Jenkins 使用

---

---

---

一、jenkins 任务执行

jenkins 创建 job
job的名字最好是有意义的

restart_web_backend
restart_web_mysql

[root@jenkins ~]# ls /var/lib/jenkins/
config.xml                                      nodeMonitors.xml
hudson.model.UpdateCenter.xml                   nodes
hudson.plugins.git.GitTool.xml                  plugins
identity.key.enc                                queue.xml.bak
jenkins.install.InstallUtil.lastExecVersion     secret.key
jenkins.install.UpgradeWizard.state             secret.key.not-so-secret
jenkins.model.JenkinsLocationConfiguration.xml  secrets
jenkins.telemetry.Correlator.xml                updates
jobs                                            userContent
logs                                            users
[root@jenkins ~]# ls /var/lib/jenkins/jobs/
guan_jenkins_job
[root@jenkins ~]# ls /var/lib/jenkins/jobs/guan_jenkins_job/
builds  config.xml

[root@jenkins ~]# ls  /var/lib/jenkins/workspace/guan_jenkins_job
guan12319.txt

清理工作空间之后，可以发现workspace目录下没有内容了

[root@jenkins ~]# ls  /var/lib/jenkins/workspace/

二、 Jenkins 连接gitee

ssh协议连接方式

获取仓库地址

git@gitee.com:sound-of-birds-chirpingg/test_git.git

目的：用户在jenkins服务器上去Gitee（码云）下载代码，然后把代码下载到jenkins服务器上

常见报错
jenkins 没有安装git

yum install -y git

没有做免密

用ssh-keygen 生成公私要，然后上传公钥到gitee上，进行免密登录

[root@jenkins ~]# cat  ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6ATb8WL+zTOhYNkwJKr+xfaZ5QbfLBxyaRYtcO977T6ySDv1MDmBXC0ELBOE0x/Pyac3u5IB+NjLsKM63iYzSXrqk0TzjgrCXM85ZdnJ3mqCwaOa0xt2xFYeu0Pxz5o6CO+bffgfoInEIBHn44UaiJLM1qUdyoIxm8vKEaWF5ZZeDvyl8s952du0NgAQeRr70aISqRFTfZM5rYtkJeQ1r/3O0fuv5VbbklJprOid+viXwPIATLnste4TMFeN0dWW752WSfYpxR/XbPWLeZ0rTu3frIhLCsTOpPZyoLvRwJ7SpqLyPpLxC3mTYysPe66/VmSB6AkOebz9bDHWdsCiyHF6yV8Rl6MPHiilYW+nzWV48Mj5mVO7JMA5euFNMsgNqF908HS9czjD89nOjWjeSjlMn/+TweGulVHopP6n0puC+g2PFPLCfULm9J+JpRJNRCFXoEZ3MW1B3okHZ/Kq9zJNLQs7TjrHhCE8zR2wWULCybLrwqbsHXGRarW6QJvE= root@jenkins

[root@jenkins ~]# cat  ~/.ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAugE2/Fi/s0zoWDZMCSq/sX2meUG3ywccmkWLXDve+0+skg79TA5g
VwtBCwThNMfz8mnN7uSAfjYy7CjOt4mM0l66pNE844KwlzPOWXZyd5qgsGjmtMbdsRWHrt
D8c+aOgjvm334H6CJxCAR5+OFGoiSzNalHcqCMZvLyhGlheWWXg78pfLPednbtDYAEHka+
9GiEqkRU32TOa2LZCXkNa/9ztH7r+VW25JSaazonfr4l8DyAEy57LXuEzBXjdHVlu+dlkn
2KcUf12z1i3mdK07t36yISwrEzqT2cqC70cCe0qai8j6S8Qt5k2MrD3uuv1ZkgegJDnm8/
Wwx1nbAoshxeslfEZejDx4opWFvp81lePDI+ZlTuyTAOXrhTTLIDahfdPB0vXM4w/PZzo1
o3ko5TJ//k8HhrpVR6KT+p9KbgvoNjxTywn1C5vSfiaUSTUQhV6BGdzFtQd6JB2fyqvcyT
S0LO046x4QhPM0dsFlCwsmy68Km7B1xkWq1ukCbxAAAFiOM92dvjPdnbAAAAB3NzaC1yc2
EAAAGBALoBNvxYv7NM6Fg2TAkqv7F9pnlBt8sHHJpFi1w73vtPrJIO/UwOYFcLQQsE4TTH
8/Jpze7kgH42MuwozreJjNJeuqTRPOOCsJczzll2cneaoLBo5rTG3bEVh67Q/HPmjoI75t
9+B+gicQgEefjhRqIkszWpR3KgjGby8oRpYXlll4O/KXyz3nZ27Q2ABB5GvvRohKpEVN9k
zmti2Ql5DWv/c7R+6/lVtuSUmms6J36+JfA8gBMuey17hMwV43R1ZbvnZZJ9inFH9ds9Yt
5nStO7d+siEsKxM6k9nKgu9HAntKmovI+kvELeZNjKw97rr9WZIHoCQ55vP1sMdZ2wKLIc
XrJXxGXow8eKKVhb6fNZXjwyPmZU7skwDl64U0yyA2oX3TwdL1zOMPz2c6NaN5KOUyf/5P
B4a6VUeik/qfSm4L6DY8U8sJ9Qub0n4mlEk1EIVegRncxbUHeiQdn8qr3Mk0tCztOOseEI
TzNHbBZQsLJsuvCpuwdcZFqtbpAm8QAAAAMBAAEAAAGBAIn7preyeptfXSk7NlLClKvto1
Zmixqg7vX+yzAj9fmGlGVRm1QVgiBwZ9Ltzsch4fUdyjgC6NM4D7SjXR5IeuAAiAMGeV3p
MGkqdFRniujxG21ilGrc786TQzFLNUwhZ+xy1YVL8D+jdShWcclQDN7xzMPtDOSa9yzT41
aY+kddNvX0FKm+oTROavJN2kA/iR60fl31DOUf2gVNseXWGD/apBHs6c7waBnPp3IOFQhv
tKMvrm8MVzJZZB0ly7Mz9n2ZPQuTLQfWV8zN9uVfJgfAd0nyPpnkmEH1a9i7G1RHzD9y94
/60Ub9cCwyzoXXm7zT6TS2hpci1LM+moCkro8YlfF5YgbP1STQhCbF+l+EjvgWnJMT50yY
WSOwT9jdt6QDTMspl1fabUX/H3Jk4QztEiphMGg0/tT4fx+3Jm2SbTmyLZkQJwce86qt+h
21A+AbQSfVG/frMiMOqbcI2dqzbiz7B3W+SYsRdvTpFX4QDPczSvzUGak8FgY99EO6AQAA
AMEA00nbSP1zG9FfHCA2WDCSRqKPYduOLdyQUf1gPIavF//0HHOBIJyQ8pp9oTvArZCW20
V0n10yxxFwS/GqJ8isMBELM9rnJ5gYVp7t31oV+n9gqqPgjXvmTtqiqotOCOXCTTjryNBe
goUzMqTwqnUNnJy4JC2tGLG8QUJA5v+Ajx2H9EaZmKNwU69wZdXXuoNA7Oqnt/W/qey91l
DCe0pp2vlsrWARnrRwkq747JDuQZgfJ8FR7VQ0PwnShYddPhgsAAAAwQDanDLFQGQlAEGf
9Xaa0hvpDy8rAgpW02t0j/uwedmrrjKa9l3MHjEb42iO3FSsWSVUnGNjdDAXlubGWpfG6Q
VJDuwHYujppIjq2GCipmrS5E7eriLQyMR3009DEF4AJvWvLyoVs951O9ThC/VKZXfiaMAP
67aDyxQg0cLCeAJHQJW4yc6hgp1uEhru5ViRCOxsag6z1s4q0Y8lPcHbInzCtRCEPC5+8G
C/K1JTRbcKznwGUciQ6IGYqbC0gFE9OdEAAADBANnRZTXzS7Ml17HmxJylS0XRmKpBC64Y
vEay8AUdMLfJ/Z1SKq54tD8T2AFQHRTlANd7jmpWjxebJ6AuzlCGIgFvMaWzG5wE5RuMCj
/yhPgTS6HrRNIzM0BBjQQG2P1sgUPeaWhQcD5NrIzUmL3QA2ZqohEzNSmXNHLWXbHd2VQf
DMbIUyjjdQw3eIADpuLpOx7RnI9JhOE1ns84mKE7OIfAaDssqbsdl2UsiSprq8V4/vjNpr
4u5QnBxUrmz2pDIQAAAAxyb290QGplbmtpbnMBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----

• 在jenkins服务器上配置好git，生成公私钥发给gitlab
• 在jenkins服务器里做好配置，和凭证，写入私钥

Https 协议连接方式

1.获取仓库地址

https://gitee.com/sound-of-birds-chirpingg/test_git.git

2.安装gitee插件，并在安装完成之后重启jenkins服务

添加凭据




此时，gitee仓库更新内容，而jenkins还是之前的内容，没有同步

这个时候，只需要在jenkins 服务器上在构建一次，就完成了代码仓库的同步更新

[root@jenkins guan_jenkins_job]# ls
git.txt  guan12319.txt  guan.txt  hello.txt
[root@jenkins guan_jenkins_job]# ls
git.txt  guan12319.txt  guan.txt  hello.txt  README.md
[root@jenkins guan_jenkins_job]# 

三、Jenkins 部署静态网站

自动化部署静态站点
1.手动或自动部署一个nginx集群
2.开发提交代码到代码托管平台，gitee
3.运维开发shell脚本，交给jenkins去执行这个脚本，jenkins再去获取代码，推送到nginx集群下

实验准备：使用了2台服务器，一台是运行jenkins服务，另一台运行web服务

1.在web服务器部署一个nginx web 集群

yum install -y nginx

2.修改nginx的配置文件

[root@web ~]# vim /www/server/nginx/conf/nginx.confserver{listen 888; //修改端口server_name phpmyadmin;index index.html index.htm index.php;root  /www/server/phpmyadmin;location ~ /tmp/ {return 403;}

创建页面

[root@web ~]# cd /www/server/phpmyadmin
[root@web phpmyadmin]# ls
[root@web phpmyadmin]# echo "hello guan12319" > index.html
[root@web phpmyadmin]# ls
index.html

在浏览器访问页面

[root@web phpmyadmin]# cat index.html 
hello guan12319 ----> 你好，世界

在网页文件输入中文出现乱码

解决办法，在网页文件加入如下内容

[root@web phpmyadmin]# cat index.html 
<meta charset=utf8>
hello guan12319 ---- 你好，世界

模拟开发推送代码带gitee或者gitlab或者GitHub

• 开发将代码提交到仓库
• 运维通过jenkins从gitee或gitlab拉取代码，然后在jenkins通过使用shell部署到nginx服务器上。

• 在jenkins上创建心的job，然后填入内容，用于执行一个脚本

sh -x /scripts/deploy_nginx.sh

• 在jenkins服务器上部署好脚本

[root@jenkins ~]# mkdir /scripts/
[root@jenkins ~]# touch /scripts/deploy_nginx.sh
[root@jenkins ~]# cat   /scripts/deploy_nginx.sh
#1,进入代码目录，打包传输
DATE=$(date +%Y-%m-%d-%H-%M-%S)
#web_server="154.9.228.2 154.9.228.3 154.9.228.4"
web_server="154.9.228.2"# 定义部署的功能函数
# $WORKSPACE 是 jenkins 特有的变量，取得当前job的工作绝对路径
get_code(){cd $WORKSPACE &&  tar -czf /opt/web-${DATE}.tar.gz *
}# 2.代码发送给web集群组
scp_web_server(){
for hosts in $web_server
do# jenkins执行如下命令，将自己本地代码压缩文件,scp发送给nginx服务器scp  /opt/web-${DATE}.tar.gz root@$hosts:/opt/# jenkins服务器，利用ssh命令，远程执行命令ssh  root@$hosts "mkdir -p /nginx_web_html/web-${DATE} && \tar -zxf /opt/web-${DATE}.tar.gz -C  /nginx_web_html/web-${DATE} && \rm -rf /nginx_web_html/web && \ln -s /nginx_web_html/web-${DATE} /nginx_web_html/web"
done
}
# nginx 服务器上的网页根目录是： /nginx_web_html/web# 3.函数执行
deploy(){get_codescp_web_server
}# 4.执行入口
deploy#给脚本赋予执行权限
[root@jenkins ~]# chmod 777  /scripts/deploy_nginx.sh

脚本直接执行，如果权限不够，可能是因为jenkins这个服务是jenkins用户运行的，像要操作目录权限不够，所以需要修改jenkins的用户为root

[root@jenkins ~]# grep root /etc/sysconfig/jenkins 
JENKINS_USER="root"

Host key verification failed 和 Pwemisssion denied -> 这说明我们需要用jenkins的用户做免密将公钥发给目标服务器

解决jenkins账户无法切换+jenkins免密登录+ssh免密登录+scp免密远程复制的问题
1.解决jenkins账户无法切换

[root@jenkins ~]# vim ~/.bash_profile
# 在最后一行添加如下一行，并保存退出
export PS1='[\u@\h \W]\$'[root@jenkins ~]# source ~/.bash_profile // 再刷新.bash_profile文件，使其起作用

2.jenkins免密登录

[root@jenkins ~]# vim /etc/sudoers 
# 在最后一行添加如下一行，为jenkins用户添加免密码，然后并wq!强制保存退出
jenkins ALL=(ALL) NOPASSWD: ALL
[root@jenkins ~]# /etc/init.d/jenkins restart
Restarting jenkins (via systemctl):  [  OK  ]
[root@jenkins ~]# 
[root@jenkins ~]# su jenkins //成功切换到jenkins用户下，且无需密码
[jenkins@jenkins root]$  

3.ssh免密登录
scp的免密执行其实取决于ssh的免密登录。假如ssh能够免密登录的话那么jenkins就可以直接调用scp不用输入密码了，当然就可以自动执行不用人工干预了。

# 安装ssh，默认已安装好# yum install ssh# 启动ssh服务器端# systemctl start  sshd
# systemctl status  sshd

当我想要远程登录或者scp拷贝文件给目标服务器每次输入密码登录十分麻烦，有没有一种方式可以让服务器能够确定我的身份，无需输入密码可以直接通过认证？

ssh除了使用密码验证外，还提供了一种公私密钥的验证方式。客户端生成一个私钥，并生成一个与之对应的公钥，然后将公钥上传到服务器上。操作如下：

#要先切换到jenkins的账户
[root@jenkins ~]# su jenkins
[jenkins@jenkins root]$ [jenkins@jenkins root]$ ssh-keygen -t rsa 

-t指定要创建的密钥类型，默认是rsa，所以跟执行ssh-keygen是一样的
期间会提示你输入你私钥的加密密码。如果想要完全做到不需要密码登录，此处可留空，直接回车，否则以后每次连接都需要输入密码。
完成后，会当前用户的主目录下的~/.ssh/路径下生成两个文件id_rsa与id_rsa.pub分别是私钥与公钥。

接下来，要把生成的公钥上传到服务器上，同样还是在客户端执行以下的代码

[jenkins@jenkins root]$ # ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.2

执行完成后，即可看到公钥了

[jenkins@jenkins root]$ cat /var/lib/jenkins/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBMDVDdhOsrp2vmERAhyn8h1aUwR+A7t1wxPMCuIj3pXobkj/HybI7ccKRIb/v2aNX9f2Rahmm8shImY+r+b+VQXG1vQaZN8cSekazNQqiEH044axqS0L/MvPxxFu0Y6qQVCQjau2qnYU/EKe50UTUlrR2zgJIFOuIIqhBRqXR7VruPzk6guCAJ8wjMZ1ZN4/HO2hkCxNQk2dWE7cV3O7CB3/gKocMQkjfWvn/u7swLxxoJa9kQAFqjZWGgmpFLvqZ0HYHMavsXdAwfoHpa719JegDqaqVqIXyvTkgWe9YfILexRWgMws2h6xHmNysKJZsRRF9ZXyObQbJqoSfzOIaqsiyCsMrgrhSIykQnocnDPBSY86cBQUIVM5sjLunYQ23QujHfPqjaPQMgakYcOkfTmzbMs1FemsSgcdcU+JhXvslARf4GAgJbu3VlHK16wWOEqpJzfTXga2hpt/UNRAYqcZfXHF9n0ZgX0UdjhWqCNamPn9PltQorqDPSjQHqwPV4tN2aGy5UuzH5a5yG6ti8esm0Tn3N8bDfEDUtYTIsPHu6gu+a4omXI6JzOBZfPW72Zl3MynkEeYTYnsPpEonvD7sV/YfUxDNSaDkTT8Qz3lDOWmHMz1BhHu893GIpKln+vwy33TfBU/21pjzFJrnZgYyPbbVtEUeR59rfLcjhw== jenkins@jenkins

接下来，测试一下 ssh远程登录到目标机器来看看是否免密成功：

[jenkins@jenkins root]$ ssh -p 当前服务器的ssh端口（默认是22） 你要登录的目标服务器账号（通常为root）@远程ip地址

当看到成功登录对方服务器，免密就成功了

[jenkins@jenkins root]$ ssh -p 22  root@154.9.228.2
RainYun Cloud Services                                                                                                                                                    
Check out the latest activities or get help from: https://www.rainyun.com 
Activate the web console with: systemctl enable --now cockpit.socketLast failed login: Wed Aug  9 12:28:55 CST 2023 from 218.92.0.76 on ssh:notty
There were 3089 failed login attempts since the last successful login.
Last login: Wed Aug  9 03:14:38 2023 from 154.9.228.2
[root@web ~]#
[root@web ~]# exit
logout
Connection to 154.9.228.1 closed.
[jenkins@jenkins root]$ 

将生成的公钥发给目标服务器

ssh-copy-id -i /var/lib/jenkins/.ssh/id_rsa.pub root@目标ip地址

[jenkins@jenkins root]$ ssh-copy-id -i /var/lib/jenkins/.ssh/id_rsa.pub   root@154.9.228.2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '154.9.228.175 (154.9.228.2)' can't be established.
ECDSA key fingerprint is SHA256:owTLa6pSR6GuEAU2pjUJuFGOiUbPFbAGh25BbwHzfRk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@154.9.228.2's password:  //输入目标服务器的密码Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@154.9.228.2'"
and check to make sure that only the key(s) you wanted were added.[jenkins@jenkins root]$ ssh root@154.9.228.2 //ssh远程登录目标服务器测试一下
RainYun Cloud Services                                                                                                                                                    
Check out the latest activities or get help from: https://www.rainyun.com 
Activate the web console with: systemctl enable --now cockpit.socketLast failed login: Wed Aug  9 12:37:33 CST 2023 from 180.101.88.219 on ssh:notty
There were 52 failed login attempts since the last successful login.
Last login: Wed Aug  9 12:28:57 2023 from 154.9.228.2
[root@web ~]# exit
logout
Connection to 154.9.228.1 closed.
[jenkins@jenkins root]$ 

好了到这里，jenkins用户的免密完成了

构建成功之后即可，访问网页了

网页文件准备完成

[root@web web-2023-08-09-03-43-54]# cat /nginx_web_html/web-2023-08-09-03-43-54/index.html 
<!DOCTYPE html>
<meta charset=utf8>
<html>
<head><title>我的网页</title>
</head>
<body><h1>欢迎来到我的网页！</h1><p>这是一个用HTML编写的网页示例。</p>
</body>
</html>

访问网站