Jenkins+GitLab+Docker持续集成LNMP
2024-05-29 22:45:28
文章目录
- 一、实验环境
- 二、实验步骤
- -目的
- -思路:
- (1)搭建Gitlab仓库,创建新项目
- (2)搭建Jenkins主机,把密钥传给其他的主机,把root用户的私钥放到自己上,方便拉取gitlab仓库的数据
- (3)搭建Harbor仓库,上传镜像
- (4)在测试环境、生产环境上安装Docker,从harbor镜像仓库拉取镜像
- (5)使用jenkins登录gitlab复制仓库,然后把compose-lnmp传到仓库
- (6)在Jenkins创建并配置流水线项目
- -先在测试环境进行项目部署
- -现在在生产环境进行部署
- 三、docker-compose目录内容
一、实验环境
| 系统 | 主机名 | ip地址 | 所用软件 | 扮演角色 |
|---|---|---|---|---|
| Centos7.4 | gitlab | 192.168.100.202 | gitlab | Gitlab仓库 |
| Centos7.4 | jenkins | 192.168.100.203 | jenkins、docker、docker-compose | Jenkins |
| Centos7.4 | test | 192.168.100.204 | docker、docker-compose | 测试环境 |
| Centos7.4 | true | 192.168.100.205 | docker、docker-compose | 生产环境 |
| Centos7.4 | harbor | 192.168.100.206 | harbor、docker、docker-compose | harbor镜像仓库 |
二、实验步骤
-目的
Jenkins+gitlab配合发布docker容器项目
-思路:
- 构建gitlab仓库,创建新项目
- 构建jenkins,把密钥传给其他的主机
- 构建harbor仓库,上传mysql、php、nginx的镜像
- 在测试主机、生产主机安装docker与docker-compose
- 使用jenkins登录git复制仓库,然后把compose-lnmp传到仓库
- 在jenkins创建流水线项目,使用流水线脚本,创建脚本先拉gitlab仓库的内容,在测试环境拉取harbor仓库的镜像,然后把jenkins拉取的gitlab数据scp到测试主机,然后在测试主机执行docker-compose up -d 命令构建lnmp,要记得scp的路径要和docker-compose.yml文件中挂载的目录相同
- 在测试主机测试成功后,再次创建一个流水线项目,这次写的流水线脚本是scp到生产主机,其他不变即可
(1)搭建Gitlab仓库,创建新项目
******(1)先做基础配置
[root@Centos7 ~]# hostnamectl set-hostname gitlab
[root@Centos7 ~]# su
[root@gitlab ~]# systemctl stop firewalld
[root@gitlab ~]# setenforce 0
setenforce: SELinux is disabled
[root@gitlab ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙/dev/sr0 已经挂载到 /mnt 上
******(2)安装依赖包,安装gitlab
[root@gitlab ~]# yum install -y curl policycoreutils openssh-server openssh-clients postfix policycoreutils-python
。。。。。。
完毕!
[root@gitlab ~]# systemctl enable postfix #开启邮件服务
[root@gitlab ~]# systemctl start postfix
[root@gitlab ~]# ll #上传gitlab软件包
总用量 625204
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
-rw-r--r-- 1 root root 640204790 6月 29 18:41 gitlab-ce-12.0.2-ce.0.el7.x86_64.rpm
[root@gitlab ~]# yum -y install gitlab-ce-12.0.2-ce.0.el7.x86_64.rpm #安装gitlab-ce
。。。。。。
完毕!
[root@gitlab ~]# vim /etc/gitlab/gitlab.rb12 ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab13 external_url 'http://192.168.100.202' #修改为本机ip地址14 15 ## Ro
#保存退出
[root@gitlab ~]# gitlab-ctl reconfigure #修改完配置文件需要重置,等待重置完成
Running handlers:
Running handlers complete
Chef Client finished, 509/1343 resources updated in 02 minutes 39 seconds
gitlab Reconfigured! #重置完成
[root@gitlab ~]# netstat -anpt | grep 80 #验证端口
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 2027/unicorn master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2091/nginx: master
tcp 0 0 127.0.0.1:8082 0.0.0.0:* LISTEN 2047/sidekiq 5.2.7
tcp 0 0 0.0.0.0:8060 0.0.0.0:* LISTEN 2091/nginx: master
tcp 0 0 127.0.0.1:50362 127.0.0.1:8082 ESTABLISHED 2537/prometheus
tcp 0 0 127.0.0.1:8060 127.0.0.1:49838 ESTABLISHED 2092/nginx: worker
tcp 0 0 127.0.0.1:8082 127.0.0.1:50362 ESTABLISHED 2047/sidekiq 5.2.7
tcp 0 0 127.0.0.1:8080 127.0.0.1:35318 TIME_WAIT -
tcp 0 0 127.0.0.1:8080 127.0.0.1:35326 TIME_WAIT -
tcp 0 0 127.0.0.1:49838 127.0.0.1:8060 ESTABLISHED 2537/prometheus
tcp 0 0 127.0.0.1:8080 127.0.0.1:35320 TIME_WAIT -
(3)过一两分钟后访问gitlab,直接访问80端口即可,因为gitlab默认使用nginx作为web
成功访问!!!
******(4)汉化gitlab
[root@gitlab ~]# ll
总用量 699968
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
-rw-r--r-- 1 root root 76557595 6月 29 17:01 gitlab-12-0-stable-zh.tar.gz #上传汉化包
-rw-r--r-- 1 root root 640204790 6月 29 18:41 gitlab-ce-12.0.2-ce.0.el7.x86_64.rpm
[root@gitlab ~]# tar xf gitlab-12-0-stable-zh.tar.gz
[root@gitlab ~]# cat gitlab-12-0-stable-zh/VERSION #确认版本
12.0.3
[root@gitlab ~]# gitlab-ctl stop #先停止gitlab
ok: down: alertmanager: 1s, normally up
ok: down: gitaly: 0s, normally up
ok: down: gitlab-monitor: 1s, normally up
ok: down: gitlab-workhorse: 0s, normally up
ok: down: grafana: 1s, normally up
ok: down: logrotate: 0s, normally up
ok: down: nginx: 1s, normally up
ok: down: node-exporter: 0s, normally up
ok: down: postgres-exporter: 0s, normally up
ok: down: postgresql: 1s, normally up
ok: down: prometheus: 0s, normally up
ok: down: redis: 1s, normally up
ok: down: redis-exporter: 0s, normally up
ok: down: sidekiq: 0s, normally up
ok: down: unicorn: 0s, normally up
[root@gitlab ~]# unalias cp #删除cp别名
[root@gitlab ~]# cp -rf gitlab-12-0-stable-zh/* /opt/gitlab/embedded/service/gitlab-rails/
cp: 无法以目录"gitlab-12-0-stable-zh/log" 来覆盖非目录"/opt/gitlab/embedded/service/gitlab-rails/log" #报错不用管
cp: 无法以目录"gitlab-12-0-stable-zh/tmp" 来覆盖非目录"/opt/gitlab/embedded/service/gitlab-rails/tmp"
[root@gitlab ~]# gitlab-ctl start #开启gilab
ok: run: alertmanager: (pid 3470) 0s
ok: run: gitaly: (pid 3478) 1s
ok: run: gitlab-monitor: (pid 3498) 0s
ok: run: gitlab-workhorse: (pid 3502) 1s
ok: run: grafana: (pid 3510) 0s
ok: run: logrotate: (pid 3523) 1s
ok: run: nginx: (pid 3529) 0s
ok: run: node-exporter: (pid 3534) 1s
ok: run: postgres-exporter: (pid 3538) 0s
ok: run: postgresql: (pid 3619) 0s
ok: run: prometheus: (pid 3628) 1s
ok: run: redis: (pid 3637) 0s
ok: run: redis-exporter: (pid 3641) 1s
ok: run: sidekiq: (pid 3646) 0s
ok: run: unicorn: (pid 3652) 1s
同样过一两分钟再访问
Gitlan仓库搭建完成!!!
(5)创建一个新项目
成功创建项目!
(6)生成ssh密钥,因为是要配合jenkins,所有这里使用的密钥直接在jenkins主机上操作即可
[root@jenkins ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:e1olz2v3yPkgpuuP+C9bLRj5vDsRup46cH13uQq51y8 root@jenkins
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| |
| .. |
| S.+... .|
| . ..oX+....|
| o. +=Xo+..|
| .=o*=BE* |
| +*XOB==+=|
+----[SHA256]-----+
[root@jenkins ~]# cat .ssh/id_rsa.pub #查看公钥,复制公钥
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClc2b0yoL8i4O2TTO+n9w0EslQ3S5ekealEeMRnYxbWIDqW+d4X3SP2HacJWlkDl7unVNegzTrrXrzy4UWU1qgDI8C+94yVqKD2zF0PMZPO8e5ORD5N7gy5CIjEupbWHA2Xg7Hl8VX1h99VZcoERk1mnAtnZtSZyFtdGbg8QsX5PzW+mvHWwvilXJpXQHXeVHlPATGcObsVM5vkKxHajbYq1LZtYRA51J2jkKeUqPohqmYZZ+re9MXhVJl7uL+NgutxN+LcwpesH7Er7hF+iUD6JVrBKW7HkmZHZZpIllAMQI7aa9nqOWGkXIKr1jTDuiQIN+akPGfUEbWd5dxyC37 root@jenkins
(2)搭建Jenkins主机,把密钥传给其他的主机,把root用户的私钥放到自己上,方便拉取gitlab仓库的数据
这里做的时候直接把插件包上传了,然后重启jenkins就可以了
******(1)先做基础配置
[root@Centos7 ~]# hostnamectl set-hostname jenkins
[root@Centos7 ~]# su
[root@jenkins ~]# systemctl stop firewalld
[root@jenkins ~]# setenforce 0
setenforce: SELinux is disabled
[root@jenkins ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙/dev/sr0 已经挂载到 /mnt 上
******(2)安装JDK环境
[root@jenkins ~]# ll
总用量 177124
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
-rw-r--r-- 1 root root 181367942 6月 30 2017 jdk-8u91-linux-x64.tar.gz
[root@jenkins ~]# tar xf jdk-8u91-linux-x64.tar.gz -C /usr/local/
[root@jenkins ~]# mv /usr/local/jdk1.8.0_91 /usr/local/java
[root@jenkins ~]# ls /usr/local/
bin etc games include java lib lib64 libexec sbin share src
[root@jenkins ~]# vim /etc/profile
。。。。。。最后一行添加
JAVA_HOME=/usr/local/java
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=$JAVA_HOME/jre/lib/ext:$JAVA_HOME/lib/tools.jar
export PATH JAVA_HOME CLASSPATH
#保存退出
[root@jenkins ~]# vim /etc/profile
[root@jenkins ~]# source /etc/profile #使配置生效
[root@jenkins ~]# java -version #查看java版本,确认jdk环境
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)
******(3)上传Jenkins软件包,安装、配置
[root@jenkins ~]# ll
总用量 241624
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
-rw-r--r-- 1 root root 181367942 6月 30 2017 jdk-8u91-linux-x64.tar.gz
-rw-r--r-- 1 root root 66044542 6月 29 17:03 jenkins-2.222.4-1.1.noarch.rpm
[root@jenkins ~]# yum -y install jenkins-2.222.4-1.1.noarch.rpm
。。。。。。
完毕!
[root@jenkins ~]# vim /etc/sysconfig/jenkins #修改配置文件28 #29 JENKINS_USER="root" #待会需要使用root传输密钥,所以这里要改一下30
#保存退出
[root@jenkins ~]# ln -s /usr/local/java/bin/java /usr/bin/ #优化命令执行路径
[root@jenkins ~]# /etc/init.d/jenkins start #开启jenkins
Starting jenkins (via systemctl): [ 确定 ]
[root@jenkins ~]# netstat -anpt | grep 8080 #验证端口
tcp6 0 0 :::8080 :::* LISTEN 1241/java
[root@jenkins ~]# chkconfig jenkins on
(4)使用浏览器访问8080端口,解锁jenkins
提前获得密码
[root@jenkins ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
b90fe608d1024dd5ab9dd97b4251fdb0
这里如果机器是联网的话需要先断网再点击继续,因为下一步是下载插件,如果使用jenkins官网的会下载的很慢,可以先跳过插件安装
点击跳过插件安装
(5)升级jenkins(可以不升级)
[root@jenkins ~]# cd /usr/lib/jenkins/
[root@jenkins jenkins]# ll
总用量 64688
-rw-r--r-- 1 root root 66239216 5月 28 2020 jenkins.war
[root@jenkins jenkins]# mv jenkins.war jenkins.war.bak #把原来的包备份
[root@jenkins jenkins]# rz
z waiting to receive.**B0100000023be50
[root@jenkins jenkins]# ll
总用量 133996
-rw-r--r-- 1 root root 70969355 11月 30 2020 jenkins.war #上传新的war包
-rw-r--r-- 1 root root 66239216 5月 28 2020 jenkins.war.bak
[root@jenkins jenkins]# systemctl restart jenkins #重启jenkins
重新使用浏览器访问jenkins
(6)修改jenkins插件下载地址
修改为http://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
进入命令行修改配置文件重启jenkins
[root@jenkins ~]# cd /var/lib/jenkins/updates/
[root@jenkins updates]# sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json
[root@jenkins updates]# systemctl restart jenkins
[root@jenkins updates]# cd
)]
点击这个可以下载,但是如果下载无法成功的话,可以直接替换/var/lib/jenkins下的plugins插件包目录,然后重启即可,我这里直接俄上传替换了
这里上传后因为插件包的原因还变成了中文
至此成功搭建Jenkins
(7)上传自己root账户的私钥到jenkins上
[root@jenkins ~]# cat .ssh/id_rsa #复制私钥
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApXNm9MqC/IuDtk0zvp/cNBLJUN0uXpHmpRHjEZ2MW1iA6lvn
eF90j9h2nCVpZA5e7p1TXoM0661688uFFlNaoAyPAvveMlaig9sxdDzGTzvHuTkQ
+Te4MuQiIxLqW1hwNl4Ox5fFV9YffVWXKBEZNZpwLZ2bUmchbXRm4PELF+T81vpr
x1sL4pVyaV0B13lR5TwExnDm7FTOb5CsR2o22KtS2bWEQOdSdo5CnlKj6IapmGWf
q3vTF4VSZe7i/jYLrcTfi3MKXrB+xK+4RfolA+iVawSlux5JmR2WaSJZQDECO2mv
Z6jlhpFyCq9Y0w7okCDfmpDxn1BG1neXccgt+wIDAQABAoIBAEj7X+YJUsBuFlqb
MYEb6Tm7M7yM5IBo4ZHdEwnZMmm036EBi1ho2vT86k00n4m4YR3mnjjprbVsX/kc
xIc1m5tQDuGlEr2nw6ZgUS9SA7Q9zXsh9h/I+WLRiVFpbaF/oHgLA3/9rdpyJI/X
6oaNDE694k/s3u/5eCBdIWiGS3ttHHyqe3xRPRb3yLWmqb+a0uEeOFIVkfTAmMyv
GHpBuR9ohjPoKB/Ii/gVMIDVr0JJSMAjGdfdc8w2s2lrSg+3OhGyeAe8gDdgWMGg
rhj8h0RnjyxjhTYV76BYVlmi3mnSLSqZ1rUWn9+8BrYo0LGgZFBdSrBYmKFOTeJP
J3bHzXECgYEA1bkQmXE0lko7WC/elXtmCuiKUCdyuBD4rGLeClDVhdLLpG7dgRs+
tGngSeC4EAOqsPKIGKgPQn9Yn//KRTiAaVsACFagE2/JNA1fD/OlrPgO4Tz8or7l
GW9BOf+Tg8FL1Z/abD5+Y6zK5O/pG7CgmQp0LnFGEjKT5bRXKh3QnXMCgYEAxi3V
6dTkClrO6F1vO5c7pQgbnKfd8LT+V0JRaHiTcITsyCf2/zmGMJv3i7aLX0jSoOe3
GGIsiNuYUc2zTrqsVDg3OllrK9GPhmtSv/NgiVvwoBHY7B2Ersi1dAMbsipdjedT
fqSbZVeRKsOWq0YSsYbY06W3gHgtdft2uYUsi1kCgYEAmVtML+5tX5Iwdx0SSIzd
MeKerNlBlhaHeZsP3LMYJAiYG4t54dRc8DQwvpJDQSqAZqwBQEAHgx3ByD1RNM5Q
RkkIAvO1tXy3EWSu29FnBnCQrMqINXdpCREt6qIbhaVD9yvXHWjSZE9u30vPJxFc
i7RWnaSmNRSZz2/SQ+RU90UCgYBJufGTzSSNCZ1h6qif9bI1wh9rlzPFAcCBO+XH
RNwtBvaDvAJyjrbyTIO6UU3mQ9RAEhQWmSdSPsea3ziuuFm19zfsmCl7ormPW0vs
pyEp2K9bDWiy5oRe9cIzh5h9Hq+xQ/bW7Wv2Nq6Fxz+9NhNsQetWSZdLzumys7tG
Z1nb+QKBgCIgZ0bPnRl8Tv3KwCqYn5OAK0jnxwRU5LPkHKSr/3zLIPIALHHCSpgL
zep1WzlWb/FEsdb3xHD/n+MqHcGxLzly+OA3NAqr675aQC/qSQtqEPPL6LTawuOz
EkZzROrU03xGPRl0nJ1ikoqYfw9+pAm9fiH28BWWdWSOG4cBmIXU
-----END RSA PRIVATE KEY-----
(8)把Jenkins密钥传到其他主机上
在上面的gitlab生成ssh密钥已经生成过了,所以这里直接传就行
[root@jenkins ~]# ssh-copy-id root@192.168.100.202
[root@jenkins ~]# ssh-copy-id root@192.168.100.203
[root@jenkins ~]# ssh-copy-id root@192.168.100.204
[root@jenkins ~]# ssh-copy-id root@192.168.100.205
[root@jenkins ~]# ssh-copy-id root@192.168.100.206
(3)搭建Harbor仓库,上传镜像
******(1)先做基础配置
[root@Centos7 ~]# hostnamectl set-hostname harbor
[root@Centos7 ~]# su
[root@harbor ~]# systemctl stop firewalld
[root@harbor ~]# setenforce 0
setenforce: SELinux is disabled
[root@harbor ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙/dev/sr0 已经挂载到 /mnt 上
******(2)安装docker
[root@harbor ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 #安装依赖
。。。。。。
完毕!
[root@harbor ~]# ll
总用量 8
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 1 22:48 docker
[root@harbor ~]# vim /etc/yum.repos.d/centos.repo
[aaa]
name=aaa
baseurl=file:///mnt
enabled=1
gpgcheck=0
[docker]
name=docker
baseurl=file:///root/docker
enabled=1
gpgcheck=0
#保存退出
[root@harbor ~]# yum -y install docker-ce
。。。。。。
#保存退出
[root@harbor ~]# mkdir -p /etc/docker/
[root@harbor ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"],"insecure-registries": ["192.168.100.206"]
}
#保存退出
******(3)安装Harbor,这里只搭建http协议的harbor
[root@harbor ~]# ll
总用量 614824
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 1 22:48 docker
-rw-r--r-- 1 root root 629571428 8月 1 22:52 harbor-offline-installer-v2.3.1.tgz #上传安装包
[root@harbor ~]# tar xf harbor-offline-installer-v2.3.1.tgz -C /usr/local/
[root@harbor ~]# cd /usr/bin
[root@harbor bin]# rz
z waiting to receive.**B0100000023be50
[root@harbor bin]# chmod a+x docker-compose
[root@harbor bin]# ll | grep docker-compose
-rwxr-xr-x 1 root root 11748168 7月 28 18:54 docker-compose
[root@harbor bin]# cd
[root@harbor ~]# vim /usr/local/harbor/harbor.yml.tmpl1 # Configuration file of Harbor2 3 # The IP address or hostname to access admin UI and registry service.4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.5 hostname: 192.168.100.2066 7 # http related config8 http:9 # port for http, default is 80. If https enabled, this port will redirect to https port10 port: 8011 12 # https related config13 #https:14 # https port for harbor, default is 44315 #port: 44316 # The path of cert and key files for nginx17 #certificate: /your/certificate/path18 #private_key: /your/private/key/path19
。。。。。。
#保存退出
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# systemctl start docker #启动docker
[root@harbor harbor]# sh install.sh #安装harbor,第一次使用脚本安装后续可使用“docker-compose up -d”命令启动 Harbor,使用“docker-compose stop”命令关闭 Harbor
[root@harbor harbor]# echo $?
0
[root@harbor harbor]# ps aux | grep docker-compose #成功开启
root 16980 0.0 0.0 112676 988 pts/0 R+ 23:00 0:00 grep --color=auto docker-compose
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.3.1 719fd825651e 13 days ago 81MB
goharbor/chartmuseum-photon v2.3.1 3aba4510af16 13 days ago 178MB
goharbor/redis-photon v2.3.1 4a0d49a4ece0 13 days ago 191MB
goharbor/trivy-adapter-photon v2.3.1 a285847f857a 13 days ago 164MB
goharbor/notary-server-photon v2.3.1 87a2dbfd122e 13 days ago 110MB
goharbor/notary-signer-photon v2.3.1 7e29ff33ec85 13 days ago 107MB
goharbor/harbor-registryctl v2.3.1 91e798004920 13 days ago 132MB
goharbor/registry-photon v2.3.1 972ce19b1882 13 days ago 81.2MB
goharbor/nginx-photon v2.3.1 3b3ede1db494 13 days ago 44.3MB
goharbor/harbor-log v2.3.1 40a54594fe22 13 days ago 194MB
goharbor/harbor-jobservice v2.3.1 d6e174ae0a00 13 days ago 171MB
goharbor/harbor-core v2.3.1 f05acc3947d6 13 days ago 158MB
goharbor/harbor-portal v2.3.1 4a15c5622fda 13 days ago 57.6MB
goharbor/harbor-db v2.3.1 b16a9c81ef03 13 days ago 263MB
goharbor/prepare v2.3.1 4ce629d59c20 13 days ago 288MB
[root@harbor harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5bf08af481aa goharbor/harbor-jobservice:v2.3.1 "/harbor/entrypoint.…" 34 seconds ago Up 30 seconds (healthy) harbor-jobservice
d38b62be5d2b goharbor/nginx-photon:v2.3.1 "nginx -g 'daemon of…" 34 seconds ago Up 30 seconds (healthy) 0.0.0.0:80->8080/tcp nginx
3d223a63d976 goharbor/harbor-core:v2.3.1 "/harbor/entrypoint.…" 37 seconds ago Up 33 seconds (healthy) harbor-core
964e5805fb81 goharbor/harbor-portal:v2.3.1 "nginx -g 'daemon of…" 39 seconds ago Up 36 seconds (healthy) harbor-portal
41038ff6f31e goharbor/harbor-db:v2.3.1 "/docker-entrypoint.…" 39 seconds ago Up 36 seconds (healthy) harbor-db
6b3503d1367e goharbor/redis-photon:v2.3.1 "redis-server /etc/r…" 39 seconds ago Up 36 seconds (healthy) redis
c059529f89f3 goharbor/harbor-registryctl:v2.3.1 "/home/harbor/start.…" 39 seconds ago Up 36 seconds (healthy) registryctl
55a65d22d7b3 goharbor/registry-photon:v2.3.1 "/home/harbor/entryp…" 39 seconds ago Up 36 seconds (healthy) registry
73f8185a516a goharbor/harbor-log:v2.3.1 "/bin/sh -c /usr/loc…" 41 seconds ago Up 39 seconds (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@harbor harbor]# cd
(4)使用浏览器访问harbor
记住这个项目
******(5)上传镜像,修改tag推送到镜像仓库
[root@harbor ~]# ll
总用量 2320516
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 1 22:48 docker
-rw-r--r-- 1 root root 629571428 8月 1 22:52 harbor-offline-installer-v2.3.1.tgz
-rw-r--r-- 1 root root 453615616 8月 1 23:04 mysql_5.7.tar.gz
-rw-r--r-- 1 root root 137441280 8月 1 23:04 nginx
-rw-r--r-- 1 root root 1155569664 8月 1 23:05 php_5.6[root@harbor ~]# docker load -i nginx
[root@harbor ~]# docker load -i php_5.6
[root@harbor ~]# docker load -i mysql_5.7.tar.gz
[root@harbor ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 8cf625070931 10 days ago 448MB
goharbor/harbor-exporter v2.3.1 719fd825651e 13 days ago 81MB
goharbor/chartmuseum-photon v2.3.1 3aba4510af16 13 days ago 178MB
goharbor/redis-photon v2.3.1 4a0d49a4ece0 13 days ago 191MB
goharbor/trivy-adapter-photon v2.3.1 a285847f857a 13 days ago 164MB
goharbor/notary-server-photon v2.3.1 87a2dbfd122e 13 days ago 110MB
goharbor/notary-signer-photon v2.3.1 7e29ff33ec85 13 days ago 107MB
goharbor/harbor-registryctl v2.3.1 91e798004920 13 days ago 132MB
goharbor/registry-photon v2.3.1 972ce19b1882 13 days ago 81.2MB
goharbor/nginx-photon v2.3.1 3b3ede1db494 13 days ago 44.3MB
goharbor/harbor-log v2.3.1 40a54594fe22 13 days ago 194MB
goharbor/harbor-jobservice v2.3.1 d6e174ae0a00 13 days ago 171MB
goharbor/harbor-core v2.3.1 f05acc3947d6 13 days ago 158MB
goharbor/harbor-portal v2.3.1 4a15c5622fda 13 days ago 57.6MB
goharbor/harbor-db v2.3.1 b16a9c81ef03 13 days ago 263MB
goharbor/prepare v2.3.1 4ce629d59c20 13 days ago 288MB
nginx latest 4cdc5dd7eaad 3 weeks ago 133MB
cytopia/php-fpm-5.6 latest 2943ebf1ef81 3 years ago 1.1GB
[root@harbor ~]# docker tag mysql:5.7 192.168.100.206/library/mysql:5.7
[root@harbor ~]# docker tag nginx:latest 192.168.100.206/library/nginx:latest
[root@harbor ~]# docker tag cytopia/php-fpm-5.6:latest 192.168.100.206/library/php:latest
[root@harbor ~]# docker login -u admin -p Harbor12345 192.168.100.206
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
[root@harbor ~]# docker push 192.168.100.206/library/mysql:5.7
[root@harbor ~]# docker push 192.168.100.206/library/nginx:latest
[root@harbor ~]# docker push 192.168.100.206/library/php:latest
在浏览器查看
至此Harbor仓库搭建完成,镜像上传完成
(4)在测试环境、生产环境上安装Docker,从harbor镜像仓库拉取镜像
******(1)先做基础配置,两台主机配置相同
[root@Centos7 ~]# hostnamectl set-hostname test
[root@Centos7 ~]# su
[root@test ~]# systemctl stop firewalld
[root@test ~]# setenforce 0
setenforce: SELinux is disabled
[root@test ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙/dev/sr0 已经挂载到 /mnt 上[root@Centos7 ~]# hostnamectl set-hostname true
[root@Centos7 ~]# su
[root@true ~]# systemctl stop firewalld
[root@true ~]# setenforce 0
setenforce: SELinux is disabled
[root@true ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙/dev/sr0 已经挂载到 /mnt 上
******(2)安装Docker,上传docker-compose
[root@test ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@test ~]# vim /etc/yum.repos.d/centos.repo
[aaa]
name=aaa
baseurl=file:///mnt
enabled=1
gpgcheck=0
[docker]
name=docker
baseurl=file:///root/docker
enabled=1
gpgcheck=0
#保存退出
[root@test ~]# ll
总用量 8
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 2 00:05 docker
[root@test ~]# yum -y install docker-ce
[root@test ~]# cd /usr/bin/
[root@test bin]# rz
z waiting to receive.**B0100000023be50
[root@test bin]# ll | grep docker-compose
-rw-r--r-- 1 root root 11748168 7月 28 18:54 docker-compose
[root@test bin]# chmod a+x docker-compose
[root@test bin]# cd
[root@test ~]# mkdir /etc/docker
[root@test ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"],"insecure-registries": ["192.168.100.206"]
}
#保存退出
[root@test ~]# systemctl start docker
[root@test ~]# docker login -u admin -p Harbor12345 192.168.100.206
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
[root@test ~]# docker pull 192.168.100.206/library/nginx:latest
[root@test ~]# docker pull 192.168.100.206/library/php:latest
[root@test ~]# docker pull 192.168.100.206/library/mysql:5.7
[root@test ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.206/library/mysql 5.7 8cf625070931 10 days ago 448MB
192.168.100.206/library/nginx latest 4cdc5dd7eaad 3 weeks ago 133MB
192.168.100.206/library/php latest 2943ebf1ef81 3 years ago 1.1GB[root@true ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@true ~]# vim /etc/yum.repos.d/centos.repo
[aaa]
name=aaa
baseurl=file:///mnt
enabled=1
gpgcheck=0
[docker]
name=docker
baseurl=file:///root/docker
enabled=1
gpgcheck=0
#保存退出
[root@true ~]# ll
总用量 8
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 2 00:06 docker
[root@true ~]# yum -y install docker-ce
[root@true ~]# cd /usr/bin/
[root@true bin]# rz
z waiting to receive.**B0100000023be50
[root@true bin]# ll | grep docker-compose
-rw-r--r-- 1 root root 11748168 7月 28 18:54 docker-compose
[root@true bin]# chmod a+x docker-compose
[root@true bin]# cd
[root@true ~]# mkdir /etc/docker
[root@true ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"],"insecure-registries": ["192.168.100.206"]
}
#保存退出
[root@true ~]# systemctl start docker
[root@true ~]# docker login -u admin -p Harbor12345 192.168.100.206
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
[root@true ~]# docker pull 192.168.100.206/library/nginx:latest
[root@true ~]# docker pull 192.168.100.206/library/php:latest
[root@true ~]# docker pull 192.168.100.206/library/mysql:5.7
[root@true ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.206/library/mysql 5.7 8cf625070931 10 days ago 448MB
192.168.100.206/library/nginx latest 4cdc5dd7eaad 3 weeks ago 133MB
192.168.100.206/library/php latest 2943ebf1ef81 3 years ago 1.1GB
(5)使用jenkins登录gitlab复制仓库,然后把compose-lnmp传到仓库
[root@jenkins ~]# git config --global user.name "Administrator"
[root@jenkins ~]# git config --global user.email "admin@example.com"
[root@jenkins ~]# git clone git@192.168.100.202:root/lnmp.git
正克隆到 'lnmp'...
warning: 您似乎克隆了一个空版本库。
[root@jenkins ~]# cd lnmp/
[root@jenkins lnmp]# yum -y install tree
[root@jenkins lnmp]# tree #上传lnmp目录
.
└── lnmp├── conf│ └── default.conf├── docker-compose.yml└── html├── dbtest.php├── index.html└── test.php3 directories, 5 files
[root@jenkins lnmp]# git add .
[root@jenkins lnmp]# git commit -m "add lnmp"
[master(根提交) ed73f9c] add lnmp5 files changed, 74 insertions(+)create mode 100644 lnmp/conf/default.confcreate mode 100644 lnmp/docker-compose.ymlcreate mode 100644 lnmp/html/dbtest.phpcreate mode 100644 lnmp/html/index.htmlcreate mode 100644 lnmp/html/test.php
[root@jenkins lnmp]# git push origin master
Counting objects: 10, done.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (10/10), 1.30 KiB | 0 bytes/s, done.
Total 10 (delta 0), reused 0 (delta 0)
To git@192.168.100.202:root/lnmp.git* [new branch] master -> master
在浏览器验证
(6)在Jenkins创建并配置流水线项目
-先在测试环境进行项目部署
点击这里去生产流水线语法
#语法(把刚才生成的git拉取数据的语句复制过来):
pipeline {agent anystages {stage("gitlab") {steps {git credentialsId: '948ac17c-2c14-4a8d-9120-95eb8c2b86aa', url: 'git@192.168.100.202:root/lnmp.git'} }}
}在保存后可以先进行测试
测试成功!
[root@jenkins ~]# cd /var/lib/jenkins/workspace/
[root@jenkins workspace]# ll
总用量 0
drwxr-xr-x 4 root root 30 8月 1 16:45 docker-compose-lnmp
drwxr-xr-x 2 root root 6 8月 1 16:45 docker-compose-lnmp@tmp
[root@jenkins workspace]# cd docker-compose-lnmp
[root@jenkins docker-compose-lnmp]# pwd #数据被拉取到了这个目录
/var/lib/jenkins/workspace/docker-compose-lnmp
[root@jenkins docker-compose-lnmp]# ll
总用量 0
drwxr-xr-x 4 root root 56 8月 1 16:45 lnmp #成功拉取compose的数据
现在再来继续生成
#最终测试环境的流水线语法:
pipeline {agent anystages {stage("gitlab") {steps {git credentialsId: '948ac17c-2c14-4a8d-9120-95eb8c2b86aa', url: 'git@192.168.100.202:root/lnmp.git'} }stage("cd") {steps {sh label: '', script: 'scp /root/aaa.sh root@192.168.100.205:/root/'}}stage("bash sh") {steps {sh label: '', script: 'bash /root/lnmp.sh'}}}
}
现在去编写脚本
[root@jenkins docker-compose-lnmp]# cd #要记得回到root下,因为语法是执行root下的脚本
[root@jenkins ~]# vim aaa.sh #其实这里也可以去写拉取镜像,这样的话测试环境和生产环境就不需要提前拉镜像了
#!/bin/bash
cd /root/lnmp
docker-compose up -d
#保存退出
[root@jenkins ~]# vim lnmp.sh
#!/bin/bash
scp -r /var/lib/jenkins/workspace/docker-compose-lnmp/lnmp root@192.168.100.204:/root/
ssh root@192.168.100.204 sh /root/aaa.sh
#保存退出
编写好脚本之后,在浏览器中点击构建
现在访问192.168.100.204测试页面
成功部署!!!!
-现在在生产环境进行部署
[root@jenkins ~]# cat aaa.sh #aaa.sh无需变化
#!/bin/bash
cd /root/lnmp
docker-compose up -d
[root@jenkins ~]# vim lnmp.sh #修改lnmp.sh的远程主机
#!/bin/bash
scp -r /var/lib/jenkins/workspace/docker-compose-lnmp/lnmp root@192.168.100.205:/root/
ssh root@192.168.100.205 sh /root/aaa.sh
同样流水线也修改远程主机
进行测试
测试
成功向生产环境部署!!!!
三、docker-compose目录内容
[root@jenkins lnmp]# tree
.
└── lnmp├── conf│ └── default.conf├── docker-compose.yml└── html├── dbtest.php├── index.html└── test.php3 directories, 5 files
[root@jenkins lnmp]# cd lnmp/
[root@jenkins lnmp]# vim docker-compose.yml
version: "3"
services:nginx:image: 192.168.100.206/library/nginx:latestports:- "80:80/tcp"volumes:- /root/lnmp/conf/default.conf:/etc/nginx/conf.d/default.conf- /root/lnmp/html/:/usr/share/nginx/htmldepends_on:- phpphp:image: 192.168.100.206/library/php:latestvolumes:- /root/lnmp/html/:/var/www/html/depends_on:- mysqlmysql:image: 192.168.100.206/library/mysql:5.7environment:- MYSQL_ROOT_PASSWORD=123456
#保存退出
[root@jenkins lnmp]# cd conf/
[root@jenkins conf]# ll
总用量 4
-rw-r--r-- 1 root root 957 8月 1 16:13 default.conf
[root@jenkins conf]# vim default.conf
server {listen 80;listen [::]:80;server_name localhost;#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;location / {root /usr/share/nginx/html;index index.html index.php index.htm;
}#error_page 404 /404.html;# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {root /usr/share/nginx/html;
}# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}#pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {root html;fastcgi_pass php:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;include fastcgi_params;
}# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
#保存退出
[root@jenkins conf]# cd ..
[root@jenkins lnmp]# ll
总用量 4
drwxr-xr-x 2 root root 26 8月 1 16:19 conf
-rw-r--r-- 1 root root 507 8月 1 16:17 docker-compose.yml
drwxr-xr-x 2 root root 58 8月 1 16:13 html
[root@jenkins lnmp]# cd html/
[root@jenkins html]# ll
总用量 12
-rw-r--r-- 1 root root 102 8月 1 16:13 dbtest.php
-rw-r--r-- 1 root root 30 8月 1 16:13 index.html
-rw-r--r-- 1 root root 19 8月 1 16:13 test.php
[root@jenkins html]# cat dbtest.php
<?php
$conn=mysql_connect("mysql","root","123456");
if ($conn) echo "it's ok!!!!!";
mysql_close();
?>
#这里直接写mysql密码,是因为上传的镜像的mysql密码默认就是这个,也可以自己去赋权用户登录
[root@jenkins html]# cat index.html
welcome !!!!!!!!!!!!!!!!!!!!!
[root@jenkins html]# cat test.php<?php phpinfo()?>
Jenkins+GitLab+Docker持续集成LNMP相关推荐
- Springboot Gitlab Jenkins Maven Docker 持续集成/持续交付
Gilab安装教程 http://blog.csdn.net/chenhaifeng2016/article/details/78603216 http://blog.csdn.net/chenhai ...
- 架构——20——Jenkins+Gitlab实现持续集成——3
CI&CD: 持续集成注重将各个开发者的工作集合到一个代码仓库中,通常每天会进行几次, 主要目的是尽早发现集成错误,使团队更加紧密结合,更好地协作. 持续交付的目的是最小化部署或发布过程中团队 ...
- 持续集成之Jenkins+Gitlab实现持续集成
项目使用git+jenkins实现持续集成 开始构建 General 源码管理 我们安装的是Git插件,还可以安装svn插件 我们将git路径存在这里还需要权限认证,否则会出现error ...
- 持续集成Jenkins+Gitlab实现持续集成
用户说明 假设node3是程序员的个人电脑,在这台机器上编写代码 ip地址192.168.10.10 Git的安装部署及使用 git config --global user.name 'zzg' # ...
- gitlab+jenkins+maven+docker持续集成(四)——Extended E-mail Notification配置
构建后进行邮件通知,这里我们用Extended E-mail Notification 系统管理-->Extended E-mail Notification 在这里subject.conten ...
- 基于Docker容器的,Jenkins、GitLab构建持续集成CI
** 开发者将代码提交(push)到GitLab后,GitLab通过Hook通知jenkins,jenkins自动从GitLab中获取项目最新的源码进行集成和发布. 基于Docker,创建一个私有Gi ...
- Jenkins+GitLab+Docker+SpringCloud+Kubernetes实现可持续自动化微服务
Jenkins+GitLab+Docker+SpringCloud+Kubernetes实现可持续自动化微服务
- GitLab + Jenkins + Sonar Qube 持续集成
GitLab + Jenkins + Sonar Qube 持续集成 一. 持续集成 二. 持续交付 三. 持续部署 四. 持续集成的实施流程 五. gitlab 5.1 gitlab安装配置 5.1 ...
- Jenkins——Jenkins介绍+基于云平台的Jenkins安装和持续集成环境配置(插件+用户权限+凭据+Maven打包)
Jenkins--Jenkins介绍+基于云平台的Jenkins安装和持续集成环境配置(插件+用户权限+凭据+Maven打包) 持续集成及Jenkins介绍 软件开发生命周期 什么是持续集成? 持续集 ...
- Jenkins安装和持续集成环境配置
Jenkins安装和持续集成环境配置 持续集成说明 Jenkins安装 Jenkins插件管理 下载中文汉化插件 Jenkins用户权限管理 安装Role-based Authorization St ...
最新文章
- 不同版本浏览器前端标准兼容性对照表以及CORS解决跨域和CSRF安全问题解决方案
- css(hr元素)水平线的定位
- JavaScript七种非常经典的创建对象方式
- python爬虫如何从一个页面进入另一个页面-Python爬虫怎么获取下一页的URL和网页内容?...
- Array.slice 8 种不同用法
- Open vSwitch介绍
- 数据结构——模式匹配kmp算法
- python实现单链表快速排序升序linkedqueue_数据结构1
- Anaconda安装及简单使用
- 分层结构的生活例子_AI的分层强化学习与人脑神经机制的联系
- Atitit nodejs js 获取图像分辨率 尺寸 大小 宽度 高度
- Proxmark3 Easy破解门禁卡(转载 珍贵知识防止掉失)
- 尔雅 2017大学计算机基础答案,2018超星尔雅大学计算机基础答案.docx
- 计算机无本地安全策略,如何打开本地安全策略、如何解决“未授予用户在此计算机上的请求登录类型”...
- 输入10个学生某门课的成绩,用函数找出最高分、最低分,计算平均分,并在主函数中输入和输出(用函数和全局变量来完成)(C语言)
- 实例:用C#.NET手把手教你做微信公众号开发(12)--带参数二维码裂变推广
- 小林coding 的笔记——图解网络(一)
- 数组名 和数组名的理解
- WPF 入门教程Grid使用技巧
- vue项目如何放到服务器上,怎么把vue项目放在node服务器上?
热门文章
- Uva 11584 线性DP
- EasyBCD and UEFI
- kodi 默认桌面_如何自定义Kodi新的默认外观河口
- OSChina 周五乱弹 ——妹子一不小心就被拖到小巷子里
- python爬虫爬取steam,epic,origin平台游戏数据
- ios怎么把电话号码存到android,如何将苹果手机的通讯录导入到安卓手机中?看这里...
- DSPE-PEG6-Mal,C60H111N2O17P小分子PEG试剂化学性质
- ls基本用法-查看文件大小 k m g
- “由于这台计算机没有远程桌面客户端访问许可证,远程会话被中断“的解决方案
- mc java送win10_微软针对Windows 10的免费Minecraft赠品在Java播放器的午夜结束