CICD cluster construction under CentOS 8 (gitlab)

1. Environmental preparation

host:

hostenvironmentaddress
vm1developer172.20.203.10
vm2gitlab172.20.203.11
vm3jenkins172.20.203.12
vm4testing environment172.20.203.13

Software package: git gitlab jenkins nginx

Turn off the firewall and selinux

[root@vm1 ~]# systemctl stop firewalld
[root@vm1 ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@vm1 ~]# setenforce 0
[root@vm1 ~]# sed -i "s/enforcing/permissive/g" /etc/selinux/config

yum source:

[root@vm2 ~]# cat /etc/yum.repos.d/gitlab.repo 
[gitlab] # Other yum sources are configured with Tsinghua source
name=gitlab
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el8/
gpgcheck=0
enabled=1

Other yum sources are configured with Tsinghua source

2. Cluster construction

1, vm1

[root@vm1 ~]# dnf -y install git

After creating the warehouse in vm2, enter the following command

# Clone the repository to the developer
[root@vm1 ~]# git config --global user.name "devlopment"
[root@vm1 ~]# git config --global user.email "development@test.com"
[root@vm1 ~]# git clone git@172.20.203.11:root/cicdtest.git

2, vm2

[root@vm2 ~]# dnf -y install gitlab-ce 
[root@vm2 ~]# vim /etc/gitlab/gitlab.rb 
# Amend the following
external_url 'http://172.20.203.11'
Save exit
[root@vm2 ~]# gitlab-ctl reconfigure
# We need to wait here for a while
[root@vm2 ~]# gitlab-ctl status # Check whether the service is started
[root@vm2 ~]# cat /etc/gitlab/initial_root_password
# Get password

Browser access 172.20.203.11

The user name is root
The password is the line of password in the file. You can copy and log in

gitlab set Chinese
Click on the top right corner - > Preferences - > language - > save changes

Copy the developer's ssh public key to gitlab

[root@vm2 ~]# ssh vm1
[root@vm1 ~]# ssh-keygen 
[root@vm1 ~]# cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDI2XA0DhDxyY9/Db0VtEU635QedrhI5x000rbsPG1x3EHjZoVj7ZqgBy9lm8MOvMOMJjMLIV9ppk6Jiw8VGOwzxPV9I+1FrktMBIBtJOOenwX14CAhh5Wzt3d5aFVIDtxynLynS6Lh8h/RtAVo8itvXEl3kHzWgttTCNoZXKNmkcaMbrbAskj/OBfOQVcpzuB8VuSJ1UWvDkdj/rqHexOYgo+31gWNHuvAB8J4cOOPMipiuY7T4nK0eZyQQjB3+RYI2lNsvN+yrh+eWrndPtX5dYr3fGKHgHKHZq3vsf6EhzNeKg+1cPJj4ZlKuCEFRt/3XrAvJwx/ir0xvoQwsTcfEwg4wpy96yclptEUnLJ88jm2sAyZWtctmYDKIDB+LITlSOFBcDs0MzcKPeLl54F3G7Mocvf+Jois3L5RF45pyn+FI+146YrT9c1trjKPNj30Rjb2XqnQvQTd3r67MG8MbH/wD0Z4xdzm53y+TUJzRsp0nxC3RO+DsGXjGh8zJYk= root@vm1
# All the way back

Browser access gitlab

Click the top right corner - > Preferences - > ssh key - > copy and paste the queried developer ssh public key - > add key

If it falls, it will be added successfully

Create warehouse

Go back to home - > new project - > create blank project - > new project

The project 'cicdtest' has been created successfully. Success is success


gitlab cannot use webhook on the local network by default, so we need to configure it to allow it
Click menu - > administrator (wrench icon) - > Settings - > Network - > outgoing request - > check allow Webhook and service requests for local network - > save modifications

Add webhook for gitlab auto build project
Click cicdtest warehouse - > Settings - > webhooks - > URL (the URL of Jenkins project) - > Secret token (the token of Jenkins). Just keep the other defaults


Uncheck ssl verification - > add webhooks
If yes, it means the addition is successful

3, vm3

# [root@vm3 ~]# dnf -y install java-11-openjdk # The version is too new. Some plug-ins may not support it, such as gitlab hook
[root@vm3 ~]# dnf -y install java-1.8.0-openjdk
[root@vm3 ~]# java -version # Check the java environment
[root@vm3 ~]# rpm -ivh jenkins-2.289.2-1.1.noarch.rpm 
# This package can be downloaded from Tsinghua source
[root@vm3 ~]# systemctl restart jenkins.service # Start jenkins service
[root@vm3 ~]# systemctl enable jenkins
jenkins.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable jenkins
[root@vm3 ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
# Copy password to login jenkins

Browser access 172.20.203.12:8080

Enter password - > continue - > install recommended plug-ins

Install the plug-in. If the network speed is not good, you need to wait for a while

Continue with admin account - > save and finish - > start using jenkins

Plug in: gitlab gitlab hook
jenkins installation plug-in

Click system management - > plug-in management - > search gitlab

Check restart Jenkins after installation (when idle)

If a plug-in fails to install, you can directly download it from Tsinghua source and upload it to jenkins

Advanced - > upload plugin
You can upload

If you cannot restart, you can manually restart jenkins

[root@vm3 ~]# systemctl restart jenkins.service

Add jenkins server ssh public key to gitlab

[root@vm3 ~]# dnf -y install git # Install git
[root@vm3 ~]# cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCmFE7kcWpiHSNDd3MmfNdHh5c95YwkkDWDy6d9S3CjskPEz016AaTKkTzpOZowEQXLr/AaQngAbTXKODOvPXZ3q3nf4SHnkdaclsmENA3FsyfGasazIRg4yIC5g9jPEDhAaIDC5QRNKUJxyNlgGg6xHjTszGbgOf+ybrFwyzk/7auQ+5o6Q7ROUC1pkibj9HQQ8Vpc5CFa6g7D4AMyRfqPLmVvlqqxFIkqc9u8LSOisy+a8IHi2ebOA6ZpMgJ57OhykZFBviUwtqfa+MLKcSQq9Wiv4C82LM7XcfiezClysoxbVkbriwq+AqS6WE/jUB7k9h3OV80h2L4Zl86rpuPlxa4umSQH87Lq3fGcnRWtMd/5zILbZ+PGxDBKo8+uiWmlFaRPwrMmFHVIIjW6uiRrhG064Ai0SG7R6OUmnnVxEw3l+SzKhPoebDFd6/BmbzUD6qa08yQ+KKV9Edpw+5V+QsQmPr1lCtJd0Ovtp04OCH+9LjmYFivlT0f4VdATBs= root@vm3
# It is consistent with adding the developer's ssh public key in vm2

Clone gitlab warehouse to jenkins server

[root@vm3 ~]# git clone git@172.20.203.11:root/cicdtest.git

Add credentials for jenkins

System management - > Manage credentials - > Jenkins - > unrestricted - > Add credentials

# View ssh private key
[root@vm3 ~]# cat .ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAwphRO5HFqYh0jQ3dzJnzXR4eXPeWMJJA1g8unfUtwo7JDxM9NegG
kypE86TmaMBEFy6/wGkJ4AG01yjgzrz12d6t53+Eh55HWnJbJhDQNxbMnxmrGsyEYOMiAu
YPYzxA4QGiAwuUETSlCccjZYBoOsR407Mxm4Dn/sm6xcMs5P+2rkPuaOkO0TlAtaZIm4/R
0EPFaXOQhWuoOw+ADMkX6jy5lb5aqsRSJKnPbvC0jorMvmvCB4tnmzgOmaTICeezocpGRQ
b4lMLan2vjCynEkKvVor+AvNizO13H4nswpcrKMW1ZG64sKvgKkulhP41Ae5PYdzlfNIdi
+GZfOq6bj5cWuLpkkB/Oy6t3xnJ0VrTHf+cyC22fjxsQwSqPProlppRWkT8KzJhR1SCI1u
roka4RtOuAItEhu0ejlJp51cRMN5fksyoT6HmwxXevwZm81A+qmtPMkPiilfRHacPuVfkL
EJj69ZQrSXdDr7adODgh/vS45mBYr5U9H+FXQEwbAAAFgJ+1cuqftXLqAAAAB3NzaC1yc2
EAAAGBAMKYUTuRxamIdI0N3cyZ810eHlz3ljCSQNYPLp31LcKOyQ8TPTXoBpMqRPOk5mjA
RBcuv8BpCeABtNco4M689dnered/hIeeR1pyWyYQ0DcWzJ8ZqxrMhGDjIgLmD2M8QOEBog
MLlBE0pQnHI2WAaDrEeNOzMZuA5/7JusXDLOT/tq5D7mjpDtE5QLWmSJuP0dBDxWlzkIVr
qDsPgAzJF+o8uZW+WqrEUiSpz27wtI6KzL5rwgeLZ5s4DpmkyAnns6HKRkUG+JTC2p9r4w
spxJCr1aK/gLzYsztdx+J7MKXKyjFtWRuuLCr4CpLpYT+NQHuT2Hc5XzSHYvhmXzqum4+X
Fri6ZJAfzsurd8ZydFa0x3/nMgttn48bEMEqjz66JaaUVpE/CsyYUdUgiNbq6JGuEbTrgC
LRIbtHo5SaedXETDeX5LMqE+h5sMV3r8GZvNQPqprTzJD4opX0R2nD7lX5CxCY+vWUK0l3
Q6+2nTg4If70uOZgWK+VPR/hV0BMGwAAAAMBAAEAAAGASmf5b6CehuOBRUoPDCO1lV5l18
BnsizKE898ULOmCqWUJWqC1jDhCrZ35P2hiF4z6vVaJpVDTF76qeachxBjpSnrLwBoSX7w
45mkVprJMrdKCG/FKBsZZv6SS69yJMyuNhrsuuNbe3S4wlNdqnr937KuTKxRBJe2nYq/Gs
01Rl6smFerOnwayU9t+ccaLjlAzbSMMHUaxplSmzqjCMB/n3YWtDYz7uXgTtqLUW1CbNqP
zSPg7geU1xoJIyCJyJfKQfmsKnz8YgqAOEC9+T20CWyAiaScvCoODLoZPeyHcH+i3CvY0m
16q7Eyi57xazFFbjdePwzrlzqBvotHRkrIY5/BUjGMjOGPLYGvKut0no94or/cgGTyMUY5
72h8VU8EHla2wN8oVhOboA9mUjz2y34THGPzbsGSkhEzBRL5jzqMxmod4I6F5Jx0KiXd0D
7e6M2AkirPUPXnp8cuVXaFSSP5GljWgdUAOMgApo9xtXDzbGv2/O6O5eDIhsI0ubmBAAAA
v0JY2jZWo1hiHvEfFjboQqMNE6z/xMnshUYqQZ/qjb9ZCnO/fvCfQMxortY05cUD5Bd26Q
3+y01PQCx63s0wb43T6cO7C6jT2pe3+oBqO9MpwZGLQ73viz24ooPeAlUNmDLhXOpppmQE
LZId2ZWeaBFUwEw8nGKk/JkOp3FSAwoR/2y7nRu/ru0W2QegeaBf9FVh/I4V3HsbCziKQG
y6ijfV2NiSSWlPNmT321qnRZxMIGxoCG4fYZKiU1Wp9BgkAAAAwQDoOlb1I4BCEc7xA0jB
cNYL0EnmhKlIxbcN/ueS40KtIcJAa/gHbd8iX1mlL+zwIOmDYTTHdsGJvZA2DLo8sg1tnZ
SamJXTNZ8he2mgsA8puVKNmPvDUCJ0kisR1ak/cEq+RL30NiNbsh82yoDl560jtuD9i0/A
7PAC/jwQk1MzMgO+xwnMQZ7uzxpoli6A2m+jX3Ks07mog0Jg0MIlKMRUecBsXu6mQCLKoE
/jdAcxezK5xG7ko2roXxlMSGW3pUEAAADBANaDyWOX7MDUjau44xYqhPT2Fk1YVL5OElPX
lmYSHj26qPS/VWOqm0FBT+udbobTv7Kma+yIaM8AsW82iMpa10Y6t4RFmLEFukX4oyu1d3
OnpMZpuIq6ewHUFYJbY15lFhg+3y3GQOOSugsyQuQOU4YwVPKD0EjU7aeyz5+CPFd7xwbZ
NW2my3jKEzR/RO/pgxJ3LelJcH+HYVBqtscgNUxBJVRuWD96bIgdB2gaQD6h9LOJZerrm2
HvNPaZjS8OWwAAAAhyb290QHZtMwECAwQ=
-----END OPENSSH PRIVATE KEY-----


Select ssh,username, fill in root, copy and paste the ssh private key, and click OK

jenkins creates an automated build task

Go back to the home page - > create a new task - > enter a task name (you can write it freely) - > Click to build a free style software project - > OK

Description (optional) - > source code management (select GIT) - > repository URL copy gitlab warehouse address git@172.20.203.11 : root / cicdtest. Git - > credentials (select root)


Build when a change is pushed to gitlab. Gitlab webhook URL: http://172.20.203.12:8080/project/nginx )Check this option - > Advanced - > Click Generate to Generate token - > build - > add build steps (execute shell) - > command

#!/bin/bash -ilex

#The source directory is the directory where jenkins stores task files 
SOURCE_DIR=/var/lib/jenkins/workspace/$JOB_NAME/
#The target directory is the home directory of the nginx server
DEST_DIR=/usr/share/nginx/html
#Use rsync to synchronize the source to the nginx server home directory (password free login is required), and the IP is the nginx server IP
/usr/bin/rsync -av --delete $SOURCE_DIR root@10.1.1.13:$DEST_DIR

Because the jenkins user is used to execute the command, the jenkins user needs to be configured

[root@vm3 ~]# usermod -s /bin/bash jenkins
[root@vm3 ~]# su - jenkins
[jenkins@vm3 ~]$ ssh-keygen # All the way back
[jenkins@vm3 ~]$ ssh-copy-id -i root@172.20.203.13

jenkins global security configuration
Click system management - > global security configuration - > check anonymous users with readable permissions

4, vm4

[root@vm4 ~]# dnf -y install nginx
[root@vm4 ~]# systemctl start nginx
[root@vm4 ~]# ss -lntp|grep 80 # The nginx service starts successfully

3. Test service

[root@vm1 ~]# cd cicdtest/
[root@vm1 cicdtest]# echo "Test successful" > index.html
[root@vm1 cicdtest]# git add index.html 
[root@vm1 cicdtest]# git commit -m "add index.html"
[main d300463] add index.html
 1 file changed, 1 insertion(+)
 create mode 100644 index.html
[root@vm1 cicdtest]# git push -u origin main
[root@vm4 ~]# cat /usr/share/nginx/html/index.html 
Test successful


So far, CICD cluster construction (gitlab) under CentOS 8 has been completed

Tags: Linux git GitLab jenkins Nginx

Posted on Fri, 24 Sep 2021 12:16:45 -0400 by jakeruston

Hot Tags

©2023 Programmer Help