基於GitLab的CI/CD自動化部署
阿新 • • 發佈:2021-06-12
思路
- 合併程式碼到master分支,觸發Pipeline Job
- GitLab Runner Job拉取最新程式碼
- 建立部署用docker image
- 提交docker image到GitLab Container Registry
- SSH登入部署主機,拉取最新image
- 重啟docke容器
準備工作 註冊自己的Gitlab runner
- 準備編譯伺服器Ubuntu
- 下載安裝包
# Replace ${arch} with any of the supported architectures, e.g. amd64, arm, arm64 # A full list of architectures can be found here https://gitlab-runner-downloads.s3.amazonaws.com/latest/index.html curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_${arch}.deb"
- 安裝deb包
dpkg -i gitlab-runner_<arch>.deb
- runner的docker許可權新增
sudo usermod -aG docker gitlab-runner
-
獲取GitLab分組的CI/CD Runner註冊Token
-
註冊runner到GitLab分組
- executor: 型別根據情況修改,一般使用docker
sudo gitlab-runner register \ --non-interactive \ --url "https://gitlab.com/" \ --registration-token "PROJECT_REGISTRATION_TOKEN" \ --executor "docker" \ --name "docker-runner" \ --description "docker-runner" \ --tag-list "docker,aws" \ --run-untagged="true" \ --locked="false" \ --access-level="not_protected" \ --docker-image "docker:19.03.12" \ --docker-privileged \ --docker-volumes "/certs/client"
- 檢視登入情況(TLS啟用情況)
cat /etc/gitlab-runner/config.toml [[runners]] name = "docker-runner" url = "https://gitlab.com/" token = TOKEN executor = "docker" [runners.docker] tls_verify = false image = "docker:19.03.12" privileged = true disable_cache = false volumes = ["/certs/client", "/cache"] [runners.cache] [runners.cache.s3] [runners.cache.gcs]
- GitLab分組檢視註冊的runner
配置GitLab與伺服器
- 專案倉庫根目錄下新增建立映象的Dockerfile
- 專案倉庫根目錄下新增.gitlab-ci.yml模板
- 編譯伺服器ssh-key建立
- 千萬別設定密碼passphrase 內容
ssh-keygen -t rsa -b 2048
- 新增id_rsa內容到GitLab分組引數:SSH_PRIVATE_KEY
- 新增部署伺服器ip地址與使用者名稱到GitLab分組引數
- SSH_KNOWN_HOST:ip地址
- SSH_KNOWN_HOST_USER:使用者名稱
- 新增id_rsa.pub內容到部署伺服器
- 上傳檔案id_rsa.pub到部署伺服器
- /home/ubuntu/.ssh - 新增認證資訊到authorized_keys
- cat id_rsa.pub >> ~/.ssh/authorized_keys - 部署伺服器docker-compose.yml配置
- 修改.gitlab-ci.yml新增ssh命令
- 多行命令用&&連結
image: docker:19.03.12
services:
- docker:19.03.12-dind
stages:
- build
- deploy
variables:
DOCKER_TLS_CERTDIR: "/certs"
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
before_script:
- echo "$CI_REGISTRY"
- echo "$IMAGE_TAG"
- echo "$CI_REGISTRY_USER"
- echo "$CI_REGISTRY_PASSWORD"
- echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin
build:
stage: build
script:
- docker build -t $IMAGE_TAG .
- docker push $IMAGE_TAG
deploy:
stage: deploy
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $SSH_KNOWN_HOST >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh $SSH_KNOWN_HOST_USER@$SSH_KNOWN_HOST "sudo echo $CI_REGISTRY_PASSWORD | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin && docker pull $IMAGE_TAG && docker-compose -f /home/ubuntu/docker-compose.yml restart"
only:
- main