6月 182019
6月 142019
下载Kafka安装包
[root@ip-172-31-13-64 ~]# curl -O https://mirrors.tuna.tsinghua.edu.cn/apache/kafka/2.4.1/kafka_2.12-2.4.1.tgz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 59.4M 100 59.4M 0 0 1520k 0 0:00:40 0:00:40 --:--:-- 3598k [root@ip-172-31-13-64 ~]#
使用rz上传JDK并安装
[root@ip-172-31-13-64 ~]# yum -y install lrzsz [root@ip-172-31-13-64 ~]# rz rz waiting to receive. Starting zmodem transfer. Press Ctrl+C to cancel. Transferring jdk-8u241-linux-x64.rpm... 100% 174745 KB 606 KB/sec 00:04:48 0 Errors [root@ip-172-31-13-64 ~]# [root@ip-172-31-13-64 ~]# yum -y install jdk-8u241-linux-x64.rpm
修改配置文件
[root@ip-172-31-13-64 ~]# tar xzf kafka_2.12-2.4.1.tgz [root@ip-172-31-13-64 ~]# cd kafka_2.12-2.4.1/config/ [root@ip-172-31-13-64 config]# vi server.properties broker.id=0 listeners=PLAINTEXT://:9092 zookeeper.connect=172.31.6.164:2181,172.31.2.131:2181,172.31.7.9:2181 [root@ip-172-31-15-223 ~]# tar xzf kafka_2.12-2.4.1.tgz [root@ip-172-31-15-223 ~]# cd kafka_2.12-2.4.1/config/ [root@ip-172-31-15-223 config]# vi server.properties broker.id=1 listeners=PLAINTEXT://:9092 zookeeper.connect=172.31.6.164:2181,172.31.2.131:2181,172.31.7.9:2181 [root@ip-172-31-8-209 ~]# tar xzf kafka_2.12-2.4.1.tgz [root@ip-172-31-8-209 ~]# cd kafka_2.12-2.4.1/config/ [root@ip-172-31-8-209 config]# vi server.properties broker.id=2 listeners=PLAINTEXT://:9092 zookeeper.connect=172.31.6.164:2181,172.31.2.131:2181,172.31.7.9:2181
启动服务
[root@ip-172-31-13-64 ~]# cd kafka_2.12-2.4.1 [root@ip-172-31-13-64 kafka_2.12-2.4.1]# nohup ./bin/kafka-server-start.sh config/server.properties & [1] 18985 [root@ip-172-31-13-64 kafka_2.12-2.4.1]# nohup: ignoring input and appending output to ‘nohup.out’ [root@ip-172-31-13-64 kafka_2.12-2.4.1]# [root@ip-172-31-15-223 ~]# cd kafka_2.12-2.4.1 [root@ip-172-31-15-223 kafka_2.12-2.4.1]# nohup ./bin/kafka-server-start.sh config/server.properties & [1] 18161 [root@ip-172-31-15-223 kafka_2.12-2.4.1]# nohup: ignoring input and appending output to ‘nohup.out’ [root@ip-172-31-15-223 kafka_2.12-2.4.1]# [root@ip-172-31-8-209 ~]# cd kafka_2.12-2.4.1 [root@ip-172-31-8-209 kafka_2.12-2.4.1]# nohup ./bin/kafka-server-start.sh config/server.properties & [4] 17614 [root@ip-172-31-8-209 kafka_2.12-2.4.1]# nohup: ignoring input and appending output to ‘nohup.out’ [root@ip-172-31-8-209 kafka_2.12-2.4.1]#
启动后的日志输出
[root@ip-172-31-13-64 kafka_2.12-2.4.1]# tail -f nohup.out [2020-04-13 08:23:29,826] INFO [TransactionCoordinator id=0] Starting up. (kafka.coordinator.transaction.TransactionCoordinator) [2020-04-13 08:23:29,827] INFO [TransactionCoordinator id=0] Startup complete. (kafka.coordinator.transaction.TransactionCoordinator) [2020-04-13 08:23:29,834] INFO [Transaction Marker Channel Manager 0]: Starting (kafka.coordinator.transaction.TransactionMarkerChannelManager) [2020-04-13 08:23:29,882] INFO [ExpirationReaper-0-AlterAcls]: Starting (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper) [2020-04-13 08:23:29,903] INFO [/config/changes-event-process-thread]: Starting (kafka.common.ZkNodeChangeNotificationListener$ChangeEventProcessThread) [2020-04-13 08:23:29,941] INFO [SocketServer brokerId=0] Started data-plane processors for 1 acceptors (kafka.network.SocketServer) [2020-04-13 08:23:29,945] INFO Kafka version: 2.4.1 (org.apache.kafka.common.utils.AppInfoParser) [2020-04-13 08:23:29,945] INFO Kafka commitId: c57222ae8cd7866b (org.apache.kafka.common.utils.AppInfoParser) [2020-04-13 08:23:29,945] INFO Kafka startTimeMs: 1586766209941 (org.apache.kafka.common.utils.AppInfoParser) [2020-04-13 08:23:29,946] INFO [KafkaServer id=0] started (kafka.server.KafkaServer) [root@ip-172-31-15-223 kafka_2.12-2.4.1]# tail -f nohup.out [2020-04-13 08:23:55,073] INFO [TransactionCoordinator id=1] Starting up. (kafka.coordinator.transaction.TransactionCoordinator) [2020-04-13 08:23:55,075] INFO [TransactionCoordinator id=1] Startup complete. (kafka.coordinator.transaction.TransactionCoordinator) [2020-04-13 08:23:55,081] INFO [Transaction Marker Channel Manager 1]: Starting (kafka.coordinator.transaction.TransactionMarkerChannelManager) [2020-04-13 08:23:55,118] INFO [ExpirationReaper-1-AlterAcls]: Starting (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper) [2020-04-13 08:23:55,138] INFO [/config/changes-event-process-thread]: Starting (kafka.common.ZkNodeChangeNotificationListener$ChangeEventProcessThread) [2020-04-13 08:23:55,164] INFO [SocketServer brokerId=1] Started data-plane processors for 1 acceptors (kafka.network.SocketServer) [2020-04-13 08:23:55,168] INFO Kafka version: 2.4.1 (org.apache.kafka.common.utils.AppInfoParser) [2020-04-13 08:23:55,168] INFO Kafka commitId: c57222ae8cd7866b (org.apache.kafka.common.utils.AppInfoParser) [2020-04-13 08:23:55,168] INFO Kafka startTimeMs: 1586766235165 (org.apache.kafka.common.utils.AppInfoParser) [2020-04-13 08:23:55,179] INFO [KafkaServer id=1] started (kafka.server.KafkaServer) [root@ip-172-31-8-209 kafka_2.12-2.4.1]# tail -f nohup.out [2020-04-13 08:24:30,928] INFO [TransactionCoordinator id=2] Starting up. (kafka.coordinator.transaction.TransactionCoordinator) [2020-04-13 08:24:30,929] INFO [Transaction Marker Channel Manager 2]: Starting (kafka.coordinator.transaction.TransactionMarkerChannelManager) [2020-04-13 08:24:30,929] INFO [TransactionCoordinator id=2] Startup complete. (kafka.coordinator.transaction.TransactionCoordinator) [2020-04-13 08:24:30,967] INFO [ExpirationReaper-2-AlterAcls]: Starting (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper) [2020-04-13 08:24:30,991] INFO [/config/changes-event-process-thread]: Starting (kafka.common.ZkNodeChangeNotificationListener$ChangeEventProcessThread) [2020-04-13 08:24:31,008] INFO [SocketServer brokerId=2] Started data-plane processors for 1 acceptors (kafka.network.SocketServer) [2020-04-13 08:24:31,012] INFO Kafka version: 2.4.1 (org.apache.kafka.common.utils.AppInfoParser) [2020-04-13 08:24:31,012] INFO Kafka commitId: c57222ae8cd7866b (org.apache.kafka.common.utils.AppInfoParser) [2020-04-13 08:24:31,012] INFO Kafka startTimeMs: 1586766271008 (org.apache.kafka.common.utils.AppInfoParser) [2020-04-13 08:24:31,013] INFO [KafkaServer id=2] started (kafka.server.KafkaServer)
查看运行状态
[root@ip-172-31-13-64 ~]# jps 18985 Kafka 23677 Jps [root@ip-172-31-13-64 ~]# [root@ip-172-31-15-223 ~]# jps 18161 Kafka 22820 Jps [root@ip-172-31-15-223 ~]# [root@ip-172-31-8-209 ~]# jps 22231 Jps 17614 Kafka [root@ip-172-31-8-209 ~]#
创建测试主题
./bin/kafka-topics.sh --create --bootstrap-server localhost:9092 \ --replication-factor 3 --partitions 1 --topic my-replicated-topic [root@ip-172-31-13-64 kafka_2.12-2.4.1]# ./bin/kafka-topics.sh --create --bootstrap-server localhost:9092 \ > --replication-factor 3 --partitions 1 --topic my-replicated-topic [root@ip-172-31-13-64 kafka_2.12-2.4.1]#
查询测试主题描述
bin/kafka-topics.sh --describe --bootstrap-server localhost:9092 \ --topic my-replicated-topic [root@ip-172-31-13-64 kafka_2.12-2.4.1]# bin/kafka-topics.sh --describe --bootstrap-server localhost:9092 \ > --topic my-replicated-topic Topic: my-replicated-topic PartitionCount: 1 ReplicationFactor: 3 Configs: segment.bytes=1073741824 Topic: my-replicated-topic Partition: 0 Leader: 0 Replicas: 0,1,2 Isr: 0,1,2 [root@ip-172-31-13-64 kafka_2.12-2.4.1]# [root@ip-172-31-15-223 kafka_2.12-2.4.1]# bin/kafka-topics.sh --describe --bootstrap-server localhost:9092 \ > --topic my-replicated-topic Topic: my-replicated-topic PartitionCount: 1 ReplicationFactor: 3 Configs: segment.bytes=1073741824 Topic: my-replicated-topic Partition: 0 Leader: 0 Replicas: 0,1,2 Isr: 0,1,2 [root@ip-172-31-15-223 kafka_2.12-2.4.1]# [root@ip-172-31-8-209 kafka_2.12-2.4.1]# bin/kafka-topics.sh --describe --bootstrap-server localhost:9092 \ > --topic my-replicated-topic Topic: my-replicated-topic PartitionCount: 1 ReplicationFactor: 3 Configs: segment.bytes=1073741824 Topic: my-replicated-topic Partition: 0 Leader: 0 Replicas: 0,1,2 Isr: 0,1,2 [root@ip-172-31-8-209 kafka_2.12-2.4.1]#
查询可订阅主题列表
[root@ip-172-31-13-64 kafka_2.12-2.4.1]# ./bin/kafka-topics.sh --list --zookeeper 172.31.6.164:2181,172.31.2.131:2181,172.31.7.9:2181 my-replicated-topic [root@ip-172-31-13-64 kafka_2.12-2.4.1]#
6月 132019
6月 122019
Sonatype Nexus 3 最低运行环境要求:
Minimum CPUs: 4 Recommended CPUs: 8+ Host Physical/RAM Minimum ( default ) 4GB
安装JDK 1.8环境
查看Java版本信息
访问Sonatype Nexus下载页面
选择对应操作系统版本点击下载
解压缩文件到指定路径
进入安装目录
进入可执行程序bin目录
快捷键:Shift+鼠标右键,在此处打开命令窗口
注册nexus为系统服务
确认服务注册成功
启动nexu服务并查看运行状态
使用浏览器访问Web管理控制台
首次登录的初始密码设置
6月 112019
安装JDK
[root@iZj6cehstgjoj3qav88fidZ ~]# yum -y install jdk-8u211-linux-x64.rpm
查看JDK版本信息
[root@iZj6cehstgjoj3qav88fidZ ~]# java -version java version "1.8.0_211" Java(TM) SE Runtime Environment (build 1.8.0_211-b12) Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode) [root@iZj6cehstgjoj3qav88fidZ ~]#
下载Nexus二进制包
[root@iZj6cehstgjoj3qav88fidZ ~]# wget https://download.sonatype.com/nexus/oss/nexus-latest-bundle.tar.gz --2019-06-25 18:44:20-- https://download.sonatype.com/nexus/oss/nexus-latest-bundle.tar.gz Resolving download.sonatype.com (download.sonatype.com)... 34.206.81.156, 35.168.192.73 Connecting to download.sonatype.com (download.sonatype.com)|34.206.81.156|:443... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://sonatype-download.global.ssl.fastly.net/repository/repositoryManager/oss/nexus-2.14.13-01-bundle.tar.gz [following] --2019-06-25 18:44:21-- https://sonatype-download.global.ssl.fastly.net/repository/repositoryManager/oss/nexus-2.14.13-01-bundle.tar.gz Resolving sonatype-download.global.ssl.fastly.net (sonatype-download.global.ssl.fastly.net)... 151.101.77.194 Connecting to sonatype-download.global.ssl.fastly.net (sonatype-download.global.ssl.fastly.net)|151.101.77.194|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 82396385 (79M) [application/x-gzip] Saving to: ‘nexus-latest-bundle.tar.gz’ 100%[=======================================================================================================================================================>] 82,396,385 12.2MB/s in 5.4s 2019-06-25 18:44:27 (14.5 MB/s) - ‘nexus-latest-bundle.tar.gz’ saved [82396385/82396385] [root@iZj6cehstgjoj3qav88fidZ ~]#
解压缩文件
[root@iZj6cehstgjoj3qav88fidZ ~]# mkdir -p /usr/local/nexus [root@iZj6cehstgjoj3qav88fidZ ~]# tar xzf nexus-latest-bundle.tar.gz -C /usr/local/nexus/ [root@iZj6cehstgjoj3qav88fidZ ~]# ls /usr/local/nexus/ nexus-2.14.13-01 sonatype-work [root@iZj6cehstgjoj3qav88fidZ ~]#
添加用户并修改目录所有权限
[root@iZj6cehstgjoj3qav88fidZ ~]# useradd nexus [root@iZj6cehstgjoj3qav88fidZ ~]# chown -R nexus.nexus /usr/local/nexus/ [root@iZj6cehstgjoj3qav88fidZ ~]#
切换用户并进入Nexus可执行程序目录
[root@iZj6cehstgjoj3qav88fidZ ~]# su - nexus Last login: Tue Jun 25 18:36:38 CST 2019 on pts/1 [nexus@iZj6cehstgjoj3qav88fidZ ~]$ cd /usr/local/nexus/nexus-2.14.13-01/bin/ [nexus@iZj6cehstgjoj3qav88fidZ bin]$ ./nexus --help Usage: ./nexus { console | start | stop | restart | status | dump } [nexus@iZj6cehstgjoj3qav88fidZ bin]$
启动服务并查看服务运行状态
[nexus@iZj6cehstgjoj3qav88fidZ bin]$ ./nexus start Starting Nexus OSS... Started Nexus OSS. [nexus@iZj6cehstgjoj3qav88fidZ bin]$ [nexus@iZj6cehstgjoj3qav88fidZ bin]$ ./nexus status Nexus OSS is running (14829). [nexus@iZj6cehstgjoj3qav88fidZ bin]$
查看监听
使用浏览器访问Nexus控制台服务
6月 092019
下载JDK
https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
下载Maven
http://maven.apache.org/download.cgi
准备就绪的安装包
安装JDK
安装JDK
验证JAVA版本信息
解压缩Maven压缩包
查看Maven完整安装包路径
设置环境变量
控制面板-系统与安全-系统-高级系统设置
高级-环境变量
系统变量-PATH-新增
变量路径
C:\apache-maven-3.6.1-bin\apache-maven-3.6.1\bin
验证maven环境配置及版本信息
修改公共代理仓库为国内镜像服务器
修改conf/settings.xml配置文件,在<mirrors></mirrors>添加以下配置
阿里云镜像配置
<mirror> <id>aliyunmaven</id> <mirrorOf>*</mirrorOf> <name>阿里云公共仓库</name> <url>https://maven.aliyun.com/repository/public</url> </mirror>
网易163镜像配置
<mirror> <id>nexus-163</id> <mirrorOf>*</mirrorOf> <name>Nexus 163</name> <url>http://mirrors.163.com/maven/repository/maven-public/</url> </mirror>
6月 082019
主机清单
Jenkins (18.163.103.73/Hong Kong) Gitlab (45.32.95.186/Los Angeles) www (45.77.85.36/Los Angeles) client (136.244.67.202/London)
为已完成的Jenkins安装必要插件
Locale This plugin lets you control the language of Jenkins. Publish Over SSH Send build artifacts over SSH
修改语言设置(强制显示英语)
配置git路径
Jenkins > Global Tool Configuration > Git Path to Git executable /usr/sbin/git
为PHP项目Wordpress准备LAMP运行环境
查看系统原生PHP及MySQL版本
[root@www ~]# yum info php Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: repos-lax.psychz.net * extras: repos-lax.psychz.net * updates: repos-lax.psychz.net Available Packages Name : php Arch : x86_64 Version : 5.4.16 Release : 46.1.el7_7 Size : 1.4 M Repo : updates/7/x86_64 Summary : PHP scripting language for creating dynamic web sites URL : http://www.php.net/ License : PHP and Zend and BSD Description : PHP is an HTML-embedded scripting language. PHP attempts to make : it easy for developers to write dynamically generated web pages. : PHP also offers built-in database integration for several : commercial and non-commercial database management systems, so : writing a database-enabled webpage with PHP is fairly simple. The : most common use of PHP coding is probably as a replacement for CGI : scripts. : : The php package contains the module (often referred to as mod_php) : which adds support for the PHP language to Apache HTTP Server. [root@www ~]# yum info mariadb-server Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: repos-lax.psychz.net * extras: repos-lax.psychz.net * updates: repos-lax.psychz.net Available Packages Name : mariadb-server Arch : x86_64 Epoch : 1 Version : 5.5.64 Release : 1.el7 Size : 11 M Repo : base/7/x86_64 Summary : The MariaDB server and related files URL : http://mariadb.org License : GPLv2 with exceptions and LGPLv2 and BSD Description : MariaDB is a multi-user, multi-threaded SQL database server. It is : a client/server implementation consisting of a server daemon : (mysqld) and many different client programs and libraries. This : package contains the MariaDB server and some accompanying files : and directories. MariaDB is a community developed branch of MySQL. [root@www ~]#
配置PHP7.4 / MySQL 5.6环境
[root@www ~]# yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm [root@www ~]# yum makecache [root@www ~]# yum -y install https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm [root@www ~]# yum makecache
修改MySQL YUM仓库配置文件,启用MySQL5.6版本
[root@www ~]# vi /etc/yum.repos.d/mysql-community.repo # Enable to use MySQL 5.6 [mysql56-community] name=MySQL 5.6 Community Server baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/7/$basearch/ enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql [root@www ~]# yum makecache
执行环境安装
[root@www ~]# yum install httpd php74-php php74-php-pdo php74-php-pecl-mysql php74-php-gd mysql-community-server mysql-community-client
查看php版本信息
[root@www ~]# php74 -v PHP 7.4.3 (cli) (built: Feb 18 2020 11:53:05) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies [root@www ~]#
启动Apache服务
[root@www ~]# systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@www ~]# systemctl start httpd [root@www ~]#
准备测试文件
[root@www ~]# echo "<?php phpinfo(); ?>" > /var/www/html/hello.php [root@www ~]# cat /var/www/html/hello.php <?php phpinfo(); ?> [root@www ~]#
使用浏览器访问测试文件
为Jenkins服务器指向域名
C:\Users\harveymei>ping gitlab.bcoc.site 正在 Ping gitlab.bcoc.site [45.32.95.186] 具有 32 字节的数据: 来自 45.32.95.186 的回复: 字节=32 时间=335ms TTL=44 来自 45.32.95.186 的回复: 字节=32 时间=327ms TTL=44 来自 45.32.95.186 的回复: 字节=32 时间=335ms TTL=44 来自 45.32.95.186 的回复: 字节=32 时间=336ms TTL=44 45.32.95.186 的 Ping 统计信息: 数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失), 往返行程的估计时间(以毫秒为单位): 最短 = 327ms,最长 = 336ms,平均 = 333ms C:\Users\harveymei>
添加YUM仓库
[root@gitlab ~]# curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
执行安装
[root@gitlab ~]# sudo EXTERNAL_URL="https://gitlab.bcoc.site" yum install -y gitlab-ce
提示安装成功
Thank you for installing GitLab! GitLab should be available at https://gitlab.bcoc.site
使用浏览器访问
配置代码仓库
新建仓库
获取基于https的仓库地址
https://gitlab.bcoc.site/root/wordpress.git
在客户端主机生成密钥对
[root@client ~]# ssh-keygen -t ed25519 -C "harvey.mei@linuxcache.com" Generating public/private ed25519 key pair. Enter file in which to save the key (/root/.ssh/id_ed25519): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_ed25519. Your public key has been saved in /root/.ssh/id_ed25519.pub. The key fingerprint is: SHA256:pBZks0rE/4PCRggJjT+QoBjE2k3fK+kh0mc98/HgOvA harvey.mei@linuxcache.com The key's randomart image is: +--[ED25519 256]--+ |O* .. + | |Oo..oo o | |+= +.oo.. | |. =.o.o+. | | =. o=S. | | . *.O B o | | o * = * + | | . E o . | | .o | +----[SHA256]-----+ [root@client ~]# cat .ssh/id_ed25519.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqeQy7qZvEEcpf+R35DRMB8nXR2nmET049/QJ+z0Qm/ harvey.mei@linuxcache.com [root@client ~]#
在gitlab用户账户设置中配置密钥
导入公钥详情
安装git命令行工具
[root@client ~]# yum -y install git
克隆远程仓库到本地
[root@client ~]# git config --global user.name "Harvey" [root@client ~]# git config --global user.email "harvey.mei@linuxcache.com" [root@client ~]# git clone git@gitlab.bcoc.site:root/wordpress.git Cloning into 'wordpress'... The authenticity of host 'gitlab.bcoc.site (45.32.95.186)' can't be established. ECDSA key fingerprint is SHA256:vhmKGmm/onEV47Xe7T4QOr8t8hRfqoJS1sj3WN/T8oc. ECDSA key fingerprint is MD5:6e:d7:f6:eb:1d:ff:f4:cf:c6:e7:70:da:36:32:ee:26. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'gitlab.bcoc.site,45.32.95.186' (ECDSA) to the list of known hosts. remote: Enumerating objects: 3, done. remote: Counting objects: 100% (3/3), done. remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 Receiving objects: 100% (3/3), done. [root@client ~]# [root@client ~]# ls wordpress/ README.md [root@client ~]#
下载Wordpress并解压至本地仓库目录
[root@client ~]# curl -O https://wordpress.org/latest.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 11.8M 100 11.8M 0 0 8362k 0 0:00:01 0:00:01 --:--:-- 8361k [root@client ~]# tar xzf latest.tar.gz [root@client ~]# ls wordpress/ index.php wp-admin wp-cron.php wp-mail.php license.txt wp-blog-header.php wp-includes wp-settings.php readme.html wp-comments-post.php wp-links-opml.php wp-signup.php README.md wp-config-sample.php wp-load.php wp-trackback.php wp-activate.php wp-content wp-login.php xmlrpc.php [root@client ~]#
推送源代码至gitlab仓库
[root@client ~]# cd wordpress/ [root@client wordpress]# git add . [root@client wordpress]# git commit -m "Wordpress 5.3.2" [root@client wordpress]# git push -u origin master Counting objects: 2124, done. Compressing objects: 100% (2085/2085), done. Writing objects: 100% (2123/2123), 12.10 MiB | 4.41 MiB/s, done. Total 2123 (delta 213), reused 0 (delta 0) remote: Resolving deltas: 100% (213/213), done. To git@gitlab.bcoc.site:root/wordpress.git 73d3e3f..c52a7e6 master -> master Branch master set up to track remote branch master from origin. [root@client wordpress]#
在Gitlab查看已推送的代码
配置Jenkins自动化任务
添加目标服务器及配置信息
Jenkins > Manage Jenkins > Configure System > SSH Servers > Add
配置Jenkins访问Gitlab服务器的账户鉴权
Jenkins > Credentials > System > Global credentials(unrestricted) > Add Credentials
新建任务(自由风格项目)
配置Gitlab仓库信息
Jenkisn > PHP > Source Code Management > Git
配置构建信息
Jenkins > PHP > Build > Send files or execute commands over SSH
执行构建任务
Jenkins > PHP > Build Now
查看任务的控制台输出
控制台输出文本信息
Started by user admin Running as SYSTEM Building in workspace /var/lib/jenkins/workspace/PHP using credential 13e0e649-fa87-4a60-8021-85276d986544 > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url git@gitlab.bcoc.site:root/wordpress.git # timeout=10 Fetching upstream changes from git@gitlab.bcoc.site:root/wordpress.git > git --version # timeout=10 using GIT_SSH to set credentials Gitlab Account > git fetch --tags --progress git@gitlab.bcoc.site:root/wordpress.git +refs/heads/*:refs/remotes/origin/* # timeout=10 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10 Checking out Revision c52a7e62f3676005177293d706c9d902ee807d99 (refs/remotes/origin/master) > git config core.sparsecheckout # timeout=10 > git checkout -f c52a7e62f3676005177293d706c9d902ee807d99 # timeout=10 Commit message: "Wordpress 5.3.2" First time build. Skipping changelog. SSH: Connecting from host [ip-172-31-32-243.ap-east-1.compute.internal] SSH: Connecting with configuration [www] ... SSH: EXEC: STDOUT/STDERR from command [exit 0] ... SSH: EXEC: completed after 400 ms SSH: Disconnecting configuration [www] ... SSH: Transferred 1931 file(s) Build step 'Send files or execute commands over SSH' changed build result to SUCCESS Finished: SUCCESS
查看www服务器/var/www/html目录下部署的项目代码
使用浏览器访问
6月 082019
为jenkins服务配置域名指向
C:\Users\harveymei>ping jenkins.bcoc.site
正在 Ping jenkins.bcoc.site [18.162.148.195] 具有 32 字节的数据:
来自 18.162.148.195 的回复: 字节=32 时间=169ms TTL=46
来自 18.162.148.195 的回复: 字节=32 时间=153ms TTL=46
来自 18.162.148.195 的回复: 字节=32 时间=168ms TTL=46
来自 18.162.148.195 的回复: 字节=32 时间=167ms TTL=46
18.162.148.195 的 Ping 统计信息:
数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 153ms,最长 = 169ms,平均 = 164ms
C:\Users\harveymei>
安装完成后启动jenkins服务并查看端口监听
[root@ip-172-31-40-41 ~]# service jenkins start
Starting jenkins (via systemctl): [ OK ]
[root@ip-172-31-40-41 ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[root@ip-172-31-40-41 ~]#
使用浏览器访问未启用SSL加密的Web控制台
申请Let’s Encrypt证书
[root@ip-172-31-40-41 ~]# yum -y install certbot [root@ip-172-31-40-41 ~]# certbot certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Plugins selected: Authenticator standalone, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): harvey.mei@linuxcache.com Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Starting new HTTPS connection (1): supporters.eff.org Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): jenkins.bcoc.site Obtaining a new certificate Performing the following challenges: http-01 challenge for jenkins.bcoc.site Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/jenkins.bcoc.site/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/jenkins.bcoc.site/privkey.pem Your cert will expire on 2020-05-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le [root@ip-172-31-40-41 ~]#
转换证书格式(使用certtool命令)
[root@ip-172-31-40-41 ~]# yum -y install gnutls-utils [root@ip-172-31-40-41 ~]# rpm -lq gnutls-utils /usr/bin/certtool /usr/bin/crywrap /usr/bin/danetool /usr/bin/gnutls-cli /usr/bin/gnutls-cli-debug /usr/bin/gnutls-serv /usr/bin/ocsptool /usr/bin/p11tool /usr/bin/psktool /usr/bin/tpmtool /usr/share/doc/gnutls-utils-3.3.29 /usr/share/doc/gnutls-utils-3.3.29/certtool.cfg /usr/share/man/man1/certtool.1.gz /usr/share/man/man1/danetool.1.gz /usr/share/man/man1/gnutls-cli-debug.1.gz /usr/share/man/man1/gnutls-cli.1.gz /usr/share/man/man1/gnutls-serv.1.gz /usr/share/man/man1/ocsptool.1.gz /usr/share/man/man1/p11tool.1.gz /usr/share/man/man1/psktool.1.gz /usr/share/man/man1/tpmtool.1.gz [root@ip-172-31-40-41 ~]#
合并证书公钥私钥为PKCS12格式并设置密码保护(123456)
certtool --to-p12 --load-privkey /etc/letsencrypt/live/jenkins.bcoc.site/privkey.pem \ --pkcs-cipher 3des-pkcs12 \ --load-certificate /etc/letsencrypt/live/jenkins.bcoc.site/fullchain.pem \ --outfile jenkins.p12 --outder [root@ip-172-31-40-41 ~]# certtool --to-p12 --load-privkey /etc/letsencrypt/live/jenkins.bcoc.site/privkey.pem \ > --pkcs-cipher 3des-pkcs12 \ > --load-certificate /etc/letsencrypt/live/jenkins.bcoc.site/fullchain.pem \ > --outfile jenkins.p12 --outder Generating a PKCS #12 structure... Loading private key list... Loaded 1 private keys. Enter a name for the key: jenkins.bcoc.site Enter password: Confirm password: [root@ip-172-31-40-41 ~]# ls anaconda-ks.cfg jenkins.p12 original-ks.cfg [root@ip-172-31-40-41 ~]#
转换PKCS12格式为JAVA支持的JKS格式
keytool -importkeystore -srckeystore jenkins.p12 \ -srcstorepass '123456' -srcstoretype PKCS12 \ -srcalias jenkins.bcoc.site -deststoretype JKS \ -destkeystore jenkins_keystore.jks \ -deststorepass '123456' -destalias jenkins.bcoc.site [root@ip-172-31-40-41 ~]# keytool -importkeystore -srckeystore jenkins.p12 \ > -srcstorepass ‘123456’ -srcstoretype PKCS12 \ > -srcalias jenkins.bcoc.site -deststoretype JKS \ > -destkeystore jenkins_keystore.jks \ > -deststorepass ‘123456’ -destalias jenkins.bcoc.site Importing keystore jenkins.p12 to jenkins_keystore.jks... keytool error: java.io.IOException: keystore password was incorrect [root@ip-172-31-40-41 ~]# keytool -importkeystore -srckeystore jenkins.p12 \ > -srcstorepass '123456' -srcstoretype PKCS12 \ > -srcalias jenkins.bcoc.site -deststoretype JKS \ > -destkeystore jenkins_keystore.jks \ > -deststorepass '123456' -destalias jenkins.bcoc.site Importing keystore jenkins.p12 to jenkins_keystore.jks... Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore jenkins_keystore.jks -destkeystore jenkins_keystore.jks -deststoretype pkcs12". [root@ip-172-31-40-41 ~]# [root@ip-172-31-40-41 ~]# ls anaconda-ks.cfg jenkins_keystore.jks jenkins.p12 original-ks.cfg [root@ip-172-31-40-41 ~]#
修改证书文件属性
[root@ip-172-31-40-41 ~]# chown jenkins.jenkins jenkins_keystore.jks [root@ip-172-31-40-41 ~]# chmod 600 jenkins_keystore.jks [root@ip-172-31-40-41 ~]# mv jenkins_keystore.jks /var/lib/jenkins/ [root@ip-172-31-40-41 ~]#
修改jenins配置文件
[root@ip-172-31-40-41 ~]# vi /etc/sysconfig/jenkins
初始配置文件(SSL部分)
## Type: integer(0:65535) ## Default: "" ## ServiceRestart: jenkins # # HTTPS port Jenkins is listening on. # Default is disabled. # JENKINS_HTTPS_PORT="" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Path to the keystore in JKS format (as created by the JDK 'keytool'). # Default is disabled. # JENKINS_HTTPS_KEYSTORE="" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE. # Default is disabled. # JENKINS_HTTPS_KEYSTORE_PASSWORD="" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # IP address Jenkins listens on for HTTPS requests. # Default is disabled. # JENKINS_HTTPS_LISTEN_ADDRESS=""
修改
## Type: integer(0:65535) ## Default: "" ## ServiceRestart: jenkins # # HTTPS port Jenkins is listening on. # Default is disabled. # JENKINS_HTTPS_PORT="8443" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Path to the keystore in JKS format (as created by the JDK 'keytool'). # Default is disabled. # JENKINS_HTTPS_KEYSTORE="/var/lib/jenkins/jenkins_keystore.jks" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE. # Default is disabled. # JENKINS_HTTPS_KEYSTORE_PASSWORD="123456" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # IP address Jenkins listens on for HTTPS requests. # Default is disabled. # JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0"
禁用8080端口监听
初始配置文件
## Type: integer(0:65535) ## Default: 8080 ## ServiceRestart: jenkins # # Port Jenkins is listening on. # Set to -1 to disable # JENKINS_PORT="8080"
修改(禁用8080端口监听)
## Type: integer(0:65535) ## Default: 8080 ## ServiceRestart: jenkins # # Port Jenkins is listening on. # Set to -1 to disable # JENKINS_PORT="-1"
重启服务并查看端口监听变化
[root@ip-172-31-40-41 ~]# service jenkins restart Restarting jenkins (via systemctl): [ OK ] [root@ip-172-31-40-41 ~]# netstat -lnt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::111 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN tcp6 0 0 :::8443 :::* LISTEN [root@ip-172-31-40-41 ~]#
使用https协议及配置端口访问jenkins服务控制台
使用openssl命令合并公钥私钥为PKCS12命令用法
openssl pkcs12 -export -out jenkins.p12 \ -passout 'pass:123456' -inkey /etc/letsencrypt/live/jenkins.bcoc.site/privkey.pem \ -in /etc/letsencrypt/live/jenkins.bcoc.site/fullchain.pem \ -name jenkins.bcoc.site
6月 072019
6月 062019
实验环境
10.4.7.234 ns1.hostname.com 10.4.7.235 ns2.hostname.com 10.4.7.236 client.hostname.com
设置主机名(10.4.7.234)
[root@iZj6c1pigvpz2jl6zy1cgbZ ~]# hostnamectl set-hostname ns1.hostname.com [root@iZj6c1pigvpz2jl6zy1cgbZ ~]# exit logout [root@ns1 ~]# hostname ns1.hostname.com [root@ns1 ~]# ping -c 4 ns1.hostname.com PING ns1.hostname.com (10.4.7.234) 56(84) bytes of data. 64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=1 ttl=64 time=0.011 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=2 ttl=64 time=0.025 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=3 ttl=64 time=0.026 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=4 ttl=64 time=0.027 ms --- ns1.hostname.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.011/0.022/0.027/0.007 ms [root@ns1 ~]#
设置主机名(10.4.7.235)
[root@iZj6c1pigvpz2jl6zy1cgaZ ~]# hostnamectl set-hostname ns2.hostname.com [root@iZj6c1pigvpz2jl6zy1cgaZ ~]# exit logout [root@ns2 ~]# hostname ns2.hostname.com [root@ns2 ~]# ping -c 4 ns2.hostname.com PING ns2.hostname.com (10.4.7.235) 56(84) bytes of data. 64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=1 ttl=64 time=0.014 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=2 ttl=64 time=0.028 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=3 ttl=64 time=0.027 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=4 ttl=64 time=0.028 ms --- ns2.hostname.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.014/0.024/0.028/0.006 ms [root@ns2 ~]#
设置主机名(10.4.7.236)
[root@iZj6c1pigvpz2jl6zy1cgcZ ~]# hostnamectl set-hostname client.hostname.com [root@iZj6c1pigvpz2jl6zy1cgcZ ~]# exit logout [root@client ~]# hostname client.hostname.com [root@client ~]# ping -c 4 client.hostname.com PING client.hostname.com (10.4.7.236) 56(84) bytes of data. 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=1 ttl=64 time=0.013 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=2 ttl=64 time=0.028 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=3 ttl=64 time=0.028 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=4 ttl=64 time=0.026 ms --- client.hostname.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.013/0.023/0.028/0.008 ms [root@client ~]#
安装bind及bind-utils软件包
[root@ns1 ~]# yum -y install bind bind-utils [root@ns2 ~]# yum -y install bind bind-utils [root@client ~]# yum -y install bind-utils
修改主DNS服务器的主配置文件
[root@ns1 ~]# vi /etc/named.conf 修改以下行内容 13 listen-on port 53 { 10.4.7.234; }; 21 allow-query { any; }; 35 dnssec-enable no; 36 dnssec-validation no; 添加以下内容 allow-transfer { 10.4.7.235; }; allow-notify { 10.4.7.235; };
新增区域配置
[root@ns1 ~]# vi /etc/named.rfc1912.zones zone "hostname.com" IN { type master; file "hostname.com.zone"; allow-update { none; }; };
创建区域配置文件
[root@ns1 ~]# vi /var/named/hostname.com.zone $TTL 600 ; 10 minutes @ IN SOA ns1.hostname.com. hostmaster.hostname.com. ( 20190001 ; serial number 10800 ; refresh time (3 hours) 900 ; retry time (15 minutes) 604800 ; expire time (1 week) 86400 ; minimum (1 day) ) NS ns1.hostname.com. NS ns2.hostname.com. $ORIGIN hostname.com. $TTL 60 ; 1 minute ns1 A 10.4.7.234 ns2 A 10.4.7.235 client A 10.4.7.236
检查配置信息
[root@ns1 ~]# named-checkconf [root@ns1 ~]# named-checkzone hostname.com. /var/named/hostname.com.zone zone hostname.com/IN: loaded serial 20190001 OK [root@ns1 ~]#
重启服务并查看监听和验证解析
配置从DNS服务器
修改从DNS服务器的主配置文件
[root@ns2 ~]# vi /etc/named.conf 修改客户机DNS配置 13 listen-on port 53 { 10.4.7.235; }; 21 allow-query { any; }; 35 dnssec-enable no; 36 dnssec-validation no; 增加 masterfile-format text;
添加区域配置
[root@ns2 ~]# vi /etc/named.rfc1912.zones zone "hostname.com" IN { type slave; masters { 10.4.7.234; }; file "slaves/hostname.com.zone"; };
检查配置启动服务
[root@ns2 ~]# named-checkconf [root@ns2 ~]# systemctl enable named Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service. [root@ns2 ~]# systemctl start named [root@ns2 ~]#
查看端口监听
检查完全区域传送信息及查看本地已同步的区域配置文件
验证解析
客户机配置
Ping 客户机本机及两台DNS主机的域名,默认只有本机响应
[root@client ~]# ping -c 1 client.hostname.com PING client.hostname.com (10.4.7.236) 56(84) bytes of data. 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=1 ttl=64 time=0.011 ms --- client.hostname.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.011/0.011/0.011/0.000 ms [root@client ~]# ping -c 1 ns1.hostname.com ping: ns1.hostname.com: Name or service not known [root@client ~]# ping -c 1 ns2.hostname.com ping: ns2.hostname.com: Name or service not known [root@client ~]#
查看当前主机DNS配置
[root@client ~]# cat /etc/resolv.conf options timeout:2 attempts:3 rotate single-request-reopen ; generated by /usr/sbin/dhclient-script nameserver 100.100.2.136 nameserver 100.100.2.138 [root@client ~]#
修改DNS
[root@client ~]# vi /etc/resolv.conf options timeout:2 attempts:3 rotate single-request-reopen ; generated by /usr/sbin/dhclient-script #nameserver 100.100.2.136 #nameserver 100.100.2.138 nameserver 10.4.7.234 nameserver 10.4.7.235
再次ping两台DNS服务器的主机名,及使用nslookup查询,主辅DNS均能够响应客户端查询
