上图为web代码上线流程:
1,研发人员上传代码至内网svn
2,运维人员从内网svn拉取代码上传至外网svn
3,代码更改触发钩子脚本传至分发机
4,分发机部署rsync服务端
5,web1和web2可以使用计划任务去rsync服务端拉取代码
部署说明:
1,本文只部署外网svn+分发机rsync+web拉取
2,采用 svn+apache
192.168.9.168 Centos6.5 | apache+svn+分发机rsync |
192.168.9.176 Centos6.5 | web1 |
前期准备: 机器初始化,见初始化文章 svn机器限制公司ip访问,rsync都走内网同步 [root@192.168.9.168 ~]# vim /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Tue May 23 19:12:38 2017 *filter :INPUT ACCEPT [2:80] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1:140] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 1.1.1.1 -m state --state NEW -m tcp -p tcp -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 10050 -j ACCEPT #-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -s 192.168.9.0/24 -m state --state NEW -m tcp -p tcp -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited # COMMIT [root@192.168.9.168 ~]# service iptables start [root@192.168.9.168 ~]# chkconfig iptables on 一,安装apache+svn 1,安装apache 查看系统是否安装apr和apr-util包 [root@192.168.9.168 ~]# rpm -qa | grep apr [root@192.168.9.168 ~]# rpm -qa | grep apr-util 有则卸载,无则跳过(系统自带影响apache使用) [root@192.168.9.168 ~]# rpm -e --allmatches apr-util --nodeps [root@192.168.9.168 ~]# rpm -e --allmatches apr --nodeps 安装依赖包 [root@192.168.9.168 ~]# yum install gcc -y 源码包下载 [root@192.168.9.168 ~]# cd /usr/local/src/ [root@192.168.9.168 src]# wget -c http://mirror.bit.edu.cn/apache/apr/apr-1.5.2.tar.gz [root@192.168.9.168 src]# wget -c http://mirror.bit.edu.cn/apache/apr/apr-util-1.5.4.tar.gz [root@192.168.9.168 src]# wget -c http://mirror.bit.edu.cn/apache/httpd/httpd-2.4.18.tar.gz [root@192.168.9.168 src]# wget -c http://www.openssl.org/source/openssl-1.0.1k.tar.gz [root@192.168.9.168 src]# wget -c http://mirrors.hust.edu.cn/apache/subversion/subversion-1.9.3.tar.gz [root@192.168.9.168 src]# wget -c ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz 安装apr、apr-util [root@192.168.9.168 src]# tar zxvf apr-1.5.2.tar.gz [root@192.168.9.168 src]# cd apr-1.5.2 [root@192.168.9.168 apr-1.5.2]# ./configure --prefix=/usr/local/apr [root@192.168.9.168 apr-1.5.2]# make [root@192.168.9.168 apr-1.5.2]# make install [root@192.168.9.168 apr-1.5.2]# ./apr-1-config --version 1.5.2 [root@192.168.9.168 apr-1.5.2]# cd /usr/local/src/ [root@192.168.9.168 src]# tar zxvf apr-util-1.5.4.tar.gz [root@192.168.9.168 src]# cd apr-util-1.5.4 [root@192.168.9.168 apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/ [root@192.168.9.168 apr-util-1.5.4]# make [root@192.168.9.168 apr-util-1.5.4]# make install [root@192.168.9.168 apr-util-1.5.4]# ./apu-1-config --version 1.5.4 安装pcre [root@192.168.9.168 src]# tar zxvf pcre-8.38.tar.gz [root@192.168.9.168 src]# cd pcre-8.38 [root@192.168.9.168 pcre-8.38]# ./configure --prefix=/usr/local/pcre [root@192.168.9.168 pcre-8.38]# make [root@192.168.9.168 pcre-8.38]# make install 安装apache [root@192.168.9.168 src]# tar zxvf httpd-2.4.18.tar.gz [root@192.168.9.168 httpd-2.4.18]# ./configure --prefix=/usr/local/apache --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-so --enable-dav --enable-maintainer-mode --enable-rewrite --enable-ssl --with-pcre=/usr/local/pcre/ [root@192.168.9.168 httpd-2.4.18]# make [root@192.168.9.168 httpd-2.4.18]# make install 安装sqlite [root@192.168.9.168 src]# wget -c http://www.sqlite.org/2016/sqlite-autoconf-3110100.tar.gz [root@192.168.9.168 src]# tar zxvf sqlite-autoconf-3110100.tar.gz [root@192.168.9.168 src]# mv sqlite-autoconf-3110100 sqlite [root@192.168.9.168 src]# mv sqlite /usr/local/ [root@192.168.9.168 src]# cd /usr/local/sqlite/ [root@192.168.9.168 sqlite]# ./configure [root@192.168.9.168 sqlite]# make [root@192.168.9.168 sqlite]# make install 2,安装svn [root@192.168.9.168 src]# tar zxvf subversion-1.9.3.tar.gz [root@192.168.9.168 src]# cd subversion-1.9.3 [root@192.168.9.168 subversion-1.9.3]# mkdir -p ./sqlite-amalgamation [root@192.168.9.168 subversion-1.9.3]# cp /usr/local/sqlite/sqlite3.c ./sqlite-amalgamation/ [root@192.168.9.168 subversion-1.9.3]# ./configure --prefix=/usr/local/subversion --with-apxs=/usr/local/apache/bin/apxs --with-apr=/usr/local/apr/ --with-apr-util=/usr/local/apr-util/ --with-zlib --enable-maintainer-mode [root@192.168.9.168 subversion-1.9.3]# make [root@192.168.9.168 subversion-1.9.3]# make install [root@192.168.9.168 ~]# /usr/local/subversion/bin/svnserve --version svnserve,版本 1.9.3 (r1718519) 编译于 Mar 20 2016,13:09:32 在 x86_64-unknown-linux-gnu [root@192.168.9.168 ~]# ls /usr/local/subversion/libexec/ mod_authz_svn.so mod_dav_svn.so 3,svn和apache整合 配置subversion 创建版本库 [root@192.168.9.168 ~]# mkdir -p /data0/svn [root@192.168.9.168 ~]# /usr/local/subversion/bin/svnadmin create /data0/svn/showyw [root@192.168.9.168 ~]# useradd svn -s /sbin/nologin [root@192.168.9.168 ~]# chown -R svn.svn /data0/svn/showyw htpasswd生成访问控制文件 [root@192.168.9.168 ~]# /usr/local/apache/bin/htpasswd -c /data0/svn/conf/.htpasswd svnadmin New password: Re-type new password: Adding password for user admin [root@192.168.9.168 ~]# /usr/local/apache/bin/htpasswd /data0/svn/conf/.htpasswd test New password: Re-type new password: Adding password for user test 编辑authz [root@192.168.9.168 ~]# grep -v ‘^#‘ /data0/svn/conf/authz | grep -v ‘^$‘ [groups] admin = svnadmin yw = test ####################################################### [showyw:/] @admin = rw @yw = r 配置apache [root@192.168.9.168 ~]# cd /usr/local/apache/ [root@192.168.9.168 apache]# cp /usr/local/subversion/libexec/mod_authz_svn.so ./modules/ [root@192.168.9.168 apache]# cp /usr/local/subversion/libexec/mod_dav_svn.so ./modules/ [root@192.168.9.168 ~]# vim /usr/local/apache/conf/httpd.conf 更改用户: User svn Group svn 在LoadModules的末端,加上 LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so 然后在配置末尾加上 <Location /svn> DAV svn SVNParentPath /data0/svn/ #SVN仓库的父目录 SVNListParentPath On SVNAutoversioning On SVNReposName "repos" AuthzSVNAccessFile /data0/svn/conf/authz #前面生成的访问控制文件 AuthType Basic AuthName "hello,welcome to my repos!" AuthUserFile /data0/svn/conf/.htpasswd #用户文件 Require valid-user </Location> 检查语法 [root@192.168.9.168 ~]# /usr/local/apache/bin/apachectl -t 启动并查看是否启动成功 [root@192.168.9.168 ~]# /usr/local/apache/bin/apachectl -k start [root@192.168.9.168 ~]# ps auxf | grep apache root 27995 0.0 0.1 228808 4920 ? Ss 13:50 0:00 /usr/local/apache/bin/httpd -k start www 27996 0.0 0.0 228556 2740 ? S 13:50 0:00 \_ /usr/local/apache/bin/httpd -k start www 27997 0.0 0.0 507768 3964 ? Sl 13:50 0:00 \_ /usr/local/apache/bin/httpd -k start www 27999 0.0 0.0 507768 3968 ? Sl 13:50 0:00 \_ /usr/local/apache/bin/httpd -k start www 28001 0.0 0.0 507768 3972 ? Sl 13:50 0:00 \_ /usr/local/apache/bin/httpd -k start [root@192.168.9.168 ~]# netstat -anptu | grep 80 tcp 0 0 :::80 :::* LISTEN 27995/httpd 测试: http://127.0.0.1/svn/showyw 4,钩子脚本 [root@192.168.9.168 ~]# vim post-commit #!/bin/sh #REPOS="$1" #REV="$2" Log="/data0/logs/svn" chown -R svn /data0/web_root/web /usr/local/subversion/bin/svn update /data0/web_root/web/ >> ${Log}/web-svn.log if [ $? == 0 ] then echo "----------------------------------" >> ${Log}/web-svn-update.log 2>&1 echo "START:`date +‘%F %T‘`" >> ${Log}/web-svn-update.log 2>&1 /bin/bash /data0/svn/bin/web-update.sh echo "END:`date +‘%F %T‘`" >> ${Log}/web-svn-update.log 2>&1 echo "----------------------------------" >> ${Log}/web-svn-update.log 2>&1 fi [root@192.168.9.168 ~]# vim /data0/svn/bin/web-update.sh #!/bin/bash #client-->server IP="127.0.0.1" Auth_module="showyw" Localdir="/data0/web_root/showyw" /usr/bin/rsync -rutz --progress --exclude-from=/data0/svn/bin/exclude.list --delete ${Localdir} $IP::$Auth_module [root@192.168.9.168 ~]# cat /data0/svn/bin/exclude.list .svn **.gz branches docs tags .log 二、分发机rsync服务端 分发机rsync配置文件 [root@192.168.9.168 ~]# vim /etc/rsyncd.conf #list=yes uid=root gid=root max connections=100 log file=/data0/logs/rsync/rsyncd.log pid file=/var/run/rsyncd.pid lock file=/var/run/rsync.lock hosts deny=* ############################ [showyw] path=/data/web_root/showyw comment=show #ignore errors read only=no hosts allow=192.168.9.176 127.0.0.1 192.168.9.168 #/usr/bin/rsync --daemon --config=/etc/rsyncd.conf 三、web1机器rsync客户端拉取代码计划任务 [root@192.168.9.176 ~]# crontab -l /1 * * * * /bin/sh /home/maintain/crontab_rsync.sh > /dev/null 2>&1 [root@192.168.9.176 ~]# cat /home/maintain/crontab_rsync.sh #!/bin/sh echo "showyw==================">>/data0/logs/rsync/rsync.error date>>/data0/logs/rsync/rsync.error /usr/bin/rsync -vaz --progress root@192.168.9.168::showyw /data0/web_root/showyw 2>>/data0/logs/rsync/rsync.error
原文地址:http://wupengfei.blog.51cto.com/7174803/1956796