jenkins+git+docker构建持续化集成环境

 

jenkins+git+docker构建持续化集成环境

CI/CD介绍

jenkins+git+docker构建持续化集成环境

 

发布流程设计

jenkins+git+docker构建持续化集成环境

服务器 IP地址 主机名
Git/Harbor 192.168.200.70 git-harbor
Docker 192.168.200.111 docker
Jenkins 192.168.200.112 jenkins

工具 版本
CentOS 7.5_x64
Maven 3.5
Tomcat 8
JDK 1.8
Jenkins 2.6
Docker CE 18.03.1

cat /etc/redhat-release

uname -r

jenkins+git+docker构建持续化集成环境

 

Jenkins+Docker+Git所有包

链接:https://pan.baidu.com/s/10GWHTqAx9E9d1hhJNuI1gw 
提取码:py3b

 

部署Harbor镜像仓库

服务器 IP地址
Git/Harbor 192.168.200.70
 

创建ca证书

mkdir -p /data/ssl

cd /data/ssl

which openssl

openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

 
  1. Generating a 4096 bit RSA private key
  2. .................................................++
  3. ......................................................................................................................++
  4. writing new private key to 'ca.key'
  5. -----
  6. You are about to be asked to enter information that will be incorporated
  7. into your certificate request.
  8. What you are about to enter is what is called a Distinguished Name or a DN.
  9. There are quite a few fields but you can leave some blank
  10. For some fields there will be a default value,
  11. If you enter '.', the field will be left blank.
  12. -----
  13. Country Name (2 letter code) [XX]:CN
  14. State or Province Name (full name) []:Beijing
  15. Locality Name (eg, city) [Default City]:Beijing
  16. Organization Name (eg, company) [Default Company Ltd]:yunjisuan
  17. Organizational Unit Name (eg, section) []:yunjisuan
  18. Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com
  19. Email Address []:

jenkins+git+docker构建持续化集成环境

 

生成证书请求

openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr

 
  1. Generating a 4096 bit RSA private key
  2. ..........................................................++
  3. .......................................................................................................................++
  4. writing new private key to 'www.yunjisuan.com.key'
  5. -----
  6. You are about to be asked to enter information that will be incorporated
  7. into your certificate request.
  8. What you are about to enter is what is called a Distinguished Name or a DN.
  9. There are quite a few fields but you can leave some blank
  10. For some fields there will be a default value,
  11. If you enter '.', the field will be left blank.
  12. -----
  13. Country Name (2 letter code) [XX]:CN
  14. State or Province Name (full name) []:Beijing
  15. Locality Name (eg, city) [Default City]:Beijing
  16. Organization Name (eg, company) [Default Company Ltd]:yunjisuan
  17. Organizational Unit Name (eg, section) []:yunjisuan
  18. Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com
  19. Email Address []:
  20. Please enter the following 'extra' attributes
  21. to be sent with your certificate request
  22. A challenge password []:
  23. An optional company name []:

jenkins+git+docker构建持续化集成环境

 

生成注册表主机的证书

openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt

 
  1. Signature ok
  2. subject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.com
  3. Getting CA Private Key

ll

jenkins+git+docker构建持续化集成环境

 

信任自签发的证书

cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/

update-ca-trust enable

update-ca-trust extract

jenkins+git+docker构建持续化集成环境

 

安装docker-ce社区版

setenforce 0

yum -y install yum-utils device-mapper-persistent-data lvm2

curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

systemctl start docker

systemctl enable docker

docker version

jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境

 

安装harbor仓库

mkdir -p /etc/ssl/harbor

cp /data/ssl/www.yunjisuan.com.key /etc/ssl/harbor/

cp /data/ssl/www.yunjisuan.com.crt /etc/ssl/harbor/

wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz 
上文有下载包,这里就没有wget下载。

mkdir -p /data/install

cd /data/install

ls

tar xf harbor-offline-installer-v1.5.0.tgz

cd harbor

cp harbor.cfg{,.bak}

vim harbor.cfg

cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p'

 
  1. 7 hostname = www.yunjisuan.com
  2. 11 ui_url_protocol = https
  3. 23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt
  4. 24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key
  5. 68 harbor_admin_password = Harbor12345

jenkins+git+docker构建持续化集成环境

 

安装命令docker-compose(需要1.21版本)

 
  1. curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname
  2. -s)-$(uname -m) -o /usr/local/bin/docker-compose
  3. 上文有下载包,这里就没有下载

cd /usr/local/bin/

ls

chmod +x /usr/local/bin/docker-compose

which docker-compose

docker-compose -version

jenkins+git+docker构建持续化集成环境

 

启动harbor私有镜像仓库

cd /data/install/harbor

./install.sh --with-clair

jenkins+git+docker构建持续化集成环境

 

为其他服务器下发证书,并映射域名

 

为其他服务器下发证书

scp /data/ssl/www.yunjisuan.com.crt 192.168.200.111:/etc/pki/ca-trust/source/anchors/

scp /data/ssl/www.yunjisuan.com.crt 192.168.200.112:/etc/pki/ca-trust/source/anchors/

jenkins+git+docker构建持续化集成环境

 

在Docker客户端上(192.168.200.111)

update-ca-trust enable

update-ca-trust extract

vim /etc/hosts

tail -1 /etc/hosts

 
  1. 192.168.200.70 www.yunjisuan.com

jenkins+git+docker构建持续化集成环境

 

在jenkins服务器上(192.168.200.203)

update-ca-trust enable

update-ca-trust extract

vim /etc/hosts

tail -1 /etc/hosts

 
  1. 192.168.200.70 www.yunjisuan.com

jenkins+git+docker构建持续化集成环境

 

部署Git服务器

服务器 IP地址 主机名
Git/Harbor 192.168.200.70 git-harbor
Jenkins服务器 192.168.200.112 jenkins
 

以下操作在Harbor/Git上(192.168.200.70)

yum -y install git

which git

jenkins+git+docker构建持续化集成环境

 

创建git用户密码

useradd git

passwd git

su - git

jenkins+git+docker构建持续化集成环境

 

创建git项目目录

mkdir solo.git

cd solo.git/

 

初始化git目录

git --bare init

ls

jenkins+git+docker构建持续化集成环境

 

以下的操作在Jenkins上(192.168.200.112)

 

在192.168.200.112上也安装git模拟项目代码提交

yum -y install git

which git

jenkins+git+docker构建持续化集成环境

 

创建用于提交的git目录

mkdir -p /code

cd /code

git clone root@192.168.200.70:/home/git/solo.git

ls

jenkins+git+docker构建持续化集成环境

 

将solo项目的源码拷贝到git的上传目录下(solo源代码在上文有下载链接)

mv ~/solo/* solo/

ls solo/

jenkins+git+docker构建持续化集成环境

 

添加需要提交的文件目标

cd solo

git add .

jenkins+git+docker构建持续化集成环境

 

进行代码提交

git commit -m "all"

 
  1. *** Please tell me who you are. #出现这个提示是让你补充提交信息
  2. Run
  3. git config --global user.email "you@example.com" #你的邮箱
  4. git config --global user.name "Your Name" #你的名字
  5. to set your account's default identity.
  6. Omit --global to set the identity only in this repository.
  7. fatal: unable to auto-detect email address (got 'root@JenkinsServer.(none)')

git config --global user.email "1123400300@qq.com"

git config --global user.name "Mr.sun"

git commit -m "all" #补充信息后,即可提交成功

jenkins+git+docker构建持续化集成环境

 

提交完代码之后,需要推送到git服务端

git push origin master --->origin master版本信息

jenkins+git+docker构建持续化集成环境

 

为了最后的solo项目测试,我们需要修改一下solo项目源代码的某个配置文件

cd /code/solo/src/main/resources

ls

cat -n latke.properties | sed -n '29p;31p'

 
  1. 29 serverHost=localhost
  2. 31 serverPort=8080

jenkins+git+docker构建持续化集成环境

 

将文件的上边两行代码修改成如下所示

vim latke.properties

cat -n latke.properties | sed -n '29p;31p'

 
  1. 29 serverHost=192.168.200.111 #修改成docker的IP地址
  2. 31 serverPort=8888

jenkins+git+docker构建持续化集成环境

 

再次进行git版本提交

cd /code/solo/

git add .

git commit -m "latke.properties"

git push origin master

jenkins+git+docker构建持续化集成环境

 

构建业务基础镜像(tomcat:v1)

在后边构建

服务器 IP地址 主机名
Docker 192.168.200.111 docker
 

安装docker

yum -y install yum-utils device-mapper-persistent-data lvm2

curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

docker --version

jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境

 

添加docker国内镜像源

mkdir -p /etc/docker

vim /etc/docker/daemon.json

cat /etc/docker/daemon.json

 
  1. {
  2. "registry-mirrors":[ "https://registry.docker-cn.com" ]
  3. }

systemctl daemon-reload

systemctl restart docker

jenkins+git+docker构建持续化集成环境

 

部署jdk环境(不需要添加环境变量)

ls

tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/

jenkins+git+docker构建持续化集成环境


cd /usr/local

ls

ln -s jdk1.8.0_45 jdk

jenkins+git+docker构建持续化集成环境

 

Jenkins安装

服务器 IP地址 主机名
Jenkins服务器 192.168.200.112 jenkins
 

安装docker-ce环境

yum -y install yum-utils device-mapper-persistent-data lvm2

curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

mkdir -p /etc/docker

vim /etc/docker/daemon.json

cat /etc/docker/daemon.json

 
  1. {
  2. "registry-mirrors":[ "https://registry.docker-cn.com" ]
  3. }

systemctl daemon-reload

systemctl restart docker

jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境

 

安装JDK环境(因为是要用在容器中,因此宿主机不配PATH)

ls

tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/

jenkins+git+docker构建持续化集成环境


cd /usr/local

ls

ln -s jdk1.8.0_45 jdk

jenkins+git+docker构建持续化集成环境

 

安装maven-3.5.0

ls

tar xf apache-maven-3.5.0-bin.tar.gz -C /usr/local/

jenkins+git+docker构建持续化集成环境


cd /usr/local

ls

ln -s apache-maven-3.5.0 maven

jenkins+git+docker构建持续化集成环境

 

创建jenkins镜像的Dockerfile

没有wget命令需要提前yum安装

mkdir -p dockerfile/jenkins

cd dockerfile/jenkins

vim Dockerfile

cat Dockerfile

 
  1. FROM jenkins
  2. USER root
  3. RUN echo "" > /etc/apt/sources.list.d/jessie-backports.list && \
  4. wget http://mirrors.163.com/.help/sources.list.jessie -O /etc/apt/sources.list
  5. RUN apt-get update && apt-get install -y git libltdl-dev

jenkins+git+docker构建持续化集成环境

 

创建jenkins镜像

docker build -t jenkins:v1 .

docker images

jenkins+git+docker构建持续化集成环境

 

由于我们是在镜像中去构建Jenkins的,所以

  • jenkins容器的数据目录我们需要从宿主机上挂载(避免容器数据丢失)

  • jenkins的运行需要jdk环境,所以我们直接挂载宿主机上的jdk

  • jenkins构建java代码需要maven支持,所以我们直接挂载宿主机上的maven

  • Jenkins需要docker支持

  • Jenkins需要免交互拉取git代码,因此挂载本地的ssh密钥

 

创建jenkins数据目录

mkdir -p /var/jenkins_home

jenkins+git+docker构建持续化集成环境

 

进行ssh免密钥交互验证

ssh-keygen --->一律回车即可

ssh-copy-id git@192.168.200.70

jenkins+git+docker构建持续化集成环境

 

进行免交互测试

ssh git@192.168.200.70

jenkins+git+docker构建持续化集成环境

 

启动jenkins容器

docker run -dit --name jenkins -p 8080:8080 -v /var/jenkins_home/:/var/jenkins_home/ -v /usr/local/apache-maven-3.5.0:/usr/local/maven -v /usr/local/jdk1.8.0_45:/usr/local/jdk -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker -v ~/.ssh:/root/.ssh jenkins:v1

jenkins+git+docker构建持续化集成环境

 

利用浏览器访问Jenkins容器

http://192.168.200.112:8080

jenkins+git+docker构建持续化集成环境


docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword

 
  1. c7e4ae00fd5941d6b20f1e45ab6835b6 #这就是密码,输入到浏览器里

jenkins+git+docker构建持续化集成环境


选择所有插件后,直接点install即可

jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境

 

我们现在构建一个可以运行solo代码的tomcat镜像

mkdir -p /root/dockerfile/solo

cd /root/dockerfile/solo

vim Dockerfile

cat Dockerfile

 
  1. FROM centos:7
  2. MAINTAINER www.yunjisuan.com
  3. RUN yum install unzip iproute -y
  4. ENV JAVA_HOME /usr/local/jdk
  5. ADD apache-tomcat-8.0.46.tar.gz /usr/local
  6. RUN mv /usr/local/apache-tomcat-8.0.46 /usr/local/tomcat
  7. WORKDIR /usr/local/tomcat
  8. EXPOSE 8080
  9. ENTRYPOINT ["./bin/catalina.sh", "run"]

jenkins+git+docker构建持续化集成环境


ls

jenkins+git+docker构建持续化集成环境

 

构建镜像

docker build -t tomcat:v1 .

docker images

jenkins+git+docker构建持续化集成环境

 

登陆harbor私有仓库

docker login -uadmin -pHarbor12345 www.yunjisuan.com

jenkins+git+docker构建持续化集成环境

 

推送镜像到harbor仓库(如果推送失败请查看证书验证或者docker是否登陆)

docker images

docker tag tomcat:v1 www.yunjisuan.com/library/tomcat:v1

docker push www.yunjisuan.com/library/tomcat:v1

jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境

 

Jenkins基本配置

用户名:admin 密码:linyaonie

jenkins+git+docker构建持续化集成环境

 

设定全局配置

jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境

 

设定ssh连接凭据

 

jenkins连接Docker测试服务器免交互验证

ssh-copy-id root@192.168.200.111

ssh root@192.168.200.111

jenkins+git+docker构建持续化集成环境

 

在Jenkins的Web界面上添加凭据

jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境


cat ~/.ssh/id_rsa #就是把这些内容复制

jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境

 

Jenkins创建项目

 

我们先开始一个新的任务

jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境

图片说明jenkins+git+docker构建持续化集成环境


jenkins+git+docker构建持续化集成环境

图片说明jenkins+git+docker构建持续化集成环境

 

到这里我们先来测试一下maven构建java代码的效果

点击solo_blog项目的立刻构建,查看构建信息

jenkins+git+docker构建持续化集成环境

 

在Jenkins服务器上查看构建后的结果

cd /var/jenkins_home/workspace/solo_blog/target

ls

ll solo.war --->这就是构建出来的war包

 
  1. 2.[root@JenkinsServer target]# pwd
  2. 3./var/jenkins_home/workspace/solo_blog/target
  3. 4.[root@JenkinsServer target]# ls
  4. 5.classes generated-test-sources maven-status solo_h2_test surefire-reports
  5. 6.generated-sources maven-archiver solo solo.war test-classes
  6. 7.[root@JenkinsServer target]# ll solo.war #这就是构建出来的war包
  7. 8.-rw-r--r-- 1 root root 43037193 7月 25 22:12 solo.war
 

通过脚本将war包封装进一个tomcat的镜像中,然后推送到harbor

所以利用maven构建java的源代码实际上就是生成可以在tomcat等容器中运行的war包  
现在我们重新修改一下项目的配置,增加POST Steps(构建之后的操作)  
其实,构建之后,我们只需要通过脚本将war包封装进一个tomcat的镜像中,然后推送到harbor里即可。

jenkins+git+docker构建持续化集成环境

 

这就是需要添加进去的脚本内容

cd $WORKSPACE --->这是jenkins的可用变量,具体可以在上图下边查看

 
  1. cd $WORKSPACE
  2. cat > Dockerfile << FOF
  3. FROM www.yunjisuan.com/library/tomcat:v1
  4. MAINTAINER www.yunjisuan.com
  5. COPY target/solo.war /tmp/ROOT.war
  6. RUN rm -rf /usr/local/tomcat/webapps/* && \
  7. unzip /tmp/ROOT.war -d /usr/local/tomcat/webapps/ROOT && \
  8. rm -f /tmp/ROOT.war
  9. WORKDIR /usr/local/tomcat
  10. EXPOSE 8080
  11. ENTRYPOINT ["./bin/catalina.sh","run"]
  12. FOF
  13. docker build -t www.yunjisuan.com/library/solo:v1 .
  14. docker login -uadmin -pHarbor12345 www.yunjisuan.com
  15. docker push www.yunjisuan.com/library/solo:v1
 

然后我们再次进行构建查看

jenkins+git+docker构建持续化集成环境

 

至此我们就完成了以下几步

git拉取java的solo项目源代码 
maven构建java的solo项目war包 
将war包封装成tomcat的容器启动镜像 
将镜像上传harbor私有镜像仓库

 

我们还需要能够直接部署到远程测试主机

 

(192.168.200.111)上,因此我们继续设置

jenkins+git+docker构建持续化集成环境

 

在远程主机(Docker测试服务器)执行的脚本如下

 
  1. docker rm -f solo #清理旧的solo容器进程
  2. docker rmi -f www.yunjisuan.com/library/solo:v1 #清理旧的solo:v1镜像(不清理就不拉取镜像了)
  3. docker login -uadmin -pHarbor12345 www.yunjisuan.com
  4. docker run -d --name solo -p 8888:8080 -v /usr/local/jdk1.8.0_45/:/usr/local/jdk www.yunjisuan.com/library/solo:v1
 

再次进行构建,并在docker主机上查看构建结果

docker images --->docker测试服务器上有镜像了

 
  1. 2.REPOSITORY TAG IMAGE ID CREATED SIZE
  2. 3.www.yunjisuan.com/library/solo v1 e1b0d010c11b 11 minutes ago 408MB
  3. 4.redis latest f06a5773f01e 8 days ago 83.4MB
  4. 5.centos latest 49f7960eb7e4 7 weeks ago 200MB

docker ps -a --->启动容器进程了

 
  1. 7.CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
  2. 8.c4dba5567fd5 www.yunjisuan.com/library/solo:v1 "./bin/catalina.sh r…" 11 minutes ago Up 11 minutes 0.0.0.0:8888->8080/tcp solo
 

我们通过浏览器访问

http://192.168.200.112:8888

jenkins+git+docker构建持续化集成环境

好文要顶 关注我 收藏该文 jenkins+git+docker构建持续化集成环境jenkins+git+docker构建持续化集成环境
上一篇:Adversarial Autoencoders


下一篇:机器学习-34-Generative Adversarial Network(GAN,生成式对抗网络)