1、CI/CD概述
持续集成(Continuous Integration,CI):代码合并、构建、部署、测试都在一起,不断地执行这个过程,并对结果反馈。 持续部署(Continuous Deployment,CD):部署到测试环境、预生产环境、生产环境。 持续交付(Continuous Delivery,CD):将最终产品发布到生产环境,给用户使用。2、CI工作流程设计
3、环境部署
环境规划
| IP | 主机名 | 服务 |
| 10.3.104.52 | docker01 | docker,JDK,Maven,Jenkins |
| 10.3.104.56 | docker02 | docker,Gitlab,docker-compose,Harbor |
离线包:
链接:https://pan.baidu.com/s/1jrLGJnUvsw8VrouzMtpbmw
提取码:n9xi
3.1 部署Gitlab服务
[root@docker02 ~]# mkdir -p /data/gitlab [root@docker02 ~]# cd /data/gitlab [root@docker02 ~]# docker run -d \ --name gitlab \ -p 8443:443 \ -p 9999:80 \ -p 9998:22 \ -v $PWD/config:/etc/gitlab \ -v $PWD/logs:/var/log/gitlab \ -v $PWD/data:/var/opt/gitlab \ -v /etc/localtime:/etc/localtime \ --restart=always \ wuxinchun/gitlab-ce-zh:latest
3.2 Gitlab地址访问:http://IP:9999
初次会先设置管理员密码 ,然后登陆,默认管理员用户名root,密码就是刚设置的
3.3创建项目,提交测试代码
1)创建一个java-demo项目
2)安装git客户端,再将自己仓库项目代码拉下来
[root@docker02 data]# yum -y install git [root@docker02 data]# git clone http://10.3.104.56:9999/root/java-demo.git Cloning into 'java-demo'... Username for 'http://10.3.104.56:9999': root Password for 'http://root@10.3.104.56:9999': warning: You appear to have cloned an empty repository.
3)将tomcat-java-demo-master.zip上传并解压到/data/java-demo目录
[root@docker02 data]# cd java-demo
[root@docker02 java-demo]# ll
total 24
drwxr-x--- 2 root root 34 Aug 5 2019 db
-rw-r----- 1 root root 148 Aug 5 2019 Dockerfile
-rw-r----- 1 root root 11357 Aug 5 2019 LICENSE
-rw-r----- 1 root root 1930 Aug 5 2019 pom.xml
-rw-r----- 1 root root 270 Aug 5 2019 README.md
drwxr-x--- 3 root root 18 Aug 5 2019 src
4)先提交到暂存区
[root@docker02 java-demo]# git add . [root@docker02 java-demo]# git commit -m 'wxc' *** Please tell me who you are. Run git config --global user.email "you@example.com" git config --global user.name "Your Name" to set your account's default identity. Omit --global to set the identity only in this repository. fatal: unable to auto-detect email address (got 'root@docker02.(none)')
解决方案:(设置下用户名和email再次提交即可) [root@docker02 java-demo]# git config --global user.name "wuxinchun" [root@docker02 java-demo]# git config --global user.email "18752026213@163.com" [root@docker02 java-demo]# git commit -m 'wxc'
5)提交到远程仓库master分支
[root@docker02 java-demo]# git push origin master Username for 'http://10.3.104.56:9999': root Password for 'http://root@10.3.104.56:9999': \Counting objects: 179, done. Delta compression using up to 4 threads. Compressing objects: 100% (166/166), done. Writing objects: 100% (179/179), 1.12 MiB | 0 bytes/s, done. Total 179 (delta 4), reused 0 (delta 0) remote: Resolving deltas: 100% (4/4), done. To http://10.3.104.56:9999/root/java-demo.git * [new branch] master -> master
6)Gitlab检查项目已更新
3.4、Http方式部署Harbor
1)安装docker-compose
Harbor 在部署和使用时需要借助 Docker 的单机编排工具 Docker compose
将docker-compose-Linux-x86_64上传至/usr/bin [root@docker01 ~]# mv docker-compose-Linux-x86_64 docker-compose [root@docker01 ~]# chmod +x docker-compose
2)离线部署Http Harbor
[root@docker01 ~]# tar -zxvf harbor-offline-installer-v2.0.0.tgz
[root@docker01 ~]# cd harbor
[root@docker01 harbor]# cp harbor.yml.tmpl harbor.yml
[root@docker01 harbor]#vi harbor.yml
#本地IP或域名均可(如果为域名请在hosts文件加解析)
hostname: reg.wuxc.com
# 本次为Http部署,故先注释https相关配置
# https related config
# https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
#Harbor初始密码
harbor_admin_password: Harbor12345
[root@docker01 harbor]# ./prepare
[root@docker01 harbor]# ./install.sh
[root@docker01 harbor]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up (healthy)
harbor-db /docker-entrypoint.sh Up (healthy) 5432/tcp
harbor-jobservice /harbor/entrypoint.sh Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 8080/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp
redis redis-server /etc/redis.conf Up (healthy) 6379/tcp
registry /home/harbor/entrypoint.sh Up (healthy) 5000/tcp
registryctl /home/harbor/start.sh Up (healthy)
注:上述所有容器均为Up(healthy)代表harbor服务启动成功
3)配置http镜像仓库可信任
1.添加可信任(如果没有daemon.json请新建一个)[root@docker01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries":["10.3.104.56"] //因为是http部署需要将仓库地址添加可信任
}
2.重启docker服务使其生效
[root@docker01 ~]# systemctl restart docker
3.5 部署Jenkins
1) 准备JDK和Maven环境
将二进制包上传到服务器并解压到工作目录,用于让Jenkins容器挂载使用。
[root@docker01 ~]# tar zxvf jdk-8u45-linux-x64.tar.gz [root@docker01 ~]# mv jdk1.8.0_45 /usr/local/jdk [root@docker01 ~]# tar zxf apache-maven-3.5.0-bin.tar.gz [root@docker01 ~]# mv apache-maven-3.5.0 /usr/local/maven
2)修改Maven源
[root@docker01 ~]# vim /usr/local/maven/conf/settings.xml<mirrors> <mirror> <id>central</id> <mirrorOf>central</mirrorOf> <name>aliyun maven</name> <url>https://maven.aliyun.com/repository/public</url> </mirror> </mirrors>
3)创建jenkins容器
[root@docker01 ~]# docker run -d --name jenkins -p 81:8080 -p 50000:50000 -u root \
-v /data/jenkins_home:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /usr/local/maven:/usr/local/maven \
-v /usr/local/jdk:/usr/local/jdk \
-v /etc/localtime:/etc/localtime \
--restart=always \
--name jenkins jenkins/jenkins
4)访问地址:http://IP:81
5) 选择插件来安装
6)选择“无”,后续根据实际情况选择安装
7)设置账号密码
8) 安装插件
【管理Jenkins->系统配置-->管理插件-->搜索 Localization: Chinese (Simplified),git/pipeline】选中点击安装
默认从国外网络下载插件,会比较慢,建议修改国内源:
[root@docker01 ~]# cd /data/jenkins_home/updates [root@docker01 updates]# sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json [root@docker01 updates]# sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json [root@docker01 updates]# docker restart jenkins
4、发布测试
4.1 创建流水线项目并配置
1)创建流水线任务
说明:
Name:Branch # 变量名,下面脚本中调用
Default Value:master # 默认分支
Description:发布的代码分支 # 描述
${BUILD_NUMBER} 这个变量是Jenkins自身记录的版本号,作为镜像的tag,保证其唯一性
2)【系统管理-凭据-系统-全局凭证】创建haobor和gitlab凭证
注:上述俩凭证ID用于Pipeline脚本中,docker_registry_auth 和git_auth变量的值
4.2 Pipeline脚本
1)Pipline脚本内容
#!/usr/bin/env groovy
def registry = "10.3.104.56"
def project = "dev"
def app_name = "java-demo"
def image_name = "${registry}/${project}/${app_name}:${Branch}-${BUILD_NUMBER}"
def git_address = "http://10.3.104.56:9999/root/java-demo.git"
def docker_registry_auth = "7cfb0855-fa74-4dfe-881f-fa1843d9e55b"
def git_auth = "55a1e164-037e-4605-8b24-ce7aa1664f15"
pipeline {
agent any
stages {
stage('拉取代码'){
steps {
checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])
}
}
stage('代码编译'){
steps {
sh """
pwd
ls
JAVA_HOME=/usr/local/jdk
PATH=$JAVA_HOME/bin:/usr/local/maven/bin:$PATH
mvn clean package -Dmaven.test.skip=true
"""
}
}
stage('构建镜像'){
steps {
withCredentials([usernamePassword(credentialsId: "${docker_registry_auth}", passwordVariable: 'password', usernameVariable: 'username')]) {
sh """
echo '
FROM tomcat:latest
LABEL maitainer wuxinchun
RUN rm -rf /usr/local/tomcat/webapps/*
ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
' > Dockerfile
docker build -t ${image_name} .
docker login -u ${username} -p '${password}' ${registry}
docker push ${image_name}
"""
}
}
}
stage('部署到Docker'){
steps {
sh """
REPOSITORY=${image_name}
docker rm -f tomcat-java-demo |true
docker container run -d --name tomcat-java-demo -p 88:8080 ${image_name}
"""
}
}
}
}
2)任务构建测试
报错一:因为dockerfile写的是从harbor中拉取tomcat:v1镜像失败
解决方法:
1)可以上传tomcat:v1镜像到harbor指定项目下
2)修改dockerfile为:From tomcat:latest(默认从本地获取)
报错:二:推送镜像失败,是因为Harbor上没有这个名为(dev)项目,
解决方法:
在Harbor上新建一个命名为dev,属性为public即可
3) 再次构建验证
注:上图代表构建成功
4)检查本地镜像和容器
[root@docker01 conf]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 10.3.104.56/dev/java-demo master-4 cc901da59e29 2 minutes ago 686MB [root@docker01 conf]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 74b38842d5a7 10.3.104.56/dev/java-demo:master-4 "catalina.sh run" About a minute ago Up About a minute 0.0.0.0:88->8080/tcp tomcat-java-demo
5)项目地址访问IP:88
注:至此基于jenkins自动化构建完成