極客時間運維進階訓練營第四周作業

1、部署 jenkins master 及多 slave 環境

apt update && apt install -y openjdk-11-jdk
install -d /var/lib/jenkins

　　

 

 

 

 

 

 

 

 

 

 

 

 

 

2、基於 jenkins 視圖對 jenkins job 進行分類

 

 

 

 

 

 

3、總結 jenkins pipline 基本語法

stage ：一個pipline可以劃分爲若干個stage，每個stage都是一個操作，是一個邏輯分組，可以是跨node執行不同的 stage
step： jenkins pipline的最小操作單元，一個stage可以有多個step
node： jenkins 工作節點，可以是master 也可以是slave，是執行step的 具體服務器
input: 在流水線中實現交互式操作
post：發送郵件，always success 常用
enviroment: 可以設置環境變量，通過$ 在流水線中引用
parameters：可以給step 傳遞參數，設置在Jenkinsfile即可生效

4、部署代碼質量檢測服務 sonarqube

部署PostgresSQL並設置數據庫

apt update
apt-cache madison postgresql
apt install postgresql -y
#初始化數據庫
pg_createcluster --start 14 mycluster

cp /etc/postgresql/14/mycluster/postgresql.conf{,.bak}

echo "listen_addresses = '*'" >> /etc/postgresql/14/mycluster/postgresql.conf
sed -i 's/max_connections\ =\ 100/max_connections\ =\ 4096/g' /etc/postgresql/14/mycluster/postgresql.conf

cp /etc/postgresql/14/mycluster/pg_hba.conf{,.bak}
sed -i '/host.*all.*all.*127.*32.*/d' /etc/postgresql/14/mycluster/pg_hba.conf
echo "host    all             all             0.0.0.0/0            scram-sha-256" >> /etc/postgresql/14/mycluster/pg_hba.conf

systemctl restart postgresql

#postgressql 爲sonar創建用戶
su - postgres
psql -U postgres

#創建sonar數據庫
CREATE DATABASE sonar;
#創建sonar用戶密碼爲123456
CREATE USER sonar WITH ENCRYPTED PASSWORD '123456';
#授權用戶訪
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
#執行變更
ALTER DATABASE sonar OWNER TO sonar;

　　

安裝sonar

apt update &&\
apt install -y openjdk-11-jdk

echo "vm.max_map_count=524288" >> /etc/sysctl.conf
echo "fs.file-max=131072" >> /etc/sysctl.conf
sysctl -p

#檢查
 sysctl -a |grep 524288
# vm.max_map_count = 524288


cd /usr/local/src/ &&\
curl -O https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.10.61524.zip &&\
unzip sonarqube-8.9.10.61524.zip

BASE_DIR="/apps"
if [[ ! -d "${BASE_DIR}" ]]; then
    mkdir -p "${BASE_DIR}"
fi
 mv /usr/local/src/sonarqube-8.9.10.61524 /apps/
ln -sv /apps/sonarqube-8.9.10.61524 /apps/sonarqube
useradd -r -m -s /bin/bash sonarqube
chown sonarqube.sonarqube /apps -R
su - sonarqube


cp /apps/sonarqube/conf/sonar.properties{,.bak}

tee -a  /apps/sonarqube/conf/sonar.properties << "EOF"
sonar.jdbc.username=sonar
sonar.jdbc.password=123456
sonar.jdbc.url=jdbc:postgresql://192.168.56.106/sonar

EOF

#啓動
/apps/sonarqube/bin/linux-x86-64/sonar.sh start

#停止
/apps/sonarqube/bin/linux-x86-64/sonar.sh stop

#配置systemd啓動
tee -a /etc/systemd/system/sonarqube.service <<"EOF"
[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=simple
User=sonarqube
Group=sonarqube
PermissionsStartOnly=true
ExecStart=/bin/nohup /usr/bin/java -Xms512m -Xmx512m -Djava.net.preferIPv4Stack=true -jar /apps/sonarqube/lib/sonar-application-8.9.10.61524.jar
StandardOutput=syslog
LimitNOFILE=131072
LimitNPROC=8192
TimeoutStartSec=5
Restart=always
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl  restart sonarqube && systemctl enable sonarqube

　　

安裝sonar scanner

cd /usr/local/src/ &&\
unzip sonar-scanner-cli-4.7.0.2747.zip
if [[ ! -d /apps ]]; then
    mkdir /apps
fi

mv /usr/local/src/sonar-scanner-4.7.0.2747 /apps/
ln -sfv /apps/sonar-scanner-4.7.0.2747 /apps/sonar-scanner


tee -a /apps/sonar-scanner/conf/sonar-scanner.properties << "EOF"
sonar.host.url=http://192.168.56.105:9000
sonar.sourceEncoding=UTF-8
EOF

　　

5、基於命令、shell 腳本和 pipline 實現代碼質量檢測

命令式

root@jenkins:~# tree python-test/
python-test/
├── sonar-project.properties
└── src
    └── test.py

1 directory, 2 files
root@jenkins:~/python-test# cat sonar-project.properties
# Required metadata
sonar.projectKey=magedu-python
sonar.projectName=magedu-python-app1
sonar.projectVersion=1.0

# Comma-separated paths to directories with sources (required)
sonar.sources=src

# Language
sonar.language=py

# Encoding of the source files
sonar.sourceEncoding=UTF-8

root@jenkins:~/python-test# /apps/sonar-scanner/bin/sonar-scanner

　　

shell 腳本

cd /data/gitdata/linux &&\
git clone [email protected]:linux/app2.git
cd app2 &&\
/apps/sonar-scanner/bin/sonar-scanner

/apps/sonar-scanner/bin/sonar-scanner -Dsonar.projectKey=iclinx -Dsonar.projectName=iclinux-python-app3 -Dsonar.projectVersion=1.3 -Dsonar.sources=./src -Dsonar.language=py -Dsonar.sourceEncoding=UTF-8
　　

　

pipeline

pipeline {
    agent any
    parameters {
        string(name: 'BRANCH', defaultValue: 'develop', description: '分支選擇')
        choice(name: 'DEPLOY_ENV', choices: ['develop', 'production'], description: '部署環境選擇')
    }
    stages {
        stage('變量測試1'){
            steps {
                sh "echo $env.WORKSPACE"
                sh "echo $env.JOB_URL"
                sh "echo $env.NODE_NAME"
                sh "echo $env.NODE_LABELS"
                sh "echo $env.JENKINS_URL"
                sh "echo $env.JENKINS_HOME"
            }
        }
        stage('代碼克隆'){
            steps {
                deleteDir()
                script {
                    if ( env.BRANCH == 'main' ){
                        git branch: 'main', credentialsId: 'root', url: 'https://gitlab.iclinux.com/linux/app2.git'

                    } else if ( env.BRANCH == 'develop' ) {
                        git branch: 'develop', credentialsId: 'root', url: 'https://gitlab.iclinux.com/linux/app2.git'

                    } else {
                        echo 'BRANCH ERROR, please check it.'
                    }
                    GIT_COMMIT_TAG = sh(returnStdout: true, script: 'git rev-parse --shart HEAD').trim()
                }
            }
        }
        stage('python源代碼質量掃描'){
            steps {
                sh "cd $env.WORKSPACE && /apps/sonar-scanner/bin/sonar-scanner -Dsonar.projectKey=iclinx -Dsonar.projectName=iclinux-python-app3 -Dsonar.projectVersion=1.3 -Dsonar.sources=./src -Dsonar.language=py -Dsonar.sourceEncoding=UTF-8"
            }
        }
    }
}