# ssh root@172.16.87.89
# su - deploy
$ source /home/deploy/.py3-a2.5-env/bin/activate

###加载py3虚拟环境
$ source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q

##验证ansible是否已经加载成功
$ ansible --version

到此三剑客平台已经就绪

##创建freetyle-job工程

#描述：This is my frist nginx job

#参数化构建过程

选择参数：

名称：deploy_env

选择：dev&test&prod

文本参数：

名称：branch

默认值：master

源代码管理：GitLab项目仓库url/仓库密码

##创建Ansible与目标主机ssh key公钥认证

编写playbook脚本实现静态网页远程部署

编写playbooks脚本

nginx_playbooks/ ----->脚本目标

├── deploy.retry

├── deploy.yml --->主入口文件

├── inventory ---->详细目标

│ ├── dev

│ └── prod

└── roles ---->主任务文件

└── nginx

├── files

│ ├── health_check.sh

│ └── index.html

├── tasks

│ └── main.yml --->ansible-playbook主任务文件

└── templates

└── nginx.conf.j2

6 directories, 8 files

将playbook部署脚本提交到Gitllab仓库

##将GitLab仓库代码克隆到本地
# git -c  http.sslverify=false clone https://gitlab.example.com/root/ansible-playbooks.git

##上传代码
# git add .

##提交，注释提交内容
# git commit -m "First commit"
# git -c http.sslverify=false  push origin master   或git push origin master

Freestyle任务构建和自动化部署

shell脚本

#!/bin/sh
set +x
source /home/deploy/.py3-a2.5-env/bin/activate
source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q

cd $WORKSPACE/nginx_playbooks
ansible --version
ansible-playbook --version

ansible-playbook -i inventory/$deploy_env ./deploy.yml -e project=nginx -e branch=$branch -e env=$deploy_env

jenkins pipeline job案例

###pipeline job实现：nginx+mysql+php+WordPress自动化部署交付

预先搭建环境：

1.三剑客平台初始化环境构建

2.编写ansible playbook脚本实现WordPress远程部署工作

3.将WordPress源码与playbook部署脚本提交到GitLab仓库

4.编写pipeline job脚本实现jenkins流水线持续交付流程

5.jenkins集成ansible与GitLab实现WordPress的自动化部署

##ssh链接jenkins后台服务器
# ssh root@172.16.87.89
# su -deploy
$ source /home/deploy/.py3-a2.5-env/bin/activate

###加载py3虚拟环境
$ source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q

##验证ansible是否已经加载成功
$ ansible --version

##验证ansible环境是否免秘钥远程登录目标服务器
# ssh root@report.example.com（目标服务器DNS）

##编写ansible playbook脚本
##打开Git Bash在本地编写脚本

###为了避免克隆或者推送GitLab仓库时报证书错误，关闭Git安全认证
### git config --global http.sslverify fales
# git -c  http.sslverify=false clone https://gitlab.example.com/root/ansible-playbooks.git

# cd ansible-playbooks/
# cp -a nginx_playbooks/  wordpress_playbooks

# 编写本地wordpressss_playbooks脚本

wls案例

##Freestyle job+GitLab+ansible+weblogic

1.环境准备

GitLab代码仓库托管服务器172.16.87.88（本地DNSgitlab.example.com）

ansible+jenkins持续构建集成服务器172.16.87.89

weblogic服务器：172.16.87.105

2.创建一个自由风格流水线job，命名项目名称规则

项目名称：report

参数化构建过程：

选项参数名称deploy_env

选项：dev、test、prod

文本参数名称：branch

默认值master

源码托管Git

项目仓库Url地址https://gitlab.example.com/root/report2.git

构建：Maven

执行shell：

#!/bin/sh
set +x
#su - deploy
source /home/deploy/.py3-a2.5-env/bin/activate
source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q

cd /home/deploy
ansible --version
ansible-playbook --version

cd playbook
#cp /home/deploy/.jenkins/workspace/report2.0/portal/target/portal.war roles/testbox/files/
ansible-playbook -i inventory/testenv ./deploy.yml

##jenkins启动停止脚本

#!/bin/bash
DEPLOY_UID=1000
java -jar /opt/jenkins.war   >> $log_path/home/deploy/apache.log 2>&1 &

if [ "$UID" -eq "${DEPLOY_UID}" ]
then
echo "Message: deploy jenkins  has started. "
echo
else
echo
echo "Message: You are not the weblogic user, execute the command with deploy user."
echo
fi

#!/bin/bash
DEPLOY_UID=1000
ps -aux | grep jenkins | grep java |awk '{print $2}'|xargs kill  >> $log_path/home/deploy/apache.log
if [ "$UID" -eq "${DEPLOY_UID}" ]
then
echo "Message: The log file apache.log does not exis"
echo
else
echo
echo "Message: You are not the weblogic user, execute the command with deploy user."
echo
fi

3.Ansib脚本编写

📎playbook.zip

- name: print server name and user to remste testbox
  shell: "echo 'Currently {{ user }} is logining {{ server_name }}' > {{ output }}"

#- name: create a file
#  file: 'path=/root/foo.txt state=touch mode=0755 owner=root group=root'
#- name: "kill掉weblogic"
#  shell: "ps -ef  | grep weblogic | grep -v grep | awk '{print $2}' |xargs kill -9"

- name: "删除老版本的war&文件"
  shell: "rm -rf {{ war_file }}/123.txt"

- name: copy a file
  copy: 'remote_src=no src=roles/testbox/files/portal.war dest={{ war_file }}/portal.war mode=0644 force=yes'

#- name: start weblogic service
#  shell: "nohup {{ service }}/startWebLogic.sh &"

- name: "查看weblogic请求判断 weblogic service starts"
  shell: echo $(ps -ef | grep weblogic | wc -l)
  register: 'weblogic_stat'
- debug: msg="weblogic_stat"
  when: weblogic_stat.stdout |int >= 2
- name: copy a file
  copy: 'remote_src=no src=roles/testbox/files/stopwls.sh dest=/root/stopwls.sh mode=0777 force=yes'
- name: "source profile && 卸载应用"
  shell: "source /etc/profile && sh /root/stopwls.sh"
- name: "source profile && 装载应用"
  shell: "source /etc/profile && sh /root/startwls.sh"

#- name: "卸载部署应用"
#  script: 'sh /home/wls.sh'
#  register: script_stat
#- debug: msg="foo.sh exists"
#  when: script_stat.stat.exists
#- name: run the script
#  command:  "sh /root/foo.sh"

[testservers]
report.example.com

[testservers:vars]
server_name= report.example.com
user=root
output=/root/weblogic_state.txt
service=/home/weblogic/Middleware/Oracle_Home/user_projects/domains/base_domain/bin
war_file=/root

#server_name=report.example.com
port=80
user=deploy
worker_processes=4
max_open_file=65505
root=/www

jenkins与SonarQube平台代码扫描

SonarQube安装

1.环境准备

sonarQube 下载地址https://www.sonarqube.org/downloads/（官网最新版本下载特别慢，可选择其他版本下载）

sonarQube Scanners 下载地址https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner

安装jdk1.8（根据官网信息，需要用到jdk1.8,如果你的环境已经配置了JAVA_HOME是jdk1.7可以手动指定sonar的运行jdk为1.8）

安装mysql，可以是远程连接（注：mysql版本需要是5.6+）

2.安装

指定jdk1.8（如果系统环境变量已经是1.8忽略此步）

下载好sonarQube后，解压打开conf目录,修改 wrapper.conf

##jdk配置
# tar -zxvf jdk-8u77-linux-x64.tar.gz -C /usr/java/

#配置root用户java环境变量
# vi ~/.bashrc
export JAVA_HOME=/usr/java/jdk1.8.0_77
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

##使环境变量立即生效
# source  ~/.bashrc

##解压sonarqube-7.4.zip
# unzip sonarqube-7.4.zip

##创建用户启动es
# adduser deploy
# chown -R deploy:deploy sonarqube

#配置deploy用户的java环境变量（172.16.87.85未配置deploy环境变量）

# vi ~/.bashrc
###set sonar java ###
export JAVA_HOME=/usr/java/jdk1.8.0_77
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

# source  ~/.bashrc

##mysql安装（Cenos7）

 ##下载并安装MySQL官方的 Yum Repository
 # wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm

 ##yum 安装Yum Repository
 # yum -y install mysql57-community-release-el7-10.noarch.rpm

 ##安装mysql服务器
# yum -y install mysql-community-server

###mysql数据库设置

##启动mysql
# systemctl start  mysqld.service

#查看mysql运行状态
# systemctl status mysqld.service

##在log中查看root密码
#grep "password" /var/log/mysqld.log

##登录
mysql> mysql -uroot -p

##修改mysql密码
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '123456';（注修改不成功的话，查看grep "password" /var/log/mysqld.log按照那里面密码修改）
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '.+i=ikbkb8aU';

##查看mysql初始化密码规则
mysql> set global validate_password_policy=0;
mysql> set global validate_password_length=1;

###最后卸载删除Yum Repository，避免以后每次操作yum的自动更新
# yum -y remove mysql57-community-release-el7-10.noarch

3.SonarQube配置

###mysql 添加sonar用户

sonarQube配置mysql,修改/conf/sonar.properties

重启服务，观察日志

##配置sonarqube目标conf下的sonar.properties

$ vim sonarqube/conf/sonar.properties

##配置wrapper.conf文件

$ vim sonarqube/conf/sonar.properties

wrapper.java.command=/usr/java/jdk1.8.0_77/bin/java

##创建sonar数据库

# mysql -u sonar -p

Enter password:

mysql> CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;

mysql> CREATE USER 'sonar' IDENTIFIED BY 'sonar';

mysql> GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar';

mysql> GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar';

mysql> FLUSH PRIVILEGES;

###启动启动sonar

# su - sonar

# ./bin/linux-x86-64/sonar.sh start

# tail -200f ./logs/sonar.log

##访问http://172.16.87.85:9000

##http://172.16.87.85:9000/about

##mysql查看sonar数据库信息状态

mysql> show databases

mysql> use sonar;

mysql> show tables;

##配置sonarqube-7.4启动脚本

#!/bin/bash
DEPLOY_UID=1001
./sonarqube-7.4//bin/linux-x86-64/sonar.sh start    >> $log_path/home/deploy/sonar.log 2>&1 &
if [ "$UID" -eq "${DEPLOY_UID}" ]
then
echo "Message: deploy SonarQube  has started. "
echo
else
echo
echo "Message: You are not the deploy user, execute the command with deploy user."
echo
fi

4. SonarQube汉化

下载sonar-l10n-zh-plugin-1.21.jar 放在/opt/sonarqube/extensions/plugins目标下，重新启动sonarqube（注意jar包组权限）

或者是在SonarQube平台安装中文插件--->配置-->Plugins-->搜索-->chinese

https://blog.csdn.net/qq_21816375/article/details/80787993

Sonar-scanner扫描器安装配置

（root用户配置其他用户执行须配置java环境变量）

Sonar通过扫描器进行代码质量分析，即扫描器的具体工作就是扫描代码：

###解压sonar-scanner-3.2.0.1227-linux
# su - root
# cd /opt

# 编辑/conf下的sonar-scanner.properties文件
# cd /opt/sonar-scanner-3.2.0.1227-linux/conf
# grep "^[a-Z]" sonar-scanner.properties
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8
onar.jdbc.username=sonar
sonar.jdbc.password=sonar
sonar.login=admin
sonar.password=admin

##配置sonar-scanner-3.2环境变量

 # vi ~/.bashrc

###set sonar-scanner###
export SONAR_RUNNER_HOME=/opt/sonar-scanner-3.2.0.1227-linux
export PATH=$SONAR_RUNNER_HOME/bin:$PATH
export SONAR_SCANNER_OPTS="-Xms512m -Xmx2048m"

# source  ~/.bashrc

##测试sonar-scanner环境变量
# sonar-scanner -h

###安装apache-maven

下载：wget http://mirrors.tuna.tsinghua.edu.cn/apache/maven/maven-3/3.6.0/binaries/apache-maven-3.6.0-bin.zip

# unzip apache-maven-3.6.0-bin.zip

验证maven版本：# ./apache-maven-3.6.0/bin/mvn -version

###在项目的根目录中创建配置文件：sonar -project.properties

sonar.projectKey=report（项目的唯一标识，类似主键自定义）
sonar.projectVersion=1.0.0（项目的版本）
sonar.sources=.
sonar.projectName=report（项目名称）
sonar.ce.workCount=1
sonar.language=java（项目编码）
sonar.source=src（项目路径）
sonar.java.binaries=/opt/report/report/src,/opt/report/portal/src,/opt/report/krm-sso/src,/opt/report/krm-common/src
sonar.sourceEncoding=UTF-8
sonar.ce.javaOpts=-Xms=512 -Xmx=2048 -XX:+HeapDumpOnOutOfMenonyError

# must be unique in a given SonarQube instance
sonar.projectKey=report
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
#sonar.projectName=My project #项目名称
sonar.projectVersion=1.0.0

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.

# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

# Encoding of the source code. Default is default is defasonar.ce.javaOpts= -Xmx=2560 -Xms=853 -XX:+HeapDumpOnOutOfMenonyError

sonar.projectName=report
sonar.ce.workCount=1
sonar.language=java
sonar.source=src
sonar.java.binaries=/opt/report/report/src,/opt/report/portal/src,/opt/report/krm-sso/src,/opt/report/krm-common/src
sonar.sourceEncoding=UTF-8
sonar.ce.javaOpts=-Xms=512 -Xmx=2048 -XX:+HeapDumpOnOutOfMenonyError


##suona  Qpu 的服务器
##代码扫描 suona sigai 特