[Debian] Debian 10.6 安裝 新版 jenkins 和 Ansible + Nginx 1.19 + mariadb + php8.0
安裝作業系統 後 接著安裝 ansible + jenkins
20210112 更新
#
pip3 install ansible
#
# 確認版本
ansible --version
# 舊版安裝
apt install gnupg2
deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main
~# echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list
~# sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
~# sudo apt update
~# sudo apt install ansible -y
~# pip install ansible
~# sudo ansible --version
設定 ssh key 即同步到主機
~# ssh-keygen
~# ssh-copy-id root@192.168.96.15
~# ssh-copy-id root@192.168.96.17
設定 Ansible 主機群
~# vi $HOME/hosts
[Web]
192.168.1.15
[DB]
192.168.1.17
安裝 java jdk
apt install default-jdk
將 Jenkins repository 更新到你的系統內
### Debian 10.3 版本以上執行
sudo wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt update
sudo apt install jenkins
###
更新套件並安裝 jenkins
sudo apt update
sudo apt install jenkins
設定開機啟動 jenkins
sudo systemctl enable --now jenkins
#$ echo deb http://nginx.org/packages/debian/ stretch nginx | sudo tee /etc/apt/sources.list.d/nginx.list
$ echo "deb http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
$ wget http://nginx.org/keys/nginx_signing.key && sudo apt-key add nginx_signing.key
$ sudo apt update && apt install nginx -y
需要注意的是,這一步安裝的 Nginx 和系統自帶的 nginx 的配置目錄略有區別,可以用一下幾個簡單的命令修正:
讓設定習慣不用改變
sudo mkdir /etc/nginx/{sites-available,sites-enabled}
sudo mv /etc/nginx/conf.d/* /etc/nginx/sites-available
sudo rmdir -f /etc/nginx/conf.d/
sudo perl -pi -e 's/conf.d/sites-enabled/g' /etc/nginx/nginx.conf
要設定一下設定檔連結
ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/
mkdir -p /var/www/html
chown -R nginx:nginx /var/www/html
檢查 nginx 設定檔是否正確
nginx -t
重新啟動 nginx 並 設定開機啟動
systemctl restart nginx
systemctl enable nginx
Step 1: Update system apt index
sudo apt -y update
sudo apt -y install software-properties-common gnupg2 dirmngr
sudo apt -y upgrade
sudo reboot
Step 2: Import MariaDB gpg key and add repository.
#####$ apt install software-properties-common dirmngr -y
$ apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
$ add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://mirror.rackspace.com/mariadb/repo/10.5/debian buster main'
apt update
安裝
apt install mariadb-server mysqltuner -y
$ systemctl start mysql.service
$ mysql_secure_installation
$ mysql -V
mysql Ver 15.1 Distrib 10.5.8-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
root@debian-s-1vcpu-1gb-sfo2-01:~#
Step 3: Install MariaDB 10.5 on Debian 10 (Buster)
Step 4: Secure MariaDB server
$ sudo mysql_secure_installation
檢查版本
MariaDB [(none)]> SELECT VERSION();
+----------------------------------------+
| VERSION() |
+----------------------------------------+
| 10.5.10-MariaDB-1:10.5.10+maria~buster |
+----------------------------------------+
1 row in set (0.000 sec)
MariaDB [(none)]>
#
建立資料庫及給設定使用者權限
CREATE DATABASE labstack;
CREATE USER 'labstackuser'@'localhost' IDENTIFIED BY 'new_password_here';
GRANT ALL ON labstack.* TO 'labstackuser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
#####
# 設定 mysql 讓PHP呼叫
'''
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'localhost';
create database argus_demo;
GRANT USAGE ON `argus_demo`.* to 'demouser'@'localhost' identified by 'gIWeWCa2k8GuMJSM61';
GRANT ALL PRIVILEGES ON `argus_demo`.* to 'demouser'@'localhost' with grant option;
flush privileges;
CREATE TABLE users (
id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
create database argus_demo2;
GRANT USAGE ON `argus_demo2`.* to 'demouser2'@'localhost' identified by 'gIWeWCa2k8GuMJSM61';
GRANT ALL PRIVILEGES ON `argus_demo2`.* to 'demouser2'@'localhost' with grant option;
flush privileges;
mysql -u demouser2 -pgIWeWCa2k8GuMJSM61 -D argus_demo2 < users.sql
$link = mysqli_connect("localhost","demouser2",".98vfwL9zpLI","argus_demo2");
'''
to diable unix_socket auth (passwordless login on cli)
Mariadb config
/etc/mysql/mariadb.conf.d/50-server.cnf
MySQL config
/etc/mysql/my.cnf
add following parameter
plugin-load-add = auth_socket.so
on mysql cli
update mysql.user set password=password('GerP@ssword') where user='root';
update mysql.user set plugin=” where User='root';
or
ALTER USER 'root'@'localhost' IDENTIFIED BY 'GerP@ssw0rd';
flush privileges;
restart MySQL server
systemctl restart mariadb.service
or
systemctl restart mysql.service
ALTER USER 'root'@'localhost' IDENTIFIED BY 'GerP@ssw0rd';
############ 安裝 php 8.0 #######################################
apt-get install -y apt-transport-https lsb-release ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
apt update
apt upgrade
安裝新版 php8.0
apt install php8.0 php8.0-cli php8.0-cgi php8.0-fpm php8.0-gd php8.0-mysql php8.0-imap php8.0-curl \
php8.0-intl php8.0-pspell php8.0-sqlite3 php8.0-tidy php8.0-xmlrpc php8.0-xsl php8.0-zip php8.0-mbstring \
php8.0-soap php8.0-opcache libonig5 php8.0-common php8.0-readline php8.0-xml php8.0-ssh2 php8.0-gmp -y
or
sudo apt install php8.0-{common,mysql,xml,xmlrpc,curl,gd,imagick,cli,dev,imap,mbstring,opcache,soap,zip,intl,bcmath} -y
pecl install mcrypt-1.0.4
# Install PHP mcrypt on Debian 10/PHP 預設
#
# Install pre-requisites
apt install php-dev libmcrypt-dev php-pear -y
# Install mcrypt PHP module
pecl channel-update pecl.php.net
pecl install channel://pecl.php.net/mcrypt-1.0.4
###########################################################
Build process completed successfully
Installing '/usr/lib/php/20190902/mcrypt.so'
install ok: channel://pecl.php.net/mcrypt-1.0.3
configuration option "php_ini" is not set to php.ini location
You should add "extension=mcrypt.so" to php.ini
Add mcrypt.so to the php.ini file
vi /etc/php/8.0/cli/php.ini
For Nginx, use this:
vi /etc/php/8.0/fpm/php.ini
For Apache
vi /etc/php/8.0/apache2/php.ini
修改 php.ini 設定
file_uploads = On
allow_url_fopen = On
memory_limit = 256M
upload_max_filesize = 100M
cgi.fix_pathinfo = 0
max_execution_time = 360
date.timezone = Asia/Taipei
# 修改 php.ini 使用指令
cd /etc
cp php.ini php.ini.`date +"%Y%m%d%H%M%S"`
sed -i 's/memory_limit = 128M/memory_limit = 512M/g' php.ini
sed -i 's/post_max_size = 8M/post_max_size = 20M/g' php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 20M/g' php.ini
sed -i 's/;date.timezone =/date.timezone = "Asia\/Taipei"/g' php.ini
## 20201111 新增
# 修改 php.ini 使用指令
cd /etc/php/8.0/fpm/
cp /etc/php/8.0/fpm/php.ini /etc/php/8.0/fpm/php.ini.`date +"%Y%m%d%H%M%S"`
sed -i 's/memory_limit = 128M/memory_limit = 512M/g' /etc/php/8.0/fpm/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 100M/g' /etc/php/8.0/fpm/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 100M/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo = 0/g' /etc/php/8.0/fpm/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 360/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;date.timezone =/date.timezone = "Asia\/Taipei"/g' /etc/php/8.0/fpm/php.ini
cd /etc/php/8.0/cli/
cp /etc/php/8.0/cli/php.ini /etc/php/8.0/cli/php.ini.`date +"%Y%m%d%H%M%S"`
sed -i 's/memory_limit = -1/memory_limit = 512M/g' /etc/php/8.0/cli/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 100M/g' /etc/php/8.0/cli/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 100M/g' /etc/php/8.0/cli/php.ini
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo = 0/g' /etc/php/8.0/cli/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 360/g' /etc/php/8.0/cli/php.ini
sed -i 's/;date.timezone =/date.timezone = "Asia\/Taipei"/g' /etc/php/8.0/cli/php.ini
#########
#########
修改run php
# php-fpm
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.php$ {
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
## 如果使用 nginx 1.18 最新版需修改 www.conf
修改 /etc/php/8.0/fpm/pool.d/www.conf 設定檔,改變執行者及群組
# vi /etc/php/8.0/fpm/pool.d/www.conf
user = nginx
group = nginx
listen = /run/php/php8.0-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0666
#新增修改方式
cp /etc/php/8.0/fpm/pool.d/www.conf /etc/php/8.0/fpm/pool.d/www.conf.`date +"%Y%m%d%H%M%S"`
#
sed -i 's/user = www-data/user = nginx/g' /etc/php/8.0/fpm/pool.d/www.conf
sed -i 's/group = www-data/group = nginx/g' /etc/php/8.0/fpm/pool.d/www.conf
sed -i 's/listen.owner = www-data/listen.owner = nginx/g' /etc/php/8.0/fpm/pool.d/www.conf
sed -i 's/listen.group = www-data/listen.group = nginx/g' /etc/php/8.0/fpm/pool.d/www.conf
sed -i 's/;listen.mode = 0660/listen.mode = 0666/g' /etc/php/8.0/fpm/pool.d/www.conf
systemctl restart php8.0-fpm.service
systemctl status php* | grep fpm.service
新增加
location ^~ /jenkins/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_max_temp_file_size 0;
#proxy_pass http://localhost:8080/jenkins/;
proxy_pass http://127.0.0.1:8080/jenkins/;
# The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
sendfile off;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
# This is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
}
#################
#################
修改 jenkin 路徑
vi /etc/default/jenkins
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --prefix=/jenkins"
# sed -i 's/HTTP_PORT --prefix=\//HTTP_PORT --prefix=\/jenkins/g' /etc/default/jenkins
#
sed -i 's/$HTTP_PORT"/$HTTP_PORT --prefix=\/jenkins"/g' /etc/default/jenkins
重新啟動 nginx 和 jenkins
systemctl restart nginx.service
systemctl restart jenkins.service
輸入 http://xxx.xxx.xxx.xxx/jenkins
/var/www/html/phptest.php
touch /var/www/html/phpinfo.php && echo '' >> /var/www/html/phpinfo.php
############################################################
mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Country Name (2 letter code) [AU]:TW1
State or Province Name (full name) [Some-State]:Taiwan2
Locality Name (eg, city) []:Taipei3
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company4
Organizational Unit Name (eg, section) []:My Unit5
Common Name (e.g. server FQDN or YOUR name) []:myhost.loacldomain.tw
Email Address []:user@loacldomain.tw
touch /var/www/html/phpinfo.php && echo '<?php phpinfo(); ?>' >> /var/www/html/phpinfo.php
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<?php echo '<p>Hello World</p>';
// In the variables section below, replace user and password with your own MySQL credentials as created on your server
$servername = "localhost";
$username = "webuser";
$password = "password";
// Create MySQL connection
$conn = mysqli_connect($servername, $username, $password);
// Check connection - if it fails, output will include the error message
if (!$conn) {
die('<p>Connection failed: </p>' . mysqli_connect_error());
}
echo '<p>Connected successfully</p>';
?>
</body>
</html>
#############################################
#nginx 設定檔
cp /etc/nginx/sites-available/default.conf default.conf.`date +"%Y%m%d%H%M%S"`
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
# 設定網站跟目錄
root /var/www/html;
# 預設首頁
index index.php index.html index.htm;
server_name _;
location / {
#root /var/www/html;
#index index.html index.htm;
try_files $uri $uri/ /index.php?$query_string;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/wwww/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# php-fpm
location ~ \.php$ {
#try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
location ^~ /jenkins/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_max_temp_file_size 0;
#proxy_pass http://localhost:8080/jenkins/;
proxy_pass http://127.0.0.1:8080/jenkins/;
# The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
sendfile off;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
# This is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
以下為最後OK設定檔
server {
listen 80 default_server;
listen [::]:80 default_server;
# 導向至 HTTPS
rewrite ^(.*) https://$host$1 permanent;
}
server {
# SSL 設定
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# 憑證與金鑰的路徑
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
client_max_body_size 100M;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
#
location ~ \.php$ {
#try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
#
location /grafana/ {
proxy_pass http://localhost:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ /jenkins/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_max_temp_file_size 0;
#proxy_pass http://localhost:8080/jenkins/;
proxy_pass http://127.0.0.1:8080/jenkins/;
# The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
sendfile off;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
# This is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.3-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
jenkins 啟動後需要安裝套件
Blue Ocean
simple themes
Modern Status
active choice
ThinBackup
active
Groovy script从文件中获取变量值 讀行
def lineList = new File("/home/F5/test.csv").readLines();
lineList.each {
println it.toUpperCase();
}
// 過濾執行條件 csv 檔中的 job 名稱
// 要使用絕對路徑
def command = "sh /home/F5/scripts/standalone_job.sh 3 /home/F5/server_list/Job_Site7.csv First_Forceoffline"
def proc = command.execute()
proc.waitFor()
def instances = proc.in.text.readLines()
return instances
備份單獨 job
先設定 Credentials.txt 帳號檔案
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth @Credentials.txt get-job CN-001_Active_New_Script-001 > CN-001_Active_New_Script-001.xml
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth @Credentials.txt create-job Bnewmyjob < CN-001_Active_New_Script-001.xml =>
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:password
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:12cb4a9876b0414fa8e9453e93a7d218
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:password list-jobs
or
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:12cb4a9876b0414fa8e9453e93a7d218 list-jobs
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:password build jobname
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:password build abcd
or
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:12cb4a9876b0414fa8e9453e93a7d218 build abcd
to diable unix_socket auth (passwordless login on cli)
Mariadb config
/etc/mysql/mariadb.conf.d/50-server.cnf
MySQL config
/etc/mysql/my.cnf
add following parameter
plugin-load-add = auth_socket.so
on mysql cli
update mysql.user set password=password('GerP@ssword') where user='root';
update mysql.user set plugin=” where User='root';
or
ALTER USER 'root'@'localhost' IDENTIFIED BY 'GerP@ssw0rd';
flush privileges;
restart MySQL server
systemctl restart mariadb.service
or
systemctl restart mysql.service
ALTER USER 'root'@'localhost' IDENTIFIED BY 'GerP@ssw0rd';
/([a-zA-Z0-9\.]+)/
Your regex must work fine. However, the character sets are redundant since you are only using digits per set. Hence, they can be removed:
(\d{2,3})-(\d{2,3})-(\d{2,3})-(\d{2,3})
/^\/Common\//
/.*node="ip-([^"]*).us-*/
沒有留言:
張貼留言