标签:合并 rsa 安全 lease tor 获取 密钥 branch eset
一,CI/CD,DevOps介绍
持续集成(Continuous Integration,CI):
代码合并,构建,部署,测试都在一起,不断地执行这个过程,并对结果反馈
持续交付(Continuous Delivery,CD):
部署到生产环境,给用户使用
持续部署(Continuous Deployment,CD):
部署到生产环境
二,部署Git版远程仓库
2.1 系统环境要求
主机名 |
IP地址 |
备注 |
Git |
10.1.1.135 |
Git服务器 |
Jenkins |
10.1.1.134 |
Jenkins服务器 |
[root@Git ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@Git ~]# uname -r
3.10.0-862.el7.x86_64
[root@Git ~]# systemctl stop firewalld
[root@Git ~]# systemctl disable firewalld
[root@Git ~]# systemctl stop NetworkManager
[root@Git ~]# systemctl disable NetworkManager
2.2 部署Git版远程仓库
在Git服务器上进行如下操作
安装Git
[root@Git ~]# yum -y install git
创建Git账户
[root@Wangwenli ~]# useradd git
[root@Wangwenli ~]# passwd git
Changing password for user git.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.
[root@Wangwenli ~]# su - git
创建Git远程仓库
[git@Wangwenli ~]$ mkdir repos #创建Git仓库目录
[git@Wangwenli ~]$ cd repos/
[git@Wangwenli repos]$ mkdir app.git #创建app的项目目录
[git@Wangwenli repos]$ pwd
/home/git/repos
[git@Wangwenli repos]$ cd app.git/
[git@Wangwenli app.git]$ pwd
/home/git/repos/app.git
[git@Wangwenli app.git]$ export LANG=zh_CN.UTF8
[git@Wangwenli app.git]$ git --bare init #--bare创建一个裸仓库(只用作远程推送仓库不支持本地git命令)
初始化空的 Git 版本库于 /home/git/repos/app.git/
[git@Wangwenli app.git]$ ls
branches config description HEAD hooks info objects refs
说明:
使用”git init –bare”方法创建一个所谓的裸仓库,之所以叫裸仓库是因为这个仓库只保存git历史提交的版本信息,而不允许用户在上面进行各种git操作,如果你硬要操作的话,只会得到下面的错误(”This operation must be run in a work tree”)
[git@Wangwenli app.git]$ git status
fatal: This operation must be run in a work tree
2.3 在Jenkins服务器进行git代码远程推送测试
在Jenkins服务器上进行如下操作
安装Git
[root@Jenkins ~]# yum -y install git
创建一个目录,尝试git clone远程Git服务器仓库的代码
[root@Jenkins ~]# mkdir /test
[root@Jenkins ~]# cd /test
[root@Jenkins test]# git clone git@10.1.1.135:/home/git/repos/app.git
正克隆到 ‘app‘...
Warning: Permanently added ‘10.1.1.135‘ (ECDSA) to the list of known hosts.
git@10.1.1.135‘s password: #输入远程服务器git用户的密码
warning: 您似乎克隆了一个空版本库。
[root@Jenkins test]# ls
app
[root@Jenkins test]# ls app/
[root@Jenkins test]#
进行代码提交测试
[root@Jenkins test]# cd app/
[root@Jenkins app]# touch test
[root@Jenkins app]# echo "nihao" >> test
[root@Jenkins app]# cat test
nihao
配置git全局配置
[root@Jenkins app]# git config --global user.email "1409156706@qq.com"
[root@Jenkins app]# git config --global user.name "wwl"
进行代码提交测试
[root@Jenkins app]# git add * #将文件添加到本地暂存区
[root@Jenkins app]# git commit -m ‘测试提交‘
[master(根提交) b332f94] 测试提交
1 file changed, 1 insertion(+)
create mode 100644 test
查看远程仓库
[root@Jenkins app]# git remote -v
origin git@10.1.1.135:/home/git/repos/app.git (fetch)
origin git@10.1.1.135:/home/git/repos/app.git (push)
将代码推送到远程仓库的master分支
[root@Jenkins app]# git push -u origin master
git@10.1.1.135‘s password:
Counting objects: 3, done.
Writing objects: 100% (3/3), 218 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@10.1.1.135:/home/git/repos/app.git
* [new branch] master -> master
分支 master 设置为跟踪来自 origin 的远程分支 master。
查看分支情况
[root@Jenkins app]# git branch -a
* master #本地当前所处分支
remotes/origin/master #远程仓库已有分支
2.4 在Jenkins服务器进行SSH免密钥操作
[root@Jenkins ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:y52N6b4BwLMDfluJQjw/oZFXX5tJxSHBdwsls7txtzs root@Jenkins
The key‘s randomart image is:
+---[RSA 2048]----+
| . .=*+o |
| . o . . o.** .|
| B * . +o...|
| o B * . .. |
| + B S o ..|
| o * + = + o|
| . o * .. . |
| . . E.|
| .+. ..|
+----[SHA256]-----+
进行公钥分发
[root@Jenkins ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub git@10.1.1.135
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_
rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filt
er out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are pro
mpted now it is to install the new keysgit@10.1.1.135‘s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh ‘git@10.1.1.135‘"
and check to make sure that only the key(s) you wanted were added.
测试免密钥的git推送测试
[root@Jenkins ~]# cd /test/app/
[root@Jenkins app]# ls
test
[root@Jenkins app]# echo "kakakakaka" >> test
[root@Jenkins app]# tail -1 test
kakakakaka
[root@Jenkins app]# git add *
[root@Jenkins app]# git commit -m ‘免秘钥推送测试‘
[master a2d4e32] 免秘钥推送测试
1 file changed, 1 insertion(+)
[root@Jenkins app]# git push -u origin master
Counting objects: 5, done.
Writing objects: 100% (3/3), 268 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@10.1.1.135:/home/git/repos/app.git
b332f94..a2d4e32 master -> master
分支 master 设置为跟踪来自 origin 的远程分支 master。
三,Jenkins的企业应用管理
jenkins官网:https://jenkins.io/
redhat版jenkins官方页面:https://pkg.jenkins.io/redhat-stable/
3.1 Jenkins的安装与基础配置
安装Jenkins的三种方法 :利用Yum源安装,下载jenkins的rpm包安装,jenkins的war包安装
用Yum来安装Jenkins
[root@Jenkins app]# wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins
.io/redhat-stable/jenkins.repo 下载Jenkins的yum源文件
[root@Jenkins app]# rpm --import https://pkg.jenkins.io/redhat-stable/jenkins
.io.key 导入jenkins的rpm证书
利用Yum安装最新版本jenkins
[root@Jenkins app]# yum -y install jenkins
查看jenkins安装路径
[root@Jenkins app]# rpm -ql jenkins
/etc/init.d/jenkins
/etc/logrotate.d/jenkins
/etc/sysconfig/jenkins #jenkins配置文件
/usr/lib/jenkins
/usr/lib/jenkins/jenkins.war
/usr/sbin/rcjenkins
/var/cache/jenkins
/var/lib/jenkins
/var/log/jenkins
下载jenkins的rpm包安装
[root@Wangwenli ~]# yum -y localinstall jenkins-2.138.1-1.1.noarch.rpm
3.1.2 安装和配置jdk环境
由于jenkins是java开发的所以需要jdk支持
解压安装jdk
[root@Jenkins ~]# tar xf jdk-8u171-linux-x64.tar.gz -C /usr/local/
[root@Jenkins ~]# cd /usr/local/
[root@Jenkins local]# ls
bin games jdk1.8.0_171 lib64 sbin src
etc include lib libexec share
[root@Jenkins local]# mv jdk1.8.0_171 jdk
[root@Jenkins local]# /usr/local/jdk/bin/java -version
java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)
配置java环境
[root@Jenkins ~]# vim /etc/profile
[root@Jenkins ~]# tail -3 /etc/profile
export JAVA_HOME=/usr/local/jdk/
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar
[root@Jenkins ~]# source /etc/profile
[root@Jenkins ~]# java -version
java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)
3.1.3 安装和配置maven环境
解压安装maven
[root@Jenkins ~]# ll apache-maven-3.5.0-bin.tar.gz
-rw-r--r--. 1 root root 8534562 12月 29 09:51 apache-maven-3.5.0-bin.tar.gz
[root@Jenkins ~]# tar xf apache-maven-3.5.0-bin.tar.gz -C /usr/local/
[root@Jenkins ~]# cd /usr/local/
[root@Jenkins local]# ls
apache-maven-3.5.0 etc include lib libexec share
bin games jdk lib64 sbin src
[root@Jenkins local]# mv apache-maven-3.5.0 maven
配置maven环境变量
[root@Jenkins local]# vim /etc/profile
[root@Jenkins local]# tail -2 /etc/profile
MAVEN_HOME=/usr/local/maven
export PATH=${MAVEN_HOME}/bin:$PATH
[root@Jenkins local]# source /etc/profile
[root@Jenkins local]# mvn -v
Apache Maven 3.5.0 (ff8f5e7444045639af65f6095c62210b5713f426; 2017-04-04T03:3
9:06+08:00)Maven home: /usr/local/maven
Java version: 1.8.0_171, vendor: Oracle Corporation
Java home: /usr/local/jdk/jre
Default locale: zh_CN, platform encoding: UTF-8
OS name: "linux", version: "3.10.0-862.el7.x86_64", arch: "amd64", family: "u
nix"
启动jenkins
启动jenkins,报错
[root@Jenkins local]# systemctl start jenkins
Job for jenkins.service failed because the control process exited with error
code. See "systemctl status jenkins.service" and "journalctl -xe" for details.
[root@Jenkins local]# systemctl status jenkins
● jenkins.service - LSB: Jenkins Automation Server
Loaded: loaded (/etc/rc.d/init.d/jenkins; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since 六 2018-12-29 09:55:54 CST; 3min 0s ago
Docs: man:systemd-sysv-generator(8)
Process: 10761 ExecStart=/etc/rc.d/init.d/jenkins start (code=exited, status=1/FAILURE)
12月 29 09:55:54 Jenkins systemd[1]: Starting LSB: Jenkins Automation Server...
12月 29 09:55:54 Jenkins runuser[10766]: pam_unix(runuser:session): session opened fo...0)
12月 29 09:55:54 Jenkins jenkins[10761]: Starting Jenkins bash: /usr/bin/java: No suc...ry没有那个文件或目录 #原来是找不到java命令
12月 29 09:55:54 Jenkins jenkins[10761]: [FAILED]
12月 29 09:55:54 Jenkins systemd[1]: jenkins.service: control process exited, code=e...s=1
12月 29 09:55:54 Jenkins systemd[1]: Failed to start LSB: Jenkins Automation Server.
12月 29 09:55:54 Jenkins systemd[1]: Unit jenkins.service entered failed state.
12月 29 09:55:54 Jenkins systemd[1]: jenkins.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
做一个java命令的软连接
[root@Jenkins local]# ln -s /usr/local/jdk/bin/java /usr/bin/
再次启动jenkins
[root@Jenkins ~]# systemctl start jenkins
[root@Jenkins ~]# systemctl status jenkins #正常启动
● jenkins.service - LSB: Jenkins Automation Server
Loaded: loaded (/etc/rc.d/init.d/jenkins; bad; vendor preset: disable
d) Active: active (running) since 六 2018-12-29 10:01:29 CST; 59s ago
Docs: man:systemd-sysv-generator(8)
Process: 10820 ExecStart=/etc/rc.d/init.d/jenkins start (code=exited,
status=0/SUCCESS) CGroup: /system.slice/jenkins.service
└─10839 /usr/bin/java -Dcom.sun.akuma.Daemon=daemonized -D...
12月 29 10:01:28 Jenkins systemd[1]: Starting LSB: Jenkins Automati....
12月 29 10:01:28 Jenkins runuser[10825]: pam_unix(runuser:session): ...
12月 29 10:01:29 Jenkins jenkins[10820]: Starting Jenkins [ OK ]
12月 29 10:01:29 Jenkins systemd[1]: Started LSB: Jenkins Automatio....
Hint: Some lines were ellipsized, use -l to show in full.
查看jenkins监听端口8080
[root@Jenkins ~]# netstat -antup | grep 8080
tcp6 0 0 :::8080 :::* LIST
EN 10839/java
添加开机自启动
[root@Jenkins ~]# systemctl enable jenkins
jenkins.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig jenkins on
用浏览器访问IP:8080
初始化jenkins
查看jenkins解锁密码,并复制到jenkins的web界面,解锁jenkins
[root@Wangwenli ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
7ec7b36951814f89ad49e0ac095e7bb9
常用的系统模块介绍
系统管理--->全局工具配置介绍
全局工具配置----> 配置JDK
全局工具配置----> 配置Git
全局工具配置----> 配置maven
用户权限管理
在一个成熟的企业应用环境中,jenkins是需要通过权限来控制角色功能使用的
开发人员利用jenkins====>生产环境项目代码版本发布(A/B测试等)
测试人员利用jenkins====>测试环境自动化部署
运维人员利用jenkins====>生产环境项目代码版本回滚
安装插件Role-based Authorization Strategy
全局安全配置--->授权策略--->Role-Based Strategy
3.2.3 注册两个用户(开发和测试)
由于开启了Role-Based Strategy,此时用户没有任何权限
3.2.4 系统管理--->Manage and Assign Roles
(1)进入权限管理
(2)进入授权管理
(3)创建两个项目分别以A-和B-开头
(4)登陆用户user1和user2进行权限登陆测试
添加视图
3.3 参数化构建
3.3.1 什么是参数化构建?
参数化构建就是在执行自动构建之前可以对构建过程手动传入外部参数,从而改变构建的过程。
(1)配置一个构建脚本,然后执行
(2)添加参数化构建功能
(3)执行参数构建
当然,我们在构建的时候也可以修改参数的默认值
3.3.2 安装插件Extended Choice Parameter
3.4 Git参数化构建插件
Git Parameter插件可以直接获取Git仓库的branch,tag等信息
3.4.1 安装插件Git Parameter
3.4.2 添加远程Git仓库的密钥管理
由于我们之前用jenkins的root账户已经做过免密钥连接git了
因此,我们创建SSH的密钥管理
[root@jenkins ~]# cd ~/.ssh
[root@jenkins .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@jenkins .ssh]# cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAs9HDwUbfAWm5paenddXXHfrCjxTH005WlNSSRo6DdDjqEmk0
Mi218ImnVFR/rorQOc53UY8DyCVldh9rO+xm+/9h2IHuHgiMwFUYV0tNXnQzuaEi
LscD7y4iB4liGRpJf29z5VEAi4VNIvSgc3CxKz5bDnwyXBYJNffOGrA42dueSLGw
Vhqkrpx6tkzUe42OpOjGnbzUhzeAETumpX0UX1lu8CpIk/ufo1O/DczhKlI7i8Qb
cS5/o1T55o4fc9bwzGH58PbfX6AYN4Rzjd2BvOL9reKKzCJvmU2PZfUAh+AIXE/z
4ndBmenmpwFD/nxDbkRiN88q2OJ1NTKGlqjRFQIDAQABAoIBACAT3HLfHKsY3ChD
9yibJAvSDuENWPRF9kYIgauagrK58G+mWsxUwS8Or03o4PoXAzw8q6Zd99O9cBMZ
WbzP2DM+BItl6j9rUQiCZZw077FY011a9EkZ8Ya6WRG1HU3TFadpD2iqAYniFreU
ogbV5JUNQ5sa5rTsrWn2McsrAolCSkTgVfrppZ4x2mBa1GGfVg6F+1yigZdABgw5
ZOhWXU2LgY0BPY/4s1m0w5EhsAxdNR1Rm7RGbso70LFtMg9VRQ+T6G6VWco/H0xy
vlcPGlYEQtJMK6wtHmJG/BDnAe/WRfd0q44pjKoI3L4Dm1X3Hs5fi3TF88RSwHLT
E8eS5CECgYEA7vQ/oRhLl9Ylqp1X40+ejy8N1GJT5jb4fX/TVCZkzmjpqzRlXxCj
317FnsQrJeOxVqkBb5r3N5juywPbERmZrXvWQOcUeEeY0c3aIp0lBUYSWpIRN7OA
QHo80BlpufpCV2Ek0Ha1h8ZVdQ35xoaMnNGvibmh3HYoy1ky1it47O0CgYEAwKWa
7D6KIMwgLNPYQzXhj18rPucK/K7wIT2TTbT0uFsDuMYQwGhLQznYTsyuS+11Ig4U
QnhW9xgSVyYwYokdLMkn+x0SMjL2wKyVCWgSkAQEUWuAb+IobGcklB7G/iSBQE3c
OH1cGtcSZrezFzfPqf6x7cq4eQ6mjWFiiqzzl8kCgYBmP1d2zFmUWAr4DanM14Xm
iODnD0gNS1pbATZhXKhn9lZ+bsYtvoYQj5IKVLCN3vdEOL8njWzZenQ7pKO5lnW+
2S2dygNlUGWg6O+9PfbYYdp6rOP3LLTlYijhdu5ZqS94ClZhaVpWBdUNaHSHsY07
kTIGwcrz9g+Qq9Nn92QgJQKBgQCbg9R5i87jxQTgSy+UqiVpINF/WPIEo5ATtWp5
W3AGduqdOb8CI+9F2KdmjVLS1mEtWaI/Ongxxkvf8GM02C0mH0jYLVKoFX4ecfNq
AYqimauGsrqfFzm8sNLVg7buKDfy2ifBrmkw/ZfMNdUsFBDe0U1/gZvDlfEbxpbP
DekjCQKBgErDnSo5qu36ev7Q9NHCJPsSHNverJ8RNBMZ9p1RxwNsInQd/9aTbGe3
0+2bq3TL9nolTHOnzj0bYdGpOOpTU3JcFOaweF0ckFEm1pZ9HtySuyvkfoX86n2m
E8MCJu75YT9zrRR+UD61eC72H4tFaI+LLDKiad5DzXCGUl0sCRzJ
-----END RSA PRIVATE KEY-----
将私钥的内容复制一下
3.4.3 进行Git参数化构建
(1)配置Git Parameter插件
(2)配置Git远程仓库
[root@jenkins .ssh]# cd /test/
[root@jenkins test]# cd app/
[root@jenkins app]# ls
test
[root@jenkins app]# git branch dev
[root@jenkins app]# git checkout dev
Switched to branch ‘dev‘
[root@jenkins app]# git branch
* dev
master
[root@jenkins app]# echo "dev" >> test
[root@jenkins app]# git add *
[root@jenkins app]# git commit -m "111"
[dev 6370db7] 111
1 file changed, 1 insertion(+)
[root@jenkins app]# git push origin dev
Counting objects: 5, done.
Writing objects: 100% (3/3), 245 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@10.1.1.135:/home/git/repos/app.git
* [new branch] dev -> dev
[root@jenkins app]# git branch test
[root@jenkins app]# git checkout test
Switched to branch ‘test‘
[root@jenkins app]# git branch
dev
master
* test
[root@jenkins app]# echo "ll" >> test
[root@jenkins app]# git add *
[root@jenkins app]# git commit -m "111"
[test d7dcd17] 111
1 file changed, 1 insertion(+)
[root@jenkins app]# git push origin test
Counting objects: 5, done.
Writing objects: 100% (3/3), 249 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@10.1.1.135:/home/git/repos/app.git
* [new branch] test -> test
标签:合并 rsa 安全 lease tor 获取 密钥 branch eset
原文地址:https://www.cnblogs.com/wsnbba/p/10195197.html