jenkins+git+docker構建持續化整合環境

阿新 • • 發佈：2021-11-03

jenkins+git+docker構建持續化整合環境

CI/CD介紹

釋出流程設計

伺服器	IP地址	主機名
Git/Harbor	192.168.200.70	git-harbor
Docker	192.168.200.111	docker
Jenkins	192.168.200.112	jenkins

工具	版本
CentOS	7.5_x64
Maven	3.5
Tomcat	8
JDK	1.8
Jenkins	2.6
Docker CE	18.03.1

cat /etc/redhat-release

uname -r

Jenkins+Docker+Git所有包

連結：https://pan.baidu.com/s/10GWHTqAx9E9d1hhJNuI1gw
提取碼：py3b

部署Harbor映象倉庫

伺服器	IP地址
Git/Harbor	192.168.200.70

建立ca證書

mkdir -p /data/ssl

cd /data/ssl

which openssl

openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

Generating a 4096 bit RSA private key
.................................................++
......................................................................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com
Email Address []：

生成證書請求

openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr

Generating a 4096 bit RSA private key
..........................................................++
.......................................................................................................................++
writing new private key to 'www.yunjisuan.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

生成登錄檔主機的證書

openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt

Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.com
Getting CA Private Key

ll

信任自簽發的證書

cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/

update-ca-trust enable

update-ca-trust extract

安裝docker-ce社群版

setenforce 0

yum -y install yum-utils device-mapper-persistent-data lvm2

curlhttps://download.docker.com/linux/centos/docker-ce.repo-o /etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

systemctl start docker

systemctl enable docker

docker version

安裝harbor倉庫

mkdir -p /etc/ssl/harbor

cp /data/ssl/www.yunjisuan.com.key /etc/ssl/harbor/

cp /data/ssl/www.yunjisuan.com.crt /etc/ssl/harbor/

wgethttp://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz
上文有下載包，這裡就沒有wget下載。

mkdir -p /data/install

cd /data/install

ls

tar xf harbor-offline-installer-v1.5.0.tgz

cd harbor

cp harbor.cfg{,.bak}

vim harbor.cfg

cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p'

7 hostname = www.yunjisuan.com
11 ui_url_protocol = https
23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt
24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key
68 harbor_admin_password = Harbor12345

安裝命令docker-compose（需要1.21版本）

curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname
-s)-$(uname -m) -o /usr/local/bin/docker-compose
上文有下載包，這裡就沒有下載

cd /usr/local/bin/

ls

chmod +x /usr/local/bin/docker-compose

which docker-compose

docker-compose -version

啟動harbor私有映象倉庫

cd /data/install/harbor

./install.sh --with-clair

為其他伺服器下發證書，並對映域名

為其他伺服器下發證書

scp /data/ssl/www.yunjisuan.com.crt 192.168.200.111:/etc/pki/ca-trust/source/anchors/

scp /data/ssl/www.yunjisuan.com.crt 192.168.200.112:/etc/pki/ca-trust/source/anchors/

在Docker客戶端上（192.168.200.111）

update-ca-trust enable

update-ca-trust extract

vim /etc/hosts

tail -1 /etc/hosts

192.168.200.70 www.yunjisuan.com

在jenkins伺服器上（192.168.200.203）

update-ca-trust enable

update-ca-trust extract

vim /etc/hosts

tail -1 /etc/hosts

192.168.200.70 www.yunjisuan.com

部署Git伺服器

伺服器	IP地址	主機名
Git/Harbor	192.168.200.70	git-harbor
Jenkins伺服器	192.168.200.112	jenkins

以下操作在Harbor/Git上（192.168.200.70）

yum -y install git

which git

建立git使用者密碼

useradd git

passwd git

su - git

建立git專案目錄

mkdir solo.git

cd solo.git/

初始化git目錄

git --bare init

ls

以下的操作在Jenkins上（192.168.200.112）

在192.168.200.112上也安裝git模擬專案程式碼提交

yum -y install git

which git

建立用於提交的git目錄

mkdir -p /code

cd /code

git clone [email protected]:/home/git/solo.git

ls

將solo專案的原始碼拷貝到git的上傳目錄下(solo原始碼在上文有下載連結)

mv ~/solo/* solo/

ls solo/

新增需要提交的檔案目標

cd solo

git add .

進行程式碼提交

git commit -m "all"

*** Please tell me who you are. #出現這個提示是讓你補充提交資訊
Run
git config --global user.email "[email protected]" #你的郵箱
git config --global user.name "Your Name" #你的名字
to set your account's default identity.
Omit --global to set the identity only in this repository.
fatal: unable to auto-detect email address (got 'root@JenkinsServer.(none)')

git config --global user.email "[email protected]"

git config --global user.name "Mr.sun"

git commit -m "all" #補充資訊後，即可提交成功

提交完程式碼之後，需要推送到git服務端

git push origin master --->origin master版本資訊

為了最後的solo專案測試，我們需要修改一下solo專案原始碼的某個配置檔案

cd /code/solo/src/main/resources

ls

cat -n latke.properties | sed -n '29p;31p'

29 serverHost=localhost
31 serverPort=8080

將檔案的上邊兩行程式碼修改成如下所示

vim latke.properties

cat -n latke.properties | sed -n '29p;31p'

29 serverHost=192.168.200.111 #修改成docker的IP地址
31 serverPort=8888

再次進行git版本提交

cd /code/solo/

git add .

git commit -m "latke.properties"

git push origin master

構建業務基礎映象(tomcat:v1)

在後邊構建

伺服器	IP地址	主機名
Docker	192.168.200.111	docker

安裝docker

yum -y install yum-utils device-mapper-persistent-data lvm2

curlhttps://download.docker.com/linux/centos/docker-ce.repo-o /etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

docker --version

新增docker國內映象源

mkdir -p /etc/docker

vim /etc/docker/daemon.json

cat /etc/docker/daemon.json

{
"registry-mirrors":[ "https://registry.docker-cn.com" ]
}

systemctl daemon-reload

systemctl restart docker

部署jdk環境（不需要新增環境變數）

ls

tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/

cd /usr/local

ls

ln -s jdk1.8.0_45 jdk

Jenkins安裝

伺服器	IP地址	主機名
Jenkins伺服器	192.168.200.112	jenkins

安裝docker-ce環境

yum -y install yum-utils device-mapper-persistent-data lvm2

curlhttps://download.docker.com/linux/centos/docker-ce.repo-o /etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

mkdir -p /etc/docker

vim /etc/docker/daemon.json

cat /etc/docker/daemon.json

{
"registry-mirrors":[ "https://registry.docker-cn.com" ]
}

systemctl daemon-reload

systemctl restart docker

安裝JDK環境（因為是要用在容器中，因此宿主機不配PATH）

ls

tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/

cd /usr/local

ls

ln -s jdk1.8.0_45 jdk

安裝maven-3.5.0

ls

tar xf apache-maven-3.5.0-bin.tar.gz -C /usr/local/

cd /usr/local

ls

ln -s apache-maven-3.5.0 maven

建立jenkins映象的Dockerfile

沒有wget命令需要提前yum安裝

mkdir -p dockerfile/jenkins

cd dockerfile/jenkins

vim Dockerfile

cat Dockerfile

FROM jenkins
USER root
RUN echo "" > /etc/apt/sources.list.d/jessie-backports.list && \
wget http://mirrors.163.com/.help/sources.list.jessie -O /etc/apt/sources.list
RUN apt-get update && apt-get install -y git libltdl-dev

建立jenkins映象

docker build -t jenkins:v1 .

docker images

由於我們是在映象中去構建Jenkins的，所以

jenkins容器的資料目錄我們需要從宿主機上掛載（避免容器資料丟失）

jenkins的執行需要jdk環境，所以我們直接掛載宿主機上的jdk

jenkins構建java程式碼需要maven支援，所以我們直接掛載宿主機上的maven

Jenkins需要docker支援

Jenkins需要免互動拉取git程式碼，因此掛載本地的ssh金鑰

建立jenkins資料目錄

mkdir -p /var/jenkins_home

進行ssh免金鑰互動驗證

ssh-keygen --->一律回車即可

ssh-copy-id [email protected]

進行免互動測試

ssh [email protected]

啟動jenkins容器

docker run -dit --name jenkins -p 8080:8080 -v /var/jenkins_home/:/var/jenkins_home/ -v /usr/local/apache-maven-3.5.0:/usr/local/maven -v /usr/local/jdk1.8.0_45:/usr/local/jdk -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker -v ~/.ssh:/root/.ssh jenkins:v1

利用瀏覽器訪問Jenkins容器

http://192.168.200.112:8080

docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword

c7e4ae00fd5941d6b20f1e45ab6835b6 #這就是密碼，輸入到瀏覽器裡

選擇所有外掛後，直接點install即可

我們現在構建一個可以執行solo程式碼的tomcat映象

mkdir -p /root/dockerfile/solo

cd /root/dockerfile/solo

vim Dockerfile

cat Dockerfile

FROM centos:7
MAINTAINER www.yunjisuan.com
RUN yum install unzip iproute -y
ENV JAVA_HOME /usr/local/jdk
ADD apache-tomcat-8.0.46.tar.gz /usr/local
RUN mv /usr/local/apache-tomcat-8.0.46 /usr/local/tomcat
WORKDIR /usr/local/tomcat
EXPOSE 8080
ENTRYPOINT ["./bin/catalina.sh", "run"]

ls

構建映象

docker build -t tomcat:v1 .

docker images

登陸harbor私有倉庫

docker login -uadmin -pHarbor12345 www.yunjisuan.com

推送映象到harbor倉庫（如果推送失敗請檢視證書驗證或者docker是否登陸）

docker images

docker tag tomcat:v1 www.yunjisuan.com/library/tomcat:v1

docker push www.yunjisuan.com/library/tomcat:v1

Jenkins基本配置

使用者名稱：admin 密碼:linyaonie

設定全域性配置

設定ssh連線憑據

jenkins連線Docker測試伺服器免互動驗證

ssh-copy-id [email protected]

ssh [email protected]

在Jenkins的Web介面上新增憑據

cat ~/.ssh/id_rsa #就是把這些內容複製

Jenkins建立專案

我們先開始一個新的任務

圖片說明

到這裡我們先來測試一下maven構建java程式碼的效果

點選solo_blog專案的立刻構建，檢視構建資訊

在Jenkins伺服器上檢視構建後的結果

cd /var/jenkins_home/workspace/solo_blog/target

ls

ll solo.war --->這就是構建出來的war包

2.[root@JenkinsServer target]# pwd
3./var/jenkins_home/workspace/solo_blog/target
4.[root@JenkinsServer target]# ls
5.classes generated-test-sources maven-status solo_h2_test surefire-reports
6.generated-sources maven-archiver solo solo.war test-classes
7.[root@JenkinsServer target]# ll solo.war #這就是構建出來的war包
8.-rw-r--r-- 1 root root 43037193 7月 25 22:12 solo.war

通過指令碼將war包封裝進一個tomcat的映象中，然後推送到harbor

所以利用maven構建java的原始碼實際上就是生成可以在tomcat等容器中執行的war包
現在我們重新修改一下專案的配置，增加POST Steps（構建之後的操作）
其實，構建之後，我們只需要通過指令碼將war包封裝進一個tomcat的映象中，然後推送到harbor裡即可。

這就是需要新增進去的指令碼內容

cd $WORKSPACE--->這是jenkins的可用變數，具體可以在上圖下邊檢視

cd $WORKSPACE
cat > Dockerfile << FOF
FROM www.yunjisuan.com/library/tomcat:v1
MAINTAINER www.yunjisuan.com
COPY target/solo.war /tmp/ROOT.war
RUN rm -rf /usr/local/tomcat/webapps/* && \
unzip /tmp/ROOT.war -d /usr/local/tomcat/webapps/ROOT && \
rm -f /tmp/ROOT.war
WORKDIR /usr/local/tomcat
EXPOSE 8080
ENTRYPOINT ["./bin/catalina.sh","run"]
FOF
docker build -t www.yunjisuan.com/library/solo:v1 .
docker login -uadmin -pHarbor12345 www.yunjisuan.com
docker push www.yunjisuan.com/library/solo:v1

然後我們再次進行構建檢視

至此我們就完成了以下幾步

git拉取java的solo專案原始碼
maven構建java的solo專案war包
將war包封裝成tomcat的容器啟動映象
將映象上傳harbor私有映象倉庫

我們還需要能夠直接部署到遠端測試主機

（192.168.200.111）上，因此我們繼續設定

在遠端主機（Docker測試伺服器）執行的指令碼如下

docker rm -f solo #清理舊的solo容器程序
docker rmi -f www.yunjisuan.com/library/solo:v1 #清理舊的solo:v1映象（不清理就不拉取映象了）
docker login -uadmin -pHarbor12345 www.yunjisuan.com
docker run -d --name solo -p 8888:8080 -v /usr/local/jdk1.8.0_45/:/usr/local/jdk www.yunjisuan.com/library/solo:v1

再次進行構建，並在docker主機上檢視構建結果

docker images --->docker測試伺服器上有映象了

2.REPOSITORY TAG IMAGE ID CREATED SIZE
3.www.yunjisuan.com/library/solo v1 e1b0d010c11b 11 minutes ago 408MB
4.redis latest f06a5773f01e 8 days ago 83.4MB
5.centos latest 49f7960eb7e4 7 weeks ago 200MB

docker ps -a --->啟動容器程序了

7.CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8.c4dba5567fd5 www.yunjisuan.com/library/solo:v1 "./bin/catalina.sh r…" 11 minutes ago Up 11 minutes 0.0.0.0:8888->8080/tcp solo