1.分別配置兩臺tomcat後端服務的java環境
1)準備jdk8壓縮包
[root@tomcat jdk]# pwd
/usr/local/src/jdk
root@tomcat jdk]# ls
jdk-8u211-linux-x64.tar.gz
2)解壓jdk壓縮包當前目錄下並創建軟連接
[root@tomcat jdk]# tar xvf jdk-8u211-linux-x64.tar.gz
[root@tomcat jdk]# ln -sv jdk1.8.0_211/ jdk
3)配置java的環境變量並生效
[root@tomcat ~]# vim /etc/profile
……
export JAVA_HOME=/usr/local/src/jdk/jdk
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib
export TOMCAT_HOME=/usr/local/src/tomcat/tomcat
export PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin:$TOMCAT_HOME/bin
[root@tomcat ~]# source /etc/profile
4)測試java環境
[root@tomcat ~]# echo $JAVA_HOME
/usr/local/src/jdk/jdk
[root@tomcat ~]# echo $CLASSPATH
/usr/local/src/jdk/jdk/lib/:/usr/local/src/jdk/jdk/jre/lib
[root@tomcat ~]# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/local/src/jdk/jdk/bin:/usr/local/src/jdk/jdk/jre/bin:/usr/local/src/tomcat/tomcat/bin:/root/bin
[root@tomcat ~]# java -version #查看java的版本
java version "1.8.0_211"
Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)
2.分別安裝配置tomcat服務
1)準備tomcat二進制壓縮包
[root@tomcat tomcat]# pwd
/usr/local/src/tomcat
[root@tomcat tomcat]# ls
apache-tomcat-8.5.43.tar.gz
2)解壓tomcat壓縮文件並創建軟連接
[root@tomcat tomcat]# tar xvf apache-tomcat-8.5.43.tar.gz
[root@tomcat tomcat]# ln -sv apache-tomcat-8.5.43 tomcat
3)啓動tomcat服務
[root@tomcat ~]# /usr/local/src/tomcat/tomcat/bin/catalina.sh start
4)查看啓動端口
[root@tomcat ~]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=3716,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=3936,fd=13))
LISTEN 0 100 :::8009 :::* users:(("java",pid=5861,fd=54))
LISTEN 0 100 :::8080 :::* users:(("java",pid=5861,fd=49))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=3716,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=3936,fd=14))
LISTEN 0 1 ::ffff:127.0.0.1:8005 :::* users:(("java",pid=5861,fd=75))
5)瀏覽器訪問測試“主tomcat服務”
6)瀏覽器訪問測試“備tomcat-1服務”
3.分別配置兩臺keepalived+haproxy高可用分離調度服務
1)安裝高可用服務keepalived
[root@keepalive_haproxy ~]# yum install keepalive -y
2)修改keepalived配置文件
[root@keepalive_haproxy ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id haproxy #在備份服務中的路由id設置爲 ”haproxy-1“,不可相同
vrrp_skip_check_adv_addr
# vrrp_strict #禁用掉vrrp,否則只支持組播不支持單播模式
vrrp_iptables #開啓不自動添加防火牆規則,避免無法訪問此主機
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #設置爲主服務,在備份服務中設置爲”BACKUP“,備份服務
interface eth0 #綁定的網卡
virtual_router_id 51 #實例路由id號,此id號主備服務可相同
priority 100 #優先級,備份服務優先級必須小於100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.23/ dev eth0 label eth0:0 #將虛擬vip綁定到本地eth0網卡並取名爲eth0:0
}
unicast_src_ip 192.168.1.10 #單播源地址ip,在備份服務中設置源ip爲192.168.1.11
unicast_peer{
192.168.1.11 #單播目標地址ip,在備份服務中設置目標ip爲192.168.1.10
}
}
3)分別啓動keepalived服務
主keepalivd:
[root@keepalive_haproxy ~]# systemctl start keepalived
root@keepalive_haproxy ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-08-05 18:10:00 CST; 21s ago
Process: 4313 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 4314 (keepalived)
[root@keepalive_haproxy ~]# ip a
……
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:36:53:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.10.23/0 scope global eth0:0 #綁定的虛擬vip
valid_lft forever preferred_lft forever
……
備keepalivd:
[root@keepalive_haproxy ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-08-05 17:32:01 CST; 40min ago
Process: 3712 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 3853 (keepalived)
[root@keepalive_haproxy ~]# ip a #沒有看到虛擬vip,當主服務掛掉,虛擬vip會自動漂移到此主機
……
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:c4:e2:07 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.11/24 brd 192.168.1.255 scope global eth0
……
4)分別配置兩臺調度服務內核參數
[root@keepalive_haproxy ~]# vim /etc/sysctl.conf
……
net.ipv4.ip_nonlocal_bind = 1 #開啓非本地ip綁定,避免haproxy無法綁定非本機ip
net.ipv4.ip_forward = 1 #開啓路由轉發功能
5)生效內核參數
[root@keepalive_haproxy ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
6)分別編譯安裝好haproxy,以下爲編譯安裝後的路徑
[root@keepalive_haproxy haproxy]# pwd
/usr/local/src/haproxy
[root@keepalive_haproxy haproxy]# ls
doc sbin share
7)再修改配置文件,兩臺服務配置文件必須保持相同
[root@keepalive_haproxy ~]# vim /etc/haproxy/haproxy.cfg
Global
maxconn 100000 #每個進程併發最大連接數
chroot /usr/local/src/haproxy #鎖定 運行的目錄
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
stats socket /usr/local/src/haproxy/haproxy.sock mode 600 level admin #自定義sock
文件路徑,此路徑下haproxy啓動用戶必須有權限創建haproxy.sock文件,否則服務無法
啓動,此sock文件爲提供手動下線後端服務功能,也可註釋掉不創建sock文件
uid 88 #執行haproxy的用戶身份
gid 88 #所屬的組
daemon
nbproc 2 #開啓的線程數
cpu-map 1 0 #綁定到cup的第0號核心
cpu-map 2 1 #綁定到cup的第1號核心
pidfile /run/haproxy.pid #pid文件路徑
log 127.0.0.1 local3 info #定義全局syslog
defaults #默認設置,爲前端、後端及listen默認設置
option http-keep-alive
option forwardfor #ip透傳
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats #開啓監聽狀態頁
mode http #http協議
bind 0.0.0.0:9999 #狀態頁訪綁定的端口
stats enable #開啓狀態頁
log global #全局日誌
stats uri /haproxy-status #狀態也路徑
stats auth admin:123456 #狀態頁登錄的用戶名及密碼
listen web_port #監聽的服務
bind 192.168.10.23:80 #綁定的虛擬vip及端口,當外網訪問此虛擬vip時會自動調度到後端服務
mode http #http協議
balance roundrobin #調度算法 roundrobin動態輪詢
log global #全局日誌
server 192.168.1.20 192.168.1.20:8080 check inter 3000 fall 2 rise 5 #調度的後端服務
server 192.168.1.21 192.168.1.21:8080 check inter 3000 fall 2 rise 5 #調度的後端服務
8)創建haproxy啓動用戶
[root@keepalive_haproxy haproxy]# useradd -r -s /sbin/nologin haproxy -u 88
9)分別創建haproxy啓動腳本
[root@keepalive_haproxy haproxy]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAproxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecStop=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
10)分別啓動haproxy服務
[root@keepalive_haproxy haproxy]# systemctl start haproxy
root@keepalive_haproxy haproxy]# systemctl status haproxy
● haproxy.service - HAproxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-08-05 17:31:48 CST; 1h 25min ago
Process: 3716 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
Main PID: 3769 (haproxy)
[root@keepalive_haproxy haproxy]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:9999 *:* users:(("haproxy",pid=3828,fd=5),("haproxy",pid=3827,fd=5))
LISTEN 0 128 192.168.10.23:80 *:* users:(("haproxy",pid=3828,fd=7),("haproxy",pid=3827,fd=7))
……
11)haproxy狀態頁訪問
12)瀏覽器訪問調度服務,成功調度到後端服務
4.創建Jenkins的執行腳本,用以實現通過Jenkins的選項參數來自動測試、部署、回滾代碼(事先搭建好jenkins、gitlab、sonaqube等服務,其中jenkins要安裝scanner掃描器)
1)自定義創建指定的jenkins服務工作目錄
[root@jenkins]# mkdir /data/jenkins/worker -pv
2)jenkins服務器腳本的保存路徑
[root@jenkins jenkins]# pwd
/data/jenkins
3)jenkins服務器編輯腳本
[root@jenkins jenkins]# vim project.sh
#!/bin/bash
#jenkins參數選項
time=`date +%Y-%m-%d_%H-%M-%S`
method=$1
group=$2
branch=$3
#後端tomcat服務ip地址組
ip_value(){
if [[ $group == "group1" ]];then
ip_list="192.168.1.20"
echo ${ip_list}
elif [[ $group == "group2" ]];then
ip_list="192.168.1.21"
echo ${ip_list}
ssh [email protected] "echo "enable server web_port/192.168.1.20" | socat stdio /usr/local/src/haproxy/haproxy.sock"
ssh [email protected] "echo "enable server web_port/192.168.1.20" | socat stdio /usr/local/src/haproxy/haproxy.sock"
elif [[ $group == "group3" ]];then
ip_list="192.168.1.20 192.168.1.21"
echo ${ip_list}
fi
}
#代碼先部署至Jenkins服務端
code_deploy(){
cd /data/jenkins/worker
rm -rf ./*
git clone -b $branch [email protected]:jie/web-page.git
}
#代碼測試
code_test(){
cd /data/jenkins/worker/web-page
cat > sonar-project.properties <<eof
sonar.projectKey=one123456
sonar.projectName=code-test
sonar.projectVersion=1.0
sonar.sources=./
sonar.language=php
sonar.sourceEncoding=UTF-8
eof
/data/scanner/sonar-scanner/bin/sonar-scanner
}
#代碼壓縮
code_compress(){
cd /data/jenkins/worker/
rm -f web-page/sonar-project.properties
tar czvf code-tar.gz web-page
}
#調度器剝離後端服務
haproxy_down(){
for ip in ${ip_list};do
echo $ip
ssh [email protected] "echo "disable server web_port/${ip}"|socat stdio /usr/local/src/haproxy/haproxy.sock"
ssh [email protected] "echo "disable server web_port/${ip}"|socat stdio /usr/local/src/haproxy/haproxy.sock"
done
}
#後端服務下線
backend_stop(){
for ip in ${ip_list};do
echo $ip
ssh root@$ip "/usr/local/src/tomcat/tomcat/bin/catalina.sh stop"
done
}
#部署代碼到後端服務站點
scp_backend(){
for ip in ${ip_list};do
echo $ip
scp /data/jenkins/worker/code-tar.gz root@${ip}:/usr/local/src/tomcat/tomcat/web-code/${time}-code-tar.gz
ssh root@${ip} "tar xvf /usr/local/src/tomcat/tomcat/web-code/${time}-code-tar.gz -C /usr/local/src/tomcat/tomcat/webapps"
done
}
#啓動後端服務
backend_start(){
for ip in ${ip_list};do
echo $ip
ssh root@$ip "/usr/local/src/tomcat/tomcat/bin/catalina.sh start"
sleep 6
done
}
#測試訪問後端服務
backend_test(){
for ip in ${ip_list};do
echo $ip
status_code=`curl -I -s -m 6 -o /dev/null -w %{http_code} http://${ip}:8080`
if [ ${status_code} -eq 200 ];then
echo "訪問測試成功,後端代碼部署成功"
if [[ $ip == "192.168.1.21" ]];then
ssh [email protected] "echo "enable server web_port/${ip}" | socat stdio /usr/local/src/haproxy/haproxy.sock"
ssh [email protected] "echo "enable server web_port/${ip}" | socat stdio /usr/local/src/haproxy/haproxy.sock"
fi
else
echo "訪問測試失敗,請重新部署代碼至後端服務"
fi
done
}
#代碼回滾
code_rollback(){
for ip in ${ip_list};do
echo $ip
last_version=`ssh root@${ip} "ls -l -t /usr/local/src/tomcat/tomcat/web-code/" | awk 'NR==3{print $NF}'`
ssh root@${ip} " tar xvf /usr/local/src/tomcat/tomcat/web-code/$last_version -C /usr/local/src/tomcat/tomcat/webapps"
done
echo "tomcat代碼回滾成功,回到上一版本,下一步進行訪問測試"
}
#主菜單命令
main(){
case $1 in
deploy)
ip_value;
code_deploy;
code_test;
code_compress;
haproxy_down;
backend_stop;
scp_backend;
backend_start;
backend_test;
;;
rollback)
ip_value;
haproxy_down;
backend_stop;
code_rollback;
backend_start;
backend_test;
;;
esac
}
main $1 $2 $3
4)再各後端創建好代碼壓縮文件保存路徑
主tomcat:
[root@tomcat tomcat]# mkdir web-code
[root@tomcat tomcat]# pwd
/usr/local/src/tomcat/tomcat
備tomcat-1:
[root@tomcat-1 tomcat]# mkdir web-code
[root@tomcat-1 tomcat]# pwd
/usr/local/src/tomcat/tomcat
5)再jenkins服務設置好免密祕鑰登錄各服務
[root@jenkins jenkins]# ssh-copy-id 192.168.1.10
[root@jenkins jenkins]# ssh-copy-id 192.168.1.11
[root@jenkins jenkins]# ssh-copy-id 192.168.1.20
[root@jenkins jenkins]# ssh-copy-id 192.168.1.21
5.再gitlab服務器克隆並推送代碼
1)克隆指定的develop分支代碼
root@ubuntu1804:~# git clone -b develop http://192.168.1.30/jie/web-page.git
Cloning into 'web-page'...
Username for 'http://192.168.1.30': jie
Password for 'http://[email protected]':
remote: Enumerating objects: 39, done.
remote: Counting objects: 100% (39/39), done.
remote: Compressing objects: 100% (22/22), done.
remote: Total 39 (delta 4), reused 27 (delta 4)
Unpacking objects: 100% (39/39), done.
2)查看克隆的所包含的代碼文件
root@ubuntu1804:~# ls web-page/
index.html Math.php
3)修改代文件
root@ubuntu1804:~/web-page# cat index.html
<h1>welcome to tomcat page</h1>
<h3>simple-version v1</h3>
4)推送v1版代碼至gitlab代碼庫
root@ubuntu1804:~/web-page# git add ./*
root@ubuntu1804:~/web-page# git commit -m 'v1'
[develop d0dd713] v1
1 file changed, 2 insertions(+), 2 deletions(-)
root@ubuntu1804:~/web-page# git push
Username for 'http://192.168.1.30': jie
Password for 'http://[email protected]':
Counting objects: 3, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 316 bytes | 316.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: To create a merge request for develop, visit:
remote: http://192.168.1.30/jie/web-page/merge_requests/new?merge_request%5Bsource_branch%5D=develop
remote:
To http://192.168.1.30/jie/web-page.git
c10f5bf..d0dd713 develop -> develop
6.jenkins的配置文件修改及選項參數構建
1)創建一個項目code-test
2)配置此項目的configure文件,添加選項參數、字符參數且與腳本文件中的選項相對應
3)配置jenkins的shell腳本命令,此腳本實現代碼的測試、部署以及 回滾
4)保存以上配置,然後部署第一組後端服務主tomcat
5)控制檯輸出信息
6)直接瀏覽器訪問主tomcat服務驗證是否部署成功
7)再部署第二組後端服務備tomcat-1
8)控制檯輸出部署成功信息
9)分別查看後端服務部署的相關代碼文件,確定代碼文件是否部署到後端服務
主tomcat服務端:
[root@tomcat tomcat]# pwd/usr/local/src/tomcat/tomcat
[root@tomcat tomcat]# ll web-code/
total 16
-rw-r--r-- 1 root root 14910 Aug 4 18:23 2019-08-04_18-23-01-code-tar.gz
[root@tomcat webapps]# pwd
/usr/local/src/tomcat/tomcat/webapps
[root@tomcat webapps]# cat web-page/index.html
<h1>welcome to tomcat page</h1>
<h3>simple-version v1</h3>
備tomcat-1服務端:
[root@tomcat-1 tomcat]# pwd
/usr/local/src/tomcat/tomcat
[root@tomcat-1 tomcat]# ll web-code/
total 16
-rw-r--r-- 1 root root 14910 Aug 4 18:23 2019-08-04_18-23-01-code-tar.gz
[root@tomcat-1 webapps]# pwd
/usr/local/src/tomcat/tomcat/webapps
[root@tomcat-1 webapps]# cat web-page/index.html
<h1>welcome to tomcat page</h1>
<h3>simple-version v1</h3>
10)直接瀏覽器訪問備tomcat1服務驗證是否部署成功,如下所示備tomcat-1代碼也部署成功
11)最後通過瀏覽器haproxy調度器,成功調度到後端服務tomcat
12)代碼測試結果
7.將後端服務代碼升級到v2新版本
1)在gitlab服務器更新代碼
root@ubuntu1804:~/web-page# cat index.html
<h1>welcome to tomcat page</h1>
<h3>enhanced-version v2--- Handled bugs on the old v1</h3>
2)在gitlab服務器再次推送v2新版本代碼至gitlab代碼庫
root@ubuntu1804:~/web-page# git add ./*
root@ubuntu1804:~/web-page# git commit -m 'v2'
[develop 2512294] v2
1 file changed, 1 insertion(+), 1 deletion(-)
root@ubuntu1804:~/web-page# git push
Username for 'http://192.168.1.30': jie
Password for 'http://[email protected]':
Counting objects: 3, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 344 bytes | 344.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: To create a merge request for develop, visit:
remote: http://192.168.1.30/jie/web-page/merge_requests/new?merge_request%5Bsource_branch%5D=develop
remote:
To http://192.168.1.30/jie/web-page.git
d0dd713..2512294 develop -> develop
3)構建參數group3,將所有後端服務全部更新,升級至v2版本
4)查看控制檯執行的結果,顯示部署成功
5)在各後端服務端查看更新的代碼文件,檢查代碼是否更新,並瀏覽器測試訪問
tomcat服務端:
[root@tomcat webapps]# cat web-page/index.html
<h1>welcome to tomcat page</h1>
<h3>enhanced-version v2--- Handled bugs on the old v1</h3>
tomcat-1服務端:
[root@tomcat-1 webapps]# cat web-page/index.html
<h1>welcome to tomcat page</h1>
<h3>enhanced-version v2--- Handled bugs on the old v1</h3>
6)再通過瀏覽器訪問haproxy調度器服務,檢查更新代碼後是否成功調度到後端服務
7)代碼測試結果
8.代碼回滾到舊版本(若v2版本不穩定,則需要將後端服務代碼回滾到舊版本v1,避免影響業務的進行)
1)構建選擇rollback回滾,group3所有後端回滾
2)查看控制檯輸代碼部署輸出信息
3)查看各後端服務代碼文件,檢查代碼是否回滾到v1舊版本,並瀏覽器測試各服務端
主tomcat服務端:
[root@tomcat webapps]# cat web-page/index.html
<h1>welcome to tomcat page</h1>
<h3>simple-version v1</h3>
備tomcat-1服務端:
[root@tomcat-1 webapps]# cat web-page/index.html
<h1>welcome to tomcat page</h1>
<h3>simple-version v1</h3>