docker_jenkins_ansible 部署 java 服务 01

整体思路

因为原有环境带有 gitlab 和 ansible，故本文不表述如何部署 gitlab/ansible

部署 jenkins

安装 docker，优化配置

# 安装 docker
curl https://download.docker.com/linux/centos/docker-ce.repo -o  /etc/yum.repos.d/docker.repo && yum -y install docker-ce.x86_64

# 启动 docker，关闭防火墙
systemctl start docker && systemctl enable docker && systemctl stop firewalld.service && systemctl disable firewalld.service

# 关闭 selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux && sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

# 优化 ssh
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config && sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config && systemctl restart sshd

# 修改最大文件打开数和最大进程数
echo "* - nofile 65535" >> /etc/security/limits.conf && echo "* - nproc 65536" >> /etc/security/limits.conf && sed -i 's#4096#65536#g' /etc/security/limits.d/20-nproc.conf

# 修正系统时间
(crontab -l;echo '*/30 * * * * /usr/sbin/ntpdate ntp1.aliyun.com && /usr/sbin/hwclock -w') | crontab && echo '*/30 * * * * root /usr/sbin/ntpdate ntp1.aliyun.com && /usr/sbin/hwclock -w' >> /etc/crontab

# 内核参数调优
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
sysctl -p >/dev/null 2>&1

# 配置 docker 镜像加速
vim /etc/docker/daemon.json
{
   "registry-mirrors": [
       "https://mirror.ccs.tencentyun.com"
  ]
}

# 重启 docker
systemctl daemon-reload && systemctl restart docker

安装 jenkins，配置 jenkins

部署 jenkins

# docker 部署 jenkins
mkdir -p /data/jenkins && chown -R 1000:1000 /data/jenkins/ && docker run -itd --name jenkins --hostname jenkins --restart=always -v /data/jenkins:/var/jenkins_home -v /etc/localtime:/etc/localtime:ro -p 8080:8080 -p 50000:50000 --add-host=raw.githubusercontent.com:151.101.108.133 jenkins/jenkins

# 查询配置密钥
cat /data/jenkins/secrets/initialAdminPassword 
XXXXXXXXXX

# 修改插件源
vim /data/jenkins/hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
  <site>
    <id>default</id>
    <url>http://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
  </site>
</sites>

# 修改网络检测地址
sed -i "s#http://www.google.com/#http://www.baidu.com/#g" /data/jenkins/updates/default.json

sed -i "s#https://updates.jenkins.io/download#http://mirrors.tuna.tsinghua.edu.cn/jenkins#g" /data/jenkins/updates/default.json

# 重启 jenkins
docker restart jenkins

在页面上配置 jenkins
(我这里地址为：http://10.18.193.110:8080/)

安装其他插件

安装以下插件，之后重启一下 jenkins 容器

GitLab / Publish Over SSH / SSH / Maven Integration