基于docker的cicd
基于docker的cicd
harbor配置
#部署harbor前需要安装docker docker-compose # 下载docker部署包 # https://download.docker.com/linux/static/stable/x86_64/ [root@harbor ~]# tar xf docker-20.10.10.tgz [root@harbor ~]# mv docker/* /usr/bin/ #加入systemd管理 #-------------------------------------------------------- cat > /usr/lib/systemd/system/docker.service << 'EOF' [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify ExecStart=/usr/bin/dockerd ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target EOF #-------------------------------------------------------- #创建配置文件 rm -f /etc/docker/* sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { registry-mirrors: [https://ajvcw8qn.mirror.aliyuncs.com], exec-opts: [native.cgroupdriver=systemd] } EOF sudo systemctl daemon-reload sudo systemctl restart docker systemctl enable docker.service #个人docker源: #这个是阿里云配置的加速,直接添加阿里云加速源就可以了,上面显示了配置办法。 #https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors #设置开机启动和启动即可 systemctl enable docker systemctl start docker # 部署docker-compose curl -L https://get.daocloud.io/docker/compose/releases/download/v2.2.3/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose docker-compose -v #harbor下载: # wget https://github.com/goharbor/harbor/releases/download/v2.3.2/harbor-offline-installer-v2.3.2.tgz [root@harbor ~]# ll anaconda-ks.cfg harbor-offline-installer-v2.3.2.tgz #解压部署包 tar xf harbor-offline-installer-v2.3.2.tgz -C /usr/local/ cd /usr/local/harbor #harbor配置文件修改: \cp harbor.yml.tmpl harbor.yml vi harbor.yml #也可以尝试用sed修改 sed -i '5ahostname: 192.168.10.23' harbor.yml #修改hostname为本机IP地址 #hostname: reg.mydomain.com hostname: 192.168.10.23 #注释https # port: 443 # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path 验证: [root@node01 harbor]# grep '^hostname' harbor.yml hostname: 192.168.10.23 #也可以写成IP地址 #部署harbor [root@node01 harbor]# cd /usr/local/harbor [root@node01 harbor]# ./prepare #准备环境配置文件 [root@node01 harbor]# ./install.sh #部署完成 ⠿ Container harbor-core Started ⠿ Container harbor-jobservice Started ⠿ Container nginx Started ✔ ----Harbor has been installed and started successfully.---- #默认登录账号 admin Harbor12345 
harbor创建一个公开项目
gitlab部署配置测试
起gitlab容器
mkdir -p /opt/gitlab cd /opt/gitlab #启动gitlab容器 docker run -d \ --name gitlab \ -p 8443:443 \ -p 80:80 \ -p 9998:22 \ -v /opt/gitlab/config:/etc/gitlab \ -v /opt/gitlab/logs:/var/log/gitlab \ -v /opt/gitlab/data:/var/opt/gitlab \ -v /etc/localtime:/etc/localtime \ --hostname 192.168.10.21 \ registry.cn-hangzhou.aliyuncs.com/chenleilei/gitlab:latest 第一次打开需要设置密码:
默认账号: root
默认密码: 启动时设置
创建密钥
服务器上新建一个密钥,用于推送代码到gitlab
上传代码添加ssh-key
#配置无密码推送 [root@node01 ~]# ssh-keygen #一路回车 [root@node01 ~]# cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFiRM/NMTNRVCleVI8i7he+NHJevTtdp0CeSG/AWEKZBZOUr/pDNtHwlqHlBjc1ikDsZTgQLad7yavDpESXrP8C9bTTNmuk22JnXQDyQIt17NNV65esELaiIax01MNgIofnxeKe5vCFvkeW+LG/UjAkATuBAd6DqBheh6Ji3TPXE6tyjgtFYnA7ovZls/sKxBpbdgryvcM16VCMmJfTECx2ioKQ78y1LQsUhgD34+QHTd55fe9aWiD6TA08fWr6DEdwx3pHPyizXskPpWeZLLX6jIUDRwHEiJIpXPm5JkqGgvk/TlNDs5WWawl6ND5zmjtjcT3hZbp76Y6O4MW4Hrb root@node01 
创建项目仓库
进入gitlab后创建项目
tomcat-java-demo-master
创建一个私有仓库
默认指引操作:
Git 全局设置 git config --global user.name Administrator git config --global user.email [email protected] 创建新版本库 git clone http://192.168.10.22/root/tomcat-java-demo.git cd tomcat-java-demo touch README.md git add README.md git commit -m add README git push -u origin master 已存在的文件夹 cd existing_folder git init git remote add origin http://192.168.10.22/root/tomcat-java-demo.git git add . git commit -m Initial commit git push -u origin master 已存在的 Git 版本库 cd existing_repo git remote rename origin old-origin git remote add origin http://192.168.10.22/root/tomcat-java-demo.git git push -u origin --all git push -u origin --tags 提交代码
yum install -y git unzip tomcat-java-demo-master.zip #初始化 cd tomcat-java-demo git init #提交代码: cd java-demo git add . git commit -m java-demo commit git push -u origin master #默认gitlab账号root #密码为自己创建的gitlab密码 
Jenkins部署配置测试
架构图:
#部署jdk tar zxvf jdk-8u211-linux-x64.tar.gz mv jdk1.8.0_211 /usr/local/jdk #部署maven tar xf apache-maven-3.3.9-bin.tar.gz -C /usr/local/ mv /usr/local/apache-maven-3.3.9 /usr/local/maven #部署Jenkins 挂载djk maven,配置域名 docker run -d --name jenkins -p 80:8080 -p 50000:50000 -u root \ -v /opt/jenkins_home:/var/jenkins_home \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /usr/bin/docker:/usr/bin/docker \ -v /usr/local/maven:/usr/local/maven \ -v /usr/local/jdk:/usr/local/jdk \ -v /etc/localtime:/etc/localtime \ -v /root/.m2:/root/.m2 \ --env JAVA_OPTS=-Dhudson.footerURL=http://192.168.10.21 \ --name jenkins registry.cn-hangzhou.aliyuncs.com/chenleilei/jenkins #建议配置,这是构建缓存 -v /root/.m2:/root/.m2 #通过日志找到jenkins密码: 执行命令: docker logs jenkins |& grep -A 2 'installation:'|tail -n1 结果: 714f9c9c6e9d472dbfcd907659ad3ebf 
安装jenkins初始化配置:
安装推荐插件
选择安装pipeline插件,直接推荐安装就行
保存并完成:
Jenkins下载插件
选择下载的语言插件: localzation-zh-cn.hpi 然后点击 upload 上传即可
直接上传插件安装:
#官方插件下载地址[较慢]: https://plugins.jenkins.io/ #插件连接 链接:https://pan.baidu.com/s/1N7ckzQkhEaifaeJiSKc3TQ?pwd=hs0n 提取码:hs0n #安装插件: tar xf plugins.tar.gz mv plugins/* /opt/jenkins_home/plugins/ docker restart jenkins #[如果是非容器,直接移动到目录即可,建议先尝试引导页安装插件] 重新登录后就OK了,页面也汉化了,包里还有pipline等各类插件,都不需要再次安装了
确认pipline是否安装好了 只需要新建任务时看到又流水线即可
如果第一次启动时就安装了pipeline插件这里就会显示出来流水线,建议第一次的时候就安装
pipeline示例:
pipeline { agent any stages { stage ('1.拉取代码拉取'){ steps { echo '拉取代码' } } stage ('2.编译代码'){ steps { echo '编译代码' } } stage ('3.发布代码'){ steps { echo '发布代码' } } } } 测试发布:
配置参数化构建
配置完成后保存
多个分支配置:
这样就可以把代码分支发布到多个环境中
这就完成了第一步的发布配置,随后需要添加这3个环境的发布脚本来选择不同环境的发布配置
jenkins配置harbor认证
def docker_registry_auth = c1b519ad-fd4e-4462-9a12-57a6da8617ba #镜像认证,连接harbor的用户密码 添加git的访问gitlab凭据 登录用户 root 登录密码 x19900606 
最后查看 (描述不用管):
将这个认证密钥也放入脚本中
def git_auth = 96150ecc-638e-4bce-82dc-78709b0c2c26 #git镜像认证 最终代码:
脚本如下:
#!/usr/bin/env groovy def registry = 192.168.10.23 def project = library def app_name = demo def image_name = ${registry}/${project}/${app_name}:${Branch}-${BUILD_NUMBER} def git_address = http://192.168.10.21/root/java-demo.git def docker_registry_auth = a2925179-7377-4788-b83a-176ec629d0c6 def git_auth = 96150ecc-638e-4bce-82dc-78709b0c2c26 pipeline { agent any stages { stage('拉取代码'){ steps { checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: ${git_auth}, url: ${git_address}]]]) } } stage('代码编译'){ steps { sh pwd JAVA_HOME=/usr/local/jdk PATH=$JAVA_HOME/bin:/usr/local/maven/bin:$PATH mvn clean package -Dmaven.test.skip=true } } stage('构建镜像'){ steps { withCredentials([usernamePassword(credentialsId: ${docker_registry_auth}, passwordVariable: 'password', usernameVariable: 'username')]) { sh echo ' FROM lizhenliang/tomcat LABEL maitainer lizhenliang RUN rm -rf /usr/local/tomcat/webapps/* ADD target/*.war /usr/local/tomcat/webapps/ROOT.war ' > Dockerfile docker build -t ${image_name} . docker login -u ${username} -p '${password}' ${registry} docker push ${image_name} } } } stage('部署到Docker'){ steps { sh docker rm -f tomcat-java-demo |true docker container run -d --name tomcat-java-demo -p 88:8080 ${image_name} } } } } 流水线测试
选择需要使用的仓库,通过配置的凭据来添加仓库
正确结果:
错误结果:
生成流水线脚本
checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: '69728f95-d881-4eeb-bdc0-a49d747e8250', url: 'http://192.168.10.21/root/java-demo.git']]]) 将这个脚本代码写入pipline脚本拉取代码的区块中,由于已经配置了环境变量 所以这时候就不需要做这步了 这里只是为了演示如何获取认证的脚本 #通过变量解决这些问题 stages { stage('拉取代码'){ steps { checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: ${git_auth}, url: ${git_address}]]]) } } 流水线代码:
#!/usr/bin/env groovy def registry = 192.168.10.23 #harbor地址 def project = library def app_name = demo def image_name = ${registry}/${project}/${app_name}:${Branch}-${BUILD_NUMBER} def git_address = http://192.168.10.21/root/java-demo.git def docker_registry_auth = a2925179-7377-4788-b83a-176ec629d0c6 def git_auth = 96150ecc-638e-4bce-82dc-78709b0c2c26 pipeline { agent any stages { stage('拉取代码'){ steps { checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: ${git_auth}, url: ${git_address}]]]) } } stage('代码编译'){ steps { sh pwd JAVA_HOME=/usr/local/jdk PATH=$JAVA_HOME/bin:/usr/local/maven/bin:$PATH mvn clean package -Dmaven.test.skip=true } } stage('构建镜像'){ steps { withCredentials([usernamePassword(credentialsId: ${docker_registry_auth}, passwordVariable: 'password', usernameVariable: 'username')]) { sh echo ' FROM lizhenliang/tomcat LABEL maitainer lizhenliang RUN rm -rf /usr/local/tomcat/webapps/* ADD target/*.war /usr/local/tomcat/webapps/ROOT.war ' > Dockerfile docker build -t ${image_name} . docker login -u ${username} -p '${password}' ${registry} docker push ${image_name} } } } stage('部署到Docker'){ steps { sh docker rm -f tomcat-java-demo |true docker container run -d --name tomcat-java-demo -p 88:8080 ${image_name} } } } } 发布测试
web页面检查:
该操作仅能把服务部署到本机,如需远程部署,继续往下看
远程部署多台机器
远程部署需要安装插件publish Over SSH, Jenkins服务器中需要安装软件 sshpass
远程部署3要素:
- 每台服务器都需要安装apt install sshpass
- jenkins配置 选项参数 以便于部署时可以选择发布的机器
- 远程部署pipeline脚本
#发布到其他服务器 更新源: sed -e s,deb.debian.org,opentuna.cn,g -e s,security.debian.org,opentuna.cn,g -e s,^deb-src,#deb-src,g -i.bak /etc/apt/sources.list # Jenkins服务器容器中安装 sshpass 让这台机器具有远程部署能力 apt install sshpass 再修改java-damo项目中的 pipeline script配置: #添加认证密码 -p 123456 sh set +e /usr/bin/sshpass -p 123456 ssh -o StrictHostKeyChecking=no root@${installserver} docker rm -f tomcat-java-demo |true;docker container run -d --name tomcat-java-demo -p 88:8080 ${image_name} 添加下拉框,选择指定服务器发布:
远程部署pipeline脚本:
#!/usr/bin/env groovy def registry = 192.168.10.23 #23是Harbor地址,192.168.10.21是gitlab地址 def project = library def app_name = demo def image_name = ${registry}/${project}/${app_name}:${Branch}-${BUILD_NUMBER} def git_address = http://192.168.10.21/root/java-demo.git def docker_registry_auth = a2925179-7377-4788-b83a-176ec629d0c6 def git_auth = 96150ecc-638e-4bce-82dc-78709b0c2c26 pipeline { agent any stages { stage('拉取代码'){ steps { checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: ${git_auth}, url: ${git_address}]]]) } } stage('代码编译'){ steps { sh JAVA_HOME=/usr/local/jdk PATH=$JAVA_HOME/bin:/usr/local/maven/bin:$PATH mvn clean package -Dmaven.test.skip=true } } stage('构建镜像'){ steps { withCredentials([usernamePassword(credentialsId: ${docker_registry_auth}, passwordVariable: 'password', usernameVariable: 'username')]) { sh echo ' FROM lizhenliang/tomcat LABEL maitainer lizhenliang RUN rm -rf /usr/local/tomcat/webapps/* ADD target/*.war /usr/local/tomcat/webapps/ROOT.war ' > Dockerfile docker build -t ${image_name} . docker login -u ${username} -p '${password}' ${registry} docker push ${image_name} } } } stage('部署到Docker'){ steps { sh set +e /usr/bin/sshpass -p 123456 ssh -o StrictHostKeyChecking=no root@${installserver} docker rm -f tomcat-java-demo |true;docker container run -d --name tomcat-java-demo -p 88:8080 ${image_name} } } } } 部署测试:
部署到192.168.10.21
部署到192.168.10.22
部署到192.168.10.23
检查页面
java示例源码:
链接:https://pan.baidu.com/s/1HMjA3hoQVxqu6iTQwhZMDw?pwd=gp75
提取码:gp75