基于docker的cicd

2022/5/5 6:13:08

本文主要是介绍基于docker的cicd,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

基于docker的cicd

harbor配置

#部署harbor前需要安装docker docker-compose
# 下载docker部署包
# https://download.docker.com/linux/static/stable/x86_64/

[root@harbor ~]# tar xf docker-20.10.10.tgz 
[root@harbor ~]# mv docker/* /usr/bin/
#加入systemd管理
#--------------------------------------------------------
cat > /usr/lib/systemd/system/docker.service << 'EOF'
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF
#--------------------------------------------------------
#创建配置文件
rm -f /etc/docker/*
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://ajvcw8qn.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
systemctl enable docker.service
#个人docker源:
#这个是阿里云配置的加速,直接添加阿里云加速源就可以了,上面显示了配置办法。
#https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
#设置开机启动和启动即可
systemctl enable docker
systemctl start docker

# 部署docker-compose
curl -L https://get.daocloud.io/docker/compose/releases/download/v2.2.3/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose -v



#harbor下载:
# wget https://github.com/goharbor/harbor/releases/download/v2.3.2/harbor-offline-installer-v2.3.2.tgz

[root@harbor ~]# ll
anaconda-ks.cfg
harbor-offline-installer-v2.3.2.tgz

#解压部署包
tar xf harbor-offline-installer-v2.3.2.tgz -C /usr/local/
cd /usr/local/harbor

#harbor配置文件修改:
\cp harbor.yml.tmpl harbor.yml
 vi harbor.yml  #也可以尝试用sed修改 sed -i  '5ahostname: 192.168.10.23' harbor.yml

#修改hostname为本机IP地址
#hostname: reg.mydomain.com
hostname: 192.168.10.23

#注释https
#  port: 443
  # The path of cert and key files for nginx
#  certificate: /your/certificate/path
#  private_key: /your/private/key/path

验证:
[root@node01 harbor]#  grep '^hostname' harbor.yml
hostname: 192.168.10.23   #也可以写成IP地址

#部署harbor
[root@node01 harbor]# cd /usr/local/harbor
[root@node01 harbor]# ./prepare     #准备环境配置文件

[root@node01 harbor]# ./install.sh
#部署完成
 ⠿ Container harbor-core        Started                        
 ⠿ Container harbor-jobservice  Started                        
 ⠿ Container nginx              Started                        
✔ ----Harbor has been installed and started successfully.----

#默认登录账号
admin
Harbor12345

harbor创建一个公开项目

gitlab部署配置测试

起gitlab容器

mkdir -p /opt/gitlab
cd /opt/gitlab

#启动gitlab容器

docker run -d \
  --name gitlab \
  -p 8443:443 \
  -p 80:80 \
  -p 9998:22 \
  -v /opt/gitlab/config:/etc/gitlab \
  -v /opt/gitlab/logs:/var/log/gitlab \
  -v /opt/gitlab/data:/var/opt/gitlab \
  -v /etc/localtime:/etc/localtime \
  --hostname 192.168.10.21 \
  registry.cn-hangzhou.aliyuncs.com/chenleilei/gitlab:latest

第一次打开需要设置密码:
默认账号: root
默认密码: 启动时设置

创建密钥
服务器上新建一个密钥,用于推送代码到gitlab
上传代码添加ssh-key

#配置无密码推送

[root@node01 ~]# ssh-keygen #一路回车
[root@node01 ~]# cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFiRM/NMTNRVCleVI8i7he+NHJevTtdp0CeSG/AWEKZBZOUr/pDNtHwlqHlBjc1ikDsZTgQLad7yavDpESXrP8C9bTTNmuk22JnXQDyQIt17NNV65esELaiIax01MNgIofnxeKe5vCFvkeW+LG/UjAkATuBAd6DqBheh6Ji3TPXE6tyjgtFYnA7ovZls/sKxBpbdgryvcM16VCMmJfTECx2ioKQ78y1LQsUhgD34+QHTd55fe9aWiD6TA08fWr6DEdwx3pHPyizXskPpWeZLLX6jIUDRwHEiJIpXPm5JkqGgvk/TlNDs5WWawl6ND5zmjtjcT3hZbp76Y6O4MW4Hrb root@node01


创建项目仓库
进入gitlab后创建项目
tomcat-java-demo-master

创建一个私有仓库

默认指引操作:

Git 全局设置
git config --global user.name "Administrator"
git config --global user.email "admin@example.com"

创建新版本库
git clone http://192.168.10.22/root/tomcat-java-demo.git
cd tomcat-java-demo
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master

已存在的文件夹
cd existing_folder
git init
git remote add origin http://192.168.10.22/root/tomcat-java-demo.git
git add .
git commit -m "Initial commit"
git push -u origin master

已存在的 Git 版本库
cd existing_repo
git remote rename origin old-origin
git remote add origin http://192.168.10.22/root/tomcat-java-demo.git
git push -u origin --all
git push -u origin --tags

提交代码

yum install -y git
unzip tomcat-java-demo-master.zip

#初始化
cd tomcat-java-demo
git init

#提交代码:
cd java-demo
git add .
git commit -m "java-demo commit"
git push -u origin master

#默认gitlab账号root 
#密码为自己创建的gitlab密码

Jenkins部署配置测试

架构图:

#部署jdk
tar zxvf jdk-8u211-linux-x64.tar.gz
mv jdk1.8.0_211 /usr/local/jdk

#部署maven
tar xf apache-maven-3.3.9-bin.tar.gz -C /usr/local/
mv /usr/local/apache-maven-3.3.9 /usr/local/maven


#部署Jenkins 挂载djk maven,配置域名
docker run -d --name jenkins -p 80:8080 -p 50000:50000 -u root  \
-v /opt/jenkins_home:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock   \
-v /usr/bin/docker:/usr/bin/docker \
-v /usr/local/maven:/usr/local/maven \
-v /usr/local/jdk:/usr/local/jdk \
-v /etc/localtime:/etc/localtime \
-v /root/.m2:/root/.m2 \
--env JAVA_OPTS=-Dhudson.footerURL=http://192.168.10.21 \
--name jenkins registry.cn-hangzhou.aliyuncs.com/chenleilei/jenkins

#建议配置,这是构建缓存
-v /root/.m2:/root/.m2

#通过日志找到jenkins密码:
执行命令: docker logs jenkins |& grep -A 2 'installation:'|tail -n1
结果:
714f9c9c6e9d472dbfcd907659ad3ebf

安装jenkins初始化配置:

安装推荐插件

选择安装pipeline插件,直接推荐安装就行


保存并完成:

Jenkins下载插件

https://plugins.jenkins.io/ui/search?query=Localization

选择下载的语言插件: localzation-zh-cn.hpi 然后点击 upload 上传即可


直接上传插件安装:

#官方插件下载地址[较慢]:
https://plugins.jenkins.io/

#插件连接
链接:https://pan.baidu.com/s/1N7ckzQkhEaifaeJiSKc3TQ?pwd=hs0n 
提取码:hs0n 

#安装插件:
tar xf plugins.tar.gz 
mv plugins/* /opt/jenkins_home/plugins/
docker restart jenkins #[如果是非容器,直接移动到目录即可,建议先尝试引导页安装插件]

重新登录后就OK了,页面也汉化了,包里还有pipline等各类插件,都不需要再次安装了

确认pipline是否安装好了 只需要新建任务时看到又流水线即可
如果第一次启动时就安装了pipeline插件这里就会显示出来流水线,建议第一次的时候就安装

pipeline示例:

pipeline {
    agent any
    
    stages {
       stage ('1.拉取代码拉取'){
            steps {
                echo '拉取代码'
            }
        }
        stage ('2.编译代码'){
            steps {
                echo '编译代码'
            }
        }
        stage ('3.发布代码'){
            steps {
                echo '发布代码'
            }
        }
    }
}

测试发布:

配置参数化构建

配置完成后保存

多个分支配置:

这样就可以把代码分支发布到多个环境中

这就完成了第一步的发布配置,随后需要添加这3个环境的发布脚本来选择不同环境的发布配置

jenkins配置harbor认证



def docker_registry_auth = "c1b519ad-fd4e-4462-9a12-57a6da8617ba"  #镜像认证,连接harbor的用户密码
添加git的访问gitlab凭据
登录用户 root  
登录密码 x19900606

最后查看 (描述不用管):

将这个认证密钥也放入脚本中

def git_auth = "96150ecc-638e-4bce-82dc-78709b0c2c26"   #git镜像认证

最终代码:

脚本如下:

#!/usr/bin/env groovy

def registry = "192.168.10.23"
def project = "library"
def app_name = "demo"
def image_name = "${registry}/${project}/${app_name}:${Branch}-${BUILD_NUMBER}"
def git_address = "http://192.168.10.21/root/java-demo.git"
def docker_registry_auth = "a2925179-7377-4788-b83a-176ec629d0c6"
def git_auth = "96150ecc-638e-4bce-82dc-78709b0c2c26"

pipeline {
    agent any
    stages {
        stage('拉取代码'){
            steps {
              checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])
            }
        }

        stage('代码编译'){
           steps {
             sh """
                pwd
                JAVA_HOME=/usr/local/jdk
                PATH=$JAVA_HOME/bin:/usr/local/maven/bin:$PATH
                mvn clean package -Dmaven.test.skip=true
                """ 
           }
        }

        stage('构建镜像'){
           steps {
                withCredentials([usernamePassword(credentialsId: "${docker_registry_auth}", passwordVariable: 'password', usernameVariable: 'username')]) {
                sh """
                  echo '
                    FROM lizhenliang/tomcat
                    LABEL maitainer lizhenliang
                    RUN rm -rf /usr/local/tomcat/webapps/*
                    ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
                  ' > Dockerfile
                  docker build -t ${image_name} .
                  docker login -u ${username} -p '${password}' ${registry}
                  docker push ${image_name}
                """
                }
           } 
        }

        stage('部署到Docker'){
           steps {
              sh """
              docker rm -f tomcat-java-demo |true
              docker container run -d --name tomcat-java-demo -p 88:8080 ${image_name}
              """
            }
        }
    }
}

流水线测试
选择需要使用的仓库,通过配置的凭据来添加仓库
正确结果:

错误结果:

生成流水线脚本

checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: '69728f95-d881-4eeb-bdc0-a49d747e8250', url: 'http://192.168.10.21/root/java-demo.git']]])

将这个脚本代码写入pipline脚本拉取代码的区块中,由于已经配置了环境变量 所以这时候就不需要做这步了 这里只是为了演示如何获取认证的脚本


#通过变量解决这些问题

  stages {
        stage('拉取代码'){
            steps {
              checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])
            }
        }

流水线代码:

#!/usr/bin/env groovy

def registry = "192.168.10.23"  #harbor地址
def project = "library"
def app_name = "demo"
def image_name = "${registry}/${project}/${app_name}:${Branch}-${BUILD_NUMBER}"
def git_address = "http://192.168.10.21/root/java-demo.git"
def docker_registry_auth = "a2925179-7377-4788-b83a-176ec629d0c6"
def git_auth = "96150ecc-638e-4bce-82dc-78709b0c2c26"

pipeline {
    agent any
    stages {
        stage('拉取代码'){
            steps {
              checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])
            }
        }

        stage('代码编译'){
           steps {
             sh """
                pwd
                JAVA_HOME=/usr/local/jdk
                PATH=$JAVA_HOME/bin:/usr/local/maven/bin:$PATH
                mvn clean package -Dmaven.test.skip=true
                """ 
           }
        }

        stage('构建镜像'){
           steps {
                withCredentials([usernamePassword(credentialsId: "${docker_registry_auth}", passwordVariable: 'password', usernameVariable: 'username')]) {
                sh """
                  echo '
                    FROM lizhenliang/tomcat
                    LABEL maitainer lizhenliang
                    RUN rm -rf /usr/local/tomcat/webapps/*
                    ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
                  ' > Dockerfile
                  docker build -t ${image_name} .
                  docker login -u ${username} -p '${password}' ${registry}
                  docker push ${image_name}
                """
                }
           } 
        }

        stage('部署到Docker'){
           steps {
              sh """
              docker rm -f tomcat-java-demo |true
              docker container run -d --name tomcat-java-demo -p 88:8080 ${image_name}
              """
            }
        }
    }
}

发布测试



web页面检查:

该操作仅能把服务部署到本机,如需远程部署,继续往下看

远程部署多台机器

远程部署需要安装插件publish Over SSH, Jenkins服务器中需要安装软件 sshpass
远程部署3要素:

  1. 每台服务器都需要安装apt install sshpass
  2. jenkins配置 选项参数 以便于部署时可以选择发布的机器
  3. 远程部署pipeline脚本
#发布到其他服务器
更新源:
sed -e "s,deb.debian.org,opentuna.cn,g" -e "s,security.debian.org,opentuna.cn,g" -e "s,^deb-src,#deb-src,g" -i.bak /etc/apt/sources.list

# Jenkins服务器容器中安装 sshpass 让这台机器具有远程部署能力

apt install sshpass

再修改java-damo项目中的 pipeline script配置:
#添加认证密码 -p "123456"

sh """
set +e
/usr/bin/sshpass -p "123456" ssh  -o StrictHostKeyChecking=no root@${installserver} "docker rm -f tomcat-java-demo |true;docker container run -d --name tomcat-java-demo   -p 88:8080  ${image_name}"
"""

添加下拉框,选择指定服务器发布:

远程部署pipeline脚本:

#!/usr/bin/env groovy

def registry = "192.168.10.23"  #23是Harbor地址,192.168.10.21是gitlab地址
def project = "library"
def app_name = "demo"
def image_name = "${registry}/${project}/${app_name}:${Branch}-${BUILD_NUMBER}"
def git_address = "http://192.168.10.21/root/java-demo.git"
def docker_registry_auth = "a2925179-7377-4788-b83a-176ec629d0c6"
def git_auth = "96150ecc-638e-4bce-82dc-78709b0c2c26"

pipeline {
    agent any
    stages {
        stage('拉取代码'){
            steps {
              checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])
            }
        }

        stage('代码编译'){
           steps {
             sh """
                JAVA_HOME=/usr/local/jdk
                PATH=$JAVA_HOME/bin:/usr/local/maven/bin:$PATH
                mvn clean package -Dmaven.test.skip=true
                """ 
           }
        }

        stage('构建镜像'){
           steps {
                withCredentials([usernamePassword(credentialsId: "${docker_registry_auth}", passwordVariable: 'password', usernameVariable: 'username')]) {
                sh """
                  echo '
                    FROM lizhenliang/tomcat
                    LABEL maitainer lizhenliang
                    RUN rm -rf /usr/local/tomcat/webapps/*
                    ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
                  ' > Dockerfile
                  docker build -t ${image_name} .
                  docker login -u ${username} -p '${password}' ${registry}
                  docker push ${image_name}
                """
                }
           } 
        }

        stage('部署到Docker'){
           steps {
               sh """
               set +e
               /usr/bin/sshpass -p "123456" ssh  -o StrictHostKeyChecking=no root@${installserver} "docker rm -f tomcat-java-demo |true;docker container run -d --name tomcat-java-demo   -p 88:8080  ${image_name}"
               """
            }
        }
    }
}

部署测试:

部署到192.168.10.21

部署到192.168.10.22

部署到192.168.10.23

检查页面

java示例源码:
链接:https://pan.baidu.com/s/1HMjA3hoQVxqu6iTQwhZMDw?pwd=gp75
提取码:gp75



这篇关于基于docker的cicd的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!


扫一扫关注最新编程教程