安装ansible并实现无密钥登录
安装阿里云YUM源码
[root@node1 ~]# cat <<EOF>>/etc/yum.repos.d/epel.repo
[epel]
name=epel for aliyun
baseurl=https://mirrors.aliyun.com/epel/7/x86_64/
enabled=1
gpgcheck=0
[os]
name=os for aliyun
baseurl=https://mirrors.aliyun.com/centos/7/os/x86_64/
enabled=1
gpgcheck=0
EOF
[root@node1 ~]$ yum clean all
[root@node1 ~]$ yum makecache
安装ansible
[cce@node1 ~]$ yum list |grep ansible*
ansible.noarch 2.3.0.0-3.el7 epel
ansible-doc.noarch 2.3.0.0-3.el7 epel
ansible-inventory-grapher.noarch 2.3.2-1.el7 epel
ansible-lint.noarch 3.4.9-1.el7 epel
ansible-openstack-modules.noarch 0-20140902git79d751a.el7 epel
ansible-review.noarch 0.13.0-2.el7 epel
kubernetes-ansible.noarch 0.6.0-0.1.gitd65ebd5.el7 epel
python2-ansible-tower-cli.noarch 3.1.3-1.el7 epel
[root@node1 ~]$ yum install -y ansible
将ops用户的公钥传输到指定服务器,实现无密钥登录
[ops@node1 ~]$ ls .ssh/
id_rsa id_rsa.pub known_hosts
将ansible所有权给我们的ops用户
[root@node1 ~]# chown -R ops:ops /etc/ansible/
将两台客户端服务器加入我们的ansible认真hosts表里,并归纳为test组
[ops@node1 ~]# tail -3 /etc/ansible/hosts
[ops]
172.16.1.73
测试无密钥
[ops@node2 ~]$ ansible 172.16.1.73 -a 'hostname'
172.16.1.73 | SUCCESS | rc=0 >>
node3.cce.com
安装配置jenkins
配置jenkins运行所需java环境
[root@node2 ~]# tar xf jdk-8u144-linux-x64.tar.gz
[root@node2 ~]# mv jdk1.8.0_144/ /usr/local/jdk1.8
[root@node2 ~]# tail -3 /etc/profile
export JAVA_HOME=/usr/local/jdk1.8
export CLASSPATH=.:$JAVA_HOME/jre/lib/*:$JAVA_HOME/lib/*
export PATH=$PATH:$JAVA_HOME/bin
[root@node2 ~]# source /etc/profile
安装配置jenkins
[root@node2 ~]# mkdir -pv /data/jenkins/data
[root@node2 ~]# tail -1 /etc/profile
export JENKINS_HOME=/data/jenkins/da
[root@node2 ~]# wget http://mirrors.jenkins.io/war-stable/2.46.3/jenkins.war
[root@node2 ~]# mkdir -pv /data/www/jenkins
[root@node1 ~]# mv jenkins.war /usr/local/jenkins/
[root@node2 ~]# unzip jenkins.war -d /data/www/jenkins
[root@node2 ~]# tar xf apache-tomcat-8.5.23.tar.gz
[root@node2 ~]# mv apache-tomcat-8.5.23 /usr/local/tomcat
[root@node2 ~]# sed -i 's@securerandom.source\=file:/dev/random@securerandom.source=file:/dev/urandom@' /usr/local/jdk1.8/jre/lib/security/java.security
[root@node2 ~]# sed -i '53,$d' /usr/local/tomcat/conf/server.xml
[root@node2 ~]# cat << EOF >> /usr/local/tomcat/conf/server.xml
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="/data/www/"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="jenkins" reloadable="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="jenkins_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
EOF
[root@node2 ~]# /usr/local/tomcat/bin/startup.sh
[root@node2 ~]# netstat -ntlp|grep 8080
tcp6 0 0 :::8080 :::* LISTEN 1212/java
配置nginx反代
[root@node2 ~]# yum install -y openssl-devel pcre-devel gcc gcc-c++
[root@node2 ~]# useradd -r -M -s /sbin/nologin www
[root@node2 ~]# tar xf nginx-1.8.1.tar.gz
[root@node2 ~]# cd nginx-1.8.1
[root@node2 nginx-1.8.1]# ./configure --prefix=/usr/local/nginx \
--http-client-body-temp-path=/usr/local/nginx/client/ \
--http-fastcgi-temp-path=/usr/local/nginx/fcgi/ \
--http-proxy-temp-path=/usr/local/nginx/proxy/ \
--http-uwsgi-temp-path=/usr/local/nginx/uwsgi \
--http-scgi-temp-path=/usr/local/nginx/scgi \
--pid-path=/usr/local/nginx/run/nginx.pid \
--lock-path=/usr/local/nginx/nginx.lock \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_addition_module \
--with-http_realip_module \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_dav_module \
--with-http_sub_module \
--with-http_mp4_module \
--with-file-aio \
--with-pcre \
--user=www
[root@node2 nginx-1.8.1]# make -j 2 && make install
[root@node2 ~]# cat /usr/local/nginx/conf/vhosts/default.conf
server {
listen 80;
server_name localhost;
access_log /usr/local/nginx/logs/access.log;
error_log /usr/local/nginx/logs/error.log;
default_type 'text/html';
charset utf-8;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
location /.well-known {
default_type text/plain;
alias /tmp_ssl/.well-known;
}
}
[root@node2 ~]# cat /data/jenkins/data/secrets/initialAdminPassword
52ceabf77a72430a873ba095cfbafa07
构建DockerRegistry私有仓库
1、pull最新官方registery镜像
[root@node2 ~]# docker pull registry
2、创建宿主机registry存储路径
[root@node2 ~]# mkdir -pv /data/docker/registry
3、启动容器
[root@node2 ~]# docker run -d -v /data/docker/registry:/var/lib/registry -p 5000:5000 --restart=always --name=registry registry
4、在发布节点测试访问registry
[root@node3 ~]# curl 172.16.1.72:5000/v2/_catalog
{"repositories":[]}
5、编写nginx/php的Dockerfile
[root@node3 ~]# tree lnmp/
├── nginx
│ ├── default.conf
│ ├── Dockerfile
│ ├── nginx-1.8.1.tar.gz
│ ├── nginx.conf
│ └── wwwroot
│ └── index.html
└── php
├── Dockerfile
└── php-7.1.12.tar.gz
[root@node3 ~]# cat lnmp/nginx/Dockerfile
FROM centos:centos6
MAINTAINER caichangen
ADD nginx-1.8.1.tar.gz /
RUN yum install -y openssl-devel pcre-devel gcc gcc-c++ && \
yum clean all && \
useradd -r -M -s /sbin/nologin www && \
cd /nginx-1.8.1 && \
./configure --prefix=/usr/local/nginx --with-pcre --with-file-aio --with-http_ssl_module --with-http_flv_module --with-http_dav_module --with-http_sub_module --with-http_mp4_module --with-http_realip_module --with-http_addition_module --with-http_gzip_static_module --with-http_stub_status_module --lock-path=/usr/local/nginx/nginx.lock --pid-path=/usr/local/nginx/run/nginx.pid --http-scgi-temp-path=/usr/local/nginx/scgi --http-fastcgi-temp-path=/usr/local/nginx/fcgi/ --http-uwsgi-temp-path=/usr/local/nginx/uwsgi --http-proxy-temp-path=/usr/local/nginx/proxy/ --http-client-body-temp-path=/usr/local/nginx/client/ --user=www && \
make -j 2 && \
make install && \
mkdir -pv /usr/local/nginx/conf/vhosts && \
mkdir -pv /data/wwwroot && \
chown www:www -R /data/wwwroot && \
rm -rf /nginx-1.8.1
ADD nginx.conf /usr/local/nginx/conf/nginx.conf
ADD default.conf /usr/local/nginx/conf/vhosts/default.conf
CMD /usr/local/nginx/sbin/nginx
VOLUME /data/wwwroot
EXPOSE 80
[root@node3 ~]# cat lnmp/php/Dockerfile
FROM centos:centos6
MAINTAINER caichangen
ADD php-7.1.12.tar.gz /
WORKDIR /php-7.1.12
RUN rpm -vih http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm && \
yum install -y libjpeg-turbo-devel curl-devel libxml2-devel libpng-devel freetype-devel php-mcrypt libmcrypt-devel zlib-devel php-gd \
gcc gcc-c++ openssl-devel && \
yum clean all && \
mkdir -pv /data/wwwroot && \
useradd -r -M -s /sbin/nologin www && \
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-libxml-dir=/usr --with-mcrypt --enable-gd-native-ttf \
--with-fpm-user=www --with-freetype-dir --enable-mbstring --enable-mbregex --with-iconv-dir --enable-sysvsem --enable-sockets \
--with-jpeg-dir --disable-rpath --enable-bcmath --with-png-dir --enable-shmop --with-openssl --with-gettext --enable-pcntl \
--with-xmlrpc --enable-soap --enable-xml --enable-zip --enable-fpm --with-iconv --with-mhash --with-curl --with-gd --with-mysql --with-mysqli && \
make -j 2 && \
make install && \
cp php.ini-production /usr/local/php/etc/php.ini && \
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf && \
cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf && \
sed -i 's/127.0.0.1:9000/0.0.0.0:9000/' /usr/local/php/etc/php-fpm.d/www.conf && \
rm -rf /php-7.1.12 && \
chown www:www -R /data/wwwroot
CMD ["/usr/local/php/sbin/php-fpm","-F"]
VOLUME /data/wwwroot
EXPOSE 9000
构建镜像并上传到我们的registry中
[root@node3 nginx]# docker build -t 172.16.1.72:5000/nginx .
[root@node3 nginx]# docker push 172.16.1.72:5000/nginx:latest
[root@node3 php]# docker build -t 172.16.1.72:5000/php .
[root@node3 php]# docker push 172.16.1.72:5000/php
[root@node3 ~]# curl 172.16.1.72:5000/v2/_catalog
{"repositories":["busybox","nginx","php"]}
本文暂时没有评论,来添加一个吧(●'◡'●)