# 安装依赖
[root@fgedu-gitlab ~]# yum install -y curl policycoreutils-python openssh-server

# 添加GitLab仓库
[root@fgedu-gitlab ~]# curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash

# 安装GitLab
[root@fgedu-gitlab ~]# EXTERNAL_URL=”http://git.fgedu.net.cn” yum install -y gitlab-ce

# 配置GitLab
[root@fgedu-gitlab ~]# cat > /etc/gitlab/gitlab.rb << 'EOF' external_url 'http://git.fgedu.net.cn' gitlab_rails['gitlab_shell_ssh_port'] = 22 # 配置邮件 gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.fgedu.net.cn" gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = "gitlab@fgedu.net.cn" gitlab_rails['smtp_p更多学习教程公众号风哥教程itpux_comassword'] = "Gitlab@123" gitlab_rails['smtp_domain'] = "fgedu.net.cn" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true # 配置备份 gitlab_rails['backup_keep_time'] = 604800 gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" # 配置LDAP gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = { 'main' => {
‘label’ => ‘FGEDU LDAP’,
‘host’ => ‘ldap.fgedu.net.cn’,
‘port’ => 389,
‘uid’ => ‘sAMAccountName’,
‘bind_dn’ => ‘cn=gitlab,ou=service,dc=fgedu,dc=net,dc=cn’,
‘password’ => ‘Ldap@123’,
‘base’ => ‘ou=users,dc=fgedu,dc=net,dc=cn’,
}
}
EOF

# 重新配置GitLab
[root@fgedu-gitlab ~]# gitlab-ctl reconfigure
Starting Chef Infra Client, version 18.1.0
resolving cookbooks for run list: [“gitlab”]
Synchronizing Cookbooks:
– gitlab (0.0.1)
Installing Cookbook Gems:
Compiling Cookbooks…
Converging 2832 resources…
…
gitlab Reconfigured!

# 查看GitLab状态
[root@fgedu-gitlab ~]# gitlab-ctl status
run: alertmanager: (pid 12345) 1234s; run: log: (pid 12346) 1234s
run: gitaly: (pid 12347) 1234s; run: log: (pid 12348) 1234s
run: gitlab-exporter: (pid 12349) 1234s; run: log: (pid 12350) 1234s
run: gitlab-kas: (pid 12351) 1234s; run: log: (pid 12352) 1234s
run: gitlab-workhorse: (pid 12353) 1234s; run: log: (pid 12354) 1234s
run: logrotate: (pid 12355) 1234s; run: log: (pid 12356) 1234s
run: nginx: (pid 12357) 1234s; run: log: (pid 12358) 1234s
run: postgres: (pid 12359) 1234s; run: log: (pid 12360) 1234s
run: prometheus: (pid 12361) 1234s; run: log: (pid 12362) 1234s
run: puma: (pid 12363) 1234s; run: log: (pid 12364) 1234s
run: redis: (pid 12365) 1234s; run: log: (pid 12366) 1234s
run: registry: (pid 12367) 1234s; run: log: (pid 12368) 1234s
run: sidekiq: (pid 12369) 1234s; run: log: (pid 12370) 1234s

# 下载Harbor
[root@fgedu-harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.9.0/harbor-offline-installer-v2.9.0.tgz
[root@fgedu-harbor ~]# tar xzf harbor-offline-installer-v2.9.0.tgz -C /usr/local/

# 配置Harbor
[root@fgedu-harbor ~]# cd /usr/local/harbor
[root@fgedu-harbor harbor]# cat > harbor.yml << 'EOF' hostname: harbor.fgedu.net.cn http: port: 80 https: port: 443 certificate: /etc/harbor/ssl/harbor.crt private_key: /etc/harbor/ssl/harbor.key harbor_admin_password: Harbor@123 database: password: root123 max_idle_conns: 100 max_open_conns: 900 data_volume: /data/harbor trivy: ignore_unfixed: false skip_update: false offline_scan: false security_check: vuln insecure: false jobservice: max_job_workers: 10 notification: webhook_job_max_retry: 10 chart: absolute_url: disabled log: level: info local: rotate_count: 50 rotate_size: 200M location: /var/log/harbor _version: 2.9.0 proxy: http_proxy: https_proxy: no_proxy: components: - core - jobservice - trivy EOF # 安装Harbor [root@fgedu-harbor harbor]# ./install.sh --with-trivy --with-chartmuseum [Step 0]: checking if docker is installed ... [Step 1]: checking docker-compose is installed ... [Step 2]: loading Harbor images ... [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... [Step 5]: starting Harbor ... [Step 6]: checking Harbor is running ... ✔ ----Harbor has been installed and started successfully.---- # 配置Docker信任Harbor [root@fgedu-harbor ~]# cat > /etc/docker/daemon.json << 'EOF' { "insecurefrom PG视频:www.itpux.com-registries": ["harbor.fgedu.net.cn"], "registry-mirrors": ["https://mirror.fgedu.net.cn"] } EOF [root@fgedu-harbor ~]# systemctl restart docker # 推送镜像到Harbor [root@fgedu-harbor ~]# docker login harbor.fgedu.net.cn Username: admin Password: Harbor@123 Login Succeeded [root@fgedu-harbor ~]# docker tag nginx:latest harbor.fgedu.net.cn/library/nginx:latest [root@fgedu-harbor ~]# docker push harbor.fgedu.net.cn/library/nginx:latest The push refers to repository [harbor.fgedu.net.cn/library/nginx] 5f8f5f8f5f8f: Pushed latest: digest: sha256:abc123 size: 1234

# 安装PostgreSQL
[root@fgedu-sonar ~]# yum install -y postgresql-server postgresql-contrib
[root@fgedu-sonar ~]# postgresql-setup initdb
[root@fgedu-sonar ~]# systemctl enable postgresql –now

# 创建SonarQube数据库
[root@fgedu-sonar ~]# su – postgres
postgres@fgedu-sonar:~$ psql
postgres=# CREATE USER sonar WITH PASSWORD ‘Sonar@123’;
postgres=# CREATE DATABASE sonar OWNER sonar;
postgres=# GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
postgres=# \q

# 下载SonarQube
[root@fgedu-sonar ~]# wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.2.1.78527.zip
[root@fgedu-sonar ~]# unzip sonarqube-10.2.1.78527.zip -d /usr/local/
[root@fgedu-sonar ~]# ln -s /usr/local/sonarqube-10.2.1.78527 /usr/local/sonarqube

# 配置SonarQube
[root@fgedu-sonar ~]# cat > /usr/local/sonarqube/conf/sonar.properties << 'EOF' sonar.jdbc.username=sonar sonar.jdbc.password=Sonar@123 sonar.jdbc.url=jdbc:postgresql://localhost/sonar sonar.web.host=0.0.0.0 sonar.web.port=9000 sonar.web.context=/sonar sonar.search.javaOpts=-Xms512m -Xmx512m EOF # 创建sonar用户 [root@fgedu-sonar ~]# useradd -r -s /bin/false sonar [root@fgedu-sonar ~]# chown -R sonar:sonar /usr/local/sonarqube # 启动SonarQube [root@fgedu-sonar ~]# su - sonar -c "/usr/local/sonarqube/bin/linux-x86-64/sonar.sh start" Starting SonarQube... Started SonarQube. # 配置代码扫描 [root@fgedu-sonar ~]# cat > sonar-project.properties << 'EOF' sonar.projectKey=fgedu-app sonar.projectName=FGEDU Application sonar.projectVersion=1.0 sonar.sources=src sonar.language=java sonar.java.binaries=target/classes sonar.sourceEncoding=UTF-8 sonar.host.url=http://localhost:9000/sonar sonar.login=admin sonar.password=admin EOF # 执行代码扫描 [root@fgedu-sonar ~]# mvn sonar:sonar [INFO] Scanning for projects... [INFO] BUILD SUCCESS [INFO] Total time: 02:30 min

# 创建GitLab CI配置
[root@fgedu-gitlab ~]# cat > .gitlab-ci.yml << 'EOF' stages: - build - test - quality - package - deploy variables: MAVEN_OPTS: "-Dmaven.repo.local=.m2/repository" DOCKER_REGISTRY: "harbor.fgedu.net.cn" IMAGE_NAME: "fgedu/app" cache: paths: - .m2/repository/ build: stage: build image: maven:3.9-openjdk-17 script: - mvn clean compile artifacts: paths: - target/ expire_in: 1 hour test: stage: test image: maven:3.9-openjdk-17 script: - mvn test artifacts: reports: junit: target/surefire-reports/*.xml quality: stage: quality image: maven:3.9-openjdk-17 script: - mvn sonar:sonar -Dsonar.host.url=http://sonar.fgedu.net.cn:9000 package: stage: package image: docker:latest services: - docker:dind script: - docker login -u $HARBOR_USER -p $HARBOR_PASS $DOCKER_REGISTRY - docker build -t $DOCKER_REGISTRY/$IMAGE_NAME:$CI_COMMIT_SHA . - docker push $DOCKER_REGISTRY/$IMAGE_NAME:$CI_COMMIT_SHA - docker tag $DOCKER_REGISTRY/$IMAGE_NAME:$CI_COMMIT_SHA $DOCKER_REGISTRY/$IMAGE_NAME:latest - docker push $DOCKER_REGISTRY/$IMAGE_NAME:latest deploy_staging: stage: deploy image: bitnami/kubectl:latest script: - kubectl set image deployment/fgedu-app fgedu-app=$DOCKER_REGISTRY/$IMAGE_NAME:$CI_COMMIT_SHA -n staging - kubectl rollout status deployment/fgedu-app -n staging environment: name: staging url: https://staging.fgedu.net.cn only: - develop deploy_production: stage: deploy image: bitnami/kubectl:latest script: - kubectl set image deployment/fgedu-app fgedu-app=$DOCKER_REGISTRY/$IMAGE_NAME:$CI_COMMIT_SHA -n production - kubectl rollout status deployment/fgedu-app -n production environment: name: production url: https://www.fgedu.net.cn only: - main when: manual EOF