CI/CD介绍
发布流程设计
| 服务器 | IP地址 | 主机名 |
|---|---|---|
| Git/Harbor | 192.168.200.70 | git-harbor |
| Docker | 192.168.200.111 | docker |
| Jenkins | 192.168.200.112 | jenkins |
| 工具 | 版本 |
|---|---|
| CentOS | 7.5_x64 |
| Maven | 3.5 |
| Tomcat | 8 |
| JDK | 1.8 |
| Jenkins | 2.6 |
| Docker CE | 18.03.1 |
cat /etc/redhat-release
uname -r
Jenkins+Docker+Git所有包
链接:https://pan.baidu.com/s/10GWHTqAx9E9d1hhJNuI1gw
提取码:py3b
部署Harbor镜像仓库
| 服务器 | IP地址 |
|---|---|
| Git/Harbor | 192.168.200.70 |
创建ca证书
mkdir -p /data/ssl
cd /data/ssl
which openssl
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key.................................................++......................................................................................................................++writing new private key to 'ca.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:BeijingLocality Name (eg, city) [Default City]:BeijingOrganization Name (eg, company) [Default Company Ltd]:yunjisuanOrganizational Unit Name (eg, section) []:yunjisuanCommon Name (eg, your name or your servers hostname) []:www.yunjisuan.comEmail Address []:
生成证书请求
openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr
Generating a 4096 bit RSA private key..........................................................++.......................................................................................................................++writing new private key to 'www.yunjisuan.com.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:BeijingLocality Name (eg, city) [Default City]:BeijingOrganization Name (eg, company) [Default Company Ltd]:yunjisuanOrganizational Unit Name (eg, section) []:yunjisuanCommon Name (eg, your name or your servers hostname) []:www.yunjisuan.comEmail Address []:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:
生成注册表主机的证书
openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt
Signature oksubject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.comGetting CA Private Key
ll
信任自签发的证书
cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust enable
update-ca-trust extract
安装docker-ce社区版
setenforce 0
yum -y install yum-utils device-mapper-persistent-data lvm2
curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
systemctl start docker
systemctl enable docker
docker version
安装harbor仓库
mkdir -p /etc/ssl/harbor
cp /data/ssl/www.yunjisuan.com.key /etc/ssl/harbor/
cp /data/ssl/www.yunjisuan.com.crt /etc/ssl/harbor/
wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz
上文有下载包,这里就没有wget下载。mkdir -p /data/install
cd /data/install
ls
tar xf harbor-offline-installer-v1.5.0.tgz
cd harbor
cp harbor.cfg{,.bak}
vim harbor.cfg
cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p'
7 hostname = www.yunjisuan.com11 ui_url_protocol = https23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key68 harbor_admin_password = Harbor12345
安装命令docker-compose(需要1.21版本)
curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname-s)-$(uname -m) -o /usr/local/bin/docker-compose上文有下载包,这里就没有下载
cd /usr/local/bin/
ls
chmod +x /usr/local/bin/docker-compose
which docker-compose
docker-compose -version
启动harbor私有镜像仓库
cd /data/install/harbor
./install.sh --with-clair
为其他服务器下发证书,并映射域名
为其他服务器下发证书
scp /data/ssl/www.yunjisuan.com.crt 192.168.200.111:/etc/pki/ca-trust/source/anchors/
scp /data/ssl/www.yunjisuan.com.crt 192.168.200.112:/etc/pki/ca-trust/source/anchors/
在Docker客户端上(192.168.200.111)
update-ca-trust enable
update-ca-trust extract
vim /etc/hosts
tail -1 /etc/hosts
192.168.200.70 www.yunjisuan.com
在jenkins服务器上(192.168.200.203)
update-ca-trust enable
update-ca-trust extract
vim /etc/hosts
tail -1 /etc/hosts
192.168.200.70 www.yunjisuan.com
部署Git服务器
| 服务器 | IP地址 | 主机名 |
|---|---|---|
| Git/Harbor | 192.168.200.70 | git-harbor |
| Jenkins服务器 | 192.168.200.112 | jenkins |
以下操作在Harbor/Git上(192.168.200.70)
yum -y install git
which git
创建git用户密码
useradd git
passwd git
su - git
创建git项目目录
mkdir solo.git
cd solo.git/
初始化git目录
git --bare init
ls
以下的操作在Jenkins上(192.168.200.112)
在192.168.200.112上也安装git模拟项目代码提交
yum -y install git
which git
创建用于提交的git目录
mkdir -p /code
cd /code
git clone root@192.168.200.70:/home/git/solo.git
ls
将solo项目的源码拷贝到git的上传目录下(solo源代码在上文有下载链接)
mv ~/solo/* solo/
ls solo/
添加需要提交的文件目标
cd solo
git add .
进行代码提交
git commit -m "all"
*** Please tell me who you are. #出现这个提示是让你补充提交信息Rungit config --global user.email "you@example.com" #你的邮箱git config --global user.name "Your Name" #你的名字to set your account's default identity.Omit --global to set the identity only in this repository.fatal: unable to auto-detect email address (got 'root@JenkinsServer.(none)')
git config --global user.email "1123400300@qq.com"
git config --global user.name "Mr.sun"
git commit -m "all" #补充信息后,即可提交成功
提交完代码之后,需要推送到git服务端
git push origin master --->origin master版本信息
为了最后的solo项目测试,我们需要修改一下solo项目源代码的某个配置文件
cd /code/solo/src/main/resources
ls
cat -n latke.properties | sed -n '29p;31p'
29 serverHost=localhost31 serverPort=8080
将文件的上边两行代码修改成如下所示
vim latke.properties
cat -n latke.properties | sed -n '29p;31p'
29 serverHost=192.168.200.111 #修改成docker的IP地址31 serverPort=8888
再次进行git版本提交
cd /code/solo/
git add .
git commit -m "latke.properties"
git push origin master
构建业务基础镜像(tomcat:v1)
在后边构建
| 服务器 | IP地址 | 主机名 |
|---|---|---|
| Docker | 192.168.200.111 | docker |
安装docker
yum -y install yum-utils device-mapper-persistent-data lvm2
curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
docker --version
添加docker国内镜像源
mkdir -p /etc/docker
vim /etc/docker/daemon.json
cat /etc/docker/daemon.json
{"registry-mirrors":[ "https://registry.docker-cn.com" ]}
systemctl daemon-reload
systemctl restart docker
部署jdk环境(不需要添加环境变量)
ls
tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/
cd /usr/local
ls
ln -s jdk1.8.0_45 jdk
Jenkins安装
| 服务器 | IP地址 | 主机名 |
|---|---|---|
| Jenkins服务器 | 192.168.200.112 | jenkins |
安装docker-ce环境
yum -y install yum-utils device-mapper-persistent-data lvm2
curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
mkdir -p /etc/docker
vim /etc/docker/daemon.json
cat /etc/docker/daemon.json
{"registry-mirrors":[ "https://registry.docker-cn.com" ]}
systemctl daemon-reload
systemctl restart docker
安装JDK环境(因为是要用在容器中,因此宿主机不配PATH)
ls
tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/
cd /usr/local
ls
ln -s jdk1.8.0_45 jdk
安装maven-3.5.0
ls
tar xf apache-maven-3.5.0-bin.tar.gz -C /usr/local/
cd /usr/local
ls
ln -s apache-maven-3.5.0 maven
创建jenkins镜像的Dockerfile
没有wget命令需要提前yum安装
mkdir -p dockerfile/jenkins
cd dockerfile/jenkins
vim Dockerfile
cat Dockerfile
FROM jenkinsUSER rootRUN echo "" > /etc/apt/sources.list.d/jessie-backports.list &&wget http://mirrors.163.com/.help/sources.list.jessie -O /etc/apt/sources.listRUN apt-get update && apt-get install -y git libltdl-dev
创建jenkins镜像
docker build -t jenkins:v1 .
docker images
由于我们是在镜像中去构建Jenkins的,所以
jenkins容器的数据目录我们需要从宿主机上挂载(避免容器数据丢失)
jenkins的运行需要jdk环境,所以我们直接挂载宿主机上的jdk
jenkins构建java代码需要maven支持,所以我们直接挂载宿主机上的maven
Jenkins需要docker支持
Jenkins需要免交互拉取git代码,因此挂载本地的ssh密钥
创建jenkins数据目录
mkdir -p /var/jenkins_home
进行ssh免密钥交互验证
ssh-keygen --->一律回车即可
ssh-copy-id git@192.168.200.70
进行免交互测试
ssh git@192.168.200.70
启动jenkins容器
docker run -dit --name jenkins -p 8080:8080 -v /var/jenkins_home/:/var/jenkins_home/ -v /usr/local/apache-maven-3.5.0:/usr/local/maven -v /usr/local/jdk1.8.0_45:/usr/local/jdk -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker -v ~/.ssh:/root/.ssh jenkins:v1
利用浏览器访问Jenkins容器
docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
c7e4ae00fd5941d6b20f1e45ab6835b6 #这就是密码,输入到浏览器里
选择所有插件后,直接点install即可
我们现在构建一个可以运行solo代码的tomcat镜像
mkdir -p /root/dockerfile/solo
cd /root/dockerfile/solo
vim Dockerfile
cat Dockerfile
FROM centos:7MAINTAINER www.yunjisuan.comRUN yum install unzip iproute -yENV JAVA_HOME /usr/local/jdkADD apache-tomcat-8.0.46.tar.gz /usr/localRUN mv /usr/local/apache-tomcat-8.0.46 /usr/local/tomcatWORKDIR /usr/local/tomcatEXPOSE 8080ENTRYPOINT ["./bin/catalina.sh", "run"]
ls
构建镜像
docker build -t tomcat:v1 .
docker images
登陆harbor私有仓库
docker login -uadmin -pHarbor12345 www.yunjisuan.com
推送镜像到harbor仓库(如果推送失败请查看证书验证或者docker是否登陆)
docker images
docker tag tomcat:v1 www.yunjisuan.com/library/tomcat:v1
docker push www.yunjisuan.com/library/tomcat:v1
Jenkins基本配置
用户名:admin 密码:linyaonie
设定全局配置
设定ssh连接凭据
jenkins连接Docker测试服务器免交互验证
ssh-copy-id root@192.168.200.111
ssh root@192.168.200.111
在Jenkins的Web界面上添加凭据
cat ~/.ssh/id_rsa #就是把这些内容复制
Jenkins创建项目
我们先开始一个新的任务
图片说明
图片说明
到这里我们先来测试一下maven构建java代码的效果
点击solo_blog项目的立刻构建,查看构建信息
在Jenkins服务器上查看构建后的结果
cd /var/jenkins_home/workspace/solo_blog/target
ls
ll solo.war --->这就是构建出来的war包
2.[root@JenkinsServer target]# pwd3./var/jenkins_home/workspace/solo_blog/target4.[root@JenkinsServer target]# ls5.classes generated-test-sources maven-status solo_h2_test surefire-reports6.generated-sources maven-archiver solo solo.war test-classes7.[root@JenkinsServer target]# ll solo.war #这就是构建出来的war包8.-rw-r--r-- 1 root root 43037193 7月 25 22:12 solo.war
通过脚本将war包封装进一个tomcat的镜像中,然后推送到harbor
所以利用maven构建java的源代码实际上就是生成可以在tomcat等容器中运行的war包
现在我们重新修改一下项目的配置,增加POST Steps(构建之后的操作)
其实,构建之后,我们只需要通过脚本将war包封装进一个tomcat的镜像中,然后推送到harbor里即可。
这就是需要添加进去的脚本内容
cd $WORKSPACE--->这是jenkins的可用变量,具体可以在上图下边查看
cd $WORKSPACEcat > Dockerfile << FOFFROM www.yunjisuan.com/library/tomcat:v1MAINTAINER www.yunjisuan.comCOPY target/solo.war /tmp/ROOT.warRUN rm -rf /usr/local/tomcat/webapps/* &&unzip /tmp/ROOT.war -d /usr/local/tomcat/webapps/ROOT &&rm -f /tmp/ROOT.warWORKDIR /usr/local/tomcatEXPOSE 8080ENTRYPOINT ["./bin/catalina.sh","run"]FOFdocker build -t www.yunjisuan.com/library/solo:v1 .docker login -uadmin -pHarbor12345 www.yunjisuan.comdocker push www.yunjisuan.com/library/solo:v1
然后我们再次进行构建查看
至此我们就完成了以下几步
git拉取java的solo项目源代码
maven构建java的solo项目war包
将war包封装成tomcat的容器启动镜像
将镜像上传harbor私有镜像仓库
我们还需要能够直接部署到远程测试主机
(192.168.200.111)上,因此我们继续设置
在远程主机(Docker测试服务器)执行的脚本如下
docker rm -f solo #清理旧的solo容器进程docker rmi -f www.yunjisuan.com/library/solo:v1 #清理旧的solo:v1镜像(不清理就不拉取镜像了)docker login -uadmin -pHarbor12345 www.yunjisuan.comdocker run -d --name solo -p 8888:8080 -v /usr/local/jdk1.8.0_45/:/usr/local/jdk www.yunjisuan.com/library/solo:v1
再次进行构建,并在docker主机上查看构建结果
docker images --->docker测试服务器上有镜像了
2.REPOSITORY TAG IMAGE ID CREATED SIZE3.www.yunjisuan.com/library/solo v1 e1b0d010c11b 11 minutes ago 408MB4.redis latest f06a5773f01e 8 days ago 83.4MB5.centos latest 49f7960eb7e4 7 weeks ago 200MB
docker ps -a --->启动容器进程了
7.CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES8.c4dba5567fd5 www.yunjisuan.com/library/solo:v1 "./bin/catalina.sh r…" 11 minutes ago Up 11 minutes 0.0.0.0:8888->8080/tcp solo
我们通过浏览器访问
