基础配置
修改主机名
修改主机名
vi /etc/hostname修改主机名后重启服务器,查看主机名
hostname
安装Python3.11
下载python
wget https://www.python.org/ftp/python/3.11.6/Python-3.11.6.tgz安装依赖包
yum install -y gcc patch libffi-devel python-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel解压编译安装
tar -zxf Python-3.11.6.tgz cd Python-3.11.6 sudo ./configure --with-ssl --prefix=/usr/local/python3/ sudo ./configure --enable-optimizations sudo make && make install添加环境变量
vim /etc/profile PATH=/usr/local/python3/bin:$PATH source /etc/profile迁移目录,创建软连接
mv /usr/bin/python /usr/bin/python.bak ln -s /usr/local/python3/bin/python3 /usr/bin/python ln -s /usr/local/python3/bin/pip3 /usr/bin/pip验证Python
python -V Python 3.11.6修复yum
vim /usr/bin/yum 将第一行 “#!/usr/bin/python” 改为 “#!/usr/bin/python2.7”
vim /usr/libexec/urlgrabber-ext-down 将第一行 “#!/usr/bin/python” 改为 “#!/usr/bin/python2.7”
安装Java17
下载Java
wget https://download.oracle.com/java/17/archive/jdk-17.0.9_linux-x64_bin.tar.gz解压
tar -zxf jdk-17.0.9_linux-x64_bin.tar.gz移动目录
mv jdk-17.0.9 jdk17 mv jdk17 /usr/local/jdk17添加环境变量
vim /etc/profile export JAVA_HOME=/usr/local/jdk17 export CLASSPATH=$:CLASSPATH:$JAVA_HOME/lib/ export PATH=$PATH:$JAVA_HOME/bin source /etc/profile验证Java
java -version java version "17.0.9" 2023-10-17 LTS Java(TM) SE Runtime Environment (build 17.0.9+11-LTS-201) Java HotSpot(TM) 64-Bit Server VM (build 17.0.9+11-LTS-201, mixed mode, sharing)
安装Nodejs16
注:原本是准备安装nodejs18,但由于服务器版本较低无法匹配nodejs18及以上版本,所以降到nodejs16。
下载
wget https://nodejs.org/download/release/v16.20.2/node-v16.20.2-linux-x64.tar.gz解压
tar -zxf node-v16.20.2-linux-x64.tar.gz将nodejs的目录迁移至/usr/loacl/下
mv node-v16.20.2-linux-x64 nodejs mv nodejs /usr/local/添加环境变量
vim /etc/profile export NODE_HOME=/usr/local/nodejs export PATH=$NODE_HOME/bin:$PATH source /etc/profile验证Nodejs
node -v v16.20.2
安装Git
更新安装包仓库(旧源只能安装1.8.3版本)
yum install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm安装git
yum install git查验git版本
git --version git version 2.39.1
安装Jenkins
安装jenkins
sudo wget --no-check-certificate -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key yum install fontconfig java-11-openjdk yum install jenkins修改jenkins的端口号
vim /etc/sysconfig/jenkins JENKINS_PORT="8080"vim /usr/lib/systemd/system/jenkins.service Environment="JENKINS_PORT=8080"配置jenkins的JDK环境变量
vim /etc/init.d/jenkins 加入本机的jdk路径 candidates=" /etc/alternatives/java /usr/local/jdk17/bin/java /usr/lib/jvm/java-1.8.0/bin/java /usr/lib/jvm/jre-1.8.0/bin/java /usr/lib/jvm/java-11.0/bin/java /usr/lib/jvm/jre-11.0/bin/java /usr/lib/jvm/java-11-openjdk-amd64 /usr/bin/java " systemctl daemon-reload启动jenkins服务
sudo service jenkins start sudo service jenkins stop sudo service jenkins restart获取密码
cat /var/lib/jenkins/secrets/initialAdminPassword在浏览器中访问
ip:端口号,显示解锁Jenkins页面,填入上面获取到的密码,继续选择默认的’安装推荐的插件’
创建初始账号
保存完成配置
设置jenkins开机自启动
sudo systemctl enable jenkins
安装GitLab
安装必须的依赖项
sudo yum install -y curl policycoreutils-python openssh-server perl sudo systemctl enable sshd sudo systemctl start sshd sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo systemctl reload firewalld安装Postfix
sudo yum install postfix sudo systemctl enable postfix sudo systemctl start postfix安装gitlab
curl -fsSL https://packages.gitlab.cn/repository/raw/scripts/setup.sh | /bin/bash sudo yum install -y gitlab-jh修改配置文件
vim /etc/gitlab/gitlab.rb external_url 'http://AILynn' nginx['listen_port'] = AILynn # 配置发件人信息 # ### Email Settings gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = 'AILynn' gitlab_rails['gitlab_email_display_name'] = 'AILynn' gitlab_rails['gitlab_email_reply_to'] = 'AILynn' # 配置邮件服务器信息 gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "AILynn" gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = "AILynn" gitlab_rails['smtp_password'] = "AILynn`" gitlab_rails['smtp_domain'] = "AILynn" gitlab_rails['smtp_authentication'] = "AILynn" gitlab_rails['smtp_enable_starttls_auto'] = false gitlab_rails['smtp_tls'] = true # 关闭邮件的SSL验证 gitlab_rails['smtp_openssl_verify_mode'] = 'none' user['git_user_email']="AILynn"验证邮件发送
gitlab-rails console Notify.test_email('接收邮件的邮箱地址','邮件标题','邮件内容').deliver_now重新配置使修改生效并重启服务
gitlab-ctl reconfigure gitlab-ctl restart ok: run: alertmanager: (pid 3694) 0s ok: run: gitaly: (pid 3702) 1s ok: run: gitlab-exporter: (pid 3718) 1s ok: run: gitlab-kas: (pid 3729) 0s ok: run: gitlab-workhorse: (pid 3737) 0s ok: run: logrotate: (pid 3747) 1s ok: run: nginx: (pid 3754) 0s ok: run: node-exporter: (pid 3760) 0s ok: run: postgres-exporter: (pid 3765) 0s ok: run: postgresql: (pid 3773) 0s ok: run: prometheus: (pid 3782) 0s ok: run: puma: (pid 3794) 0s ok: run: redis: (pid 3799) 0s ok: run: redis-exporter: (pid 3806) 0s ok: run: sidekiq: (pid 3814) 0s获取登录密码
上面进行重新配置的时候,启动信息中有如下内容:
Notes: Default admin account has been configured with following details: Username: root Password: You didn't opt-in to print initial root password to STDOUT. Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.密码存放在
/etc/gitlab/initial_root_password中,并24小时内有效cat /etc/gitlab/initial_root_password修改密码,设置中文界面等
安装GitLab Runner
添加 GitLab官方repository
curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash安装gitlab runner
sudo yum install gitlab-runner查验gitlab runner版本
gitlab-runner -v Version: 16.5.0 Git revision: 853330f9 Git branch: 16-5-stable GO version: go1.20.10 Built: 2023-10-20T15:57:21+0000 OS/Arch: linux/amd64注册Runner
在管理中心-CI/CD中点击Runner,进入Runner维护界面。在右侧的<新建实例runner>按钮,点击按钮右侧的三个点,再点击“显示runner安装和注册说明”,获取到注册runner的命令进行交互式安装
sudo gitlab-runner register --url http://ip:端口号/ --registration-token ZX8fMkhFAWapxDEN Runtime platform arch=amd64 os=linux pid=2818 revision=853330f9 version=16.5.0 Running in system-mode. Enter the GitLab instance URL (for example, https://gitlab.com/): [http://ip:端口号/]: Enter the registration token: [ZX8fMkhFAWapxDEN]: Enter a description for the runner: [LaobaiYun]: Enter tags for the runner (comma-separated): hexo,build,test Enter optional maintenance note for the runner: WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://docs.gitlab.com/ee/ci/runners/new_creation_workflow Registering runner... succeeded runner=ZX8fMkhA Enter an executor: instance, docker, ssh, virtualbox, docker-autoscaler, docker+machine, kubernetes, custom, docker-windows, parallels, shell: shell Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
配置GitLab Pages
修改配置文件
vim /etc/gitlab/gitlab.rb pages_external_url "http://www.plscript.cn/" gitlab_pages['enable'] = true gitlab_pages['internal_gitlab_server'] = 'http://47.92.86.162' gitlab_pages['gitlab_server'] = "http://47.92.86.162" ##! Configure to expose GitLab Pages on external IP address, serving the HTTP # gitlab_pages['external_http'] = ['ip:80'] # 配置了https后再开启 ##! Configure to expose GitLab Pages on external IP address, serving the HTTPS # gitlab_pages['external_https'] = ['ip:443'] # 配置了https后再开启 # gitlab_pages['redirect_http'] = true # 配置了https后再开启在设置-偏好设置-Pages中,将最大pages大小(MiB),由100改为0(无限制)。(后续部署的重要项目-Hexo网站会大于100M)
配置SSH访问密钥
生成SSH密钥
ssh-keygen -t rsa -C "laobai_gitlab"在gitlab个人设置中找到SSH密钥,添加新密钥
本机有多个SSH密钥配置时,需要配置config文件。需要区分不同的id_rsaXXX文件的指向
Host gitee.com User Tester IdentityFile ~/.ssh/id_rsa_gitee测试添加是否正确
ssh -T git@ip或域名ssh -T git@ip Welcome to GitLab, @Tester!
Hexo安装同步代码
本地代码准备:拷贝一份已有的网站代码,删除掉.git隐藏目录
GitLab项目准备:创建新的空白的公开项目
依次执行下面的命令,将本地代码推送到gitlab步骤1中新建的项目
cd www.plscript.cn git init --initial-branch=master git remote add origin git@ip:plproject/代码仓库名.git git add . git commit -m "Initial commit" git push --set-upstream origin master推送到Gitlab仓库中后,会自动触发gitlab runner进行构建。(但由于gitlab默认给出的
.gitlab-ci.yml有问题,构建失败。)修改
.gitlab-ci.yml并提交,提交后会再次触发runner进行构建。image: node:v16.20.2 # use nodejs v10 LTS cache: paths: - node_modules/ before_script: - npm install hexo@6.3.0 - npm install pages: script: - npx hexo generate artifacts: paths: - public only: - master(注,在安装Nodejs16时已经说过,由于服务器版本较低,无法匹配更高版本的Nodejs。这里同样,无法安装Hexo的最新版本7.0,指定安装版本与本地版本一致的6.3.0)
构建完成后,需要再次修改
.gitlab-ci.yml,注释掉安装hexo的步骤(再次构建时无需再次安装hexo)。image: node:v16.20.2 # use nodejs v10 LTS cache: paths: - node_modules/ before_script: # - npm install hexo@6.3.0 # - npm install pages: script: - npx hexo generate artifacts: paths: - public only: - master
Pages配置
- 在完成上面的构建后,在项目的部署菜单中的Pages中新增域名,即访问hexo网站的域名。(配置域名时需要去阿里云做解析验证)
- 强制HTTPS和使用唯一域名,根据实际情况自行配置。
问题排查
经过上面的步骤,部署的工作已经完成。访问:www.plscript.cn 即可正确展示Hexo的网站。但出现故障,显示502。
通过查看gitlab_pages的日志进行排查
/var/log/gitlab/nginx/gitlab_pages_error.log
/var/log/gitlab/gitlab-pages/current排查时可以参考gitlab官方中文帮助文档 https://docs.gitlab.cn/jh/administration/pages/index.html
一共有2个问题,均为nginx的配置问题:
gitlab-pages.conf 中关于主机使用了proxy,而自己安装配置时并无使用proxy。需要进行重新配置
vim /var/opt/gitlab/nginx/conf/gitlab-pages.conf server { listen *:80; server_name www.plscript.cn; # server_tokens off; ## Don't show the nginx version number, a security best practice ## Disable symlink traversal disable_symlinks on; ## Real IP Module Config ## http://nginx.org/en/docs/http/ngx_http_realip_module.html ## HSTS Config ## https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ add_header Strict-Transport-Security "max-age=63072000"; ## Individual nginx logs for this GitLab vhost access_log /var/log/gitlab/nginx/gitlab_pages_access.log gitlab_access; error_log /var/log/gitlab/nginx/gitlab_pages_error.log error; # Pass everything to pages daemon location / { root /home/gitlab-runner/builds/yPFKup9c/0/plproject/www.plscript.cn/public; index index.html; # proxy_set_header Host $http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto http; # Prevent NGINX from caching pages in response to the pages `Cache-Control` # header. # # Browsers already respect this directive and Pages can handle the request # volume without help from NGINX. # # If this changes in the future, ensure `proxy_cache_key` is set to a value # like `$scheme$host$request_uri`, as the default value does not take the # Pages hostname into account, leading to incorrect responses being served. # # See https://gitlab.com/gitlab-org/gitlab-pages/issues/73 # proxy_cache off; # proxy_http_version 1.1; # proxy_pass http://localhost:8090; } # Define custom error pages error_page 403 /403.html; error_page 404 /404.html; }需要注意的是,网上很多的文章给出的配置中,root路径设置的是:
root /var/opt/gitlab/gitlab-rails/shared/pages;而实际上Hexo的路径为:
root /home/gitlab-runner/builds/yPFKup9c/0/plproject/www.plscript.cn/public;完成上面的配置后,重启服务,再次访问 www.plscript.cn 。这回提示403错误。
需要注意的是修改了
/var/opt/gitlab/nginx/conf/gitlab-pages.conf后不能进行重新配置gitlab-ctl reconfigure,否则配置的信息会被重置。这个在gitlab-pages.conf文件中头部注释信息已经说明了# This file is managed by gitlab-ctl. Manual changes will be # erased! To change the contents below, edit /etc/gitlab/gitlab.rb # and run `sudo gitlab-ctl reconfigure`.排查发现,403是由于nginx的启动用户和工作用户不一致导致的:
a. nginx的启动用户是gitlab-www
ps aux|grep nginxb. nginx的工作目录用户是gitlab-runner
修改nginx的启动用户和用户组
/var/opt/gitlab/nginx/conf/nginx.conf 修改第一行,修改所属用户和用户组为root #user gitlab-www gitlab-www; user root root;修改nginx的工作目录即Hexo网站存放目录的用户和用户组为root,网站可以访问了,但
CI/CD流水线也会出现执行账号无权限的403错误# 此方法不适用,会引发新的问题 cd /home/gitlab-runner/ chown root builds -R chgrp root builds -R这里使用另外的方式解决,提升gitlab-runner的账号权限,设置如下:
vim /etc/sudoers # 在root账号的下方增加gitlab-runner的设置,让gitlab-runner拥有root账号同等的权限 root ALL=(ALL) ALL gitlab-runner ALL=(ALL) NOPASSWD:ALL修改完成后,重启服务,再次访问 www.plscript.cn ,已可以正确访问了。
