├── .gitignore ├── README.md ├── aliyun-ecs-oss ├── README.md ├── docker-compose │ └── install_docker_compose.sh ├── docker │ └── install_docker_ce.sh ├── downloads │ └── README.md ├── gitlab │ ├── configure_gitlab_settings.sh │ ├── install_gitlab_ce_http.sh │ └── post_install_gitlab.sh ├── harbor │ └── install_harbor.sh ├── jenkins │ ├── install_jenkins_rpm.sh │ └── post_install_jenkins.sh ├── nexus │ ├── add_nexus_service.sh │ └── install_nexus.sh ├── openjdk │ └── install_openjdk8.sh └── ossutil │ └── install_ossutil.sh ├── aliyun-study ├── README.md └── docs │ ├── 01_buy_aliyun_ecs_server.md │ ├── 02_set_ssh_key_login_and_disable_ssh_password_login.md │ └── 03_update_system_and_install_tools.md ├── ansible ├── README.md ├── hosts ├── install.sh └── playbook │ ├── increase_ulimit.yml │ ├── install_jenkins.yml │ ├── install_tools.yml │ ├── prepare_env.yml │ ├── use_aliyun_centos7_yum_repo.yml │ └── use_aliyun_epel7_yum_repo.yml ├── chatops ├── README.md └── ssl │ └── certificate.crt ├── components ├── aliyun │ ├── CentOS7-Aliyun.repo │ ├── epel-7-Aliyun.repo │ └── use_aliyun_yum_repo.sh ├── ansible │ ├── add_ansible_user_group.sh │ ├── config_ansible.sh │ ├── install_ansible.sh │ └── test_ansible.sh ├── docker-compose │ ├── install_docker_compose.sh │ └── install_docker_compose_from_github.sh ├── docker │ ├── install_docker_ce.sh │ ├── install_docker_ce_17_03_2.sh │ ├── post_install_docker.sh │ ├── run_docker_without_root.sh │ └── use_aliyun_docker_registry.sh ├── git │ ├── git_reset.sh │ └── install_git.sh ├── gitlab-docker │ ├── README.md │ ├── docker-compose.yml │ └── install_gitlab.sh ├── gitlab │ ├── configure_gitlab_ce_letsencrypt.sh │ ├── configure_gitlab_ce_manual_ssl.sh │ ├── configure_gitlab_settings.sh │ ├── install_gitlab_ce_http.sh │ ├── install_gitlab_ce_https.sh │ └── post_install_gitlab.sh ├── gradle │ └── install_gradle.sh ├── harbor │ └── install_harbor.sh ├── jenkins-slave │ ├── add_jenkins_slave_service.sh │ └── jenkins_slave.sh ├── jenkins │ ├── install_jenkins.sh │ ├── install_jenkins_rpm.sh │ ├── post_install_jenkins.sh │ └── run_docker_with_jenkins.sh ├── maven │ ├── README.md │ ├── install_maven.sh │ └── settings.xml ├── nexus-docker │ ├── docker-compose.yml │ └── install_nexus.sh ├── nexus │ ├── add_nexus_service.sh │ └── install_nexus.sh ├── nginx │ └── install_nginx.sh ├── nodejs │ └── install_nodejs_npm.sh ├── openjdk │ └── install_openjdk8.sh ├── postman │ └── install_newman.sh ├── redmine │ ├── README.md │ ├── docker-compose.yml │ └── install_redmine.sh ├── sonarqube │ ├── docker-compose.yml │ ├── install_sonarqube.sh │ ├── reinstall_sonarqube.sh │ ├── sonar6.4.yml │ ├── sonar6.7.1.yml │ └── sonar7.0.yml ├── ssh │ ├── add_key_into_ssh_agent.sh │ ├── add_pub_key.sh │ └── gen_keys.sh ├── ssl │ └── create_self_signed_cert.sh ├── timedate │ ├── README.md │ ├── install_ntp.sh │ ├── sync_timedate_chrony.sh │ └── sync_timedate_ntp.sh ├── tools │ └── install_tools.sh ├── tsinghua │ ├── gitlab-ce-tsinghua.repo │ └── use_tsinghua_gitlab_repo.sh └── utils │ ├── determine_java.sh │ ├── get_ip.sh │ ├── increase_ulimit.sh │ ├── open_firewall_port.sh │ ├── open_firewall_service.sh │ ├── replace_in_file.sh │ └── start_service.sh └── devops_in_k8s └── jenkins ├── README.md ├── jenkins-slave-service-account.yml └── pipeline └── maven_docker_k8s.groovy /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # IntelliJ IDEA 3 | .idea/ 4 | *.iml 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [TOC] 2 | 3 | # OneDayDevOps 4 | 5 | Build a DevOps platform in one day using open source components 6 | 7 | Blog: [OneDayDevOps: One click deploy a DevOps platform](https://blog.csdn.net/nklinsirui/article/details/89416151) 8 | 9 | ## Get started 10 | 11 | ### Install Git 12 | 13 | ```bash 14 | yum install git -y 15 | git --version 16 | ``` 17 | 18 | ### Clone OneDayDevOps 19 | 20 | Run below commands on an empty directory: 21 | ```bash 22 | git clone https://github.com/cookcodeblog/OneDayDevOps.git 23 | cd OneDayDevOps 24 | find . -name '*.sh' -exec chmod u+x {} \; 25 | ``` 26 | 27 | 28 | 29 | 30 | 31 | ### Use Aliyun Yum repo 32 | 33 | ```bash 34 | ./components/aliyun/use_aliyun_yum_repo.sh 35 | ``` 36 | 37 | 38 | 39 | ### Install tools 40 | 41 | Install some basic tools, e.g. wget, vim, etc. 42 | 43 | ```bash 44 | ./components/tools/install_tools.sh 45 | ``` 46 | 47 | ## Increase ulimit 48 | 49 | ```bash 50 | ./components/utils/increase_ulimit.sh 51 | ``` 52 | 53 | 54 | 55 | ### Set `ntp` time sync 56 | 57 | ```bash 58 | # Recommend to set ntp time sync with chrony 59 | ./components/timedate/sync_timedate_chrony.sh 60 | 61 | # Or set ntp time sync with ntp 62 | ./components/timedate/sync_timedate_ntp.sh 63 | ``` 64 | 65 | 66 | 67 | ### Install OpenJDK 68 | 69 | Install OpenJDK8: 70 | 71 | ```bash 72 | ./components/openjdk/install_openjdk8.sh 73 | ``` 74 | 75 | ### Install Jenkins 76 | 77 | > Make sure OpenJDK8 is installed 78 | 79 | Install Jenkins by Jenkins Yum repo: 80 | 81 | ```bash 82 | ./components/jenkins/install_jenkins.sh 83 | ``` 84 | 85 | 86 | 87 | Or install Jenkins by Jenkins mirror: 88 | 89 | ```bash 90 | ./components/jenkins/install_jenkins_rpm.sh 91 | ``` 92 | 93 | 94 | 95 | ### Install Build Tools 96 | 97 | ### Install Gradle 98 | 99 | ```bash 100 | # Install default Gradle (Gradle5.4) 101 | ./components/gradle/install_gradle.sh 102 | 103 | # Install specific Gradle version 104 | # Example: ./components/gradle/install_gradle.sh 4.6 105 | ./components/gradle/install_gradle.sh 106 | ``` 107 | 108 | 109 | 110 | ### Install Maven 111 | 112 | ```bash 113 | # Install default Maven (Maven3.6.0) 114 | ./components/maven/install_maven.sh 115 | 116 | # Install specific Maven version 117 | # ./components/maven/install_maven.sh 3.5.0 118 | ./components/maven/install_maven.sh 119 | ``` 120 | 121 | 122 | 123 | ### Install GitLab CE 124 | 125 | Install GitLab CE with HTTP: 126 | 127 | ```bash 128 | # ./components/gitlab/install_gitlab_ce_http.sh gitlab.xdevops.cn 129 | ./components/gitlab/install_gitlab_ce_http.sh 130 | ``` 131 | 132 | 133 | 134 | Install GitLab CE with HTTPS using manual SSL cert: 135 | 136 | ```bash 137 | # ./components/gitlab/install_gitlab_ce_https.sh gitlab.xdevops.cn "/C=CN/ST=Guangdong/L=Guangzhou/O=xdevops/OU=xdevops/CN=gitlab.xdevops.cn" 138 | ./components/gitlab/install_gitlab_ce_https.sh 139 | ``` 140 | 141 | 142 | 143 | Configure HTTPS for an existing HTTP GitLab CE using manual SSL cert: 144 | 145 | ```bash 146 | # Set domain name mapping in host file if necessary 147 | # echo "$(./components/utils/get_ip.sh) gitlab.xdevops.cn" >> /etc/hosts 148 | echo "$(./components/utils/get_ip.sh) " >> /etc/hosts 149 | 150 | # ./components/gitlab/configure_gitlab_ce_manual_ssl.sh gitlab.xdevops.cn "/C=CN/ST=Guangdong/L=Guangzhou/O=xdevops/OU=xdevops/CN=gitlab.xdevops.cn" 151 | ./components/gitlab/configure_gitlab_ce_manual_ssl.sh 152 | ``` 153 | 154 | 155 | 156 | > Even throuh GitLab integrate Letsencrypt natively, but I have encountered a Letsencrypt error when run `gitlab-ctl reconfigure` and haven't resolved it, so I have to use manual SSL cert at this moment. 157 | 158 | 159 | 160 | ### Install Docker CE 161 | 162 | Install Docker latest version: 163 | 164 | ```bash 165 | ./components/docker/install_docker_ce.sh 166 | ``` 167 | 168 | Install a Docker specific version: 169 | 170 | ```bash 171 | # Example: ./components/docker/install_docker_ce.sh 18.03.0 172 | ./components/docker/install_docker_ce.sh 173 | ``` 174 | 175 | Install Docker 17.03.2 (older version): 176 | 177 | ```bash 178 | ./components/docker/install_docker_ce_17_03_2.sh 179 | ``` 180 | 181 | 182 | 183 | ### Install Docker Compose 184 | 185 | ```bash 186 | # Install default Docker Compose (Docker Compose 1.24.0) 187 | ./components/docker-compose/install_docker_compose.sh 188 | 189 | # Install specific Docker Compose version 190 | # ./components/docker-compose/install_docker_compose.sh 1.24.0 191 | ./components/docker-compose/install_docker_compose.sh 192 | ``` 193 | 194 | 195 | 196 | ### Install Harbor 197 | 198 | ```bash 199 | # Install default Harbor (Harbor 1.8.0) 200 | ./components/harbor/install_harbor.sh 201 | 202 | # Install specific Harbor version,e.g Harbor 1.7.5 203 | # ./components/harbor/install_harbor.sh 1.7 5 204 | ./components/harbor/install_harbor.sh 205 | ``` 206 | 207 | 208 | 209 | ### Install Nexus 210 | 211 | ```bash 212 | # Install default Nexus (nexus-3.16.1-02) 213 | ./components/nexus/install_nexus.sh 214 | 215 | # Install specific Nexus version 216 | # ./components/nexus/install_nexus.sh 3.16.1-02 217 | ./components/nexus/install_nexus.sh 218 | ``` 219 | 220 | 221 | 222 | ### Install Redmine 223 | 224 | ```bash 225 | ./components/redmine/install_redmine.sh 226 | ``` 227 | 228 | 229 | 230 | ### Install SonarQube 231 | 232 | ```bash 233 | ./components/sonarqube/install_sonarqube.sh 234 | ``` 235 | 236 | ### Install GitLab with Docker Compose 237 | 238 | ```bash 239 | ./components/gitlab-docker/install_gitlab.sh 240 | ``` 241 | 242 | -------------------------------------------------------------------------------- /aliyun-ecs-oss/README.md: -------------------------------------------------------------------------------- 1 | [TOC] 2 | 3 | 4 | 5 | # Install software in Aliyun ECS server via Aliyun OSS 6 | 7 | ## File transfer 8 | 9 | 1. Use `ossutil` upload files to Aliyun OSS via Internet 10 | 2. Download from Aliyun OSS in Aliyun ECS server via Internal network 11 | 12 | 13 | 14 | Example: 15 | 16 | ```bash 17 | # Upload to Aliyun OSS 18 | ossutil cp -r --update ./jenkins/jenkin*rpm oss://xxx-oss/paas/jenkins/ 19 | 20 | # Download from Aliyun OSS 21 | ossutil cp -r --update oss://xxx-oss/paas/jenkins/jenkins-2.164.2-1.1.noarch.rpm /downloads/packages/jenkins/ 22 | ``` 23 | 24 | 25 | 26 | ## Yum repo 27 | Run `yum install` to install softwares via Aliyun internal Yum repo. 28 | 29 | Run `yum repolist` to check enabled Yum repo. 30 | 31 | 32 | 33 | ## Export and import Docker Images 34 | 35 | Use `docker save` and `docker load` to export and import Docker images: 36 | 37 | 38 | 39 | Example: 40 | 41 | ```bash 42 | # Pull images 43 | docker pull sameersbn/redmine:4.0.3-1 44 | docker pull sameersbn/postgresql:9.6-4 45 | 46 | # Export images to tar file 47 | docker save -o images.tar sameersbn/redmine:4.0.3-1 sameersbn/postgresql:9.6-4 48 | 49 | # Import docker images 50 | docker load -i images.tar 51 | 52 | # Check imported docker images 53 | docker images 54 | ``` -------------------------------------------------------------------------------- /aliyun-ecs-oss/docker-compose/install_docker_compose.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | 13 | cp /downloads/packages/docker/docker-compose* /usr/local/bin/docker-compose 14 | 15 | sudo chmod +x /usr/local/bin/docker-compose 16 | 17 | sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose 18 | 19 | docker-compose --version 20 | 21 | sudo docker-compose --version 22 | -------------------------------------------------------------------------------- /aliyun-ecs-oss/docker/install_docker_ce.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | 13 | yum install /downloads/packages/docker/docker*.rpm -y 14 | 15 | 16 | ../../components/utils/start_service.sh docker 17 | 18 | docker version 19 | -------------------------------------------------------------------------------- /aliyun-ecs-oss/downloads/README.md: -------------------------------------------------------------------------------- 1 | 2 | Put installation packages to `/downloads/packages` folder. 3 | 4 | Manual copy example: 5 | 6 | ```bash 7 | mkdir -p /downloads/packages 8 | 9 | # Docker and Docker Compose packages 10 | scp -r docker root@192.168.87.121:/downloads/packages/ 11 | 12 | # Harbor offline installer 13 | scp -r harbor root@192.168.87.121:/downloads/packages/ 14 | ``` -------------------------------------------------------------------------------- /aliyun-ecs-oss/gitlab/configure_gitlab_settings.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Backup GitLab configuration 13 | cp -p /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.bak$(date '+%Y%m%d%H%M%S') 14 | 15 | # Configure Timezone 16 | # https://gitlab.xdevops.cn/help/workflow/timezone.md 17 | ../../components/utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# gitlab_rails\['time_zone'\] = 'UTC'" "gitlab_rails\['time_zone'\] = 'Asia\/Shanghai'" 18 | 19 | # Enable GitLab Rack Attack if the GitLab is exposed in Internet 20 | # https://gitlab.xdevops.cn/help/security/rack_attack.md 21 | cat >> /etc/gitlab/gitlab.rb < true, 24 | 'ip_whitelist' => ["127.0.0.1"], 25 | 'maxretry' => 10, # Limit the number of Git HTTP authentication attempts per IP 26 | 'findtime' => 60, # Reset the auth attempt counter per IP after 60 seconds 27 | 'bantime' => 3600 # Ban an IP for one hour (3600s) after too many auth attempts 28 | } 29 | EOF 30 | 31 | # Reconfigure and restart GitLab 32 | gitlab-ctl reconfigure 33 | gitlab-ctl restart 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /aliyun-ecs-oss/gitlab/install_gitlab_ce_http.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | GITLAB_DOMAIN="$1" 13 | 14 | 15 | yum install -y curl policycoreutils-python openssh-server 16 | 17 | ../../components/utils/start_service.sh sshd 18 | 19 | 20 | # https://docs.gitlab.com/omnibus/manual_install.html 21 | 22 | if [ -n "$GITLAB_DOMAIN" ] ; then 23 | GITLAB_URL="http://${GITLAB_DOMAIN}" 24 | EXTERNAL_URL="${GITLAB_URL}" rpm -ivh /downloads/packages/gitlab/gitlab*.rpm 25 | else 26 | echo "Please input a Giltab domain,e.g. example.gitlab.com" 27 | exit 1 28 | fi 29 | 30 | ../../components/utils/open_firewall_port.sh 80 31 | 32 | ./post_install_gitlab.sh "${GITLAB_URL}" 33 | -------------------------------------------------------------------------------- /aliyun-ecs-oss/gitlab/post_install_gitlab.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | gitlab-ctl status 13 | 14 | GITLAB_URL="$1" 15 | 16 | echo "GitLab URL: ${GITLAB_URL}" 17 | echo "Check GitLab version and Help document: ${GITLAB_URL}/help" 18 | echo "Please open GitLab in browser and reset password to continue configuration" 19 | echo "Default GitLab admin account: root" 20 | echo "You may need update local hosts file firstly:" 21 | echo "Mac: https://www.tekrevue.com/tip/edit-hosts-file-mac-os-x/" 22 | echo "Windows: https://www.techwalla.com/articles/how-to-edit-your-windows-hosts-file" 23 | 24 | -------------------------------------------------------------------------------- /aliyun-ecs-oss/harbor/install_harbor.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | 13 | tar xvf /downloads/packages/harbor/harbor-offline-installer-*.tgz 14 | mv /downloads/packages/harbor /opt 15 | 16 | 17 | 18 | HOST_NAME=$(../../components/utils/get_ip.sh) 19 | ../../components/utils/replace_in_file.sh /opt/harbor/harbor.cfg "hostname = reg.mydomain.com" "hostname = ${HOST_NAME}" 20 | 21 | cd /opt/harbor && sudo ./install.sh 22 | 23 | echo "Harbor URL: http://${HOST_NAME}" 24 | 25 | # Harbor will be auto restarted by docker-compose when reboot server 26 | # So don't need add Harbor into `systemd` service 27 | -------------------------------------------------------------------------------- /aliyun-ecs-oss/jenkins/install_jenkins_rpm.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Check if JDK is installed 13 | ../../components/utils/determine_java.sh 14 | 15 | rpm -ivh /downloads/packages/jenkins/jenkins*.rpm 16 | 17 | ./post_install_jenkins.sh -------------------------------------------------------------------------------- /aliyun-ecs-oss/jenkins/post_install_jenkins.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | 13 | ../../components/utils/start_service.sh jenkins 14 | 15 | ../../components/utils/open_firewall_port.sh 8080 16 | 17 | echo "Jenkins URL: http://$(../../components/utils/get_ip.sh):8080" 18 | 19 | # wait 1 minute until Jenkins is ready 20 | sleep 60 21 | echo "Jenkins initial admin password: $(more /var/lib/jenkins/secrets/initialAdminPassword)" 22 | 23 | echo "Please open Jenkins in browser and input initial password to continue configuration" 24 | -------------------------------------------------------------------------------- /aliyun-ecs-oss/nexus/add_nexus_service.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | 13 | cat > /etc/systemd/system/nexus.service < /etc/profile.d/java8.sh < ) 26 | * [SecureCRT](https://blog.csdn.net/hgcpkclwcx/article/details/78929737) 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /aliyun-study/docs/03_update_system_and_install_tools.md: -------------------------------------------------------------------------------- 1 | [TOC] 2 | 3 | # 更新系统、安装必要的工具和同步时间 4 | 5 | 6 | ## 设置主机名 7 | 8 | ```bash 9 | hostnamectl set-hostname 10 | ``` 11 | 12 | 13 | ## 更新系统 14 | 15 | ```bash 16 | # 在首次使用系统前,更新软件包和操作系统内核 17 | yum update -y 18 | ``` 19 | 20 | 21 | 22 | > 阿里云ECS服务器缺省已经配置好Yum repo源 23 | 24 | 25 | 26 | ## 安装工具 27 | 28 | ```bash 29 | ./components/tools/install_tools.sh 30 | ``` 31 | 32 | 33 | 34 | ## 同步时间 35 | 36 | ```bash 37 | ./components/timedate/sync_timedate_chrony.sh 38 | ``` 39 | 40 | 41 | 42 | > 阿里云ECS服务器缺省已经开启chrony时间同步 43 | 44 | -------------------------------------------------------------------------------- /ansible/README.md: -------------------------------------------------------------------------------- 1 | [TOC] 2 | 3 | # Install DevOps tools with Ansible 4 | 5 | 6 | ## Install and configure Ansible 7 | 8 | -------------------------------------------------------------------------------- /ansible/hosts: -------------------------------------------------------------------------------- 1 | # Managed hosts to be installed DevOps tools 2 | 3 | [jenkins_master] 4 | 192.168.87.156 5 | 6 | -------------------------------------------------------------------------------- /ansible/install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | cd ./playbook/ 13 | 14 | # Prepare env 15 | ansible-playbook prepare_env.yml -------------------------------------------------------------------------------- /ansible/playbook/increase_ulimit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | tasks: 5 | - name: Add or modify root hard/soft nofile as 65535 6 | pam_limits: 7 | domain: root 8 | limit_type: '-' 9 | limit_item: nofile 10 | value: '65535' 11 | - name: Add or modify '*' hard/soft nofile as 65535 12 | pam_limits: 13 | domain: '*' 14 | limit_type: '-' 15 | limit_item: nofile 16 | value: '65535' 17 | - name: Add or modify root hard/soft nproc as unlimited 18 | pam_limits: 19 | domain: root 20 | limit_type: '-' 21 | limit_item: nproc 22 | value: unlimited 23 | - name: Add or modify '*' hard/soft nproc as unlimited 24 | pam_limits: 25 | domain: '*' 26 | limit_type: '-' 27 | limit_item: nproc 28 | value: unlimited -------------------------------------------------------------------------------- /ansible/playbook/install_jenkins.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: jenkins_master 3 | remote_user: root 4 | tasks: 5 | - name: ensure openjdk8 is installed -------------------------------------------------------------------------------- /ansible/playbook/install_tools.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | tasks: 5 | - name: Install some usefull tools 6 | yum: 7 | name: "{{ packages }}" 8 | vars: 9 | packages: 10 | - wget 11 | - vim 12 | - net-tools 13 | - bind-utils 14 | - telnet 15 | - unzip 16 | - htop 17 | - mtr 18 | - tree 19 | -------------------------------------------------------------------------------- /ansible/playbook/prepare_env.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_playbook: use_aliyun_centos7_yum_repo.yml 3 | - import_playbook: use_aliyun_epel7_yum_repo.yml 4 | - import_playbook: increase_ulimit.yml 5 | - import_playbook: install_tools.yml -------------------------------------------------------------------------------- /ansible/playbook/use_aliyun_centos7_yum_repo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | tasks: 5 | - name: Add Yum repo (aliyun-base) 6 | yum_repository: 7 | name: aliyun-base 8 | description: CentOS-7 - Base - mirrors.aliyun.com 9 | failovermethod: priority 10 | baseurl: http://mirrors.aliyun.com/centos/7/os/$basearch/ 11 | gpgcheck: 1 12 | gpgkey: http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 13 | - name: Add Yum repo (aliyun-updates) 14 | yum_repository: 15 | name: aliyun-updates 16 | description: CentOS-7 - Updates - mirrors.aliyun.com 17 | failovermethod: priority 18 | baseurl: http://mirrors.aliyun.com/centos/7/updates/$basearch/ 19 | gpgcheck: 1 20 | gpgkey: http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 21 | - name: Add Yum repo (aliyun-extras) 22 | yum_repository: 23 | name: aliyun-extras 24 | description: CentOS-7 - Extras - mirrors.aliyun.com 25 | failovermethod: priority 26 | baseurl: http://mirrors.aliyun.com/centos/7/extras/$basearch/ 27 | gpgcheck: 1 28 | gpgkey: http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 29 | - name: Add Yum repo (aliyun-centosplus) 30 | yum_repository: 31 | name: aliyun-centosplus 32 | description: CentOS-7 - Plus - mirrors.aliyun.com 33 | failovermethod: priority 34 | baseurl: http://mirrors.aliyun.com/centos/7/centosplus/$basearch/ 35 | gpgcheck: 1 36 | enabled: 0 37 | gpgkey: http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 38 | - name: Add Yum repo (aliyun-contrib) 39 | yum_repository: 40 | name: aliyun-contrib 41 | description: CentOS-7 - Contrib - mirrors.aliyun.com 42 | failovermethod: priority 43 | baseurl: http://mirrors.aliyun.com/centos/7/contrib/$basearch/ 44 | gpgcheck: 1 45 | enabled: 0 46 | gpgkey: http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 47 | 48 | -------------------------------------------------------------------------------- /ansible/playbook/use_aliyun_epel7_yum_repo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | tasks: 5 | - name: Add Yum repo (aliyun-epel) 6 | yum_repository: 7 | name: aliyun-epel 8 | description: Extra Packages for Enterprise Linux 7 - $basearch 9 | baseurl: http://mirrors.aliyun.com/epel/7/$basearch 10 | failovermethod: priority 11 | enabled: 1 12 | gpgcheck: 0 13 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 14 | - name: Add Yum repo (aliyun-epel-debuginfo) 15 | yum_repository: 16 | name: aliyun-epel-debuginfo 17 | description: Extra Packages for Enterprise Linux 7 - $basearch - Debug 18 | baseurl: http://mirrors.aliyun.com/epel/7/$basearch/debug 19 | failovermethod: priority 20 | enabled: 0 21 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 22 | gpgcheck: 0 23 | - name: Add Yum repo (aliyun-epel-source) 24 | yum_repository: 25 | name: aliyun-epel-source 26 | description: Extra Packages for Enterprise Linux 7 - $basearch - Source 27 | baseurl: http://mirrors.aliyun.com/epel/7/SRPMS 28 | failovermethod: priority 29 | enabled: 0 30 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 31 | gpgcheck: 0 32 | -------------------------------------------------------------------------------- /chatops/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Use RocketChat for ChatOps 3 | -------------------------------------------------------------------------------- /chatops/ssl/certificate.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDYDCCAkgCCQCbGIDC+LlKfDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJD 3 | TjESMBAGA1UECAwJR3Vhbmdkb25nMRIwEAYDVQQHDAlHdWFuZ3pob3UxEDAOBgNV 4 | BAoMB3hkZXZvcHMxEDAOBgNVBAsMB3hkZXZvcHMxFzAVBgNVBAMMDjQ3LjEwNS4x 5 | OTUuMjUzMB4XDTE5MDcwOTEwMDIwNloXDTIwMDcwODEwMDIwNlowcjELMAkGA1UE 6 | BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzESMBAGA1UEBwwJR3Vhbmd6aG91MRAw 7 | DgYDVQQKDAd4ZGV2b3BzMRAwDgYDVQQLDAd4ZGV2b3BzMRcwFQYDVQQDDA40Ny4x 8 | MDUuMTk1LjI1MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOFXbWuE 9 | zI7k+ErqN9kU7EJcBxx6FsBqY/uWVC2Mq3qJD5IsYZlN4+xr5Fg68LtxxP0hOg2J 10 | dgyK+AlrAflxlwXUF74kjr3ujyHDk/lo7wxgMuLa3u3OcV5JxXpbM11OginCLo2y 11 | ii5CR0JuEY3jqmMi3ffum3pNMRufsK0W0rDFbbmINcXFMDTLTAFSuBvbrMbKVdbt 12 | DuyacXsdJSkvNe2G0rN++hGyqEfagKBofLOPF0gENCAgy8rqLRLQF7NNtPtlBhyV 13 | y1Kj8/xEiBcxfOUf8xcmhraXuCVqt7kJa76jdv6JJBx5w0LRaoeZ0Q87V3zr9FKv 14 | DznLq85jCSlYH1kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAtU9LA+8VHAc9QUU/ 15 | XStna/rBeYkNrgocwKauERWOBjK+uA48VB65B7uGSFRFKZsiThgrkvF5EWXrJ+Ii 16 | D7Afb3WcIHY1UElzRSwYpo4f1im+0YmWUKEkOzT8u+V1ImP4CeEW7PT3zm+qwBiI 17 | t283BOrzsIX/vrstkWkAzG5fRaXeOO9Cc91yihZrbXpaxgY0U/oO8Z0y8AEse6pZ 18 | sTGKp+1OOS7kR556G60f4iMV+1jHNga7rkKUC00pMYvrdfGoFwIGD4q5wROV+hTr 19 | rssaME/RnGArdmCnfYvkNcrUb/3jjPIcwv81EPPw4YKF3ZnDVgoLt5HHfHd0Paxj 20 | Q0UwVg== 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /components/aliyun/CentOS7-Aliyun.repo: -------------------------------------------------------------------------------- 1 | # CentOS-Base.repo 2 | # 3 | # The mirror system uses the connecting IP address of the client and the 4 | # update status of each mirror to pick mirrors that are updated to and 5 | # geographically close to the client. You should use this for CentOS updates 6 | # unless you are manually picking other mirrors. 7 | # 8 | # If the mirrorlist= does not work for you, as a fall back you can try the 9 | # remarked out baseurl= line instead. 10 | # 11 | # 12 | 13 | [base] 14 | name=CentOS-7 - Base - mirrors.aliyun.com 15 | failovermethod=priority 16 | baseurl=http://mirrors.aliyun.com/centos/7/os/$basearch/ 17 | gpgcheck=1 18 | gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 19 | 20 | #released updates 21 | [updates] 22 | name=CentOS-7 - Updates - mirrors.aliyun.com 23 | failovermethod=priority 24 | baseurl=http://mirrors.aliyun.com/centos/7/updates/$basearch/ 25 | gpgcheck=1 26 | gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 27 | 28 | #additional packages that may be useful 29 | [extras] 30 | name=CentOS-7 - Extras - mirrors.aliyun.com 31 | failovermethod=priority 32 | baseurl=http://mirrors.aliyun.com/centos/7/extras/$basearch/ 33 | gpgcheck=1 34 | gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 35 | 36 | #additional packages that extend functionality of existing packages 37 | [centosplus] 38 | name=CentOS-7 - Plus - mirrors.aliyun.com 39 | failovermethod=priority 40 | baseurl=http://mirrors.aliyun.com/centos/7/centosplus/$basearch/ 41 | gpgcheck=1 42 | enabled=0 43 | gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 44 | 45 | #contrib - packages by Centos Users 46 | [contrib] 47 | name=CentOS-7 - Contrib - mirrors.aliyun.com 48 | failovermethod=priority 49 | baseurl=http://mirrors.aliyun.com/centos/7/contrib/$basearch/ 50 | gpgcheck=1 51 | enabled=0 52 | gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 53 | -------------------------------------------------------------------------------- /components/aliyun/epel-7-Aliyun.repo: -------------------------------------------------------------------------------- 1 | [epel] 2 | name=Extra Packages for Enterprise Linux 7 - $basearch 3 | baseurl=http://mirrors.aliyun.com/epel/7/$basearch 4 | failovermethod=priority 5 | enabled=1 6 | gpgcheck=0 7 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 8 | 9 | [epel-debuginfo] 10 | name=Extra Packages for Enterprise Linux 7 - $basearch - Debug 11 | baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug 12 | failovermethod=priority 13 | enabled=0 14 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 15 | gpgcheck=0 16 | 17 | [epel-source] 18 | name=Extra Packages for Enterprise Linux 7 - $basearch - Source 19 | baseurl=http://mirrors.aliyun.com/epel/7/SRPMS 20 | failovermethod=priority 21 | enabled=0 22 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 23 | gpgcheck=0 24 | -------------------------------------------------------------------------------- /components/aliyun/use_aliyun_yum_repo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | #curl -o /etc/yum.repos.d/CentOS7-Aliyun.repo https://raw.githubusercontent.com/cookcodeblog/OneDayDevOps/master/components/aliyun/CentOS7-Aliyun.repo 13 | #curl -o /etc/yum.repos.d/epel-7-Aliyun.repo https://raw.githubusercontent.com/cookcodeblog/OneDayDevOps/master/components/aliyun/epel-7-Aliyun.repo 14 | 15 | cp CentOS7-Aliyun.repo /etc/yum.repos.d/ 16 | cp epel-7-Aliyun.repo /etc/yum.repos.d/ 17 | 18 | yum clean all 19 | yum makecache 20 | 21 | yum repolist all 22 | -------------------------------------------------------------------------------- /components/ansible/add_ansible_user_group.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # create ansible user and group 6 | useradd ansible -U -s /bin/bash -m 7 | 8 | cat /etc/passwd | grep ansible 9 | cat /etc/group | grep ansible 10 | 11 | # change passwd 12 | passwd ansible 13 | 14 | -------------------------------------------------------------------------------- /components/ansible/config_ansible.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Ansible config: https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html#intro-configuration 4 | 5 | set -e 6 | 7 | # Locate shell script path 8 | SCRIPT_DIR=$(dirname $0) 9 | if [ ${SCRIPT_DIR} != '.' ] 10 | then 11 | cd ${SCRIPT_DIR} 12 | fi 13 | 14 | # backup 15 | cp -p /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg.bak$(date '+%Y%m%d%H%M%S') 16 | 17 | # Disable host key checking 18 | ../utils/replace_in_file.sh /etc/ansible/ansible.cfg "\#host_key_checking = False" "host_key_checking = False" 19 | ansible-config view | grep host_key_checking 20 | 21 | # Increase forks, default is 5 22 | FORKS="10" 23 | ../utils/replace_in_file.sh /etc/ansible/ansible.cfg "\#forks = 5" "forks = ${FORKS}" 24 | ansible-config view | grep forks -------------------------------------------------------------------------------- /components/ansible/install_ansible.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | 13 | 14 | 15 | yum install ansible -y 16 | 17 | ansible --version 18 | -------------------------------------------------------------------------------- /components/ansible/test_ansible.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # check version 4 | ansible --version 5 | 6 | # ping 7 | ansible all -m ping 8 | -------------------------------------------------------------------------------- /components/docker-compose/install_docker_compose.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | VERSION="$1" 13 | if [ ! -n "${VERSION}" ]; then 14 | VERSION="1.24.0" 15 | fi 16 | 17 | 18 | #sudo curl -L "https://github.com/docker/compose/releases/download/${VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 19 | sudo curl -L "https://get.daocloud.io/docker/compose/releases/download/${VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 20 | 21 | sudo chmod +x /usr/local/bin/docker-compose 22 | 23 | sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose 24 | 25 | docker-compose --version 26 | 27 | sudo docker-compose --version 28 | -------------------------------------------------------------------------------- /components/docker-compose/install_docker_compose_from_github.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | VERSION="$1" 13 | if [ ! -n "${VERSION}" ]; then 14 | VERSION="1.24.0" 15 | fi 16 | 17 | 18 | sudo curl -L "https://github.com/docker/compose/releases/download/${VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 19 | 20 | sudo chmod +x /usr/local/bin/docker-compose 21 | 22 | sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose 23 | 24 | docker-compose --version 25 | 26 | sudo docker-compose --version 27 | -------------------------------------------------------------------------------- /components/docker/install_docker_ce.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | yum install -y yum-utils device-mapper-persistent-data lvm2 13 | 14 | yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 15 | 16 | yum makecache fast 17 | 18 | VERSION="$1" 19 | if [ -n "$VERSION" ] ; then 20 | yum -y install docker-ce-"${VERSION}.ce" 21 | else 22 | yum -y install docker-ce 23 | fi 24 | 25 | ./post_install_docker.sh 26 | 27 | ../utils/start_service.sh docker 28 | 29 | docker version 30 | -------------------------------------------------------------------------------- /components/docker/install_docker_ce_17_03_2.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | yum install -y yum-utils device-mapper-persistent-data lvm2 13 | 14 | yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 15 | 16 | yum makecache fast 17 | 18 | # Install docker 19 | # on a new system with yum repo defined, forcing older version and ignoring obsoletes introduced by 17.06.0 20 | yum install -y --setopt=obsoletes=0 \ 21 | docker-ce-17.03.2.ce-1.el7.centos.x86_64 \ 22 | docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch 23 | 24 | ./post_install_docker.sh 25 | 26 | ../utils/start_service.sh docker 27 | 28 | docker version 29 | -------------------------------------------------------------------------------- /components/docker/post_install_docker.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | 13 | 14 | cat < /etc/sysctl.d/docker.conf 15 | net.ipv4.ip_forward=1 16 | net.bridge.bridge-nf-call-ip6tables = 1 17 | net.bridge.bridge-nf-call-iptables = 1 18 | EOF 19 | 20 | sysctl --system -------------------------------------------------------------------------------- /components/docker/run_docker_without_root.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | DOCKER_GROUP="$(grep docker /etc/group)" 13 | if [ -z "$DOCKER_GROUP" ] ; then 14 | sudo groupadd docker 15 | fi 16 | 17 | 18 | systemctl restart docker 19 | 20 | USERNAME=$1 21 | gpasswd -a $USERNAME docker 22 | 23 | grep docker /etc/group 24 | 25 | 26 | -------------------------------------------------------------------------------- /components/docker/use_aliyun_docker_registry.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | sudo mkdir -p /etc/docker 6 | sudo tee /etc/docker/daemon.json <<-'EOF' 7 | { 8 | "registry-mirrors": ["https://5twf62k1.mirror.aliyuncs.com"] 9 | } 10 | EOF 11 | sudo systemctl daemon-reload 12 | sudo systemctl restart docker 13 | 14 | docker info -------------------------------------------------------------------------------- /components/git/git_reset.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | git fetch origin 6 | git reset --hard origin/master 7 | 8 | git pull 9 | -------------------------------------------------------------------------------- /components/git/install_git.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | yum install git -y 6 | git --version 7 | -------------------------------------------------------------------------------- /components/gitlab-docker/README.md: -------------------------------------------------------------------------------- 1 | 2 | https://github.com/sameersbn/docker-gitlab 3 | 4 | 5 | 1. Replace values of below keys using `pwgen -Bsv1 64` 6 | 7 | * `GITLAB_SECRETS_DB_KEY_BASE` 8 | * `GITLAB_SECRETS_SECRET_KEY_BASE` 9 | * `GITLAB_SECRETS_OTP_KEY_BASE` 10 | 11 | > Run `yum install pwgen -y` to install `pwgen` firstly if it is not installed. 12 | 13 | 2. Set value of `GITLAB_HOST` 14 | 15 | 3. Set value of `password` 16 | 17 | 4. Set timezone `TZ` as `Asia/Shanghai` and GITLAB_TIMEZONE=`Beijing` 18 | -------------------------------------------------------------------------------- /components/gitlab-docker/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | 3 | services: 4 | redis: 5 | restart: always 6 | image: sameersbn/redis:4.0.9-2 7 | command: 8 | - --loglevel warning 9 | volumes: 10 | - /srv/docker/gitlab/redis:/var/lib/redis:Z 11 | 12 | postgresql: 13 | restart: always 14 | image: sameersbn/postgresql:10-2 15 | volumes: 16 | - /srv/docker/gitlab/postgresql:/var/lib/postgresql:Z 17 | environment: 18 | - DB_USER=gitlab 19 | - DB_PASS=password 20 | - DB_NAME=gitlabhq_production 21 | - DB_EXTENSION=pg_trgm 22 | 23 | gitlab: 24 | restart: always 25 | image: sameersbn/gitlab:12.0.0 26 | depends_on: 27 | - redis 28 | - postgresql 29 | ports: 30 | - "10080:80" 31 | - "10022:22" 32 | volumes: 33 | - /srv/docker/gitlab/gitlab:/home/git/data:Z 34 | environment: 35 | - DEBUG=false 36 | 37 | - DB_ADAPTER=postgresql 38 | - DB_HOST=postgresql 39 | - DB_PORT=5432 40 | - DB_USER=gitlab 41 | - DB_PASS=password 42 | - DB_NAME=gitlabhq_production 43 | 44 | - REDIS_HOST=redis 45 | - REDIS_PORT=6379 46 | 47 | - TZ=Asia/Shanghai 48 | - GITLAB_TIMEZONE=Beijing 49 | 50 | - GITLAB_HTTPS=false 51 | - SSL_SELF_SIGNED=false 52 | 53 | - GITLAB_HOST=192.168.87.151 54 | - GITLAB_PORT=10080 55 | - GITLAB_SSH_PORT=10022 56 | - GITLAB_RELATIVE_URL_ROOT= 57 | - GITLAB_SECRETS_DB_KEY_BASE=KpwTrjvsd9cxs9WPsjbwMk49MWgXN9cq7v9Xj9b3MmNLnkvvNmptzq4XmFCWMFqT 58 | - GITLAB_SECRETS_SECRET_KEY_BASE=nV3PsRhmkXgMTHJPsF7FNVbJjv7xLPmsmcfngWJ33LcJzLNdx333WjMbL3gJfcgF 59 | - GITLAB_SECRETS_OTP_KEY_BASE=pX9XTH4g9wwxFsHbzmkFgP9VLffkrpmvmTNfNsVTswspb4VxWjcxwq4j3KWwmzmP 60 | 61 | - GITLAB_ROOT_PASSWORD= 62 | - GITLAB_ROOT_EMAIL= 63 | 64 | - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true 65 | - GITLAB_NOTIFY_PUSHER=false 66 | 67 | - GITLAB_EMAIL=notifications@example.com 68 | - GITLAB_EMAIL_REPLY_TO=noreply@example.com 69 | - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com 70 | 71 | - GITLAB_BACKUP_SCHEDULE=daily 72 | - GITLAB_BACKUP_TIME=01:00 73 | 74 | - SMTP_ENABLED=false 75 | - SMTP_DOMAIN=www.example.com 76 | - SMTP_HOST=smtp.gmail.com 77 | - SMTP_PORT=587 78 | - SMTP_USER=mailer@example.com 79 | - SMTP_PASS=password 80 | - SMTP_STARTTLS=true 81 | - SMTP_AUTHENTICATION=login 82 | 83 | - IMAP_ENABLED=false 84 | - IMAP_HOST=imap.gmail.com 85 | - IMAP_PORT=993 86 | - IMAP_USER=mailer@example.com 87 | - IMAP_PASS=password 88 | - IMAP_SSL=true 89 | - IMAP_STARTTLS=false 90 | 91 | - OAUTH_ENABLED=false 92 | - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER= 93 | - OAUTH_ALLOW_SSO= 94 | - OAUTH_BLOCK_AUTO_CREATED_USERS=true 95 | - OAUTH_AUTO_LINK_LDAP_USER=false 96 | - OAUTH_AUTO_LINK_SAML_USER=false 97 | - OAUTH_EXTERNAL_PROVIDERS= 98 | 99 | - OAUTH_CAS3_LABEL=cas3 100 | - OAUTH_CAS3_SERVER= 101 | - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false 102 | - OAUTH_CAS3_LOGIN_URL=/cas/login 103 | - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate 104 | - OAUTH_CAS3_LOGOUT_URL=/cas/logout 105 | 106 | - OAUTH_GOOGLE_API_KEY= 107 | - OAUTH_GOOGLE_APP_SECRET= 108 | - OAUTH_GOOGLE_RESTRICT_DOMAIN= 109 | 110 | - OAUTH_FACEBOOK_API_KEY= 111 | - OAUTH_FACEBOOK_APP_SECRET= 112 | 113 | - OAUTH_TWITTER_API_KEY= 114 | - OAUTH_TWITTER_APP_SECRET= 115 | 116 | - OAUTH_GITHUB_API_KEY= 117 | - OAUTH_GITHUB_APP_SECRET= 118 | - OAUTH_GITHUB_URL= 119 | - OAUTH_GITHUB_VERIFY_SSL= 120 | 121 | - OAUTH_GITLAB_API_KEY= 122 | - OAUTH_GITLAB_APP_SECRET= 123 | 124 | - OAUTH_BITBUCKET_API_KEY= 125 | - OAUTH_BITBUCKET_APP_SECRET= 126 | 127 | - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL= 128 | - OAUTH_SAML_IDP_CERT_FINGERPRINT= 129 | - OAUTH_SAML_IDP_SSO_TARGET_URL= 130 | - OAUTH_SAML_ISSUER= 131 | - OAUTH_SAML_LABEL="Our SAML Provider" 132 | - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient 133 | - OAUTH_SAML_GROUPS_ATTRIBUTE= 134 | - OAUTH_SAML_EXTERNAL_GROUPS= 135 | - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL= 136 | - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME= 137 | - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME= 138 | - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME= 139 | - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME= 140 | 141 | - OAUTH_CROWD_SERVER_URL= 142 | - OAUTH_CROWD_APP_NAME= 143 | - OAUTH_CROWD_APP_PASSWORD= 144 | 145 | - OAUTH_AUTH0_CLIENT_ID= 146 | - OAUTH_AUTH0_CLIENT_SECRET= 147 | - OAUTH_AUTH0_DOMAIN= 148 | 149 | - OAUTH_AZURE_API_KEY= 150 | - OAUTH_AZURE_API_SECRET= 151 | - OAUTH_AZURE_TENANT_ID= -------------------------------------------------------------------------------- /components/gitlab-docker/install_gitlab.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Increase ulimit 13 | # ../../components/utils/increase_ulimit.sh 14 | 15 | # Open ports on Firewall 16 | ../../components/utils/open_firewall_port.sh 10080 17 | ../../components/utils/open_firewall_port.sh 10022 18 | 19 | # Run GitLab with Docker Compose 20 | mkdir -p /opt/gitlab 21 | 22 | cp docker-compose.yml /opt/gitlab 23 | 24 | cd /opt/gitlab 25 | docker-compose up -d 26 | 27 | -------------------------------------------------------------------------------- /components/gitlab/configure_gitlab_ce_letsencrypt.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | ../utils/open_firewall_port.sh 443 13 | 14 | # Backup GitLab configuration 15 | cp -p /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.bak$(date '+%Y%m%d%H%M%S') 16 | 17 | # Change external_url to https 18 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "external_url 'http:" "external_url 'https:" 19 | 20 | # Enable Letsencrypt 21 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# letsencrypt\['enable'\] = nil" "letsencrypt\['enable'\] = true" 22 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# letsencrypt\['enable'\] = false" "letsencrypt\['enable'\] = true" 23 | 24 | # Configure certificate renew notification email 25 | CERT_RENEW_NOTIFY_EMAIL="$1" 26 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# letsencrypt\['contact_emails'\] = \[\]" "letsencrypt\['contact_emails'\] = \[\'${CERT_RENEW_NOTIFY_EMAIL}\'\]" 27 | 28 | # Auto renew certification 29 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# letsencrypt\['auto_renew'\] = true" "letsencrypt\['auto_renew'\] = true" 30 | 31 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# letsencrypt\['auto_renew_hour'\] = 0" "letsencrypt\['auto_renew_hour'\] = 12" 32 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# letsencrypt\['auto_renew_minute'\] = nil" "letsencrypt\['auto_renew_minute'\] = 30" 33 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# letsencrypt\['auto_renew_day_of_month'\]" "letsencrypt\['auto_renew_day_of_month'\]" 34 | 35 | # Re-configure GitLab 36 | gitlab-ctl reconfigure 37 | 38 | 39 | -------------------------------------------------------------------------------- /components/gitlab/configure_gitlab_ce_manual_ssl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # References: 3 | # https://docs.gitlab.com/omnibus/settings/nginx.html#enable-https 4 | # Nginx Configuration: 5 | # /var/opt/gitlab/nginx/conf/gitlab-http.conf 6 | 7 | set -e 8 | 9 | # Locate shell script path 10 | SCRIPT_DIR=$(dirname $0) 11 | if [ ${SCRIPT_DIR} != '.' ] 12 | then 13 | cd ${SCRIPT_DIR} 14 | fi 15 | 16 | GITLAB_DOMAIN="$1" 17 | SSL_CERT_SUBJ="$2" 18 | 19 | ../utils/open_firewall_port.sh 443 20 | 21 | # Prepare self-signed SSL cert 22 | ../ssl/create_self_signed_cert.sh "${SSL_CERT_SUBJ}" 23 | 24 | mkdir -p /etc/gitlab/ssl 25 | chmod 700 /etc/gitlab/ssl 26 | 27 | cp -f ../ssl/server.key /etc/gitlab/ssl/"${GITLAB_DOMAIN}.key" 28 | cp -f ../ssl/server.crt /etc/gitlab/ssl/"${GITLAB_DOMAIN}.crt" 29 | 30 | 31 | # Backup GitLab configuration 32 | cp -p /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.bak$(date '+%Y%m%d%H%M%S') 33 | 34 | # Change external_url to https 35 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "external_url 'http:" "external_url 'https:" 36 | 37 | # Redirect HTTP request to HTTPS in Nginx 38 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# nginx\['redirect_http_to_https'\] = false" "nginx\['redirect_http_to_https'\] = true" 39 | 40 | # Re-configure GitLab 41 | gitlab-ctl reconfigure 42 | 43 | 44 | -------------------------------------------------------------------------------- /components/gitlab/configure_gitlab_settings.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Backup GitLab configuration 13 | cp -p /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.bak$(date '+%Y%m%d%H%M%S') 14 | 15 | # Configure Timezone 16 | # https://gitlab.xdevops.cn/help/workflow/timezone.md 17 | ../utils/replace_in_file.sh /etc/gitlab/gitlab.rb "\# gitlab_rails\['time_zone'\] = 'UTC'" "gitlab_rails\['time_zone'\] = 'Asia\/Shanghai'" 18 | 19 | # Enable GitLab Rack Attack if the GitLab is exposed in Internet 20 | # https://gitlab.xdevops.cn/help/security/rack_attack.md 21 | cat >> /etc/gitlab/gitlab.rb < true, 24 | 'ip_whitelist' => ["127.0.0.1"], 25 | 'maxretry' => 10, # Limit the number of Git HTTP authentication attempts per IP 26 | 'findtime' => 60, # Reset the auth attempt counter per IP after 60 seconds 27 | 'bantime' => 3600 # Ban an IP for one hour (3600s) after too many auth attempts 28 | } 29 | EOF 30 | 31 | # Reconfigure and restart GitLab 32 | gitlab-ctl reconfigure 33 | gitlab-ctl restart 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /components/gitlab/install_gitlab_ce_http.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | GITLAB_DOMAIN="$1" 13 | 14 | 15 | yum install -y curl policycoreutils-python openssh-server 16 | 17 | ../utils/start_service.sh sshd 18 | 19 | ../tsinghua/use_tsinghua_gitlab_repo.sh 20 | 21 | 22 | GITLAB_URL="http://${GITLAB_DOMAIN}" 23 | EXTERNAL_URL="${GITLAB_URL}" yum install -y gitlab-ce 24 | 25 | ../utils/open_firewall_port.sh 80 26 | 27 | ./post_install_gitlab.sh "${GITLAB_URL}" 28 | -------------------------------------------------------------------------------- /components/gitlab/install_gitlab_ce_https.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | GITLAB_DOMAIN="$1" 13 | SSL_CERT_SUBJ="$2" 14 | 15 | yum install -y curl policycoreutils-python openssh-server 16 | 17 | ../utils/start_service.sh sshd 18 | 19 | ../tsinghua/use_tsinghua_gitlab_repo.sh 20 | 21 | GITLAB_URL="https://${GITLAB_DOMAIN}" 22 | EXTERNAL_URL="${GITLAB_URL}" yum install -y gitlab-ce 23 | 24 | ../utils/open_firewall_port.sh 80 25 | 26 | echo "$(../utils/get_ip.sh) ${GITLAB_DOMAIN}" >> /etc/hosts 27 | 28 | ./configure_gitlab_ce_manual_ssl.sh "${GITLAB_DOMAIN}" "${SSL_CERT_SUBJ}" 29 | 30 | ./post_install_gitlab.sh "${GITLAB_URL}" 31 | -------------------------------------------------------------------------------- /components/gitlab/post_install_gitlab.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | GITLAB_URL="$1" 13 | 14 | echo "GitLab URL: ${GITLAB_URL}" 15 | echo "Check GitLab version and Help document: ${GITLAB_URL}/help" 16 | echo "Please open GitLab in browser and reset password to continue configuration" 17 | echo "Default GitLab admin account: root" 18 | echo "You may need update local hosts file firstly:" 19 | echo "Mac: https://www.tekrevue.com/tip/edit-hosts-file-mac-os-x/" 20 | echo "Windows: https://www.techwalla.com/articles/how-to-edit-your-windows-hosts-file" 21 | 22 | -------------------------------------------------------------------------------- /components/gradle/install_gradle.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Check if JDK is installed 13 | ../utils/determine_java.sh 14 | 15 | # Download and install Gradle 16 | VERSION="$1" 17 | if [ ! -n "${VERSION}" ]; then 18 | VERSION="5.4" 19 | fi 20 | 21 | GRADLE_VERSION="gradle-${VERSION}" 22 | 23 | GRADLE_PACKAGE="${GRADLE_VERSION}-bin.zip" 24 | wget https://services.gradle.org/distributions/${GRADLE_PACKAGE} 25 | 26 | unzip ${GRADLE_PACKAGE} 27 | 28 | mv ${GRADLE_VERSION} /opt 29 | 30 | chown -R root:root /opt/${GRADLE_VERSION} 31 | 32 | ln -s /opt/${GRADLE_VERSION} /opt/gradle 33 | 34 | # Set PATH system variable 35 | 36 | cat > /etc/profile.d/gradle.sh < /etc/systemd/system/jenkins.service < /dev/null 2>&1 & 17 | return_code=$? 18 | 19 | 20 | ;; 21 | stop) 22 | echo "Stopping Jenkins slave" 23 | 24 | ps -ef | grep jenkins | grep agent | grep -v grep | awk '{print $2}' | xargs kill -9 25 | return_code=$? 26 | 27 | esac 28 | 29 | exit $return_code 30 | -------------------------------------------------------------------------------- /components/jenkins/install_jenkins.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Check if JDK is installed 13 | ../utils/determine_java.sh 14 | 15 | wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins.io/redhat-stable/jenkins.repo 16 | rpm --import http://pkg.jenkins.io/redhat-stable/jenkins.io.key 17 | 18 | yum clean all 19 | yum makecache 20 | 21 | yum install jenkins -y 22 | 23 | ./post_install_jenkins.sh -------------------------------------------------------------------------------- /components/jenkins/install_jenkins_rpm.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Check if JDK is installed 13 | ../utils/determine_java.sh 14 | 15 | 16 | RPM_PACKAGE=jenkins-2.164.2-1.1.noarch.rpm 17 | JENKINS_MIRROR_URL=https://mirrors.tuna.tsinghua.edu.cn 18 | 19 | wget $JENKINS_MIRROR_URL/jenkins/redhat-stable/$RPM_PACKAGE 20 | rpm -ivh $RPM_PACKAGE 21 | 22 | ./post_install_jenkins.sh -------------------------------------------------------------------------------- /components/jenkins/post_install_jenkins.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | 13 | ../utils/start_service.sh jenkins 14 | 15 | ../utils/open_firewall_port.sh 8080 16 | 17 | echo "Jenkins URL: http://$(../utils/get_ip.sh):8080" 18 | 19 | # wait 1 minute until Jenkins is ready 20 | sleep 60 21 | echo "Jenkins initial admin password: $(more /var/lib/jenkins/secrets/initialAdminPassword)" 22 | 23 | echo "Please open Jenkins in browser and input initial password to continue configuration" 24 | -------------------------------------------------------------------------------- /components/jenkins/run_docker_with_jenkins.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | ../docker/run_docker_without_root.sh jenkins 13 | 14 | # restart jenkins 15 | systemctl restart jenkins 16 | -------------------------------------------------------------------------------- /components/maven/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Use Aliyun Maven Repo 3 | Copy `settings.xml` to `~/.m2` 4 | -------------------------------------------------------------------------------- /components/maven/install_maven.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Check if JDK is installed 13 | ../utils/determine_java.sh 14 | 15 | # Download and install Maven 16 | VERSION="$1" 17 | if [ ! -n "${VERSION}" ]; then 18 | VERSION="3.6.0" 19 | fi 20 | 21 | MAVEN_VERSION="apache-maven-${VERSION}" 22 | MAVEN_PACKAGE="${MAVEN_VERSION}-bin.tar.gz" 23 | 24 | # Maven mirrors: 25 | # http://maven.apache.org/download.cgi 26 | MAVEN_MIRROR_URL="http://mirrors.tuna.tsinghua.edu.cn/apache" 27 | wget ${MAVEN_MIRROR_URL}/maven/maven-3/${VERSION}/binaries/${MAVEN_PACKAGE} 28 | 29 | tar -zxvf ${MAVEN_PACKAGE} 30 | 31 | mv ${MAVEN_VERSION} /opt 32 | 33 | chown -R root:root /opt/${MAVEN_VERSION} 34 | 35 | ln -s /opt/${MAVEN_VERSION} /opt/apache-maven 36 | 37 | # Set PATH system variable 38 | cat > /etc/profile.d/maven.sh < 2 | 3 | 21 | 22 | 46 | 49 | 55 | 56 | 64 | 65 | 72 | 73 | 78 | 79 | 83 | 84 | 85 | 90 | 91 | 105 | 106 | 107 | 111 | 112 | 125 | 126 | 133 | 134 | 135 | 146 | 147 | 159 | 160 | aliyunmaven 161 | * 162 | Aliyun Maven Repo 163 | https://maven.aliyun.com/repository/public 164 | 165 | 166 | 167 | 188 | 189 | 218 | 219 | 253 | 254 | 255 | 263 | 264 | -------------------------------------------------------------------------------- /components/nexus-docker/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | 3 | services: 4 | nexus: 5 | restart: always 6 | image: sonatype/nexus3:3.17.0 7 | volumes: 8 | - /srv/docker/nexus/nexus-data:/nexus-data:Z 9 | ports: 10 | - "8081:8081" 11 | -------------------------------------------------------------------------------- /components/nexus-docker/install_nexus.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Increase ulimit 13 | # ../../components/utils/increase_ulimit.sh 14 | 15 | # Open ports on Firewall 16 | ../../components/utils/open_firewall_port.sh 8081 17 | 18 | # Run Nexus with Docker Compose 19 | # https://github.com/sonatype/docker-nexus3 20 | mkdir -p /opt/nexus 21 | cp docker-compose.yml /opt/nexus 22 | 23 | # Create volumes 24 | mkdir -p /srv/docker/nexus/nexus-data && chown -R 200 /srv/docker/nexus/nexus-data 25 | 26 | cd /opt/nexus 27 | docker-compose up -d 28 | 29 | -------------------------------------------------------------------------------- /components/nexus/add_nexus_service.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | 13 | cat > /etc/systemd/system/nexus.service < /etc/profile.d/java8.sh <> ~/.ssh/authorized_keys 15 | 16 | more ~/.ssh/authorized_keys 17 | 18 | rm -f ~/id_rsa.pub 19 | 20 | -------------------------------------------------------------------------------- /components/ssh/gen_keys.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Run this script on source machine 6 | 7 | 8 | DIRECTORY=`readlink -f ~/.ssh` 9 | 10 | if [ ! -d "${DIRECTORY}" ]; then 11 | ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N "" 12 | cd ~/.ssh && ls -ltra 13 | else 14 | echo "~/.ssh already exist." 15 | fi 16 | 17 | ./add_key_into_ssh_agent.sh 18 | 19 | echo "Copy SSH public key to target machine:" 20 | echo "scp ~/.ssh/id_rsa.pub @:~" 21 | -------------------------------------------------------------------------------- /components/ssl/create_self_signed_cert.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | # Generate RSA private key 13 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 14 | 15 | # Remove password in the private key 16 | openssl rsa -passin pass:x -in server.pass.key -out server.key 17 | rm -f server.pass.key 18 | 19 | # Generate CSR sign request 20 | SUBJ="$1" 21 | openssl req -new -key server.key -out server.csr -subj "$SUBJ" 22 | 23 | # Generate CRT signed cert 24 | openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 25 | -------------------------------------------------------------------------------- /components/timedate/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Use Aliyun NTP server 3 | https://help.aliyun.com/document_detail/92704.html -------------------------------------------------------------------------------- /components/timedate/install_ntp.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | rpm -qa | grep ntp 6 | 7 | yum install ntp -y 8 | 9 | rpm -qa | grep ntp 10 | 11 | systemctl enable ntpd 12 | systemctl start ntpd 13 | systemctl status ntpd 14 | 15 | -------------------------------------------------------------------------------- /components/timedate/sync_timedate_chrony.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | ./install_ntp.sh 13 | 14 | # Current time 15 | timedatectl 16 | 17 | # Set time zone 18 | timedatectl set-timezone Asia/Shanghai 19 | 20 | # Enable ntp time sync 21 | timedatectl set-ntp yes 22 | 23 | # Use local RTC time 24 | timedatectl set-local-rtc 1 25 | 26 | # Enable and start chronyd service 27 | yum install chrony -y 28 | systemctl enable chronyd 29 | systemctl start chronyd 30 | 31 | # Verify ntp sync status 32 | netstat -nupl | grep 323 33 | chronyc sources 34 | chronyc tracking 35 | 36 | # Current time 37 | date -R 38 | 39 | timedatectl -------------------------------------------------------------------------------- /components/timedate/sync_timedate_ntp.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Locate shell script path 6 | SCRIPT_DIR=$(dirname $0) 7 | if [ ${SCRIPT_DIR} != '.' ] 8 | then 9 | cd ${SCRIPT_DIR} 10 | fi 11 | 12 | ./install_ntp.sh 13 | 14 | # Current time 15 | timedatectl 16 | 17 | # Set time zone 18 | timedatectl set-timezone Asia/Shanghai 19 | 20 | # Enable ntp time sync 21 | timedatectl set-ntp yes 22 | 23 | # Use local RTC time 24 | timedatectl set-local-rtc 1 25 | 26 | # Enable and start ntpd service 27 | yum install ntp -y 28 | systemctl enable ntpd 29 | systemctl start ntpd 30 | 31 | # Verify ntp sync status 32 | netstat -nupl | grep 123 33 | ntpq -p 34 | ntpstat 35 | 36 | # Current time 37 | date -R 38 | 39 | timedatectl -------------------------------------------------------------------------------- /components/tools/install_tools.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Skip failed install tools 4 | 5 | yum install wget -y 6 | yum install vim -y 7 | # netstat 8 | yum install net-tools -y 9 | # host 10 | yum install bind-utils -y 11 | # telnet 12 | yum install telnet -y 13 | # unizp 14 | yum install unzip -y 15 | # htop instead of top 16 | yum install htop -y 17 | # mtr 18 | yum install mtr -y 19 | # tree 20 | yum install tree -y 21 | -------------------------------------------------------------------------------- /components/tsinghua/gitlab-ce-tsinghua.repo: -------------------------------------------------------------------------------- 1 | [gitlab-ce] 2 | name=Gitlab CE Repository 3 | baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/ 4 | gpgcheck=0 5 | enabled=1 6 | -------------------------------------------------------------------------------- /components/tsinghua/use_tsinghua_gitlab_repo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | curl -o /etc/yum.repos.d/gitlab-ce-tsinghua.repo https://raw.githubusercontent.com/cookcodeblog/OneDayDevOps/master/components/tsinghua/gitlab-ce-tsinghua.repo 4 | 5 | yum clean all 6 | yum makecache 7 | 8 | yum repolist all 9 | -------------------------------------------------------------------------------- /components/utils/determine_java.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | die ( ) { 6 | echo 7 | echo "$*" 8 | echo 9 | exit 1 10 | } 11 | 12 | if [ -n "$JAVA_HOME" ] ; then 13 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 14 | # IBM's JDK on AIX uses strange locations for the executables 15 | JAVACMD="$JAVA_HOME/jre/sh/java" 16 | else 17 | JAVACMD="$JAVA_HOME/bin/java" 18 | fi 19 | if [ ! -x "$JAVACMD" ] ; then 20 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 21 | Please set the JAVA_HOME variable in your environment to match the 22 | location of your Java installation." 23 | fi 24 | else 25 | JAVACMD="java" 26 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 27 | Please set the JAVA_HOME variable in your environment to match the 28 | location of your Java installation." 29 | fi 30 | -------------------------------------------------------------------------------- /components/utils/get_ip.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | ip addr show | grep -v 'docker0' | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' 6 | -------------------------------------------------------------------------------- /components/utils/increase_ulimit.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # https://access.redhat.com/solutions/61334 6 | # https://blog.csdn.net/duanbiren123/article/details/80190750 7 | 8 | ulimit -u unlimited 9 | ulimit -n 65535 10 | 11 | cp -p /etc/security/limits.conf /etc/security/limits.conf.bak$(date '+%Y%m%d%H%M%S') 12 | 13 | cat <> /etc/security/limits.conf 14 | root soft nofile 65535 15 | root hard nofile 65535 16 | * soft nofile 65535 17 | * hard nofile 65535 18 | EOF 19 | 20 | -------------------------------------------------------------------------------- /components/utils/open_firewall_port.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | PORT=$1 6 | 7 | firewall-cmd --list-all 8 | 9 | firewall-cmd --zone=public --add-port=$PORT/tcp 10 | firewall-cmd --zone=public --add-port=$PORT/tcp --permanent 11 | 12 | firewall-cmd --reload 13 | firewall-cmd --list-all 14 | -------------------------------------------------------------------------------- /components/utils/open_firewall_service.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | SERVICE=$1 6 | 7 | firewall-cmd --list-all 8 | 9 | firewall-cmd --zone=public --add-serive=$SERVICE 10 | firewall-cmd --zone=public --add-port=$SERVICE --permanent 11 | 12 | firewall-cmd --reload 13 | firewall-cmd --list-all 14 | -------------------------------------------------------------------------------- /components/utils/replace_in_file.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | FILE="$1" 6 | SOURCE="$2" 7 | TARGET="$3" 8 | 9 | sed -i "s/${SOURCE}/${TARGET}/g" "${FILE}" 10 | -------------------------------------------------------------------------------- /components/utils/start_service.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | SERVICE=$1 6 | 7 | systemctl enable $SERVICE 8 | systemctl start $SERVICE 9 | systemctl status $SERVICE 10 | -------------------------------------------------------------------------------- /devops_in_k8s/jenkins/README.md: -------------------------------------------------------------------------------- 1 | 2 | ```bash 3 | kubectl create namespace devops 4 | kubectl apply -f jenkins-slave-service-account.yml 5 | ``` -------------------------------------------------------------------------------- /devops_in_k8s/jenkins/jenkins-slave-service-account.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: jenkins 6 | namespace: devops 7 | 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: ClusterRoleBinding 11 | metadata: 12 | name: jenkins 13 | roleRef: 14 | apiGroup: rbac.authorization.k8s.io 15 | kind: ClusterRole 16 | name: cluster-admin 17 | subjects: 18 | - kind: ServiceAccount 19 | name: jenkins 20 | namespace: devops -------------------------------------------------------------------------------- /devops_in_k8s/jenkins/pipeline/maven_docker_k8s.groovy: -------------------------------------------------------------------------------- 1 | def label = "k8s-slave-${UUID.randomUUID().toString()}" 2 | podTemplate(label: label, containers: [ 3 | containerTemplate( 4 | name: 'jnlp', 5 | image: 'jenkins/jnlp-slave:3.27-1-alpine', 6 | alwaysPullImage: false, 7 | privileged: true, 8 | args: '${computer.jnlpmac} ${computer.name}'), 9 | containerTemplate(name: 'maven', image: 'maven:3.6-jdk-8-alpine', command: 'cat', ttyEnabled: true, privileged: true), 10 | containerTemplate(name: 'docker', image: 'docker:18.06', command: 'cat', ttyEnabled: true, privileged: true), 11 | containerTemplate(name: 'kubectl', image: 'lachlanevenson/k8s-kubectl:v1.8.15', command: 'cat', ttyEnabled: true, privileged: true), 12 | ], 13 | namespace: 'devops',serviceAccount: 'jenkins',automountServiceAccountToken: 'true', 14 | volumes: [ 15 | hostPathVolume(hostPath: '/var/run/docker.sock', mountPath: '/var/run/docker.sock'), 16 | hostPathVolume(hostPath: '/root/.m2', mountPath: '/root/.m2') 17 | ]) { 18 | node(label) { 19 | stage('Test Docker') { 20 | container('docker') { 21 | sh 'docker version' 22 | } 23 | } 24 | stage('Test Maven') { 25 | container('maven') { 26 | sh 'mvn -v' 27 | } 28 | } 29 | stage('Test Kubernetes') { 30 | container('kubectl') { 31 | sh 'kubectl get pods --all-namespaces' 32 | } 33 | } 34 | } 35 | } 36 | --------------------------------------------------------------------------------