【gitlab+jenkins+docker】手把手教你搭建基於gitlab+jenkins+docker的項目的自動化部署流程
前言
使用現成的jenkins容器能夠快速搭建jenkins服務,且管理起來很方便,具有容災、可移植等優點(放輕鬆,操作過程與上節神似,有些步驟如果操作過就不用再操作了)
路徑創建
爲了避免不必要的錯誤,建議數據存放路徑與我這裏保持一致:
[root@JackRoy ~]# mkdir -p /opt/dockers/docker_tool_jenkins/online
[root@JackRoy ~]# mkdir -p /opt/dockers/docker_tool_jenkins/gitlab_data
[root@JackRoy ~]# cd /opt/dockers/docker_tool_jenkins/gitlab_data
封裝docker啓動命令
如果已經跟隨上一節操作過,這裏就不用再操作了,如果沒有跟隨上一節操作,直接便捷/usr/bin/dockerutils輸入:
[root@JackRoy online]# vim /usr/bin/dockerutils
#!/bin/bash
# Settle issue (e.g.: SELINUX) of when mount host directory, it has no privilege to access.
chcon -Rt svirt_sandbox_file_t $dir > /dev/null 2>&1
container_name=
TOP_PID=$$
trap 'exit 127' TERM
gate_way=`route | grep 'default' | awk '{print $2}'`
code=0
find_name(){
_container_name=`cat $dir/docker-compose.yml | grep container_name | awk -F ':' '{print $2}' | sed 's/^[ ]*//g' | sed 's/[ ]*$//g'`
_container_name=${_container_name//\"/}
container_name=${_container_name//\'/}
if [ x$container_name == x ]
then
echo -e "\033[31mERROR : please set container_name in your docker-compose.yml file \033[0m"
kill -s TERM $TOP_PID
fi
}
check(){
_host_name=`cat $dir/docker-compose.yml | grep hostname | awk -F ':' '{print $2}' | sed 's/^[ ]*//g' | sed 's/[ ]*$//g'`
_host_name=${_host_name//\"/}
host_name=${_host_name//\'/}
echo "-------------------------------------------------"$host_name
if [ x$host_name == x ]
then
echo -e "\033[31mERROR : hostname not set ! \033[0m"
code=1
fi
_ip=`cat $dir/docker-compose.yml | grep ipv4_address | awk -F ':' '{print $2}' | sed 's/^[ ]*//g' | sed 's/[ ]*$//g'`
_ip=${_ip//\"/}
ip=${_ip//\'/}
if [ $1 = y ] ; then
fail=`ping $ip -c 3 -s 1 -W 1 | grep "100% packet loss" | wc -l`
if [ $fail -eq 0 ]
then
echo -e "\033[31mERROR : address is already in use \033[0m"
code=1
fi
fi
if [ $code -ne 0 ] ; then kill -s TERM $TOP_PID ;fi
}
up(){
check n
docker-compose -f $dir/docker-compose.yml up -d
start
}
reup(){
docker rm -f $container_name
up
}
start(){
docker start $container_name
}
stop(){
docker stop $container_name
}
restart(){
docker stop $container_name
sleep 3
docker start $container_name
}
usage(){
echo -e " Usage : \n \t $0 [ usage ] | < up | reup | start | stop | restart > "
echo -e "\t ============= nat docker ==============="
echo -e "\t up : create container and start app"
echo -e "\t reup : re-create container and start app"
echo -e "\t start : start container and app"
echo -e "\t stop : stop container and app"
echo -e "\t restart : restart container and app"
kill -s TERM $TOP_PID
}
if [ "$1"x = ""x ] || [ "$1"x = "usage" ] ; then
usage
fi
find_name
$@
exit $?
創建啓動配置文件
進入/opt/dockers/docker_tool_jenkins/online目錄下:
[root@JackRoy online]# cd /opt/dockers/docker_tool_jenkins/online
編輯deploy_comm.sh並輸入:
#!/bin/bash
dir=$(cd -P -- "$(dirname -- "$0")" && pwd -P)
. dockerutils $@
編輯docker-compose.yml並輸入:
version: '2.2'
services:
jenkins:
image: jenkins/jenkins:lts
container_name: jenkins
hostname: jenkins
volumes:
- "../jenkins_home:/var/jenkins_home1"
cpus: 1
mem_limit: 2G
environment:
- TZ=Asia/Shanghai
- LANG=en_US.UTF-8
ports:
- "8082:8080"
- "50000:50000"
networks:
aidata_network:
ipv4_address: 10.111.113.50
networks:
aidata_network:
external: true
啓動
在/opt/dockers/docker_tool_gitlab/online路徑下,執行啓動命令
# deploy_comm.sh 支持 reup up stop多種命令
[root@JackRoy online]# sh deploy_comm.sh reup
Error response from daemon: No such container: jenkins
-------------------------------------------------jenkins
WARNING: Found orphan containers (gitlab) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Pulling jenkins (jenkins/jenkins:lts)...
Trying to pull repository docker.io/jenkins/jenkins ...
lts: Pulling from docker.io/jenkins/jenkins
844c33c7e6ea: Pull complete
ada5d61ae65d: Pull complete
f8427fdf4292: Pull complete
f025bafc4ab8: Pull complete
67b8714e1225: Pull complete
64b12da521a3: Pull complete
2e38df533772: Pull complete
b1842c00e465: Pull complete
b08450b01d3d: Pull complete
2c6efeb9f289: Pull complete
0805b9b9cdc4: Pull complete
f129619fc383: Pull complete
cd27f3a82cdf: Pull complete
f31251f493ed: Pull complete
2c902f1f4dfa: Pull complete
2fe1d2cb7aab: Pull complete
908723de775f: Pull complete
54aa3899e429: Pull complete
f48cf8764dc1: Pull complete
Digest: sha256:d5069c543e80454279caacd13457d012fb32c5229b5037a163d8bf61ffa6b80b
Status: Downloaded newer image for docker.io/jenkins/jenkins:lts
Creating jenkins ... done
jenkins
執行啓動命令以後我們進入docker容器,執行命令“cp -r /var/jenkins_home/* /var/jenkins_home1”:
[root@JackRoy online]# docker exec -it jenkins bash
jenkins@jenkins:/$ cp -r /var/jenkins_home/* /var/jenkins_home1
jenkins@jenkins:/$ exit
exit
退出後修改docker-compose.yml文件(/var/jenkins_home1改爲/var/jenkins_home):
version: '2.2'
services:
jenkins:
image: jenkins/jenkins:lts
container_name: jenkins
hostname: jenkins
volumes:
- "../jenkins_home:/var/jenkins_home" # 修改位置
cpus: 1
mem_limit: 2G
environment:
- TZ=Asia/Shanghai
- LANG=en_US.UTF-8
ports:
- "8082:8080"
- "50000:50000"
networks:
aidata_network:
ipv4_address: 10.111.113.50
networks:
aidata_network:
external: true
在/opt/dockers/docker_tool_gitlab/online路徑下,執行啓動命令
# deploy_comm.sh 支持 reup up stop多種命令
[root@JackRoy online]# sh deploy_comm.sh reup
jenkins
-------------------------------------------------jenkins
WARNING: Found orphan containers (gitlab) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Creating jenkins ... done
jenkins
頁面配置
訪問url:
http://10.20*.4.5*:8082/login?from=%2F
效果如下:
初始提示我們需要從本地複製密碼,OK,我們按照提示路徑打開jenkins容器尋找初始密碼:
[root@JackRoy ~]# docker exec -it jenkins bash
jenkins@jenkins:/$ cat /var/jenkins_home/secrets/initialAdminPassword
138d763d6d374274ae5b490fcb442017
jenkins@jenkins:/$ exit
[root@JackRoy ~]#
將初始密碼粘貼後,可以看到:
這裏我們選擇“安裝推薦的插件”就好,裏面涵蓋了包括git等我們常用的插件。
接着便是等待這些插件的安裝,如果網絡不卡,則時間不會很久,等待的盡頭是:
按照提示,我們創建用戶,同時設定密碼,點擊“保存並完成”後,進入下一步:
直接點擊“保存並完成”,接着就可以開始使用jenkins了。
安裝Maven插件
因爲很多項目我們是使用了maven倉庫來管理項目中的依賴,因此,在jenkins上完成項目打包是依賴maven插件的,依次點擊Manage Jenkins(系統管理)、Manage Pligins(插件管理)
點擊“可選插件”,在右上角輸入搜索“Maven Integration”,勾選後點擊“直接安裝”:
稍等片刻即安裝成功:
憑據配置
在添加憑據之前,我們需要做一件事,就是在我們的jenkins docker容器內生成公鑰(配置至git中)與私鑰(配置至jenkins全局憑據中),這樣才能組成一把完整的鎖與鑰匙的關係,操作明細如下:
# 命令1
[root@JackRoy ~]# docker exec -it jenkins bash
# 命令2
jenkins@jenkins:/$ cd
# 命令3
jenkins@jenkins:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):
/var/jenkins_home/.ssh/id_rsa already exists.
# 輸入y
Overwrite (y/n)?y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa.
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hsfnzzVqlYtR6SpI0Xbc5e6VE3IPPZtDjYvXdR9WluA jenkins@jenkins
The key is randomart image is:
+---[RSA 2048]----+
| .. .|
| . .+|
| . . E Bo|
| o. o o.*B*|
| . So.. +=*%|
| o.o o ***|
| . .. *oo+|
| . .o+o...|
| o+ |
+----[SHA256]-----+
# 命令4 順便做一下與宿主機的免密登錄:
jenkins@jenkins:~$ ssh-copy-id -p 22 -i .ssh/id_rsa.pub [email protected]*.4.5*
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '10.20*.4.5* (10.20*.4.5*)' can't be established.
ECDSA key fingerprint is SHA256:tsX+R0v8maofjGIJc01fcGidEsEqG0I6q6tzm3FP+2o.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
# 輸入宿主機roto 密碼
[email protected]*.4.5*'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '22' '[email protected]*.4.5*'"
and check to make sure that only the key(s) you wanted were added.
# 命令5 測試一下免密登錄
jenkins@jenkins:~$ ssh [email protected]*.4.5*
Last login: Mon Dec 30 09:58:17 2019 from 10.43.0.72
# 命令6
[root@JackRoy ~]# exit
logout
Connection to 10.20*.4.5* closed.
# 命令7
jenkins@jenkins:~$ cd .ssh/
# 命令8
jenkins@jenkins:~/.ssh$ cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxYUI7MtQs7uaMRGTEbJ7oknmIstbRWRwsVPKoE33RrOcUTwp
v2m1aOw7KwAGceP2jq+RrRtt58adLYVvvENML+JeCITdZ4kuZ3UeWuzvJvk2b7hv
UvAz1wnup9ZONRSNUqDwY/0KjIM4ZDiQpkUo1pUbqiAvBO5n8G/j3AhDa0NEU0hw
MdT0PbAUfVzvTQ7OMLmDhkHHpuZ33rZz4OqOTm7IXVWlT9dBmVtsymDAezKNt+SA
ySo80RTsP2OkobuzH6gRWY0Mf9Fpt4VUe4sYPa7Vs1QeH6Bv6iJB49Rp5tmZTojv
bKAWu7IDmimK9jAwge59MDSOc9lj+NBQadCUwwIDAQABAoIBAQC61Fla0f2l5F+2
5i68YJz9JvVeGAhfHOBTezSAaP7qi13ioQvEGJMVic11oPJ3q+89i+g5W2acA4wM
0NidtPJNoMrdN//MvT99cJSj4NVdggDxr/zs8HO4hZaOfvE+2A/NBpobme/udPhU
JAT+oRA92JBwXTzcZz09ejiHmfFbdH2WpZeGMdhOndSSY0F71U7RXiDShC8o/TMw
+6Db5eu3OTU4lJ1yKWMOBzz/Dtsr8d5gqq32GueWtkTLd6N8fH7pnuZuNVrBBGkq
b68MKRW6ophjzoYFtKV26wXaGdBPSSSLUIZ+MsF3H5RlSJgagSFp035NGPTv6jRv
qlnHUJKRAoGBAOaDWIpuxLymDV/hiDnU+Q/veNYj6JOSYFDvcus27yhv9SDjlwF
Y1rc0SDehliRzkIeSLHUJNJaij9P9bkhGeVDbW7N+eTwu6LU0+RuFH+DNM2ITNH7K
AgQgAbmd3mT+UYa0f3UJ63Gk7QU1dLQC/DI+2Mayh0kNpXIl2uIXzyUnAoGBANtb
0DjV+t+QjhD+OEBKOziLEPm3SPa78687yEADnU8LjPMrgKxd0nYNta6wzWqcq8GBnc3p
jqfMtWAzkSWyYBOVG786867ZW9JovwSdWgFCpRiHEc090T/gh3BUWNm1jkPH0/cgnszDRqdzQ
i2yIFR/Q2XIrh+DGLy2miE+7u5Wgne2BQwOE+y0FAoGBAOIu60gaXGznYWzNDp1m
nwiOCxLzKS0HSFTQVYFuwcYbqJEr7Ro0909aJ11W4tUvw/9QQmTOVFUajUFpjVtjhzzf
+dX/B8HeTbNiC/ESY4Q/YgJBFzQayB3ItaW6ijbJ0xih+vkETzRWYXIHdJLx2utv
KmtbA3YkY16pRzf0MQw8dINtAoGABd7tMbg4YKdjxfyn0MCr2RWPvL81CrV35I60
NRtgCFoPtY1FRreTNzuwI7xRtHodmRc5JDCMYii/J70gaSXCa4mGcJRbxYXlRESu
XCif00pEs6PGjSLvDCq8aBD38MSLwUcrlBoIRrO2PiIAHvnu5U/hshCaMqT71RFy
k7OJbWkCgYATyutuyfA7yHLaS613zm0dkqXtA+5xku/AE4jh0XolaBVODL27U+ohuzpm4
wTltcZIGF+q6H3VAGS17pa5haLgMSwdh9hpFo5S/MIgaW+6++YBffFwKU4VkfYD1
kwoO4z21O1myVSZoPdilqwGp7EcFy+Z/K8xigJlHOber1WJ7y8YY9w==
-----END RSA PRIVATE KEY-----
# 命令9
jenkins@jenkins:~/.ssh$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFhQjsy1Czu5oxMRsnuiSeYiy1tFZHCxU8gTfdGs5xRPCm/abVo7DsrAAZx4/aOr5GtG23nxp0thW+8Q0wv4l4IhN1niS5ndR5a7O8m+TZvuG9S8DPXCe6n1k41FI1SoPB0j/QqMgzhkOJCmRSjWlRuqIC8E7mfwb+PcCENrQ0RTSHAx1PQ9sBR9XO9NDs4wuYOGQcem5nfetnPg6o985ObshdVaVP10GZW2zKYMB7Mo235IDJKjzRFOw/Y6Shu7MfqBFZjQx/0Wm3hVR7ixg9rtWzVB4foG/qIkHj1Gnm2ZlOiO9soBa7sgOaKYr2MDCB7n0wNI5z2WP40FBp0JTD jenkins@jenkins
jenkins@jenkins:~/.ssh$ exit
exit
[root@JackRoy ~]#
拿到生成的私鑰(注意是私鑰,就是id_rsa,打印信息長的那個)以後,返回頁面,在左邊菜單欄點擊進入憑據:
選擇添加憑據:
在頁面中選擇並填入相關信息(這裏面我沒有選中的都是你自己可以隨便填的,不會影響你使用):
點擊確定:
憑據添加成功,這時候不要忘記把jenkins docker容器的公鑰添加進gitlab!
添加公鑰至gitlab操作明細我上一節有介紹:第二節 docker版jenkinsan安裝和配置
配置全局工具(jdk和maven)
這裏筆者沒有選擇使用自動安裝,具體原因是因爲jdk現在下載有諸多不方便(需要賬號),以及會留下不必要的坑,這裏我自己準備了jdk和maven,放入了宿主機的/opt/dockers/docker_tool_jenkins/jenkins_home/路徑下的java目錄和maven目錄,注意,一定要放在這個路徑或者其子路徑下,因爲之前我們在docker compose裏面配置了路徑映射,該路徑下的文件會被映射至docker容器中(java和maven目錄是筆者創建的,裏面分別存放了jdk1.8和maven3.0.4):
[root@JackRoy opt]# cd /opt/dockers/docker_tool_jenkins/jenkins_home/
[root@JackRoy jenkins_home]# ll
total 84
-rw-r--r-- 1 develop develop 477 Dec 30 10:09 com.cloudbees.hudson.plugins.folder.config.AbstractFolderConfiguration.xml
-rw-r--r-- 1 develop develop 1647 Dec 30 10:13 config.xml
-rw-r--r-- 1 develop develop 100 Dec 27 19:33 copy_reference_file.log
-rw-r--r-- 1 develop develop 3468 Dec 30 11:42 credentials.xml
-rw-r--r-- 1 develop develop 156 Dec 27 19:34 hudson.model.UpdateCenter.xml
-rw-r--r-- 1 develop develop 370 Dec 30 10:09 hudson.plugins.git.GitTool.xml
-rw------- 1 develop develop 1712 Dec 27 19:30 identity.key.enc
drwxr-xr-x 3 root root 25 Dec 23 16:01 java
-rw-r--r-- 1 develop develop 7 Dec 30 10:13 jenkins.install.InstallUtil.lastExecVersion
-rw-r--r-- 1 develop develop 7 Dec 30 10:13 jenkins.install.UpgradeWizard.state
-rw-r--r-- 1 develop develop 181 Dec 30 10:13 jenkins.model.JenkinsLocationConfiguration.xml
-rw-r--r-- 1 develop develop 171 Dec 27 19:30 jenkins.telemetry.Correlator.xml
drwxr-xr-x 2 develop develop 6 Dec 27 19:30 jobs
drwxr-xr-x 3 develop develop 18 Dec 27 19:30 logs
drwxr-xr-x 3 root root 31 Dec 23 16:01 maven
-rw-r--r-- 1 develop develop 907 Dec 27 19:34 nodeMonitors.xml
drwxr-xr-x 2 develop develop 6 Dec 27 19:30 nodes
drwxr-xr-x 80 develop develop 8192 Dec 30 10:23 plugins
-rw-r--r-- 1 develop develop 64 Dec 27 19:30 secret.key
-rw-r--r-- 1 develop develop 0 Dec 27 19:30 secret.key.not-so-secret
drwx------ 4 develop develop 4096 Dec 30 11:42 secrets
-rw-r--r-- 1 develop develop 7152 Dec 27 19:30 tini_pub.gpg
drwxr-xr-x 2 develop develop 4096 Dec 30 10:09 updates
drwxr-xr-x 2 develop develop 23 Dec 27 19:30 userContent
drwxr-xr-x 3 develop develop 54 Dec 30 10:12 users
drwxr-xr-x 11 develop develop 4096 Dec 27 19:34 war
drwxr-xr-x 2 develop develop 6 Dec 30 10:09 workflow-libs
[root@JackRoy jenkins_home]#
增加一下這兩個目錄的權限(必須要做):
[root@JackRoy jenkins_home]# chmod 777 -R java/
[root@JackRoy jenkins_home]# chmod 777 -R maven/
做好這些準備後,進入頁面中的Global Tool Configuration(全局配置):
在JDK選項點擊選擇新增JDK:
錄入必要的兩項信息(“/var/jenkins_home/java/jdk1.8.0_111”就是宿主機路徑“/opt/dockers/docker_tool_jenkins/jenkins_home/java/jdk1.8.0_111”在docker中的映射路徑,如果你通曉這一切就可以自由決定這些路徑的映射關係,如果是半生不熟,那最好跟筆者這裏保持一致,避免不必要的錯誤):
添加maven的操作也類似:
信息錄入完成後,點擊保存。
創建JOB
這裏一定要保證jenkins docker的公鑰成功添加至gitlab的key中(公鑰的獲得方法在上一段有介紹),我這裏貼一下效果圖:
在首頁面,選擇新建job:
錄入作業名,選擇構建模式後點擊確定(我這裏選擇了之前上傳至gitlab中的項目中的一個子項目爲例):
錄入項目地址信息和監控的分支:
選擇構建方式(多種模式可選,比較實用就是觸發遠程構建和分支變更執行兩種,這裏做測試我就選了定時輪詢)和jdk:
錄入pom的位置,選擇構建後的操作爲shell腳本(先不要糾結這部分腳本):
點擊保存不要運行(雖然它會自己運行),因爲後續的自動化腳本還沒有部署,所以運行不會成功的。
後記
到這裏基本的框架就算搭起來了,後續的生成docker容器,啓動項目都被我做成自動化的了,目前web項目和server項目均支持,讓我們能夠實現一鍵上傳,輕鬆部署(涵蓋了歷史項目緩存功能,以便能夠回滾),已下這段邏輯主要是定義變量,部署邏輯封裝在編輯的腳本里,這裏貼一下jenkins的打包邏輯(server類項目的模板):
再往後的小節就是用來講自動化部署的代碼的了。
跳轉
第一節 基礎環境介紹與準備
第二節 docker版gitlab安裝和配置
第三節 docker版jenkins安裝和配置
第四節 docker版mysql安裝和配置
第五節 docker信息明細表設計與實現(含收集腳本)
第六節 docker容器自動化生成腳本
第七節 自動生成docker容器並啓動項目
