服務改用Docker與Docker-Composer架設

README.md

@@ -13,17 +13,24 @@ install.yml 用來安裝所需之套件
 config.yml 用來設定相關之設定
 
 ## Ansible Playbook 操作流程
-1. 將./env/env.swp檔名改成.env
+1. 將.env.swp檔名改成.env
 2. 設定.env中，對應的主機名與IP，可一次設定多台
-3. 運行以下指令安裝所需之套件
+3. 將./resources/.env.swp檔名改成.env，此為SonarQube連到資料庫所需之相關設定，請自行設定好
+4. 運行以下指令安裝所需之套件
 ```
 ansible-playbook -i .env install.yml --ask-become-pass
 ```
-4. 輸入登入用密碼
-5. 等全部的所需套件都安裝完成，並且沒有跳Fail
-6. 運行以下指令設定服務器
+5. 輸入登入用密碼
+6. 等全部的所需套件都安裝完成，並且沒有跳Fail
+7. 運行以下指令設定服務器
 ```
 ansible-playbook -i .env config.yml --ask-become-pass
 ```
-7. 輸入登入用密碼
-8. 等全部的所需套件都安裝完成，並且沒有跳Fail
\ No newline at end of file
+8. 輸入登入用密碼
+9. 等全部的所需套件都安裝完成，並且沒有跳Fail
+
+## 服務與連接阜
+
+8080 Port為Jenkins服務，初始啟動請解開./resources/jenkins.tar.gz，從jenkins/secrets/initialAdminPassword取得啟用服務所需之密碼
+
+9000 Port為SonarQube服務
\ No newline at end of file

config.yml

-# 設定安裝SonarQube所需資料庫環境
+---
 - hosts: ci_cd_test
   remote_user: petercheng
   become: yes
-  become_user: postgres
   tasks:
-    - name: "設定SonarQube所需資料庫環境"
-      include_tasks: tasks/config/postgres.yml
-
-# 設定SonarQube相關設定
-- hosts: ci_cd_test
-  remote_user: petercheng
-  become: yes
-  become_user: root
-  tasks:
-    - name: "設定SonarQube相關設定"
-      include_tasks: tasks/config/sonarQube.yml
\ No newline at end of file
+    # 初始化系統
+    - name: "設定系統參數"
+      include_tasks: tasks/config/init.yml
\ No newline at end of file

install.yml

@@ -13,10 +13,10 @@
     - name: "安裝Golang 1.13.4"
       include_tasks: tasks/install/golang.yml
 
-    # 安裝PostgreSQL
-    - name: "安裝PostgreSQL"
-      include_tasks: tasks/install/postgres.yml
+    # 安裝Docker
+    - name: "安裝Docker"
+      include_tasks: tasks/install/docker.yml
 
-    # 安裝SonarQube
-    - name: "安裝SonarQube 7.9.1 LTS"
-      include_tasks: tasks/install/sonarQube.yml
\ No newline at end of file
+    # 安裝Docker-Compose
+    - name: "安裝Docker"
+      include_tasks: tasks/install/docker-compose.yml
\ No newline at end of file

resources/docker/.env.swp

+sonar.jdbc.username=sonar
+sonar.jdbc.password=sonar
+sonar.jdbc.url=jdbc:postgres://127.0.0.1/sonar
\ No newline at end of file

resources/docker/docker-compose.yml

+version: '2'
+services:
+  sonar: 
+    image: 'sonarqube:lts'
+    container_name: 'sonar'
+    networks:
+      - build-networks
+    ports: 
+      -  0.0.0.0:9000:9000
+    environment:
+      - sonar.jdbc.username
+      - sonar.jdbc.password
+      - sonar.jdbc.url
+    restart: always
+  jenkins:
+    image: 'jenkins/jenkins:lts'
+    container_name: 'jenkins'
+    networks:
+      - build-networks
+    ports: 
+      - 0.0.0.0:8080:8080
+      - 0.0.0.0:50000:50000
+    volumes: 
+      - /opt/jenkins:/var/jenkins_home
+    restart: always
+networks: 
+  build-networks:
+    driver: bridge
+    
\ No newline at end of file

resources/jvm.options

-## JVM configuration
-
-################################################################
-## IMPORTANT: JVM heap size
-################################################################
-##
-## You should always set the min and max JVM heap
-## size to the same value. For example, to set
-## the heap to 4 GB, set:
-##
-## -Xms4g
-## -Xmx4g
-##
-## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
-## for more information
-##
-################################################################
-
-# Xms represents the initial size of total heap space
-# Xmx represents the maximum size of total heap space
-
--Xms1g
--Xmx1g
-
-################################################################
-## Expert settings
-################################################################
-##
-## All settings below this section are considered
-## expert settings. Don't tamper with them unless
-## you understand what you are doing
-##
-################################################################
-
-## GC configuration
--XX:+UseConcMarkSweepGC
--XX:CMSInitiatingOccupancyFraction=75
--XX:+UseCMSInitiatingOccupancyOnly
-
-## G1GC Configuration
-# NOTE: G1GC is only supported on JDK version 10 or later.
-# To use G1GC uncomment the lines below.
-# 10-:-XX:-UseConcMarkSweepGC
-# 10-:-XX:-UseCMSInitiatingOccupancyOnly
-# 10-:-XX:+UseG1GC
-# 10-:-XX:InitiatingHeapOccupancyPercent=75
-
-## DNS cache policy
-# cache ttl in seconds for positive DNS lookups noting that this overrides the
-# JDK security property networkaddress.cache.ttl; set to -1 to cache forever
--Des.networkaddress.cache.ttl=60
-# cache ttl in seconds for negative DNS lookups noting that this overrides the
-# JDK security property networkaddress.cache.negative ttl; set to -1 to cache
-# forever
--Des.networkaddress.cache.negative.ttl=10
-
-## optimizations
-
-# pre-touch memory pages used by the JVM during initialization
--XX:+AlwaysPreTouch
-
-## basic
-
-# explicitly set the stack size
--Xss1m
-
-# set to headless, just in case
--Djava.awt.headless=true
-
-# ensure UTF-8 encoding by default (e.g. filenames)
--Dfile.encoding=UTF-8
-
-# use our provided JNA always versus the system one
--Djna.nosys=true
-
-# turn off a JDK optimization that throws away stack traces for common
-# exceptions because stack traces are important for debugging
--XX:-OmitStackTraceInFastThrow
-
-# flags to configure Netty
--Dio.netty.noUnsafe=true
--Dio.netty.noKeySetOptimization=true
--Dio.netty.recycler.maxCapacityPerThread=0
-
-# log4j 2
--Dlog4j.shutdownHookEnabled=false
--Dlog4j2.disable.jmx=true
-
--Djava.io.tmpdir=/tmp
-
-## heap dumps
-
-# generate a heap dump when an allocation from the Java heap fails
-# heap dumps are created in the working directory of the JVM
--XX:+HeapDumpOnOutOfMemoryError
-
-# specify an alternative path for heap dumps; ensure the directory exists and
-# has sufficient space
-#-XX:HeapDumpPath=data
-
-# specify an alternative path for JVM fatal error logs
-#-XX:ErrorFile=logs/hs_err_pid%p.log
-
-## JDK 8 GC logging
-
-#8:-XX:+PrintGCDetails
-#8:-XX:+PrintGCDateStamps
-#8:-XX:+PrintTenuringDistribution
-#8:-XX:+PrintGCApplicationStoppedTime
-#8:-Xloggc:logs/gc.log
-#8:-XX:+UseGCLogFileRotation
-#8:-XX:NumberOfGCLogFiles=32
-#8:-XX:GCLogFileSize=64m
-
-# JDK 9+ GC logging
-#9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m
-# due to internationalization enhancements in JDK 9 Elasticsearch need to set the provider to COMPAT otherwise
-# time/date parsing will break in an incompatible way for some date patterns and locals
-#9-:-Djava.locale.providers=COMPAT
-
-# temporary workaround for C2 bug with JDK 10 on hardware with AVX-512
-#10-:-XX:UseAVX=2

resources/sonar.service

-[Unit]
-Description=SonarQube service
-After=syslog.target network.target
-
-[Service]
-Type=forking
-
-ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
-ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
-
-User=root
-Group=root
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
\ No newline at end of file

tasks/config/init.yml

+---
+  - name: "設定系統環境"
+    shell: "{{ item }}"
+    with_items:
+      - sysctl -w vm.max_map_count=262144
+      - sysctl -w fs.file-max=65536
+      - ulimit -n 65536
+      - ulimit -u 4096
+    args:
+      executable: /bin/bash
+  - name: "複製Docker-Compose.yml到遠端機器"
+    copy:
+      src: ./resources/docker/docker-compose.yml
+      dest: /opt/docker-compose.yml
+      owner: root
+      group: root
+      follow: yes
+      mode: "644"
+  - name: "複製Docker環境變數到遠端機器"
+    copy:
+      src: ./resources/docker/.env
+      dest: /opt/.env
+      owner: root
+      group: root
+      follow: yes
+      mode: "644"
+  - name: "新增存放Jenkins資料目錄"
+    file:
+      path: /opt/jenkins
+      state: directory
+      mode: "755"
+  - name: "複製存放Jenkins資料壓縮包"
+    copy: 
+      src: ./resources/jenkins.tar.gz
+      dest: /opt/jenkins.tar.gz
+  - name: "解壓存放Jenkins資料目錄"
+    unarchive:
+      src: /opt/jenkins.tar.gz
+      dest: /opt
+      remote_src: yes
+  - name: "設定Jenkins資料夾存取權限"
+    file:
+      path: /opt/jenkins
+      mode: "777"
+      owner: root
+      group: root
+      recurse: yes
+  - name: "運行Docker-Compose"
+    shell: "docker-compose -f /opt/docker-compose.yml up -d --build"
+    args:
+      executable: /bin/bash
+  
\ No newline at end of file

tasks/config/postgres.yml

----
-  #新增資料庫與使用者
-  - postgresql_db:
-      name: sonar
-      encoding: UTF-8
-      lc_collate: en_US.UTF-8
-      lc_ctype: en_US.UTF-8
-      template: template0
-  - postgresql_user:
-      db: sonar
-      name: sonar
-      password: sonar
-      priv: "ALL"
\ No newline at end of file

tasks/config/sonarQube.yml

----
-  - name: "置換SonarQube設定檔"
-    copy:
-      src: ./resources/sonar.properties
-      dest: /opt/sonarqube/conf/sonar.properties
-      follow: yes
-  - name: "置換Elasticsearch設定檔"
-    copy:
-      src: ./resources/jvm.options
-      dest: /opt/sonarqube/elasticsearch/config/jvm.options
-      follow: yes
-  - name: "設定Elasticsearch目錄權限"
-    file: 
-      path: /opt/sonarqube
-      recurse: yes
-      mode: 0777
-  - name: "將SonarQube設成服務"
-    copy:
-      src: ./resources/sonar.service
-      dest: /etc/systemd/system/sonar.service
-      follow: yes
-  - name: "啟用SonarQube服務"
-    command: "{{ item }}"
-    with_items: 
-      - systemctl enable sonar
-      - systemctl start sonar
\ No newline at end of file

tasks/install/docker-compose.yml

+---
+  #宣告變數
+  - shell: echo $(uname -s)-$(uname -m)
+    register: os
+  
+  #安裝Docker-Compose
+  - name: "下載Docker-Compose 1.25.0"
+    get_url:
+      url: https://github.com/docker/compose/releases/download/1.25.0/docker-compose-{{ os.stdout }}
+      dest: /usr/local/bin/docker-compose
+      mode: 0755
+  - name: "設定Docker-Compose執行連結"
+    file:
+      src: /usr/local/bin/docker-compose
+      dest: /usr/bin/docker-compose
+      owner: root
+      group: root
+      state: link
+      follow: yes
\ No newline at end of file

tasks/install/docker.yml

+---
+  #宣告變數
+  - shell: echo $(lsb_release -cs)
+    register: release_name
+  
+  #安裝Docker
+  - name: "移除舊版Docker"
+    apt:
+      pkg:
+        - docker
+        - docker-engine
+        - docker.io
+        - containerd
+        - runc
+        - docker-ce
+      purge: yes
+      state: absent
+  - name: "安裝下載Docker所需之相依性套件"
+    apt:
+      pkg: 
+        - apt-transport-https 
+        - ca-certificates 
+        - curl 
+        - gnupg-agent 
+        - software-properties-common
+      state: present
+      update_cache: yes
+  - name: "下載安裝Docker所需之套件庫GPG Key"
+    apt_key:
+      url: https://download.docker.com/linux/ubuntu/gpg
+      state: present
+  - name: "下載Docker套件庫來源"
+    apt_repository:
+      repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ release_name.stdout }} stable
+      state: present
+      filename: docker.list
+  - name: "安裝Docker"
+    apt:
+      pkg: 
+        - docker-ce 
+        - docker-ce-cli 
+        - containerd.io
+      state: present
+      update_cache: yes
\ No newline at end of file

tasks/install/postgres.yml

----
-- name: "安裝PostgreSQL"
-  apt:
-    pkg: 
-      - postgresql
-      - python-psycopg2
-    state: present
-    update_cache: yes
-- name: "修改資料庫管理員預設密碼"
-  user:
-    name: postgres
-    password: "{{ '1qazse4rfvgy7' | password_hash('sha512') }}"
\ No newline at end of file

tasks/install/sonarQube.yml

----
-  #安裝SonarQube
-  - name: "移除舊版SonarQube壓縮包"
-    file: 
-      path: /tmp/sonarQube-LTS.zip
-      state: absent
-  - name: "移除舊版SonarQube安裝包"
-    file:
-      path: /opt/sonarqube
-      state: absent
-  - name: "下載SonarQube"
-    get_url: 
-      url: https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.9.1.zip
-      dest: /tmp/sonarQube-LTS.zip
-      mode: 444
-  - name: "安裝Unzip套件"
-    apt:
-      pkg:
-        - unzip 
-        - openjdk-11-jdk
-        - openjdk-11-jdk-headless
-      state: present
-  - name: "解壓SonarQube"
-    unarchive: 
-      src: /tmp/sonarQube-LTS.zip
-      dest: /opt
-      remote_src: yes
-  - name: "修改目錄名稱"
-    command: mv /opt/sonarqube-7.9.1 /opt/sonarqube
\ No newline at end of file