jenkins部署、应用（二）

---

一、RBAC

安装插件

修改默认授权策略

新建测试用户

新建角色


用户授权

使用不同的用户登录，测试权限是否正确

二、pipeline

安装ssh agent 插件
注意：下图版本ssh agent在add时会出错，所以需要提前做好虚拟机间的免密连接：ssh-keygen；ssh-copy-id server7/192.168.56.17和ssh-copy-id server7/192.168.56.18

新建流水线项目 docker_image_build

复制一下脚本并做相应修改
pipeline {
agent any

stages {
    stage('check out') {
        steps {
            git credentialsId: '1d2a5968-6bce-4d29-b239-d5245988ce13', url: '[email protected]:root/demo.git', branch: 'main'
        }
    }
    stage('docker build') {
        steps {
            sh '''
            cd $WORKSPACE
            docker build -t reg.westos.org/library/demo:${BUILD_NUMBER} .
            '''
        }
    }
    stage('docker push') {
        steps {
            sh '''
            REPOSITORY=reg.westos.org/library/demo:${BUILD_NUMBER}
            docker tag $REPOSITORY reg.westos.org/library/demo:latest
            docker login reg.westos.org -u admin -p westos
            docker push $REPOSITORY
            docker push reg.westos.org/library/demo:latest
            '''
        }
    }
    stage('docker deploy') {
        steps {
                sh '''
                ssh -o StrictHostKeyChecking=no -l root 192.168.56.17 """
                docker ps -a |grep myapp && docker rm -f myapp
                docker rmi reg.westos.org/library/demo:latest
                docker run -d --name myapp -p 80:80 reg.westos.org/library/demo:latest """
                '''
        }
    }
}

}

三、jenkins结合ansible参数化构建

主机环境

主机	IP	角色
server5	192.168.56.15	jenkins、ansible
server6	192.168.56.16	测试机test、devops sudo
server7	192.168.56.17	测试机prod、devops sudo

1.安装ansible

[root@server5 ~]# vim /etc/yum.repos.d/ansible.repo
[ansible]
name=epel
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/
gpgcheck=0

[root@server5 ~]# yum install -y ansible

server7同下配置（server6）

devops是测试机的ssh免密用户，并且配置sudo
[root@server6 ~]# useradd devops
[root@server6 ~]# echo westos | passwd --stdin devops
Changing password for user devops.
passwd: all authentication tokens updated successfully.

[root@server6 ~]# visudo

在ansible主机上以jenkins身份配置ssh免密到所有测试机
[root@server5 ~]# usermod -s /bin/bash jenkins
[root@server5 ~]# su - jenkins
-bash-4.2$ ssh-keygen
-bash-4.2$ ssh-copy-id devops@192.168.56.16
-bash-4.2$ ssh-copy-id devops@192.168.56.17

2.新建gitlab项目

克隆项目
[root@server1 ~]# git clone git@192.168.56.11:root/playbook.git
[root@server1 ~]# cd playbook/
[root@server1 playbook]# vim ansible.cfg
[defaults]
command_warnings=False
remote_user=devops

[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False

[root@server1 playbook]# mkdir inventory
[root@server1 playbook]# cd inventory/
[root@server1 inventory]# vim test
[test]
192.168.56.16 http_port=8000

[root@server1 inventory]# vim prod
[prod]
192.168.56.17 http_port=8080

[root@server1 inventory]# cd ..
[root@server1 playbook]# vim playbook.yaml
---
- hosts: all
  tasks:
  - name: install the latest version of Apache
    yum:
      name: httpd
      state: latest

  - name: configure apache
    template:
      src: httpd.conf.j2
      dest: /etc/httpd/conf/httpd.conf
    notify: restart apache

  - name: Start service httpd, if not started
    service:
      name: httpd
      state: started
      enabled: yes

  handlers:
  - name: restart apache
    service:
      name: httpd
      state: restarted

[root@server1 playbook]# yum install -y httpd
[root@server1 playbook]# cp /etc/httpd/conf/httpd.conf .
[root@server1 playbook]# mv httpd.conf httpd.conf.j2
[root@server1 playbook]# vim httpd.conf.j2
...
Listen {{ http_port }}

推送项目
[root@server1 playbook]# git add .
[root@server1 playbook]# git status -s
[root@server1 playbook]# git commit -m "add playbook.yaml"
[root@server1 playbook]# git push -u origin main

3.jenkins新建项目playbook

选择参数构建

控制台输出

---