vm-ubuntu-build安装过程

vm-ubuntu-build安装过程

记录时间:2011-02-16

虚拟系统配置

  • CPU:1
  • 内存:1024MB
  • 硬盘:系统:2GB, 软件+数据: 50GB

提供服务

服务器 服务 软件 网址
Apache2 前端,http代理,ssl代理 Apache2 2.2.14 (ssl, proxy, proxy-http)
Apache2 软件配置管理 Subversion 2.3.0, Apache2 2.2.14 (dav), WebSVN 2.3.0 https://vm-ubuntu-build/svn/2cn.de,

https://vm-ubuntu-build/websvn 

Tomcat6 仓库管理 Sonatype Nexus 1.9.0.1 http://vm-ubuntu-build/nexus
Tomcat6 持续集成 Oracle Hudson 1.3.96 http://vm-ubuntu-build/hudson

在vmhost-ubuntu-vbox添加vm-ubuntu-build虚拟机

绑定优盘,配置,初始化,启动虚拟机

mount /dev/sdb1 /mnt/backup/
su - vbox
VBoxManage createvm --name vm-ubuntu-build --register
VBoxManage modifyvm vm-ubuntu-build --cpus 1 --memory 1024 --vram 8 --acpi on --boot1 dvd --boot2 disk --audio alsa --audiocontroller ac97 --usb on --usbehci on --nic1 bridged --bridgeadapter1 eth0 --vrde on --vrdevideochannel on --vrdevideochannelquality 75
VBoxManage sharedfolder add vm-ubuntu-build --name vbox-shared --hostpath /opt/vbox-shared --automount
VBoxManage createhd --filename /opt/vbox/vm-ubuntu-build/vm-ubuntu-build-system.vdi --size 2000 --variant fixed
VBoxManage storagectl vm-ubuntu-build --name "SATA Controller" --add sata
VBoxManage storageattach vm-ubuntu-build --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium /opt/vbox/vm-ubuntu-build/vm-ubuntu-build-system.vdi
VBoxManage storageattach vm-ubuntu-build --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium /mnt/backup/setup/system/ubuntu-10.04.2-server-amd64.iso
VBoxManage showvminfo vm-ubuntu-build
VBoxHeadless -s vm-ubuntu-build

远程VRDP安装

使用Windows上的远程管理工具

  • mstsc <vmhost-ubuntu-vbox-ip>:3389
  • 选项:640*400, 16bit

安装ubuntu,硬盘分区,安装OpenSSH

  • Installer boot menu
    • Language: English
    • <F6>: noacpi=on, nomodeset=on
    • Install Ubuntu Server 10.04 (Rescue mode)
  • Ubuntu installer main menu
    • Choose language: English
    • Location: other, Europe, Germany
    • Detect keyboard layout: yes, + y <ENTER> => de:nodeadkeys
  • Configure the network
    • DHCP: Auto
    • hostname: vm-ubuntu-build
  • Partition disks
  • Install the base system
  • Set up users and passwords
    • Fullname: admin vm-ubuntu-build
    • Username: r
    • Password: <password>
    • Encrypt your home directory: No
  • Configure the package manager
  • Select and install software: No automatic updates
  • Software selection
  • Configuring grub-pc
    • Install the GRUB boot loader to the MBR: Yes
  • Restart

开启代理,更新系统,安装常用软件,删除不需要的软件包

sudo su
export http_proxy=http://www-cache.uni-mannheim.de:3128
apt-get update
apt-get dist-upgrade
apt-get autoremove
apt-get install rcconf
apt-get install python-software-properties
add-apt-repository "deb http://archive.canonical.com/ lucid partner"
aptitude install sun-java6-jdk
apt-get remove ubuntu-docs
apt-get remove mysql-common
apt-get remove samba-common
apt-get clean
apt-get autoclean
apt-get autoremove
cat /etc/issue
vi /etc/hosts

在vi里添加设置

127.0.0.1 vm-ubuntu-build

为r和root用户配置top命令

top

添加nagios远程监测

apt-get install nagios-nrpe-server
vi /etc/nagios/nrpe.cfg

修改/添加

allowed_hosts=vmhost-ubuntu-vbox
command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -e
/etc/init.d/nagios-nrpe-server restart

避免意外删除文件等错误

vi /etc/bash.bashrc

在vi里添加以下几行:

confirm() {
echo -n "Please confirm $*? [N/y] "
read -N 1 REPLY
echo
if test "$REPLY" = "y" -o "$REPLY" = "Y"; then
"$@"
else
echo "Cancelled by user"
fi
}
alias rm="rm -i"
alias cp="cp -i"
alias mv="mv -i"
alias halt="confirm halt"
alias reboot="confirm reboot"
alias shutdown="confirm shutdown"

SSH设置

用PAM限制SSH用户

vi /etc/pam.d/sshd

在vi里写入

auth required pam_listfile.so item=user sense=allow file=/etc/ssh/ssh.allow onerr=fail

添加允许SSH的用户

vi /etc/ssh/ssh.allow

在vi里写入

r
vbox

设置10分钟后自动关闭空闲的SSH链接

vi /etc/ssh/sshd_config

添加以下几行:

ClientAliveInterval 300
ClientAliveCountMax 2
UseDNS no

为vm-ubuntu-build添加data盘

添加data盘(vmhost-ubuntu-vbox)

VBoxManage createhd --filename /opt/vbox/vm-ubuntu-build/vm-ubuntu-build-data.vdi --size 50000
VBoxManage storageattach vm-ubuntu-build --storagectl "SATA Controller" --port 1 --device 0 --type hdd --medium /opt/vbox/vm-ubuntu-build/vm-ubuntu-build-data.vdi
VBoxHeadless startvm vm-ubuntu-build

创建ext4分区

sudo su
parted -a optimal /dev/sdb
(parted) mklabel
(parted) mkpart primary ext4 1 100%
(parted) print
(parted) quit
mkfs.ext4 /dev/sdb1

添加到虚拟机的fstab里

ls -l /dev/disk/by-uuid
# uuid sdb1: e42e6040-0f94-4694-88cc-1a1d687cc48e
vi /etc/fstab
# add line: UUID=e42e6040-0f94-4694-88cc-1a1d687cc48e /opt ext4 defaults 0 0
mount -a

安装VirtualBox Additions增强功能

在vmhost-ubuntu-vbox上绑定VBoxGuestAdditions.iso:

su - vbox
VBoxManage storagectl vm-ubuntu-build --name "IDE Controller" --add ide
VBoxManage storageattach vm-ubuntu-build --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium /usr/share/virtualbox/VBoxGuestAdditions.iso

在vm-ubuntu-build上安装:

sudo su
mkdir /media/cdrom
mount /dev/cdrom1 /media/cdrom
apt-get install dkms
/media/cdrom/VBoxLinuxAdditions.run --nox11
# 忽略视窗错误:Installing the Window System drivers ...fail!
addgroup r vboxrf

(手动添加共享文件夹)

mkdir /media/vbox-shared
mount -t vboxsf vbox-shared /media/vbox-shared

删除IDE Controller

VBoxManage storagectl vm-ubuntu-build --name "IDE Controller" --remove

安装subversion

安装subversion

安装apache2,配置apache2

sudo su
apt-get install apache2
a2enmod proxy
a2enmod proxy_http
vi /etc/apache2/apache2.conf

添加/修改行:

ServerName localhost
Timeout 60
MaxKeepAliveRequests 10
StartServers 1
MinSpareServers 1
MaxSpareServers 1
MaxClients 10
vi /etc/apache2/conf.d/security

添加/修改行:

<Directory />
Options -Indexes
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
ServerTokens Prod
ServerSignature Off
TraceEnable Off

安装subversion

addgroup subversion
usermod -a -G subversion www-data
usermod -a -G subversion r
apt-get install subversion libapache2-svn
svnadmin create --fs-type fsfs /opt/svn/2cn.de
chown -R www-data.subversion /opt/svn
chmod -R 770 /opt/svn
htpasswd -c /etc/subversion/passwd kley

修改/etc/subversion/authz文件

[groups]
admins = kley
developers = kley
guests = kley
[/]
@admins = rw
@developers = r
[2cn.de:/]
@admins = rw
@developers = rw

修改/etc/apache2/mods-available/dav_svn.conf文件

<Location /svn>
DAV svn
SVNPath /opt/svn
AuthType Basic
AuthName "2cn.de repository"
AuthUserFile /etc/subversion/passwd
AuthzSVNAccessFile /etc/subversion/authz
Require valid-user
</Location>

配置记录文件

groupadd log
usermod -a -G log www-data
usermod -a -G log r
mkdir /opt/logs
mkdir /opt/logs/build
mkdir /opt/logs/apache2
mkdir /opt/logs/svn
rm -R /var/log/apache2
ln -s /opt/logs/apache2 /var/log/apache2
chown -R build.log /opt/logs
chmod -R g+w /opt/logs
chmod -R o-r /opt/logs
chmod -R o-x /opt/logs
vi /etc/logrotate.d/svn
/opt/logs/svn/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then
/etc/init.d/apache2 reload > /dev/null
fi
endscript
}

配置ssl

a2enmod ssl

在/etc/apache2/ports.conf里加入以下行

<IfModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
</IfModule>
apt-get install ssl-cert
mkdir /etc/apache2/ssl
chmod 600 /etc/apache2/ssl
vi /usr/share/ssl-cert/ssleay.cnf

修改default_bits值

default_bits = 8192
/usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/vm-ubuntu-build_apache.pem

安装websvn

apt-get install websvn
# 选择apache2作为服务器
# svn文件夹:/opt/svn/2cn.de

清空/etc/apache2/mods-available/dav_svn.conf里的内容
添加到/etc/apache2/sites-available/websvn文件里

<VirtualHost *:443>
ServerAdmin webmaster@localhost
Alias /websvn /usr/share/websvn
<Directory /usr/share/websvn>
DirectoryIndex index.php
Options FollowSymLinks
Order allow,deny
Allow from all
AuthType Basic
AuthName "2cn.de WebSVN Subversion Repository"
Require valid-user
AuthUserFile /etc/subversion/passwd
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
</IfModule>
</Directory>
<Location /svn/2cn.de>
Order allow,deny
Allow from all
DAV svn
SVNPath /opt/svn/2cn.de
AuthType Basic
AuthName "2cn.de repository"
AuthUserFile /etc/subversion/passwd
AuthzSVNAccessFile /etc/subversion/authz
Require valid-user
</Location>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/vm-ubuntu-build_apache.pem
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
ErrorLog /opt/logs/svn/error.log
LogLevel error
CustomLog /opt/logs/svn/access.log combined
</VirtualHost>

清除/etc/websvn/apache.conf里的所有行
在/etc/websvn/svn_deb_conf.inc里更改2cn.de的标题

a2ensite websvn

SVN备份

创建备份文件夹,配置备份脚本

mkdir /opt/backup
mkdir /opt/build/scripts
vi /opt/build/scripts/svn_2cnde_full-backup.sh
#! /bin/sh
svnadmin dump /opt/svn/2cn.de > /tmp/svn_2cnde_full-backup.dump
rm -f /opt/backup/svn_2cnde_full-backup.dump
cp /tmp/svn_2cnde_full-backup.dump /opt/backup/svn_2cnde_full-backup.dump
chmod +x svn_2cnde_full-backup.sh
vi /opt/build/scripts/svn_2cnde_inc-backup.sh
#!/usr/bin/perl
use strict;
use warnings;
my $repo = '/opt/svn/2cn.de';
my $local_dir = '/tmp';
my $savedir = '/opt/backup';
my $last_saved_file = $savedir.'/last_saved.txt';
open(LAST_SAVED, '<', $last_saved_file);
my $last_saved = <LAST_SAVED>;
chomp $last_saved;
close(LAST_SAVED);
my $head = `svnlook youngest $repo`;
chomp $head;
if ($last_saved == $head) {
exit();
}
my $from = $last_saved + 1;
my $to = $head;
my $dumpfile = sprintf(
'/svn-%05u_%05u.svndump',
$from,
$to
);
my $local_dump_file = $local_dir.$dumpfile;
my $command = sprintf(
'svnadmin dump -q -r%u:%u --incremental %s > %s',
$from,
$to,
$repo,
$local_dump_file
);
system($command);
if (grep /^Revision-number: $to/, `grep --text ^Revision-number: $local_dump_file`) {
open(LAST_SAVED, '>', $last_saved_file);
print LAST_SAVED $to, "\n";
close(LAST_SAVED);
system('gzip '.$local_dump_file);
chdir($local_dir);
use File::Basename;
system('md5sum '.basename($local_dump_file).'.gz >> '.$savedir.'/MD5SUMS');
}
my $mv_command = sprintf(
'mv %s %s',
$local_dump_file.'.gz',
$savedir.$dumpfile.'.gz'
);
system($mv_command);
chmod +x /opt/build/scripts/svn_2cnde_inc-backup.sh
crontab -e
0 1 * * * /opt/build/scripts/svn_2cnde_inc-backup.sh
0 2 1 * * /opt/build/scripts/svn_2cnde_full-backup.sh

安装tomcat

apt-get install tomcat6 tomcat6-user
apt-get install libtcnative-1
apt-get install sun-java6-jdk
update-alternatives --config java
update-alternatives --config javac
# 选择/usr/lib/jvm/java-6-sun/jre/bin/java
apt-get remove openjdk-6-jdk
apt-get remove openjdk-6-jre
apt-get remove openjdk-6-jre-headless
apt-get remove openjdk-6-jre-lib
update-rc.d -f tomcat6 remove
adduser --system --shell /bin/sh --gecos 'build user' --group --disabled-password --home /opt/build build
cd /opt/build
su - -c "tomcat6-instance-create tomcat" build
usermod -a -G build tomcat6
usermod -a -G log tomcat6
usermod -a -G log build
usermod -a -G build r
rm -R /var/log/tomcat6
ln -s /opt/logs/build /var/log/tomcat6
ln -s /etc/tomcat6/policy.d /opt/build/tomcat/conf/policy.d
vi /etc/logrotate.d/build
/var/log/tomcat6/*.log {
copytruncate
daily
missingok
rotate 30
compress
delaycompress
missingok
size 10M
}
chown -R build.build /opt/build

修改/etc/default/tomcat6

TOMCAT6_USER=build
TOMCAT6_GROUP=build
JAVA_HOME=/usr/lib/jvm/java-6-sun
CATALINA_BASE=/opt/build/tomcat
JAVA_OPTS="${JAVA_OPTS} -server -DHUDSON_HOME=/opt/build/hudson-work -Djava.awt.headless=true -Xmx512M -Xms512M -XX:MaxPermSize=128m -XX:+UseParallelOldGC -XX:+DisableExplicitGC -XX:+UseCompressedOops -XX:+AggressiveOpts -XX:NewRatio=2 -XX:+UseCompressedStrings -XX:+UseStringCache -XX:+OptimizeStringConcat"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
export LD_LIBRARY_PATH=/usr/lib:$LD_LIBRARY_PATH

修改/opt/build/tomcat/conf/server.xml

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000"
URIEncoding="UTF-8" redirectPort="8443"
compression="off" acceptCount="10" maxKeepAliveRequests="10"
minSpareThreads="4" maxSpareThreads="4" maxThreads="4"/>

添加到/etc/tomcat6/policy.d/04webapps.policy里

grant codeBase "file:/opt/build/hudson-work/-" {
permission java.security.AllPermission;
permission java.io.FilePermission "/opt/build/hudson-work/-", "read,write,delete";
permission java.io.FilePermission "/opt/build/tomcat/webapps/hudson/-", "read,write,delete";
};
grant codeBase "file:/opt/build/tomcat/webapps/hudson/-" {
permission java.security.AllPermission;
permission java.io.FilePermission "/opt/build/hudson-work/-", "read,write,delete";
};
grant codeBase "file:/opt/build/sonatype-work/-" {
permission java.security.AllPermission;
permission java.io.FilePermission "/opt/build/sonatype-work/-", "read,write,delete";
permission java.io.FilePermission "/opt/build/tomcat/webapps/nexus/-", "read,write,delete";
};
grant codeBase "file:/opt/build/tomcat/webapps/nexus/-" {
permission java.security.AllPermission;
permission java.io.FilePermission "/opt/build/sonatype-work/-", "read,write,delete";
};
update-rc.d tomcat6 defaults
mkdir /opt/build/webapps
chown -R build.log /opt/logs
chown -R build.build /opt/build
chmod -R o-r /opt/build
chmod -R o-x /opt/build
chmod -R g+w /opt/build
chmod -R g+w /opt/logs
chmod -R o-r /opt/logs
chmod -R o-x /opt/logs

安装nexus

cd /opt/build/webapps
wget http://nexus.sonatype.org/downloads/nexus-webapp-1.9.0.1.war
ln -s /opt/build/webapps/nexus-webapp-1.9.0.1.war /opt/build/tomcat/webapps/nexus.war
su - build
mkdir /opt/build/.m2
vi /opt/build/.m2/settings.xml
<settings>
<mirrors>
<mirror>
<!--This sends everything else to /public -->
<id>nexus</id>
<mirrorOf>*</mirrorOf>
<url></url>
</mirror>
</mirrors>
<profiles>
<profile>
<id>nexus</id>
<!--Enable snapshots for the built in central repo to direct -->
<!--all requests to nexus via the mirror -->
<repositories>
<repository>
<id>central</id>
<url></url>
<releases><enabled>true</enabled></releases>
<snapshots><enabled>true</enabled></snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<url></url>
<releases><enabled>true</enabled></releases>
<snapshots><enabled>true</enabled></snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<activeProfiles>
<!--make the profile active all the time -->
<activeProfile>nexus</activeProfile>
</activeProfiles>
</settings>
  • 在浏览器里键入http://<vm-ubuntu-build>:8080/nexus
  • 登录admin账户:用户名:admin,密码:admin123
  • 在Security里修改admin和deployment用户的密码,邮件及其他信息
  • 创建索引:
    • 选择Repositories
    • 在Maven Central的Configuration里把Download Remote Indexes改为True, 在Mirrors里添加http://uk.maven.org/maven2
    • 在Google Code, Codehaus Snapshots和java.net的Configuration里把Download Remote Indexes改为True
  • nexus配置
    • SMTP Settings
      • SMTP Settings: mail.gmx.net:465, SSL/TLS, Normal Password

安装hudson

apt-get install maven2
apt-get install ant ant-optional junit
cd /opt/build/webapps
wget http://java.net/projects/hudson/downloads/download/war/hudson-1.396.war
ln -s /opt/build/webapps/hudson-1.396.war /opt/build/tomcat/webapps/hudson.war
vi /opt/build/tomcat/bin/setenv.sh
export HUDSON_HOME=/opt/build/hudson-work
export MAVEN_HOME=/usr/share/maven2
export ANT_HOME=/usr/share/ant
  • hudson设置
    • sign up => 创建*admin*用户
    • Manage Hudson => Configure System => # of executors = 1
    • Manage Hudson => Configure System => Enable Security
      • 取消*Allow users to sign up*
      • Security Realm => Hudson’s own user database
      • Authorization => Matrix-based security
      • 加入admin => 为admin加入所有权限
      • 取消Anonymous的所有权限
      • 取消Help make Hudson better by …

安装Apache2代理

a2enmod proxy
a2enmod proxy_http
vi /etc/apache2/sites-available/default

添入以下行:

<IfModule mod_proxy.c>
ProxyPreserveHost On
ProxyPass         /hudson  http://localhost:8080/hudson
ProxyPassReverse  /hudson  http://localhost:8080/hudson
<Proxy http://localhost:8080/hudson/*>
Order deny,allow
Allow from all
</Proxy>
<Location /hudson>
Order deny,allow
Allow from all
</Location>
ProxyPass        /nexus    http://localhost:8080/nexus
ProxyPassReverse /nexus    http://localhost:8080/nexus
<Proxy http://localhost:8080/nexus/*>
Order deny,allow
Allow from all
</Proxy>
<Location /nexus>
Order deny,allow
Allow from all
</Location>
</IfModule>

设置固定IP

vi /etc/network/interfaces

删除dhcp设置

auto eth0
iface eth0 inet dhcp

添加IP设置

auto  eth0
iface eth0 inet static
address 192.168.178.111
netmask 255.255.255.0
network 192.168.178.0
broadcast 192.168.178.255
gateway 192.168.178.1
vi /etc/resolv.conf
search vm.2cn.de
domain vm.2cn.de
nameserver 192.168.178.1
nameserver 134.155.96.53
vi /etc/hosts
127.0.0.1 vm-ubuntu-build
127.0.0.1 vm-ubuntu-build.vm.2cn.de
192.168.168.11 vmhost-ubuntu-vbox
192.168.168.11 vmhost-ubuntu-vbox.2cn.de
/etc/init.d/networking restart

卸载dhcp

apt-get remove dhcp-client3

TODOs

Advertisements

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s