 'git config --global http.sslVerify false'
dir ("${env.WORKSPACE}"){
git branch: 'master', credentialsId: 'gitlab-root', url: 'https://gitlab.example.com/root/ansible-playbook-repo.git'
}
}
}
stage ("Check env") {
steps {
sh """
set +x
user=`whoami`
if [ $user == deploy ]
then
echo "[INFO] Current deployment user is $user"
echo "[INFO] Current python version"
/usr/local/bin/python3 --version
echo "[INFO] Current ansible version"
/usr/local/bin/ansible-playbook --version
echo "[INFO] Remote system disk space"
ssh [email protected] df -h
echo "[INFO] Rmote system RAM"
ssh [email protected] free -m
else
echo "Deployment user is incorrect, please check"
fi
set -x
"""
}
}
stage ("Anisble deployment") {
steps {
input "Do you approve the deployment?"
dir("${env.WORKSPACE}/wordpress_playbooks"){
echo "[INFO] Start deployment"
sh """
set +x
/usr/local/bin/ansible-playbook -i inventory/$deploy_env ./deploy.yml -e project=wordpress -e branch=$branch -e env=$deploy_env
set -x
"""
echo "[INFO] Deployment finished..."
}
}
}
}
}
-
注意:填写 credentialsId 字段的凭据id
-
获取凭据ID
- 点击查看输出信息
(正常情况下)稍等片刻之后就会看到“SUCCESS”(注意首次构建可能会提示“No such property: deploy_env for class: groovy.lang.Binding”)遇到这个错误,只需返回到word press-pipeline-job工程点击“Build with Parameters”选择默认dev用户再次构建即可。
Do you approve the deployment?
Proceed or Abort
Approved by admin
[Pipeline] dir
Running in /var/lib/jenkins/workspace/wordpress-pipeline-job/wordpress_playbooks
[Pipeline] {
[Pipeline] echo
[INFO] Start deployment
[Pipeline] sh
+ set +x
PLAY [wordpress] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [test.example.com]
TASK [wordpress : Update yum dependency] ***************************************
changed: [test.example.com]
TASK [wordpress : Disable system firewall] *************************************
ok: [test.example.com]
TASK [wordpress : Disable SELINX] **********************************************
ok: [test.example.com]
TASK [wordpress : Setup epel yum source for nginx and mariadb(mysql)] **********
ok: [test.example.com]
TASK [wordpress : Setup webtatic yum source for php-fpm] ***********************
ok: [test.example.com]
TASK [wordpress : Ensure nginx is at the latest version] ***********************
ok: [test.example.com]
TASK [wordpress : Write the nginx config file] *********************************
ok: [test.example.com]
TASK [wordpress : Create nginx root folder] ************************************
changed: [test.example.com]
TASK [wordpress : Copy info.php to remote] *************************************
changed: [test.example.com]
TASK [wordpress : Restart nginx service] ***************************************
changed: [test.example.com]
TASK [wordpress : Setup php-fpm] ***********************************************
changed: [test.example.com]
TASK [wordpress : Restart php-fpm service] *************************************
changed: [test.example.com]
TASK [wordpress : Copy php-fpm config file to remote] **************************
ok: [test.example.com]
TASK [wordpress : Restart php-fpm service] *************************************
changed: [test.example.com]
TASK [wordpress : Run the health check locally] ********************************
changed: [test.example.com -> localhost]
TASK [wordpress : debug] *******************************************************
ok: [test.example.com] => {
"msg": "The remote side is healthy"
}
TASK [wordpress : Setup mariadb(mysql)] ****************************************
changed: [test.example.com]
TASK [wordpress : Backup current www folder] ***********************************
changed: [test.example.com]
TASK [wordpress : Close git ssl verification] **********************************
changed: [test.example.com]
TASK [wordpress : Clone WordPress repo to remote] ******************************
changed: [test.example.com]
TASK [wordpress : Change www folder permission] ********************************
changed: [test.example.com]
PLAY RECAP *********************************************************************
test.example.com : ok=22 changed=13 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[Pipeline] echo
[INFO] Deployment finished...
[Pipeline] }
[Pipeline] // dir
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS
- 最后需要利用git bash或者Mobaterm登录test.example.com主机上初始化MySQL数据库,(实际生产环境中不建议使用Jenkins重复构建初始化MySQL数据库,容易出现各种问题)
[root@test ~]# systemctl status mariadb
● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@test ~]# systemctl start mariadb
[root@test ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #mariadb5.5首次安装没有root密码,所以直接回车即可
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: #1234.com
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
- 创建wordpress数据库
[root@test www]# mysql -uroot -p1234.com
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>create database wordpress character set utf8;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> \qab.example.com/root/W
Bye
- 浏览器登录
查看首页
- 至此,使用Jenkins+Gitlab+Ansible自动化部署wordpresss全部完成。