Home | 简体中文 | 繁体中文 | 杂文 | 知乎专栏 | 51CTO学院 | CSDN程序员研修院 | Github | OSChina 博客 | 腾讯云社区 | 阿里云栖社区 | Facebook | Linkedin | 打赏(Donations) | About
知乎专栏多维度架构

1.9. CI / CD

https://gitlab.com/gitlab-examples

	
Gitlab(仓库) -> Gitlab Runner(持续集成/部署) -> Remote host(远程部署主机)
	
	

1.9.1. 远程服务器配置

为远程服务器创建 www 用户,我们将使用该用户远程部署,远程启动程序。

			
[root@netkiller ~]# groupadd -g 80 www
[root@netkiller ~]# adduser -o --uid 80 --gid 80 -G wheel -c "Web Application" www
[root@netkiller ~]# id www
uid=80(www) gid=80(www) groups=80(www),10(wheel)
[root@netkiller ~]# PASSWORD=$(cat /dev/urandom | tr -dc [:alnum:] | head -c 32)
[root@netkiller ~]# echo www:${PASSWORD} | chpasswd
[root@netkiller ~]# echo "www password: ${PASSWORD}"
www password: 0Uz1heY9v9KJyRKbvTi0VlAzfEoFW9GH	
			
		

		
mkdir -p /opt/netkiller.cn/www.netkiller.cn
chown www:www -R /opt/netkiller.cn
		
		

1.9.2. 配置 CI / CD

进入项目设置界面,点击 Settings,再点击 CI / CD

点击 Expand 按钮 展开 Runners

这时可以看到 Set up a specific Runner manually, 后面会用到 http://192.168.1.96/ 和 zASzWwffenos6Jbbfsgu

1.9.2.1. 安装 GitLab Runner
Install GitLab Runner
				
curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash
dnf install gitlab-runner

cp /etc/gitlab-runner/config.toml{,.original}

systemctl enable gitlab-runner			
				
			
1.9.2.2. 注册 gitlab-runner

使用 SSH 登录 Gitlab runner 服务器,运行 gitlab-runner register

			
[root@localhost ~]# gitlab-runner register
Runtime platform                                    arch=amd64 os=linux pid=92925 revision=ac2a293c version=11.11.2
Running in system-mode.                            
                                                   
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
http://192.168.1.96/
Please enter the gitlab-ci token for this runner:
zASzWwffenos6Jbbfsgu
Please enter the gitlab-ci description for this runner:
[localhost.localdomain]: 
Please enter the gitlab-ci tags for this runner (comma separated):

Registering runner... succeeded                     runner=zASzWwff
Please enter the executor: docker, docker-ssh, shell, ssh, docker-ssh+machine, parallels, virtualbox, docker+machine, kubernetes:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! 
			
			

返回 gitlab 查看注册状态

1.9.3. Shell 执行器

Registering Runners
				
[root@gitlab ~]# gitlab-runner register
Runtime platform                                    arch=amd64 os=linux pid=1020084 revision=c1edb478 version=14.0.1
Running in system-mode.                            
                                                   
Enter the GitLab instance URL (for example, https://gitlab.com/):
http://192.168.30.5/
Enter the registration token:
DyKdKyaJaq5KN-irgNGz
Enter a description for the runner:
[gitlab]: 
Enter tags for the runner (comma-separated):

Registering runner... succeeded                     runner=DyKdKyaJ
Enter an executor: parallels, virtualbox, docker+machine, custom, docker, docker-ssh, shell, ssh, docker-ssh+machine, kubernetes:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! 
				
		
1.9.3.1. /etc/gitlab-runner/config.toml
				
[root@gitlab ~]# cat /etc/gitlab-runner/config.toml
concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "gitlab"
  url = "http://192.168.30.5/"
  token = "kVkzjDM74xZUN-aKbdPp"
  executor = "shell"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]			
				
			
1.9.3.2. 生成 SSH 证书

持续集成和部署运行在 gitlab-runner 用户下,切换到 gitlab-runner 用户

			
[root@gitlab ~]# su - gitlab-runner
Last login: Mon Jul 19 19:01:37 CST 2021			
			
			

生成 SSH 证书

				
[gitlab-runner@gitlab ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/gitlab-runner/.ssh/id_rsa): 
Created directory '/home/gitlab-runner/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/gitlab-runner/.ssh/id_rsa.
Your public key has been saved in /home/gitlab-runner/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:l90LYBeSF9l9JHXJUHeO+IyvscCziz4C8vFNpJoKEjo gitlab-runner@gitlab
The key's randomart image is:
+---[RSA 3072]----+
|          ..o===B|
|          ..oo.**|
|          o.o . o|
|        .. = =   |
|.      oS o + +  |
|... o . .o   o . |
|E  o * o  + . o  |
|.o  + o o. + +   |
|  ..   oo.o.o    |
+----[SHA256]-----+
[gitlab-runner@gitlab ~]$ 				
				
			

正常情况下,当我们链接一个 SSH 主机,会让我们输入 yes 确认继续链接。

			
[gitlab-runner@gitlab ~]$ ssh www@192.168.40.10
The authenticity of host '192.168.40.10 (192.168.40.10)' can't be established.
ECDSA key fingerprint is SHA256:xmFF266MPdXhnlAljS+QWhQsw6jOw1sOwQXRr/PHi2w.
Are you sure you want to continue connecting (yes/no/[fingerprint])?			
			
			

配置 SSH

			
[gitlab-runner@gitlab ~]$ cat > ~/.ssh/config <<'EOF'
Host *
	ServerAliveInterval=30
	StrictHostKeyChecking no
	UserKnownHostsFile=/dev/null
EOF

chmod 600 -R ~/.ssh/config			
			
			

授权远程执行 Shell

			
[gitlab-runner@gitlab ~]$ ssh-copy-id www@www.netkiller.cn	
			
			
1.9.3.3. Java 环境
			
[root@gitlab ~]# dnf install -y java-11-openjdk
[root@gitlab ~]# dnf install -y maven
			
			

修改 Maven 镜像路

			
[root@gitlab ~]# vim /etc/maven/settings.xml
  <mirrors>
    <mirror>
      <id>aliyun</id>
      <name>aliyun maven</name>
      <url>http://maven.aliyun.com/nexus/content/groups/public/</url>
      <mirrorOf>central</mirrorOf>
    </mirror>
  </mirrors>			
			
			

切换到 gitlab-runner 用户,随便运行一下 mvn 命令,这样就会产生 ~/.m2 文件夹

			
[root@gitlab ~]# su - gitlab-runner		
[gitlab-runner@gitlab ~]$ mvn	
			
			

			


			
			
			
			
			
			
1.9.3.4. NodeJS
			
[root@netkiller ~]# dnf install -y nodejs
			
			

安装 cnpm

			
[root@netkiller ~]# npm config set registry https://registry.npm.taobao.org
[root@netkiller ~]# npm config get registry
https://registry.npm.taobao.org/
[root@netkiller ~]# npm install -g cnpm		
			
			

yarn

		
[root@netkiller ~]# curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo
[root@netkiller ~]# dnf install -y yarn
		
			

pm2 进程管理

		
[root@netkiller ~]# npm install -g pm2	
		
			

设置 pm2 启动开启

		
[root@netkiller ~]# pm2 startup
[root@netkiller ~]# pm2 save --force
[root@netkiller ~]# systemctl enable pm2-root
[root@netkiller ~]# systemctl start pm2-root
[root@netkiller ~]# systemctl status pm2-root
		
			
1.9.3.5. 远程执行 sudo 提示密码
			
[gitlab-runner@gitlab api.sfzito.com]$ ssh www@192.168.40.10 "sudo ls"
Warning: Permanently added '192.168.40.10' (ECDSA) to the list of known hosts.
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
			
			

解决方案一

			
ssh -t www@www.netkiller.cn "echo <yourpassword> |sudo -S <yourcommand>"
			
			

解决方案二

			
cat > /etc/sudoers.d/www <<-EOF
www    ALL=(ALL)    NOPASSWD: ALL			
EOF
			
			

1.9.4. Docker 执行器