安装ansible并实现无密钥登录
<code>安装阿里云YUM源码[root@node1 ~]# cat <>/etc/yum.repos.d/epel.repo[epel]name=epel for aliyunbaseurl=https://mirrors.aliyun.com/epel/7/x86_64/enabled=1gpgcheck=0[os]name=os for aliyunbaseurl=https://mirrors.aliyun.com/centos/7/os/x86_64/enabled=1gpgcheck=0 EOF[root@node1 ~]$ yum clean all[root@node1 ~]$ yum makecache安装ansible[cce@node1 ~]$ yum list |grep ansible*ansible.noarch 2.3.0.0-3.el7 epel ansible-doc.noarch 2.3.0.0-3.el7 epel ansible-inventory-grapher.noarch 2.3.2-1.el7 epel ansible-lint.noarch 3.4.9-1.el7 epel ansible-openstack-modules.noarch 0-20140902git79d751a.el7 epel ansible-review.noarch 0.13.0-2.el7 epel kubernetes-ansible.noarch 0.6.0-0.1.gitd65ebd5.el7 epel python2-ansible-tower-cli.noarch 3.1.3-1.el7 epel [root@node1 ~]$ yum install -y ansible将ops用户的公钥传输到指定服务器,实现无密钥登录[ops@node1 ~]$ ls .ssh/id_rsa id_rsa.pub known_hosts 将ansible所有权给我们的ops用户[root@node1 ~]# chown -R ops:ops /etc/ansible/将两台客户端服务器加入我们的ansible认真hosts表里,并归纳为test组[ops@node1 ~]# tail -3 /etc/ansible/hosts [ops]172.16.1.73测试无密钥[ops@node2 ~]$ ansible 172.16.1.73 -a 'hostname'172.16.1.73 | SUCCESS | rc=0 >>node3.cce.com /<code>
安装配置jenkins
<code>配置jenkins运行所需java环境[root@node2 ~]# tar xf jdk-8u144-linux-x64.tar.gz[root@node2 ~]# mv jdk1.8.0_144/ /usr/local/jdk1.8[root@node2 ~]# tail -3 /etc/profileexport JAVA_HOME=/usr/local/jdk1.8export CLASSPATH=.:$JAVA_HOME/jre/lib/*:$JAVA_HOME/lib/*export PATH=$PATH:$JAVA_HOME/bin[root@node2 ~]# source /etc/profile安装配置jenkins[root@node2 ~]# mkdir -pv /data/jenkins/data[root@node2 ~]# tail -1 /etc/profileexport JENKINS_HOME=/data/jenkins/da[root@node2 ~]# wget http://mirrors.jenkins.io/war-stable/2.46.3/jenkins.war [root@node2 ~]# mkdir -pv /data/www/jenkins[root@node1 ~]# mv jenkins.war /usr/local/jenkins/ [root@node2 ~]# unzip jenkins.war -d /data/www/jenkins[root@node2 ~]# tar xf apache-tomcat-8.5.23.tar.gz [root@node2 ~]# mv apache-tomcat-8.5.23 /usr/local/tomcat[root@node2 ~]# sed -i '[email protected]\\=file:/dev/[email protected]=file:/dev/urandom@' /usr/local/jdk1.8/jre/lib/security/java.security[root@node2 ~]# sed -i '53,$d' /usr/local/tomcat/conf/server.xml[root@node2 ~]# cat << EOF >> /usr/local/tomcat/conf/server.xml <service> <connector> <connector> <engine> <realm> <realm> /<realm> <host> <context> <valve> /<host> /<engine> /<service>EOF[root@node2 ~]# /usr/local/tomcat/bin/startup.sh[root@node2 ~]# netstat -ntlp|grep 8080tcp6 0 0 :::8080 :::* LISTEN 1212/java配置nginx反代[root@node2 ~]# yum install -y openssl-devel pcre-devel gcc gcc-c++[root@node2 ~]# useradd -r -M -s /sbin/nologin www[root@node2 ~]# tar xf nginx-1.8.1.tar.gz [root@node2 ~]# cd nginx-1.8.1[root@node2 nginx-1.8.1]# ./configure --prefix=/usr/local/nginx \\--http-client-body-temp-path=/usr/local/nginx/client/ \\--http-fastcgi-temp-path=/usr/local/nginx/fcgi/ \\--http-proxy-temp-path=/usr/local/nginx/proxy/ \\--http-uwsgi-temp-path=/usr/local/nginx/uwsgi \\--http-scgi-temp-path=/usr/local/nginx/scgi \\--pid-path=/usr/local/nginx/run/nginx.pid \\--lock-path=/usr/local/nginx/nginx.lock \\--with-http_gzip_static_module \\--with-http_stub_status_module \\--with-http_addition_module \\--with-http_realip_module \\--with-http_ssl_module \\--with-http_flv_module \\--with-http_dav_module \\--with-http_sub_module \\--with-http_mp4_module \\--with-file-aio \\--with-pcre \\--user=www[root@node2 nginx-1.8.1]# make -j 2 && make install[root@node2 ~]# cat /usr/local/nginx/conf/vhosts/default.conf server { listen 80; server_name localhost; access_log /usr/local/nginx/logs/access.log; error_log /usr/local/nginx/logs/error.log; default_type 'text/html'; charset utf-8; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } location /.well-known { default_type text/plain; alias /tmp_ssl/.well-known; } }[root@node2 ~]# cat /data/jenkins/data/secrets/initialAdminPassword52ceabf77a72430a873ba095cfbafa07/<code>
构建DockerRegistry私有仓库
<code>1、pull最新官方registery镜像[root@node2 ~]# docker pull registry2、创建宿主机registry存储路径[root@node2 ~]# mkdir -pv /data/docker/registry 3、启动容器[root@node2 ~]# docker run -d -v /data/docker/registry:/var/lib/registry -p 5000:5000 --restart=always --name=registry registry4、在发布节点测试访问registry[root@node3 ~]# curl 172.16.1.72:5000/v2/_catalog{"repositories":[]}5、编写nginx/php的Dockerfile[root@node3 ~]# tree lnmp/├── nginx│ ├── default.conf│ ├── Dockerfile│ ├── nginx-1.8.1.tar.gz│ ├── nginx.conf│ └── wwwroot│ └── index.html└── php ├── Dockerfile └── php-7.1.12.tar.gz[root@node3 ~]# cat lnmp/nginx/Dockerfile FROM centos:centos6MAINTAINER caichangenADD nginx-1.8.1.tar.gz /RUN yum install -y openssl-devel pcre-devel gcc gcc-c++ && \\ yum clean all && \\ useradd -r -M -s /sbin/nologin www && \\ cd /nginx-1.8.1 && \\ ./configure --prefix=/usr/local/nginx --with-pcre --with-file-aio --with-http_ssl_module --with-http_flv_module --with-http_dav_module --with-http_sub_module --with-http_mp4_module --with-http_realip_module --with-http_addition_module --with-http_gzip_static_module --with-http_stub_status_module --lock-path=/usr/local/nginx/nginx.lock --pid-path=/usr/local/nginx/run/nginx.pid --http-scgi-temp-path=/usr/local/nginx/scgi --http-fastcgi-temp-path=/usr/local/nginx/fcgi/ --http-uwsgi-temp-path=/usr/local/nginx/uwsgi --http-proxy-temp-path=/usr/local/nginx/proxy/ --http-client-body-temp-path=/usr/local/nginx/client/ --user=www && \\ make -j 2 && \\ make install && \\ mkdir -pv /usr/local/nginx/conf/vhosts && \\ mkdir -pv /data/wwwroot && \\ chown www:www -R /data/wwwroot && \\ rm -rf /nginx-1.8.1ADD nginx.conf /usr/local/nginx/conf/nginx.confADD default.conf /usr/local/nginx/conf/vhosts/default.confCMD /usr/local/nginx/sbin/nginxVOLUME /data/wwwrootEXPOSE 80[root@node3 ~]# cat lnmp/php/Dockerfile FROM centos:centos6MAINTAINER caichangenADD php-7.1.12.tar.gz /WORKDIR /php-7.1.12RUN rpm -vih http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm && \\ yum install -y libjpeg-turbo-devel curl-devel libxml2-devel libpng-devel freetype-devel php-mcrypt libmcrypt-devel zlib-devel php-gd \\ gcc gcc-c++ openssl-devel && \\ yum clean all && \\ mkdir -pv /data/wwwroot && \\ useradd -r -M -s /sbin/nologin www && \\ ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-libxml-dir=/usr --with-mcrypt --enable-gd-native-ttf \\ --with-fpm-user=www --with-freetype-dir --enable-mbstring --enable-mbregex --with-iconv-dir --enable-sysvsem --enable-sockets \\ --with-jpeg-dir --disable-rpath --enable-bcmath --with-png-dir --enable-shmop --with-openssl --with-gettext --enable-pcntl \\ --with-xmlrpc --enable-soap --enable-xml --enable-zip --enable-fpm --with-iconv --with-mhash --with-curl --with-gd --with-mysql --with-mysqli && \\ make -j 2 && \\ make install && \\ cp php.ini-production /usr/local/php/etc/php.ini && \\ cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf && \\ cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf && \\ sed -i 's/127.0.0.1:9000/0.0.0.0:9000/' /usr/local/php/etc/php-fpm.d/www.conf && \\ rm -rf /php-7.1.12 && \\ chown www:www -R /data/wwwrootCMD ["/usr/local/php/sbin/php-fpm","-F"]VOLUME /data/wwwrootEXPOSE 9000构建镜像并上传到我们的registry中[root@node3 nginx]# docker build -t 172.16.1.72:5000/nginx .[root@node3 nginx]# docker push 172.16.1.72:5000/nginx:latest[root@node3 php]# docker build -t 172.16.1.72:5000/php .[root@node3 php]# docker push 172.16.1.72:5000/php[root@node3 ~]# curl 172.16.1.72:5000/v2/_catalog{"repositories":["busybox","nginx","php"]}/<code>
閱讀更多 動漫資深愛好者 的文章