代码库push Web Hooks 创建过程
来自技术开发小组内部wiki
1,在NGINX配置里(/usr/local/nginx/conf/sites-enabled/hook):
server
{
listen 7777;
server_name_in_redirect off;
index index.html index.htm index.php;
root /home/www/hook;
location ~ .*\.(php|php5)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
重新加载nginx
/usr/local/nginx/sbin/nginx -s reload
2,先在后台创建一个新的代码库(code.fumubang.net)
3,在本地客户端克隆代码库,并在本地添加文件,推到远程转换成publish
4,用fumubang账号(看情况,具体用哪个账号自己决定,目前是用的fumubang)在测试机用:
ssh-keygen,一路回车:cat /home/fumubang/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA12N1837a9y+6jX0ElHJlBTcu0X1SjaE/lfyYpebF1gjaDbhprrrzmHZEwx5De5dwtTsRa+nwHRoEN2xFj4p+OpY8lKv+fR3Ihh/BUaj2c4Vb0b4kH2PRnsamPqV56DRO54uZn6dhof6M6ECabWsKdQlKOt3W5kUmBtj0aR+b2XuE9Xd5VLbQtFsdOtLiw+F7zdl0rDsJwK4eFYQwQCFFs4EpOneO2sMTzegp2SR3KDfrNF61drp6mxFZ0muObILEFQ+uixj5qYmq2Ykv8npZmFTKpoE0K5Rwgi9fRfCBF/Sw5a2GM84KuNXVJKxnBLag14JeXPhfT5aIqZtp9WSilQ== fumubang@localhost.localdomain
把这个钥匙放到code.fumubang.net任何一个账号的SSH keys,登录176后 cat /home/git/.ssh 看看有没有刚才你加的key
5,非常重要,在测试机上把远程代码克隆下来
1)cd /data2/fmb_preview 一定要切换到fumubang账号,因为key 是已fumubang建立的
repositories 这个比较特殊,测试机克隆远程代码必须加这个参数,看情况,有的不需要,比如30.45那台机器就不需要直接用如下:
git clone git@code.fumubang.net:root/fmb-core_frame.git -b preview fmb.core_frame (远程地址) -b preview(分支名称) fmb.core_frame(本地文件夹名称)
git clone git@code.fumubang.net:root/fmb-server_msg.git -b preview fmb.server_msg
2)切换到fumubang用户:
su fumubang
cd /home/fumubang/deploy/
mkdir fmb.xxxx
cd fmb.xxxx
vi build.xml
<?xml version="1.0" encoding="UTF-8"?>
<project name="Fumubang Core_frame" default="build">
<property name="NAME" value="fmb.core_frame"/>
<property name="REPOSITORY" value="git@code.fumubang.net::repositories/root/fmb-core_frame.git"/>
<php expression="date('Y-m-d-H-i-s')" returnProperty="TIME"/>
<php expression="date('YmdHis')" returnProperty="VERSION"/>
<!-- The default environment is 'production' -->
<if>
<equals arg1="${ENV}" arg2="production"/>
<then>
<property name="BRANCH" value="preview"/>
<property name="WWW_DIR" value="/home/www/${NAME}"/>
<property name="SOURCE_DIR" value="/home/www/src/${NAME}/${ENV}/${TIME}"/>
</then>
<else>
<echo msg="-------------------------------------" level='warning'/>
<echo msg="ENVIRONMENT: '${ENV}' is not defined." level="warning"/>
<echo msg="-------------------------------------" level='warning'/>
<fail message="..."/>
</else>
</if>
<target name="fetch">
<echo msg="Fetching code from repository, this might take a few minutes."/>
<mkdir dir="${SOURCE_DIR}" mode="0754"/>
<exec level="info" command="cd /data2/fmb_preview/${NAME} && git pull origin ${BRANCH}" checkreturn="true" logoutput="true"/>
<exec level="info" command="cd /data2/fmb_preview/${NAME} && /usr/bin/rsync -avWR --block-size=1024 --progress * ${SOURCE_DIR}" checkreturn="true" logoutput="true"/>
</target>
<target name="clean" depends="fetch">
<echo msg="Cleaning..."/>
<exec level="info" command="find ./ -name '.gitignore' | xargs rm -f" dir="${SOURCE_DIR}" checkreturn="true" logoutput="true"/>
<exec level="info" command="find ${SOURCE_DIR} -type f -regex '.*\.php\|.*\.js\|.*\.css' | xargs grep -l -E 'fumubang.com|dev-mtrade|dev-api|dev-mi|dev-mcart|dev-majax|#FMB_VERSION#' | while read file ; do sed -i 's/fumubang\.com/fumubang.net/g;s/dev-mtrade/mtrade/g;s/dev-api/api/g;s/dev-mi/mi/g;s/dev-mcart/mcart/g;s/dev-majax/majax/g;s/#FMB_VERSION#/${VERSION}/g' $file; done" checkreturn="true" logoutput="true" />
</target>
<target name="link" depends="clean">
<echo msg="Linking..."/>
<exec level="info" command="ln -snf ${SOURCE_DIR} ${WWW_DIR}" checkreturn="true" logoutput="true"/>
</target>
<target name="build" depends="link">
</target>
</project>
3)cd /home/www/hook
vi config.inc.php
<?php
define('CMD', "/home/fumubang/deploy/run.sh");
define('USR', "fumubang");
//dianping代码库
$repos['fumubang']['preview'] = "fmb.dianping production";
//这个地方就是你要在code.fumubang.net里设置hook 的参数,比如:
//http://192.168.30.45:7777?repos=coreframe&branch=preview,这样/home/www/hook/index.php会根据这两参数调用 fmb.core_frame production简析XML
$repos['coreframe']['preview'] = "fmb.core_frame production";
//后台代码库
$repos['admin']['preview'] = "fmb.admin production";
$repos['admin']['2016_0317_gewala'] = "fmb.admin test";
//数据库管理
$repos['database']['master'] = "fmb.database production";
//mock服务管理
$repos['mock']['master'] = "fmb.mock production";
# == daemon进程 ==
$repos['daemon']['preview'] = "fmb.daemon production";
# == 通行证 ==
#$repos['passport']['develop'] = "fmb.passport production";
#$repos['passport']['master'] = "fmb.passport production";
$repos['passport']['preview'] = "fmb.passport production";
# == 记事狗 ==
$repos['jishigou']['preview'] = "fmb.jishigou production";
# == uc用户中心 ==
$repos['uc']['preview'] = "fmb.uc production";
# == photo处理==
$repos['photo']['master'] = "fmb.photo production";
# == system处理 ==
$repos['system']['master'] = "fmb.system production";
# == 前端样式处理 ==
$repos['style']['master']="fmb.style production";
# == 代码发布系统 ==
$repos['codepublish']['master']="fmb.publish production";
# == 静态资源管理 ==
$repos['static']['master']="fmb.static production";
# == 配置文件管理中心 ==
$repos['config']['master']="fmb.config production";
6,根据/home/www/hook/index.php分析,在www的用户下运行:
sudo -u fumubang /home/fumubang/deploy/run.sh fmb.core_frame production
sudo -u fumubang /home/fumubang/deploy/run.sh fmb.server_msg production
sudo -u fumubang /home/fumubang/deploy/run.sh fmb.api_project production
如有问题看提示处理,我遇到了两个问题
1) git pull origin preview 说我没权限:
Access denied. fatal: The remote end hung up unexpectedly
原因就是我没有做第5步,而是cp过来的文件夹,所以第5步非常关键
2) [echo] Linking...
[exec] Executing command: ln -snf /home/www/src/fmb.core_frame/production/2018-11-26-15-55-57 /home/www/fmb.core_frame 2>&1
[exec] ln: 创建符号链接 "/home/www/fmb.core_frame/2018-11-26-15-55-57": 权限不够
原因就是权限不够,处理方法:
sudo su
cd /home/www
chmod -R 777 fmb.core_frame/
7,重新加载nginx :
/usr/local/nginx/sbin/nginx -s reload
8,在code.fumubang.net找到项目—>编辑—>web Hooks—>把nginx配置的访问地址填入:
http://192.168.30.45:7777?repos=apiproject&branch=preview
9,填入完成后,边上有个 Test Hook的按钮,点击的同时,要在30.45上看logs的输出:
cd /home/www/hook/logs
tail -f coreframe-2018-11-27.log 文件夹名是当时的日期
tail的时候就是不解析xml
遇到了一些问题:
1)/home/www/hook/index.php里的exec 对 “sudo -u fumubang /home/fumubang/deploy/run.sh fmb.core_frame production”不执行,其它的像 ls,ps 都可以,就是sudo 不可以,解决方法:visudo 屏蔽Defaults requiretty。以下是原文:
Defaults requiretty
在使用web页面对系统进行操作的时候常需要调用系统命令,这时候常常需要对执行权限进行转换。最简
单的办法是给shell添加+s的属性。但是这样太危险了。所以一般都是使用sudo命令切换执行权限,基於
安全性的考量,使用visudo来编辑设定档(/etc/sudoers),将以下这行注解掉,
Defaults requiretty
否则执行时会出现”you must have a tty to run sudo”的错误:
linux允许cgi执行sudo
1、关闭/etc/selinux/config SELINUX=disabled
2、设置visudo
注释#Defaults requiretty
Rico ALL=(ALL) NOPASSWD: /sbin/iptables
Defaults:Rico !authenticate
3、方法二:修改/etc/sysctl.conf文件
默认sysctl.conf文件中有一个变量是
net.ipv4.ip_forward = 0
一般用第2个方法,修改完成后,杀掉PHP进程:
ps -ef|grep php|grep -v grep|cut -c 9-15|xargs kill -9
重启PHP
/usr/local/php/sbin/php-fpm
