基于GitLab的CI/CD自动化部署

思路

1. 合并代码到master分支，触发Pipeline Job
2. GitLab Runner Job拉取最新代码
3. 创建部署用docker image
4. 提交docker image到GitLab Container Registry
5. SSH登录部署主机，拉取最新image
6. 重启docke容器

准备工作 注册自己的Gitlab runner

1. 准备编译服务器Ubuntu
2. 下载安装包

# Replace ${arch} with any of the supported architectures, e.g. amd64, arm, arm64
# A full list of architectures can be found here https://gitlab-runner-downloads.s3.amazonaws.com/latest/index.html
curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_${arch}.deb"

3. 安装deb包

dpkg -i gitlab-runner_<arch>.deb

4. runner的docker权限添加

sudo usermod -aG docker gitlab-runner

5. 获取GitLab分组的CI/CD Runner注册Token
   
   

6. 注册runner到GitLab分组

• executor: 类型根据情况修改，一般使用docker

sudo gitlab-runner register 
  --non-interactive 
  --url "https://gitlab.com/" 
  --registration-token "PROJECT_REGISTRATION_TOKEN" 
  --executor "docker" 
  --name "docker-runner" 
  --description "docker-runner" 
  --tag-list "docker,aws" 
  --run-untagged="true" 
  --locked="false" 
  --access-level="not_protected" 
  --docker-image "docker:19.03.12" 
  --docker-privileged 
  --docker-volumes "/certs/client"

• 查看登录情况(TLS启用情况)

cat /etc/gitlab-runner/config.toml
[[runners]]
  name = "docker-runner"
  url = "https://gitlab.com/"
  token = TOKEN
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "docker:19.03.12"
    privileged = true
    disable_cache = false
    volumes = ["/certs/client", "/cache"]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]

7. GitLab分组查看注册的runner

配置GitLab与服务器

1. 项目仓库根目录下添加创建镜像的Dockerfile
2. 项目仓库根目录下添加.gitlab-ci.yml模板
3. 编译服务器ssh-key创建

• 千万别设置密码passphrase 内容

ssh-keygen -t rsa -b 2048

4. 添加id_rsa内容到GitLab分组参数：SSH_PRIVATE_KEY

• https://docs.gitlab.com/ee/ci/ssh_keys/
  

5. 添加部署服务器ip地址与用户名到GitLab分组参数

• SSH_KNOWN_HOST：ip地址
• SSH_KNOWN_HOST_USER：用户名

6. 添加id_rsa.pub内容到部署服务器
7. 上传文件id_rsa.pub到部署服务器
   - /home/ubuntu/.ssh
8. 添加认证信息到authorized_keys
   - cat id_rsa.pub >> ~/.ssh/authorized_keys
9. 部署服务器docker-compose.yml配置
10. 修改.gitlab-ci.yml添加ssh命令

• 多行命令用&&链接

image: docker:19.03.12
services:
  - docker:19.03.12-dind

stages: 
  - build
  - deploy

variables:
  DOCKER_TLS_CERTDIR: "/certs"
  IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  
before_script:
    - echo "$CI_REGISTRY"
    - echo "$IMAGE_TAG"
    - echo "$CI_REGISTRY_USER"
    - echo "$CI_REGISTRY_PASSWORD"
    - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin

build: 
  stage: build
  script:  
    - docker build -t $IMAGE_TAG .
    - docker push $IMAGE_TAG

deploy:
  stage: deploy
  script:  
    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '
' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan $SSH_KNOWN_HOST >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
    - ssh $SSH_KNOWN_HOST_USER@$SSH_KNOWN_HOST "sudo echo $CI_REGISTRY_PASSWORD | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin && docker pull $IMAGE_TAG && docker-compose -f /home/ubuntu/docker-compose.yml restart"
  only:
    - main

常见问题与解决

Error loading key "(stdin)": invalid format gitlab

• 解决办法： 把参数的Protected去掉