cicd学习
软件 | 安装方式 |
---|---|
harbor | docker-compose |
gitlab | yum |
jenkins | docker |
一.安装配置gitlab
1)安装步骤
1 systemctl stop firewalld
2 systemctl disable firewalld
3 setenforce 0
4 cd /etc/yum.repos.d/
5 vim gitlab-ce.repo
# 添加清华源
[gitlab-ce]
name=gitlab-ce
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/
gpgcheck=0
enabled=1
6 yum clean all && yum makecache
7 yum install -y gitlab-ce
8 cd /etc/gitlab
9 vim gitlab.rb
# 配置url,使用url访问,比较方便
external_url 'http://192.168.138.24'
10 gitlab-ctl reconfigure
2)登入配置的url修改用户名和密码
初始登录密码保存在文件中,24小时后会删除,这里我们使用初始密码登录之后再修改密码
[root@localhost ~]# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: GIIEH+FXzqdLz//yAwuM1EpS/TgwG4swik6s1EH0EZg=
# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
点击edit profile修改密码
最后使用新密码登录
二.harbor安装
1)安装docker和docker-compose
2)下载harbor的压缩包Tags · goharbor/harbor · GitHub
3)解压
4)修改配置文件
[root@master harbor]# cp harbor.yml.tmpl harbor.yml
[root@master harbor]# vim harbor.yml
# 修改hostname和port,注释https相关配置
hostname: 192.168.138.200
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8823
#https related config
#https:
#https port for harbor, default is 443
#port: 443
#The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
5)执行 ./prepare
6)执行 ./install.sh
7)浏览器访问(初始用户名和密码都在配置文件里)
用户名:admin
密码:Harbor12345
三.jenkins安装
使用docker安装
1)安装jdk
https://www.oracle.com/cn/java/technologies/downloads/
1.解压
tar -xf jdk-11.0.20_linux-x64_bin.tar.gz -C /usr/local
2.设置环境变量
vim /etc/profile
JAVA_HOME=/usr/local/jdk-11.0.20
PATH=$JAVA_HOME/bin:$PATH
export PATH
3.刷新配置文件
source /etc/profile
2)安装maven
https://dlcdn.apache.org/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-bin.tar.gz
1.解压并修改名字
tar xf apache-maven-3.9.4-bin.tar.gz -C /usr/local
mv apache-maven-3.9.4/ maven
2.配置maven
<!--maven镜像仓库配置-->
<mirror>
<id>alimaven</id>
<mirrorOf>central</mirrorOf>
<name>aliyun maven</name> <url>http://maven.aliyun.com/nexus/content/groups/public</url>
</mirror>
</mirrors>
<!--编译器版本配置-->
<profile>
<id>11</id>
<activation>
<activeByDefault>true</activeByDefault>
<jdk>11</jdk>
</activation>
<properties>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
<maven.compiler.compilerVersion>11</maven.compiler.compilerVersion>
</properties>
</profile>
</profiles>
<activeProfiles>
<activeProfile>jdk-11</activeProfile>
</activeProfiles>
3)安装docker(根据官方网站安装)
https://docs.docker.com/engine/install/centos/
1 yum install -y yum-utils
2 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
3 yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
4 systemctl start docker
5 systemctl enable docker
4)拉取jenkins镜像
docker pull jenkins/jenkins:lts
5)启动jenkins
[root@localhost conf]# docker ps |grep jenkins
e9e551f4e106 jenkins/jenkins:lts "/usr/bin/tini -- /u…" 15 seconds ago Restarting (1) 6 seconds ago
这里需要修改数据卷权限
[root@localhost conf]# ll /var |grep jenkins_home
drwxr-xr-x. 2 root root 6 9月 20 13:26 jenkins_home
[root@localhost conf]# chmod 777 /var/jenkins_home/
重启jenkins
docker restart jenkins
再次查看日志文件
docker logs jenkins
*************************************************************
*************************************************************
*************************************************************
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
# 初始登录密码
7c9503ba64764a9ca132754f4bb09fbd
This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
*************************************************************
*************************************************************
*************************************************************
6)修改jenkins插件的下载源,改为国内源(速度更快)
[root@localhost conf]# vim /var/jenkins_home/hudson.model.UpdateCenter.xml
[root@localhost conf]# cat /var/jenkins_home/hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/current/update-center.json</url>
</site>
</sites>
7)登录jenkins
8)安装插件
我这里选择安装推荐的插件
9)创建新用户,后面登录都使用这个新用户
用户名:march
密码:sc123456
10)jenkins配置
1.安装git parameter,publish over ssh,python,pyenv pipline插件
2.移动jdk和maven到/var/jenkins_home
[root@localhost local]# mv jdk-11.0.20/ /var/jenkins_home
[root@localhost local]# mv maven /var/jenkins_home
3.在jenkins里配置jdk和maven
四.自由风格的CICD构建
参考:
实现镜像的拉取,构建和推送
jenkins容器化实现方案:如果想在Jenkins中构建镜像,则需要Jenkins中有Docker引擎,指的是Jenkins容器内有Docker,因为我 们的Jenkins是用docker起的,可以在Jennkins内再安装docker,但这种方式不太方便,不好维护,可以使 用与宿主机共享Docker引擎。
1)修改docker.sock权限
/var/run/docker.sock 文件是 docker client 和 docker daemon 在本地进行通信的 socket 文件。默认 的组为 docker,且 other 用户不具有读写权限,这样 Jenkins 是无法来操作该文 件的。
[root@localhost run]# ll |grep docker.sock
srw-rw----. 1 root docker 0 9月 20 13:06 docker.sock
# 修改组为root
[root@localhost run]# chown root:root docker.sock
# 修改权限
[root@localhost run]# chmod 666 docker.sock
[root@localhost run]# ll |grep docker.sock
srw-rw-rw-. 1 root root 0 9月 20 13:06 docker.sock
2)重启jenkins
1.强制删除正在运行的jenkins容器
[root@localhost run]# docker rm -f jenkins
jenkins
2.在 Jenkins 启动命令中新增/var/run/docker.sock,docker 命令文件/usr/bin/docker, 及/etc/docker/daemon.json 文件为数据卷。重启 Jenkins 容器。
docker run --name jenkins \
--restart always \
-p 8080:8080 \
-p 50000:50000 \
-v /var/jenkins_home:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /etc/docker/daemon.json:/etc/docker/daemon.json \
-d jenkins/jenkins:lts
3.进入到jenkins查看是否可以使用docker
[root@localhost run]# docker exec -it jenkins /bin/bash
jenkins@74f1026aef03:/$ docker version
Client: Docker Engine - Community
Version: 24.0.6
API version: 1.43
Go version: go1.20.7
Git commit: ed223bc
Built: Mon Sep 4 12:35:25 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 24.0.6
API version: 1.43 (minimum version 1.12)
Go version: go1.20.7
Git commit: 1a79695
Built: Mon Sep 4 12:34:28 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.24
GitCommit: 61f9fd88f79f081d64d6fa3bb1a0dc71ec870523
runc:
Version: 1.1.9
GitCommit: v1.1.9-0-gccaecfc
docker-init:
Version: 0.19.0
GitCommit: de40ad0
3)jenkins构建镜像推送到harbor
1.修改daemon.json文件(因为jenkins是harbor的客户端)
[root@localhost docker]# cat daemon.json
{
"insecure-registries": ["192.168.18.200:8823" # harbor服务器所在的IP和端口]
}
2.重启docker
service docker restart
3.将python的代码推送到gitlab
这里我已经添加好远程仓库了,所以直接推送并提交到gitlab
4.在jenkins里新建一个自由风格的item
5.jenkins集成gitlab
这里我的仓库是public的所以只需要添加gitlab地址
6.在python中编写dockfile并添加导出环境文件
推送到gitlab
7.jenkins添加构建步骤
点立即构建
harbor上镜像推送成功
8)jenkins通知目标服务器拉取镜像
1.在目标服务器上定义一个脚本文件
deploy.sh
#!/bin/bash
#harbor的IP地址和端口
harbor_addr_port=$1
#harbor的项目名
harbor_proj=$2
#harbor里的镜像名
image_repo=$3
#标签
image_tag=$4
#容器内部端口
app_port=$5
#宿主机端口
export_port=$6
#镜像名
image=$harbor_addr_port/$harbor_proj/$image_repo:$image_tag
#如果容器已经存在,就删除容器
exist_container_id=`docker ps -a | grep $image_repo | awk '{print $1}'`
if [ -n "$exist_container_id" ];then
docker stop "$exist_container_id"
docker rm "$exist_container_id"
fi
#判断tag是否存在,如果存在就删除,然后拉取最新镜像
exist_image_tag=`docker images | grep $harbor_addr_port/$harbor_proj/$image_repo |
awk '{print $2}'`
if [[ "$exist_image_tag" =~ "$image_tag" ]]; then
docker rmi -f $image
fi
docker login -u admin -p Harbor12345 $harbor_addr_port
docker pull $image
docker run --name $image_repo -d -p $export_port:$app_port $image
echo "SUCCESS"
2.添加构建后操作(执行这个脚本)
在全局配置里添加目标服务器
点击立即构建