jenkins+git+docker實驗環境的搭建
持續整合(c/i)的實驗環境
git/harbor伺服器 ip 192.168.200.132
docker伺服器 ip 192.168.200.149
Jenkins伺服器 ip 192.168.200.150
工具與版本要求
centos 7.5_x86
maven 3.5
tomcat 8
jdk 1.8
jenkins 2.6
docker -ce 18.09.0
檢視實驗環境
[[email protected] ~]# cat /etc/redhat-release CentOS Linux release7.5.1804 (Core) [[email protected] ~]# uname -r 3.10.0-862.el7.x86_64
開始部署harbor
[[email protected] ~]# ls
anaconda-ks.cfg docker-compose harbor-offline-installer-v1.5.0.tgz
#建立ca證書
[[email protected] ~]# mkdir -p /data/ssl
[[email protected] ~]# cd /data/ssl/
[[email protected]
/usr/bin/openssl
[[email protected] ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
.......................................................................................................................................++
...................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com
Email Address []:
[[email protected] ssl]#
#生成證書請求
[[email protected] ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr
Generating a 4096 bit RSA private key
...................................................++
.........................................++
writing new private key to 'www.yunjisuan.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[[email protected] ssl]#
#生成主機登錄檔的證書
[[email protected] ssl]# openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.com
Getting CA Private Key
[[email protected] ssl]#
#檢視生成的證書
[[email protected] ssl]# ls
ca.crt ca.key ca.srl www.yunjisuan.com.crt www.yunjisuan.com.csr www.yunjisuan.com.key
#信任自簽發的證書
[[email protected] ssl]# cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/
[[email protected] ssl]# update-ca-trust enable
[[email protected] ssl]# update-ca-trust extract
#關閉selinux
[[email protected] ssl]# setenforce 0
#檢視selinux的狀態
[[email protected] ssl]# sestatus
#安裝docker
[[email protected] ssl]# yum -y install yum-utils device-mapper-persistent-data 1vm2 wget
[[email protected] yum.repos.d]# wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[[email protected] yum.repos.d]# yum -y install docker-ce
[[email protected] yum.repos.d]# systemctl start docker
[[email protected] yum.repos.d]# vim /etc/docker/daemon.json
[[email protected] yum.repos.d]# cat /etc/docker/daemon.json
{
"registry-mirrors":[ "https://registry.docker-cn.com" ]
}
[[email protected] yum.repos.d]# systemctl daemon-reload
[[email protected] yum.repos.d]# systemctl restart docker
[[email protected] yum.repos.d]# docker version
Client:
Version: 18.09.0
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:48:22 2018
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.0
API version: 1.39 (minimum version 1.12)
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:19:08 2018
OS/Arch: linux/amd64
Experimental: false
#搭建harbor,先複製證書
[[email protected] ssl]# cd /data/ssl/
[[email protected] ssl]# mkdir -p /etc/ssl/harbor
[[email protected] ssl]# cp /data/ssl/www.yunjisuan.com.key /etc/ssl/harbor/
[[email protected] ssl]# cp /data/ssl/www.yunjisuan.com.crt /etc/ssl/harbor/
#harbor的現在地址
[[email protected] install]# wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz
#安裝harbor
[[email protected] install]# cd ~
[[email protected] ~]# tar xf harbor-offline-installer-v1.5.0.tgz -C /data/install/
[[email protected] ~]# cd /data/install/harbor/
[[email protected] harbor]# cp harbor.cfg{,.bak}
[[email protected] harbor]# cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p'
7 hostname = www.yunjisuan.com
11 ui_url_protocol = https
23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt
24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key
68 harbor_admin_password = Harbor12345
[[email protected] harbor]#
#安裝docker-compose命令
[[email protected] harbor]# cd ~
[[email protected] ~]# chmod +x docker-compose
[[email protected] ~]# mv docker-compose /usr/bin/
[[email protected] ~]# which docker-compose
/usr/bin/docker-compose
#啟動harbor
[[email protected] ~]# cd /data/install/harbor/
[[email protected] harbor]# ./install.sh --with-clair
給其他伺服器下發信任證書
[[email protected] ~]# scp /data/ssl/www.yunjisuan.com.crt 192.168.200.149:/etc/pki/ca-trust/source/anchors/ The authenticity of host '192.168.200.149 (192.168.200.149)' can't be established. ECDSA key fingerprint is SHA256:gm/RhqGrfDo5Rgcr/LmBAaqPv6tmni7cRpXjGEWZQpg. ECDSA key fingerprint is MD5:ae:f6:0b:6e:80:96:67:cf:bd:e8:f5:b5:c4:e0:da:11. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.200.149' (ECDSA) to the list of known hosts. [email protected]192.168.200.149's password: www.yunjisuan.com.crt 100% 1931 5.9KB/s 00:00 [[email protected] ~]# scp /data/ssl/www.yunjisuan.com.crt 192.168.200.150:/etc/pki/ca-trust/source/anchors/ The authenticity of host '192.168.200.150 (192.168.200.150)' can't be established. ECDSA key fingerprint is SHA256:gm/RhqGrfDo5Rgcr/LmBAaqPv6tmni7cRpXjGEWZQpg. ECDSA key fingerprint is MD5:ae:f6:0b:6e:80:96:67:cf:bd:e8:f5:b5:c4:e0:da:11. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.200.150' (ECDSA) to the list of known hosts. [email protected]192.168.200.150's password: www.yunjisuan.com.crt 100% 1931 19.5KB/s 00:00 [[email protected] ~]#
讓另兩個伺服器立即生效並且對映域名,重啟docker
[[email protected] ~]# update-ca-trust enable [[email protected] ~]# update-ca-trust extract [[email protected] ~]# echo "192.168.200.132 www.yunjisuan.com" >> /etc/hosts [[email protected] ~]# systemctl restart docker
[[email protected] ~]# update-ca-trust enable [[email protected] ~]# update-ca-trust extract [[email protected] ~]# echo "192.168.200.132 www.yunjisuan.com" >> /etc/hosts [[email protected] ~]# systemctl restart docker
部署git在harbor上和Jenkins上
[[email protected] harbor]# yum -y install git
[[email protected] harbor]# useradd git [[email protected] harbor]# echo "123123" | passwd --stdin git Changing password for user git. passwd: all authentication tokens updated successfully.