jenkins+git+docker構建持續化整合環境
jenkins+git+docker構建持續化整合環境
CI/CD介紹
釋出流程設計
伺服器 | IP地址 | 主機名 |
---|---|---|
Git/Harbor | 192.168.200.70 | git-harbor |
Docker | 192.168.200.111 | docker |
Jenkins | 192.168.200.112 | jenkins |
工具 | 版本 |
---|---|
CentOS | 7.5_x64 |
Maven | 3.5 |
Tomcat | 8 |
JDK | 1.8 |
Jenkins | 2.6 |
Docker CE | 18.03.1 |
cat /etc/redhat-release
uname -r
Jenkins+Docker+Git所有包
部署Harbor映象倉庫
伺服器 | IP地址 |
---|---|
Git/Harbor | 192.168.200.70 |
建立ca證書
mkdir -p /data/ssl
cd /data/ssl
which openssl
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
.................................................++
......................................................................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com
Email Address []:
生成證書請求
openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr
Generating a 4096 bit RSA private key
..........................................................++
.......................................................................................................................++
writing new private key to 'www.yunjisuan.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
生成登錄檔主機的證書
openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.com
Getting CA Private Key
ll
信任自簽發的證書
cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust enable
update-ca-trust extract
安裝docker-ce社群版
setenforce 0
yum -y install yum-utils device-mapper-persistent-data lvm2
curlhttps://download.docker.com/linux/centos/docker-ce.repo-o /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
systemctl start docker
systemctl enable docker
docker version
安裝harbor倉庫
mkdir -p /etc/ssl/harbor
cp /data/ssl/www.yunjisuan.com.key /etc/ssl/harbor/
cp /data/ssl/www.yunjisuan.com.crt /etc/ssl/harbor/
wgethttp://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz
上文有下載包,這裡就沒有wget下載。
mkdir -p /data/install
cd /data/install
ls
tar xf harbor-offline-installer-v1.5.0.tgz
cd harbor
cp harbor.cfg{,.bak}
vim harbor.cfg
cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p'
7 hostname = www.yunjisuan.com
11 ui_url_protocol = https
23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt
24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key
68 harbor_admin_password = Harbor12345
安裝命令docker-compose(需要1.21版本)
curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname
-s)-$(uname -m) -o /usr/local/bin/docker-compose
上文有下載包,這裡就沒有下載
cd /usr/local/bin/
ls
chmod +x /usr/local/bin/docker-compose
which docker-compose
docker-compose -version
啟動harbor私有映象倉庫
cd /data/install/harbor
./install.sh --with-clair
為其他伺服器下發證書,並對映域名
為其他伺服器下發證書
scp /data/ssl/www.yunjisuan.com.crt 192.168.200.111:/etc/pki/ca-trust/source/anchors/
scp /data/ssl/www.yunjisuan.com.crt 192.168.200.112:/etc/pki/ca-trust/source/anchors/
在Docker客戶端上(192.168.200.111)
update-ca-trust enable
update-ca-trust extract
vim /etc/hosts
tail -1 /etc/hosts
192.168.200.70 www.yunjisuan.com
在jenkins伺服器上(192.168.200.203)
update-ca-trust enable
update-ca-trust extract
vim /etc/hosts
tail -1 /etc/hosts
192.168.200.70 www.yunjisuan.com
部署Git伺服器
伺服器 | IP地址 | 主機名 |
---|---|---|
Git/Harbor | 192.168.200.70 | git-harbor |
Jenkins伺服器 | 192.168.200.112 | jenkins |
以下操作在Harbor/Git上(192.168.200.70)
yum -y install git
which git
建立git使用者密碼
useradd git
passwd git
su - git
建立git專案目錄
mkdir solo.git
cd solo.git/
初始化git目錄
git --bare init
ls
以下的操作在Jenkins上(192.168.200.112)
在192.168.200.112上也安裝git模擬專案程式碼提交
yum -y install git
which git
建立用於提交的git目錄
mkdir -p /code
cd /code
git clone [email protected]:/home/git/solo.git
ls
將solo專案的原始碼拷貝到git的上傳目錄下(solo原始碼在上文有下載連結)
mv ~/solo/* solo/
ls solo/
新增需要提交的檔案目標
cd solo
git add .
進行程式碼提交
git commit -m "all"
*** Please tell me who you are. #出現這個提示是讓你補充提交資訊
Run
git config --global user.email "[email protected]" #你的郵箱
git config --global user.name "Your Name" #你的名字
to set your account's default identity.
Omit --global to set the identity only in this repository.
fatal: unable to auto-detect email address (got 'root@JenkinsServer.(none)')
git config --global user.email "[email protected]"
git config --global user.name "Mr.sun"
git commit -m "all" #補充資訊後,即可提交成功
提交完程式碼之後,需要推送到git服務端
git push origin master --->origin master版本資訊
為了最後的solo專案測試,我們需要修改一下solo專案原始碼的某個配置檔案
cd /code/solo/src/main/resources
ls
cat -n latke.properties | sed -n '29p;31p'
29 serverHost=localhost
31 serverPort=8080
將檔案的上邊兩行程式碼修改成如下所示
vim latke.properties
cat -n latke.properties | sed -n '29p;31p'
29 serverHost=192.168.200.111 #修改成docker的IP地址
31 serverPort=8888
再次進行git版本提交
cd /code/solo/
git add .
git commit -m "latke.properties"
git push origin master
構建業務基礎映象(tomcat:v1)
在後邊構建
伺服器 | IP地址 | 主機名 |
---|---|---|
Docker | 192.168.200.111 | docker |
安裝docker
yum -y install yum-utils device-mapper-persistent-data lvm2
curlhttps://download.docker.com/linux/centos/docker-ce.repo-o /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
docker --version
新增docker國內映象源
mkdir -p /etc/docker
vim /etc/docker/daemon.json
cat /etc/docker/daemon.json
{
"registry-mirrors":[ "https://registry.docker-cn.com" ]
}
systemctl daemon-reload
systemctl restart docker
部署jdk環境(不需要新增環境變數)
ls
tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/
cd /usr/local
ls
ln -s jdk1.8.0_45 jdk
Jenkins安裝
伺服器 | IP地址 | 主機名 |
---|---|---|
Jenkins伺服器 | 192.168.200.112 | jenkins |
安裝docker-ce環境
yum -y install yum-utils device-mapper-persistent-data lvm2
curlhttps://download.docker.com/linux/centos/docker-ce.repo-o /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
mkdir -p /etc/docker
vim /etc/docker/daemon.json
cat /etc/docker/daemon.json
{
"registry-mirrors":[ "https://registry.docker-cn.com" ]
}
systemctl daemon-reload
systemctl restart docker
安裝JDK環境(因為是要用在容器中,因此宿主機不配PATH)
ls
tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/
cd /usr/local
ls
ln -s jdk1.8.0_45 jdk
安裝maven-3.5.0
ls
tar xf apache-maven-3.5.0-bin.tar.gz -C /usr/local/
cd /usr/local
ls
ln -s apache-maven-3.5.0 maven
建立jenkins映象的Dockerfile
沒有wget命令需要提前yum安裝
mkdir -p dockerfile/jenkins
cd dockerfile/jenkins
vim Dockerfile
cat Dockerfile
FROM jenkins
USER root
RUN echo "" > /etc/apt/sources.list.d/jessie-backports.list && \
wget http://mirrors.163.com/.help/sources.list.jessie -O /etc/apt/sources.list
RUN apt-get update && apt-get install -y git libltdl-dev
建立jenkins映象
docker build -t jenkins:v1 .
docker images
由於我們是在映象中去構建Jenkins的,所以
jenkins容器的資料目錄我們需要從宿主機上掛載(避免容器資料丟失)
jenkins的執行需要jdk環境,所以我們直接掛載宿主機上的jdk
jenkins構建java程式碼需要maven支援,所以我們直接掛載宿主機上的maven
Jenkins需要docker支援
Jenkins需要免互動拉取git程式碼,因此掛載本地的ssh金鑰
建立jenkins資料目錄
mkdir -p /var/jenkins_home
進行ssh免金鑰互動驗證
ssh-keygen --->一律回車即可
ssh-copy-id [email protected]
進行免互動測試
啟動jenkins容器
docker run -dit --name jenkins -p 8080:8080 -v /var/jenkins_home/:/var/jenkins_home/ -v /usr/local/apache-maven-3.5.0:/usr/local/maven -v /usr/local/jdk1.8.0_45:/usr/local/jdk -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker -v ~/.ssh:/root/.ssh jenkins:v1
利用瀏覽器訪問Jenkins容器
docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
c7e4ae00fd5941d6b20f1e45ab6835b6 #這就是密碼,輸入到瀏覽器裡
選擇所有外掛後,直接點install即可
我們現在構建一個可以執行solo程式碼的tomcat映象
mkdir -p /root/dockerfile/solo
cd /root/dockerfile/solo
vim Dockerfile
cat Dockerfile
FROM centos:7
MAINTAINER www.yunjisuan.com
RUN yum install unzip iproute -y
ENV JAVA_HOME /usr/local/jdk
ADD apache-tomcat-8.0.46.tar.gz /usr/local
RUN mv /usr/local/apache-tomcat-8.0.46 /usr/local/tomcat
WORKDIR /usr/local/tomcat
EXPOSE 8080
ENTRYPOINT ["./bin/catalina.sh", "run"]
ls
構建映象
docker build -t tomcat:v1 .
docker images
登陸harbor私有倉庫
docker login -uadmin -pHarbor12345 www.yunjisuan.com
推送映象到harbor倉庫(如果推送失敗請檢視證書驗證或者docker是否登陸)
docker images
docker tag tomcat:v1 www.yunjisuan.com/library/tomcat:v1
docker push www.yunjisuan.com/library/tomcat:v1
Jenkins基本配置
使用者名稱:admin 密碼:linyaonie
設定全域性配置
設定ssh連線憑據
jenkins連線Docker測試伺服器免互動驗證
ssh-copy-id [email protected]
在Jenkins的Web介面上新增憑據
cat ~/.ssh/id_rsa #就是把這些內容複製
Jenkins建立專案
我們先開始一個新的任務
圖片說明
圖片說明
到這裡我們先來測試一下maven構建java程式碼的效果
點選solo_blog專案的立刻構建,檢視構建資訊
在Jenkins伺服器上檢視構建後的結果
cd /var/jenkins_home/workspace/solo_blog/target
ls
ll solo.war --->這就是構建出來的war包
2.[root@JenkinsServer target]# pwd
3./var/jenkins_home/workspace/solo_blog/target
4.[root@JenkinsServer target]# ls
5.classes generated-test-sources maven-status solo_h2_test surefire-reports
6.generated-sources maven-archiver solo solo.war test-classes
7.[root@JenkinsServer target]# ll solo.war #這就是構建出來的war包
8.-rw-r--r-- 1 root root 43037193 7月 25 22:12 solo.war
通過指令碼將war包封裝進一個tomcat的映象中,然後推送到harbor
所以利用maven構建java的原始碼實際上就是生成可以在tomcat等容器中執行的war包
現在我們重新修改一下專案的配置,增加POST Steps(構建之後的操作)
其實,構建之後,我們只需要通過指令碼將war包封裝進一個tomcat的映象中,然後推送到harbor裡即可。
這就是需要新增進去的指令碼內容
cd $WORKSPACE
--->這是jenkins的可用變數,具體可以在上圖下邊檢視
cd $WORKSPACE
cat > Dockerfile << FOF
FROM www.yunjisuan.com/library/tomcat:v1
MAINTAINER www.yunjisuan.com
COPY target/solo.war /tmp/ROOT.war
RUN rm -rf /usr/local/tomcat/webapps/* && \
unzip /tmp/ROOT.war -d /usr/local/tomcat/webapps/ROOT && \
rm -f /tmp/ROOT.war
WORKDIR /usr/local/tomcat
EXPOSE 8080
ENTRYPOINT ["./bin/catalina.sh","run"]
FOF
docker build -t www.yunjisuan.com/library/solo:v1 .
docker login -uadmin -pHarbor12345 www.yunjisuan.com
docker push www.yunjisuan.com/library/solo:v1
然後我們再次進行構建檢視
至此我們就完成了以下幾步
git拉取java的solo專案原始碼
maven構建java的solo專案war包
將war包封裝成tomcat的容器啟動映象
將映象上傳harbor私有映象倉庫
我們還需要能夠直接部署到遠端測試主機
(192.168.200.111)上,因此我們繼續設定
在遠端主機(Docker測試伺服器)執行的指令碼如下
docker rm -f solo #清理舊的solo容器程序
docker rmi -f www.yunjisuan.com/library/solo:v1 #清理舊的solo:v1映象(不清理就不拉取映象了)
docker login -uadmin -pHarbor12345 www.yunjisuan.com
docker run -d --name solo -p 8888:8080 -v /usr/local/jdk1.8.0_45/:/usr/local/jdk www.yunjisuan.com/library/solo:v1
再次進行構建,並在docker主機上檢視構建結果
docker images --->docker測試伺服器上有映象了
2.REPOSITORY TAG IMAGE ID CREATED SIZE
3.www.yunjisuan.com/library/solo v1 e1b0d010c11b 11 minutes ago 408MB
4.redis latest f06a5773f01e 8 days ago 83.4MB
5.centos latest 49f7960eb7e4 7 weeks ago 200MB
docker ps -a --->啟動容器程序了
7.CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8.c4dba5567fd5 www.yunjisuan.com/library/solo:v1 "./bin/catalina.sh r…" 11 minutes ago Up 11 minutes 0.0.0.0:8888->8080/tcp solo
我們通過瀏覽器訪問
好文要頂 關注我 收藏該文