基于docker的gitlab+gitlabrunner+ansible自动部署
系统架构图
网络架构
一、安装docker,确保hostname没有问题 ,查看/etc/hostname、/etc/hosts。
https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#install-docker-ce-1
二、安装dcoekr-compose,这边还是要去官网看看,每次的链接不一定都一样。
sudo curl -L https://github.com/docker/compose/releases/download/1.17.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
三、docker加速源
https://cr.console.aliyun.com/#/accelerator
四、docker-compose.yml,通过nginx-proxy访问gitlab,这里我就不设置默认网络,因为我后面要利用ansible镜像拉取gitlab中项目,如果设置默认网络就会产生两个网桥,届时会无法通信。
nginx-proxy: image: jwilder/nginx-proxy container_name: nginx-proxy restart: always ports: - "80:80" - "443:443" volumes: - ./nginx-proxy/certs:/etc/nginx/certs:ro - ./nginx-proxy/vhost:/etc/nginx/vhost.d - ./nginx-proxy/html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: 'true' letsencrypt: image: jrcs/letsencrypt-nginx-proxy-companion container_name: letsencrypt restart: always volumes: - ./nginx-proxy/certs:/etc/nginx/certs:rw - ./nginx-proxy/vhost:/etc/nginx/vhost.d - ./nginx-proxy/html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro gitlab: image: 'gitlab/gitlab-ce:latest' container_name: 'gitlab' restart: always hostname: 'gitlab.yourdomain' environment: GITLAB_OMNIBUS_CNOFIG: | external_url 'http://gitlab.yourdomain' VIRTUAL_HOST: gitlab.yourdomain VIRTUAL_PORT: 80 VIRTUAL_PROTO: http LETSENCRYPT_HOST: gitlab.yourdomain LETSENCRYPT_EMAIL: bill.weiwei@foxmail.com external_url: http://gitlab.yourdomain ports: - '30022:22' volumes: - '/srv/gitlab/config:/etc/gitlab' - '/srv/gitlab/logs:/var/log/gitlab' - '/srv/gitlab/data:/var/opt/gitlab' - './nginx-proxy/certs:/etc/gitlab/ssl' gitlab-runner: image: 'gitlab/gitlab-runner:latest' container_name: 'gitlab-runner' restart: 'always' volumes: - '/srv/gitlab-runner/confg:/etc/gitlab-runner' - '/var/run/docker.sock:/var/run/docker.sock'
五、注册gitlab-runner
docker exec -it gitlab-runner gitlab-ci-multi-runner register
参考:
docker exec -it <id container> gitlab-runner register -n --url your https://gitlab.your.domain \ --registration-token you token in your gitlab (AdminArea > Runners you can see token) \ --executor docker \ --description "your name which you wante" \ --docker-image "node" \ --docker-privileged true \ --docker-volumes /var/run/docker.sock:/var/run/docker.sock \ --docker-volumes /srv/gitlab-runner/config:/etc/gitlab-runner \
修改配置文件
vim /srv/gitlab-runner/config/config.toml pull_policy = "if-not-present" shm_size = 0
六、添加ssh公钥到gitlab上
ssh-keygen cat .ssh/id_rsa.pub
七、ansible部署
将ansible的配置文档放在gitlab上,方便在构建镜像的时候加载到镜像中。
####create project your-name-project/ansibleinventory
####create folders inventory and playbooks
##inventory
filename: young-prod-server [young-prod-server] ****
##playbooks、、two files
#filename:deploy_entrypoint.yml - hosts: all tasks: - name: Creating the directory file: path=/var/projects/{{ project_name }}-{{ env }}/ state=directory - name: Clean src file: state: absent path: "/var/projects/{{ project_name }}-{{ env }}/src" - name: Clean app file: state: absent path: "/var/projects/{{ project_name }}-{{ env }}/app" - name: copy unarchive: src: "{{ src }}/package.tar" dest: /var/projects/{{ project_name }}-{{ env }}/ # - name: run if exist entrypoint.sh # shell: /var/projects/{{ project_name }}/entrypoint.sh # when: $(-s /var/projects/{{ project_name }}/entrypoint.sh) - name: stop project shell: docker-compose -f docker-compose.yml -f docker-compose.{{ env }}.yml stop args: chdir: /var/projects/{{ project_name }}-{{ env }}/ - name: start project shell: docker-compose -f docker-compose.yml -f docker-compose.{{ env }}.yml up --build -d args: chdir: /var/projects/{{ project_name }}-{{ env }}/ - name: run entrypoint.sh shell: ./entrypoint.sh args: chdir: /var/projects/{{ project_name }}-{{ env }}/ #filename:deploy.yml - hosts: all tasks: - name: Creating the directory file: path=/var/projects/{{ project_name }}-{{ env }}/ state=directory - name: copy unarchive: src: "{{ src }}/package.tar" dest: /var/projects/{{ project_name }}-{{ env }}/ # - name: run if exist entrypoint.sh # shell: /var/projects/{{ project_name }}/entrypoint.sh # when: $(-s /var/projects/{{ project_name }}/entrypoint.sh) - name: stop project shell: docker-compose -f docker-compose.yml -f docker-compose.{{ env }}.yml stop args: chdir: /var/projects/{{ project_name }}-{{ env }}/ - name: start project shell: docker-compose -f docker-compose.yml -f docker-compose.{{ env }}.yml up --build -d args: chdir: /var/projects/{{ project_name }}-{{ env }}/
##Create file in ansible.cfg
[defaults] transport = ssh log_path = ./.ansible/ansible.log host_key_checking = False hostfile = inventory sudo_user = root roles_path = roles ansible_managed = Ansible managed file modified on %Y-%m-%d %H:%M:%S, do not edit directly retry_files_save_path = ./.ansible private_key_file = ~/.ssh/id_rsa #remote_user = root [ssh_connection] ssh_args = -o ForwardAgent=yes
以上这些在gitlab上部署完成之后,可以写Dockerfile了。
我是在.ssh中写的。
###filename: Dockerfile FROM williamyeh/ansible:alpine3 MAINTAINER bill ARG SSH_PRIVATE_KEY=. RUN echo "@main35 http://dl-cdn.alpinelinux.org/alpine/v3.5/main" >> /etc/apk/repositories \ && apk update \ && apk --no-cache add \ git \ bash ADD id_rsa /root/.ssh/id_rsa RUN chmod 700 /root/.ssh/id_rsa RUN mkdir -p ~/.ssh RUN echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config RUN echo "gitlab-ce的ip地址(docker inspect container-id|grep IPA) gitlab.yourdomain">>/etc/hosts &&git clone git@gitlab.yourdomain:root/young_ansibleinventory.git /ansible COPY entrypoint.sh / ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
###filename:entrypoint.sh #!/bin/bash echo "172.17.0.4 gitlab.yourdomain">>/etc/hosts if [ ! -d "/ansible" ];then git clone git@gitlab.yourdomain:root/young_ansibleinventory.git /ansible fi cd /ansible git pull # run cmds exec "$@"
为了防止出错,还是要进行如下的配置。
After this you need on your server in folder root/.ssh/autorizade_key
put you id_rsa.pub key
copy your id_rsa.pub and paste in autorized_key
在本地服务器,不是容器,,,这个是为了不出错。
cat id_rsa.pub >>authorized_keys
chmod 644 authorized_keys
最后一点需要在.gitlab.yml里面修改image为你部署的ansible的镜像名。
八、最后报错的问题的解决方法
第一个问题: 当遇到上传的文件过大时,这个到了build的后期会遇到 vim /srv/gitlab/config/gitlab.rb nginx['enable'] = true nginx['client_max_body_size'] = '1024m' gitlab-ctl restart 在容器中修改nginx的配置,如果安装vim比较慢,可以选择安装lrzsz,,在本地改好后,再上传文件。 在http标签中添加,这个的作用就是全局的。 client_max_body_size 1024m; 第二个问题,,创建一个网桥 docker network create serverservices_default root@work:~/.ssh# docker network ls NETWORK ID NAME DRIVER SCOPE d79d0a24f1d6 bridge bridge local b8d69d99856f host host local cd9f5c333402 none null local 4f34f5ff823f root_default bridge local root@work:~/.ssh# brctl show bridge name bridge id STP enabled interfaces br-4f34f5ff823f 8000.0242f5270238 no veth08ac4e8 veth69afb8b veth8d60b75 veth93ac6fc docker0 8000.0242de39b14c no
九、将项目放到gitlab上,并配置.gitlab.yml,就是其中的镜像。实际操作中会遇到很多问题。