CICD&前后端自动发版
一、初步部署
VM 主机名 IP
gitlab gitlab 100.100.137.3/24 8/8/100
jenkens jenkins 100.100.137.4/24 8/8/100
前端 node-1 100.100.137.5/24 2/2/25
后端 node-2 100.100.137.6/24 2/2/25
MySQL mysql 100.100.137.7/24 2/2/25
Redis redis 100.100.137.8/24 2/2/25
账号:zhangyu
密码:Ifcfg-ens224
新系统初始化
修改时区
timedatectl set-timezone Asia/Shanghai
更换APT源地址
cat <<'EOF' > /etc/apt/sources.list
默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirror.nju.edu.cn/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirror.nju.edu.cn/ubuntu/ jammy main restricted universe multiverse
deb https://mirror.nju.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirror.nju.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
deb https://mirror.nju.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirror.nju.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
以下安全更新软件源包含了官方源与镜像站配置,如有需要可自行修改注释切换
deb https://mirror.nju.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
# deb-src https://mirror.nju.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse
预发布软件源,不建议启用
deb https://mirror.nju.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirror.nju.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
EOF
打通所有主机sshkey验证
vim /etc/ssh/ssh_config
StrictHostKeyChecking no
PasswordAuthentication no
vim /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication no
ChallengeResponseAuthentication no
修改后重启
systemctl restart ssh
修改数据库连接配置
eladmin-system/src/main/resources/config/application-prod.yml
image-20241002105240451
eladmin-system/src/main/resources/config/application.yml
image-20241002105323035
修改前端默认连接路径
.env.production
image-20241002105134789
修改后端代码
gitlab
下载git安装包
安装
dakg -i gitlab-ce_17.4.1-ce.0_amd64.deb
修改访问域名或ip
vim /etc/gitlab/gitlab.rb
external_url 'http://gitlab.zhang.com'
重载配置文件
gitlab-ctl reconfigure
查看首次登录密码,首次使用该密码登录后需立即设置密码
cat /etc/gitlab/initial_root_password
Password: bi09K8pa0DVWXT/UI73wOlblviRmpKyLOPotrJEID8g=
开启gitlab 仓库导入权限
image-20241002003800757
image-20241002015110432
Jenkins
下载各种依赖包 Jenkins安装包
apt update && apt install maven mysql-client net-tools npm
wget https://mirrors.bfsu.edu.cn/jenkins/debian-stable/jenkins_2.462.2_all.deb
dpkg -i jenkins_2.462.2_all.deb
修改启动用户为root/重启
vim /lib/systemd/system/jenkins.service
systemctl daemon-reload
systemctl restart jenkins.service
查看首次登录密码
cat /var/lib/jenkins/secrets/initialAdminPassword
首次登录下载插件后 设置登录密码
后端执行脚本(注意路径变化)
root@jenkins:/data/eladmin# cat eladmin.sh
!/bin/bash
mvn clean package -Dmaven.test.skip=true
scp -r /var/lib/jenkins/workspace/eladmin/eladmin-system/target/eladmin-system-2.7.jar 100.100.137.6:/data/eladmin/
ssh root@100.100.137.6 '/root/stop.sh'
ssh root@100.100.137.6 '/root/start.sh'
前端执行脚本(注意路径变化)
root@jenkins:/data/eladmin# cat eladmin-web.sh
!/bin/bash
npm install --registry=https://registry.npmmirror.com
npm run build:prod
ssh root@100.100.137.5 'rm -rf /root/data/eladmin/dist '
scp -r /var/lib/jenkins/workspace/myeladmin/dist 100.100.137.5:/data/eladmin/
MYSQL主机准备好之后执行下列操作
准备表
apt -y install mysql-client
mysql -ueladmin -p123456 -h100.100.137.7
导入表
mysql> use eladmin;
mysql> source /var/lib/jenkins/workspace/eladmin/sql/eladmin.sql;
mysql> show tables;
前端
安装nginx
apt install nginx -y
nginx代理配置(注意路径变化)
root@node-1:~# cat /etc/nginx/sites-enabled/eladmin.conf
server
{
listen 80;
server_name 100.100.137.5;
index index.html;
root /data/eladmin/dist/; #dist上传的路径
# 避免访问出现 404 错误
location / {
try_files $uri $uri/ @router;
index index.html;
}
location @router {
rewrite ^.*$ /index.html last;
}
# 接口
location /api {
proxy_pass http://100.100.137.6:8000;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# 授权接口
location /auth {
proxy_pass http://100.100.137.6:8000;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# WebSocket 服务
location /webSocket {
proxy_redirect off;
proxy_pass http://100.100.137.6:8000/webSocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60s;
proxy_read_timeout 86400s;
proxy_send_timeout 60s;
}
# 头像
location /avatar {
proxy_pass http://100.100.137.6:8000;
}
# 文件
location /file {
proxy_pass http://100.100.137.6:8000;
}
}
创建默认页面路径目录
mkdir -pv /data/eladmin/
重启服务
systemctl restart nginx
后端
安装Maven(其中包含Java程序)
apt update && apt install maven -y
后端停止脚本
root@node-2:~# cat stop.sh
PID=$(ps -ef | grep eladmin-system-2.7.jar | grep -v grep | awk '{ print $2 }')
if [ -z "$PID" ]
then
echo Application is already stopped
else
echo kill -9 $PID
kill -9 $PID
fi
启动脚本(注意路径、版本变化)、如果启动失败注意进程运行情况,可能端口被占用
nohup java -jar /data/eladmin/eladmin-system-2.7.jar --spring.profiles.active=prod > nohup.out 2>&1 &
MySQL
安装MySQL
apt install mysql-server
开启远程连接
sed -i '/127.0.0.1/s/^/#/' /etc/mysql/mysql.conf.d/mysqld.cnf
重启服务
systemctl restart mysql
创建用户 库
mysql> create database eladmin;
mysql> create user eladmin@'%' identified by '123456';
mysql> grant all on eladmin.* to eladmin@'%';
Redis
安装
apt update && apt install redis -y
修改默认配置
sed -i 's/^bind .*/bind 0.0.0.0/' /etc/redis/redis.conf
systemctl restart redis
二、简单部署后优化
内存优化
当前使用版本gitlab-ce_17.4.1-ce.0_amd64.deb
vim /etc/gitlab/gitlab.rb
prometheus['enable'] = false
prometheus['monitor_kubernetes'] =false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
gitlab_exporter['enable'] = false
prometheus_monitoring['enable'] =false
grafana['enable'] = false #此版本无此项内容
gitlab邮件通知
image-20241003161141508
用户注册限制
image-20241003161305735
前端加速以及版本秒级回滚
nginx配置文件
server
{
listen 80;
server_name node-1.zy-98.cn;
index index.html;
root /var/html/dist; #dist上传的路径🙌
# 避免访问出现 404 错误
location / {
try_files $uri $uri/ @router;
index index.html;
}
location @router {
rewrite ^.*$ /index.html last;
}
# 接口
location /api {
proxy_pass http://100.100.137.6:8000;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# 授权接口
location /auth {
proxy_pass http://100.100.137.6:8000;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# WebSocket 服务
location /webSocket {
proxy_redirect off;
proxy_pass http://100.100.137.6:8000/webSocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60s;
proxy_read_timeout 86400s;
proxy_send_timeout 60s;
}
# 头像
location /avatar {
proxy_pass http://100.100.137.6:8000;
}
# 文件
location /file {
proxy_pass http://100.100.137.6:8000;
}
}
!/bin/bash
开启调试模式,显示每条命令的执行过程
set -x
部署函数
deploy() {
# Step 1: 同步 node_modules 到 eladmin-web 目录
echo "Step 1: 同步 node_modules 到 eladmin-web 目录..."
rsync -av /var/lib/jenkins/workspace/node_modules /var/lib/jenkins/workspace/eladmin-web/
# Step 2: 安装 npm 依赖并构建生产环境
echo "Step 2: 安装 npm 依赖并构建生产环境..."
npm install --registry=https://registry.npmmirror.com
npm run build:prod
# Step 3: 同步 node_modules 回 Jenkins 工作区,减少下次编译时间
echo "Step 3: 同步 node_modules 回 Jenkins 工作区..."
rsync -av /var/lib/jenkins/workspace/eladmin-web/node_modules/ /var/lib/jenkins/workspace/node_modules/
# Step 4: 删除远程服务器上的旧 dist 目录
echo "Step 4: 删除远程服务器上的 dist 目录..."
ssh root@100.100.137.5 'rm -rf /root/data/eladmin/dist'
# Step 5: 将本地 dist 文件夹传输到远程服务器
echo "Step 5: 将本地 dist 文件夹传输到远程服务器..."
scp -r /var/lib/jenkins/workspace/eladmin-web/dist root@100.100.137.5:/opt
# Step 6: 备份旧版本的 dist,并更新到新版本
echo "Step 6: 备份旧版本的 dist,并更新到新版本..."
ssh root@100.100.137.5 '
cp -r /opt/dist /data/dist_`date +%F_%H-%M-%S` &&
Present=$(ls -r /data | sed -n "1p") &&
rm -f /root/data/eladmin/dist &&
ln -s /data/${Present}/dist /root/data/eladmin/dist
'
}
回滚函数
rollback() {
# Step 1: 查找上一个版本并回滚
echo "Step 1: 查找上一个版本并回滚..."
ssh root@100.100.137.5 '
Previous=$(ls -r /data/eladmin | sed -n "2p") &&
rm -f /root/data/eladmin/dist &&
ln -s /data/eladmin/${Previous}/dist /root/data/eladmin/dist
'
}
主程序入口,依据参数执行相应操作
case $1 in
deploy)
echo "开始部署..."
deploy
;;
rollback)
echo "开始回滚..."
rollback
;;
*)
echo "Usage: $0 {deploy|rollback}"
exit 1
;;
esac
关闭调试模式
set +x
后端脚本文件
!/bin/bash
部署函数
deploy() {
# Step 1: 把 node_modules 同步到 eladmin-web 目录下,减少依赖安装时间
rsync -av /var/lib/jenkins/workspace/node_modules /var/lib/jenkins/workspace/eladmin-web/
# Step 2: 安装依赖并打包前端项目
npm install --registry=https://registry.npmmirror.com # 使用淘宝镜像安装依赖
npm run build:prod # 打包生产环境的前端项目
# Step 3: 同步 node_modules 回到原始位置,以减少下次编译时间
rsync -av /var/lib/jenkins/workspace/eladmin-web/node_modules /var/lib/jenkins/workspace/
# Step 4: 删除远程服务器上的旧 dist 目录
ssh root@100.100.137.5 'rm -rf /root/data/eladmin/dist'
# Step 5: 将打包好的 dist 文件夹传输到远程服务器
scp -r /var/lib/jenkins/workspace/eladmin-web/dist root@100.100.137.5:/opt
# Step 6: 备份远程服务器上的旧版本,并更新为新版本
ssh root@100.100.137.5 '
# 备份当前 dist 目录为带时间戳的备份
cp -r /opt/dist /data/dist_`date +%F_%H-%M-%S` &&
# 获取最新备份目录名
Present=$(ls -r /data | sed -n "1p") &&
# 删除旧的符号链接
rm -f /root/data/eladmin/dist &&
# 创建新的符号链接指向最新的 dist 目录
ln -s /data/${Present}/dist /root/data/eladmin/dist
'
}
回滚函数
rollback() {
# Step 1: 停止远程服务器上的应用
ssh 100.100.137.6 './stop.sh'
# Step 2: 获取前一个版本的备份,并恢复到该版本
ssh 100.100.137.6 '
# 获取上一个版本的目录名
Previous=$(cd /data && ls -r | sed -n "2p") &&
# 删除旧的 eladmin-system-2.7.jar 并链接到上一个版本
rm -f /root/eladmin-system-2.7.jar &&
ln -s /data/${Previous} eladmin-system-2.7.jar
'
# Step 3: 启动恢复后的应用
ssh 100.100.137.6 './start.sh'
}
处理脚本参数,调用部署或回滚
case $1 in
deploy)
deploy # 执行部署
;;
rollback)
rollback # 执行回滚
;;
*)
exit # 未知命令,直接退出
;;
esac
三、数据备份
四、zabbix监控及监控大屏
安装zabbix server服务端
服务段安装依赖包
测试agent
apt install zabbix-get -y
中文依赖包
下载安装源地址
安装
dpkg -i zabbix-release_6.0-4+ubuntu22.04_all.deb
更新
apt update
安装Zabbix server,Web前端,agent
apt install zabbix-server-mysql zabbix-frontend-php zabbix-nginx-conf zabbix-sql-scripts zabbix-agent
安装MySQL数据库
apt install mysql-server
mysql -uroot -p
123456
mysql> create database zabbix character set utf8mb4 collate utf8mb4_bin;
mysql> create user zabbix@localhost identified by '123456';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> set global log_bin_trust_function_creators = 1;
mysql> quit;
导入初始架构和数据,系统将提示您输入新创建的密码。
zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbix
[kod.yijiasg.com)
[kod.bjzhifayy.com)
[kod.cnnbhz.com)
[kod.njtacm.com)
[kod.jinyiyj.com)
[kod.sfysy.net)
[kod.zyxingsheng.com)
[kod.veshenzhen.com)
mysql -uroot -p
password
mysql> set global log_bin_trust_function_creators = 0;
mysql> quit;
修改zabbix-server配置文件,保证能连接 mysql,zabbix-server向数据库中写入数据
vim /etc/zabbix/zabbix_server.conf
DBPassword=123456
修改zabbix-web 配置
vim /etc/zabbix/nginx.conf
server {
listen 80;
server_name zabbix.zy-98.cn; #保证配置的域名能解析
重启服务,并加启动项
systemctl restart zabbix-server zabbix-agent nginx php8.3-fpm
systemctl enable zabbix-server zabbix-agent nginx php8.3-fpm
安装中文语言包,并重启服务
apt install language-pack-zh-hans -y
