内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档介
风哥提示:
绍企业级DevOps平台部署综合实战案例。
Part01-GitLab部署
1.1 GitLab安装配置
[root@fgedu-gitlab ~]# yum install -y curl policycoreutils-python openssh-server
# 安装GitLab
[root@fgedu-gitlab ~]# curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash
[root@fgedu-gitlab ~]# EXTERNAL_URL=”https://gitlab.fgedu.net.cn” yum install -y gitlab-ce
# 配置GitLab
[root@fgedu-gitlab ~]# cat > /etc/gitlab/gitlab.rb << 'EOF'
external_url 'https://gitlab.fgedu.net.cn'
# Nginx配置
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
# SSH配置
gitlab_rails['gitlab_shell_ssh_port'] = 22
# 邮件配置
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.fgedu.net.cn"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab@fgedu.net.cn"
gitlab_rails['smtp_password'] = "Gitlab@123"
gitlab_rails['smtp_domain'] = "fgedu.net.cn"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@fgedu.net.cn'
# 数据库配置
postgresql['shared_buffers'] = "256MB"
postgresql['max_connections'] = 200
# Redis配置
redis['maxmemory'] = "256mb"
# 备份配置
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
# 监控配置
prometheus_monitoring['enable'] = true
grafana['enable'] = true
EOF
# 重新配置GitLab
[root@fgedu-gitlab ~]# gitlab-ctl reconfigure
Starting Chef Client, version 17.10.0
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
- gitlab (0.0.1)
...
Chef Client finished, 123/456 resources updated in 02 minutes 30 seconds
gitlab Reconfigured!
# 检查GitLab状态
[root@fgedu-gitlab ~]# gitlab-ctl status
run: alertmanager: (pid 12345) 123s; run: log: (pid 12340) 123s
run: gitaly: (pid 12346) 123s; run: log: (pid 12341) 123s
run: gitlab-exporter: (pid 12347) 123s; run: log: (pid 12342) 123s
run: gitlab-workhorse: (pid 12348) 123s; run: log: (pid 12343) 123s
run: grafana: (pid 12349) 123s; run: log: (pid 12344) 123s
run: logrotate: (pid 12350) 123s; run: log: (pid 12345) 123s
run: nginx: (pid 12351) 123s;更多视频教程www.fgedu.net.cn run: log: (pid 12346) 123s
run: postgres: (pid 12352) 123s; run: log: (pid 12347) 123s
run: prometheus: (pid 12353) 123s; run: log: (pid 12348) 123s
run: redis: (pid 12354) 123s; run: log: (pid 12349) 123s
run: sidekiq: (pid 12355) 123s; run: log: (pid 更多学习教程公众号风哥教程itpux_com12350) 123s
run: unicorn: (pid 12356) 123s; run: log: (pid 12351) 123s
Part02-CI/CD流水线
2.1 GitLab CI配置
[root@fgedu-gitlab ~]# cat > /var/opt/gitlab/git-data/repositories/root/fgedu-app.git/.gitlab-ci.yml << 'EOF' stages: - build - test - security - deploy variables: DOCKER_REGISTRY: harbor.fgedu.net.cn IMAGE_NAME: fgedu-apps/fgedu-web IMAGE_TAG: ${CI_COMMIT_SHORT_SHA} # 构建阶段 build: stage: build image: docker:latest services: - docker:dind script: - docker login -u ${HARBOR_USER} -p ${HARBOR_PASS} ${DOCKER_REGISTRY} - docker build -t ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} . - docker push ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} only: - main - develop # 测试阶段 test: stage: test image: python:3.9 script: - pip install -r requirements.txt - pytest tests/ --cov=app --cov-report=xml artifacts: reports: coverage_report: coverage_format: cobertura path: coverage.xml only: - main - develop # 安全扫描 security: stage: security image: aquasec/trivy:latest script: - trivy image --exit-code 1 --severity HIGH,CRITICAL ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} allow_failure: true only: - main # 部署到开发环境 deploy_dev: stage: deploy image: bitnami/kubectl:latest script: - kubectl config use-context dev-cluster - kubectl set image deployment/fgedu-web fgedu-web=${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} -n fgedu-dev - kubectl rollout status deployment/fgedu-web -n fgedu-dev environment: name: development url: https://dev.fgedu.net.cn only: - develop # 部署到生产环境 deploy_prod: stage: deploy image: bitnami/kubectl:latest script: - kubectl config use-context prod-cluster - kubectl set image deployment/fgedu-web fgedu-web=${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} -n fgedu-prod - kubectl rollout status deployment/fgedu-web -n fgedu-prod environment: name: production url: https://www.fgedu.net.cn when: manual only: - main EOF # 配置GitLab Runner [root@fgedu-runner ~]# curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh | bash [root@fgedu-runner ~]# yum install -y gitlab-runner # 注册Runner [root@fgedu-runner ~]# gitlab-runner register --non-interactive \ --url https://gitlab.fgedu.net.cn \ --registration-token GR1348941abc123 \ --executor docker \ --docker-image alpine:latest \ --description "fgedu-docker-runner" \ --tag-list "docker,linux" \ --run-untagged="true" # 启动Runner [root@fgedu-runner ~]# systemctl enable gitlab-runner --now
Part03-代码质量管理
3.1 SonarQube集成
[root@fgedu-sonar ~]# yum install -y java-17-openjdk
[root@fgedu-sonar ~]# wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.3.0.zip
[root@fgedu-sonar ~]# unzip sonarqube-10.3.0.zip -d /opt/
# 配置SonarQube
[root@fgedu-sonar ~]# cat > /opt/sonarqube/conf/sonar.properties << 'EOF'
sonar.jdbc.username=sonar
sonar.jdbc.password=Sonar@123
sonar.jdbc.url=jdbc:postgresql://192.168.1.40:5432/sonar
sonar.web.host=0.0.0.0
sonar.web.port=9000
sonar.web.context=/sonar
sonar.search.javaOpts=-Xms512m -Xmx512m
EOF
# 启动SonarQube
[root@fgedu-sonar ~]# useradd sonar
[root@fgedu-sonar ~]# chown -R sonar:sonar /opt/sonarqube
[root@fgedu-sonar ~]# su - sonar -c "/opt/sonarqube/bin/linux-x86-64/sonar.sh start"
# 配置GitLab集成
[root@fgedu-gitlab ~]# cat >> /var/opt/gitlab/git-data/repositories/root/fgedu-app.git/.gitlab-ci.yml << 'EOF'
# SonarQube代码质量检查
sonarqube:
stage: test
image: sonarsource/sonar-scanner-cli
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
GIT_DEPTH: "0"
script:
- sonar-scanner -Dsonar.projectKey=fgedu-app -Dsonar.sources=. -Dsonar.host.url=http://192.168.1.50:9000 -Dsonar.login=${SONAR_TOKEN}
allow_failure: true
only:
- main
- develop
EOF
# 创建质量门禁
[root@fgedu-sonar ~]# curl -X POST "http://localhost:9000/api/qualitygates/create" \
-u admin:admin \
-d "name=FGEDU-Gate"
[root@fgedu-sonar ~]# curl -X POST "http://localhost:9000/api/qualitygates/create_condition" \
-u admin:admin \
-d "gateName=FGEDU-Gate&metric=coverage&operator=LT&error=80"
[root@fgedu-sonar ~]# curl -X POST "http://localhost:9000/api/qualitygates/create_condition" \
-u admin:admin \
-d "gateName=FGEDU-Gate&metric=new_bugs&operator=GT&error=0"
Part04-DevOps监控
4.1 DevOps平台监控
[root@fgedu-gitlab ~]# cat > /usr/local/bin/devops-monitor.sh << 'EOF' #!/bin/bash # devops-monitor.sh # from:www.itpux.com.qq113257174.wx:itpux-com # web: http://www.fgedu.net.cn echo "=== DevOps平台监控 ===" echo "监控时间: $(date)" echo "" echo "1. GitLab状态" gitlab-ctl status echo "" echo "2. GitLab健康检查" curl -s http://localhost/-/health | jq echo "" echo "3. Runner状态" gitlab-runner list echo "" echo "4. 项目统计" curl -s -H "PRIVATE-TOKEN: ${GITLAB_TOKEN}" "http://localhost/api/v4/p学习交流加群风哥QQ113257174rojects?statistics=true" | jq '.[] | {name, statistics: .statistics.commit_count}' echo "" echo "5. CI/CD流水线统计" curl -s -H "PRIVATE-TOKEN: ${GITLAB_TOKEN}" "http://localhost/api/v4/projects/1/pipelines" | jq '[.[] | {status, ref, created_at}]' echo "" echo "6. 存储使用" df -h /var/opt/gitlab echo "" echo "7. 数据库连接" gitlab-rails dbconsole << SQL SELECT count(*) FROM projects; SELECT count(*) FROM users; SQL echo "" echo "=== 监控完成 ===" EOF [root@fgedu-gitlab ~]# chmod +x /usr/local/bin/devops-monitor.sh # 配置备份 [root@fgedu-gitlab ~]# cat > /etc/cron.d/gitlab-backup << 'EOF' # GitLab每日备份 0 2 * * * root /opt/gitlab/bin/gitlab-backup create CRON=1 EOF # 配置Prometheus监控 [root@fgedu-prometheus ~]# cat >> /etc/prometheus/prometheus.yml << 'EOF' - job_name: 'gitlab' static_configs: - targets: ['192.168.1.60:9168'] - job_name: 'gitlab-runner' static_configs: - targets: ['192.168.1.61:9252'] EOF # 配置告警规则 [root@fgedu-prometheus ~]# cat > /etc/prometheus/rules/devops.yml << 'EOF' groups: - name: devops_alerts rules: - alert: GitLabDown expr: up{job="gitlab"} == 0 for: 5m labels: severity: critical annotations: summary: "GitLab服务不可用" - alert: PipelineFailure expr: gitlab_ci_pipeline_failed_total > 5
for: 10m
labels:
severity: warning
annotations:
summary: “流水线失败次数过多”
– alert: RunnerOffline
expr: gitlab_runner_offline > 0
for: 5m
labels:
severity: warning
annotations:
summary: “GitLab Runner离线”
EOF
- 配置高可用架构
- 实施代码质量门禁
- 自动化CI/CD流水线
- 配置安全扫描集成
- 定期备份代码仓库
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
