平台即服务
基于 Docker 安装 GitLab(最好2G内存)
拉取Gitlab镜像
docker pull twang2218/gitlab-ce-zh
配置docker-compose.yml
cd /usr/local/docker/gitlab/
vi docker-compose.yml
version: '3'
services:
web:
image: 'twang2218/gitlab-ce-zh:11.1'
restart: always
hostname: '192.168.132.129'
environment:
TZ: 'Asia/Shanghai'
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://192.168.132.129:'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
unicorn['port'] = 8888
nginx['listen_port'] = 80
ports:
- '80:80'
- '8443:443'
- '2222:22'
volumes:
- /usr/local/docker/gitlab/config:/etc/gitlab
- /usr/local/docker/gitlab/data:/var/opt/gitlab
- /usr/local/docker/gitlab/logs:/var/log/gitlab
docker-compose up
使用 SSH 的方式拉取和推送项目
-
生成 SSH KEY
使用 ssh-keygen 工具生成,位置在 Git 安装目录下,我的是 D:\Program Files\Git\usr\bin
输入命令:
ssh-keygen -t rsa -C "279205343@qq.com"
-
复制 SSH-KEY 信息到 GitLab
秘钥位置在:C:\Users\你的用户名.ssh 目录下,找到 id_rsa.pub 并使用编辑器打开
-
登录 GitLab,点击“用户头像”–>“设置”–>“SSH 密钥”
持续集成与部署 gitLib Runner
Dockerfile
在 /usr/local/docker/runner/environment 目录下创建 Dockerfile
FROM gitlab/gitlab-runner:v11.0.2
MAINTAINER Lusifer <topsale@vip.qq.com>
# 修改软件源
RUN echo 'deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse' > /etc/apt/sources.list && \
echo 'deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse' >> /etc/apt/sources.list && \
echo 'deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse' >> /etc/apt/sources.list && \
echo 'deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse' >> /etc/apt/sources.list && \
apt-get update -y && \
apt-get clean
# 安装 Docker
RUN apt-get -y install apt-transport-https ca-certificates curl software-properties-common && \
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add - && \
add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" && \
apt-get update -y && \
apt-get install -y docker-ce
COPY daemon.json /etc/docker/daemon.json
# 安装 Docker Compose
WORKDIR /usr/local/bin
RUN wget https://raw.githubusercontent.com/topsale/resources/master/docker/docker-compose
RUN chmod +x docker-compose
# 安装 Java
RUN mkdir -p /usr/local/java
WORKDIR /usr/local/java
COPY jdk-8u152-linux-x64.tar.gz /usr/local/java
RUN tar -zxvf jdk-8u152-linux-x64.tar.gz && \
rm -fr jdk-8u152-linux-x64.tar.gz
# 安装 Maven
RUN mkdir -p /usr/local/maven
WORKDIR /usr/local/maven
RUN wget https://raw.githubusercontent.com/topsale/resources/master/maven/apache-maven-3.5.3-bin.tar.gz
# COPY apache-maven-3.5.3-bin.tar.gz /usr/local/maven
RUN tar -zxvf apache-maven-3.5.3-bin.tar.gz && \
rm -fr apache-maven-3.5.3-bin.tar.gz
# COPY settings.xml /usr/local/maven/apache-maven-3.5.3/conf/settings.xml
# 配置环境变量
ENV JAVA_HOME /usr/local/java/jdk1.8.0_152
ENV MAVEN_HOME /usr/local/maven/apache-maven-3.5.3
ENV PATH $PATH:$JAVA_HOME/bin:$MAVEN_HOME/bin
WORKDIR /
daemon.json
在 /usr/local/docker/runner/environment 目录下创建 daemon.json,用于配置加速器和仓库地址
{
"registry-mirrors": [
"https://registry.docker-cn.com"
]
}
docker-compose.yml
在 /usr/local/docker/runner 目录下创建 docker-compose.yml
version: '3.1'
services:
gitlab-runner:
build: environment
restart: always
container_name: gitlab-runner
privileged: true
volumes:
- /usr/local/docker/runner/config:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
注册 Runner
docker exec -it gitlab-runner gitlab-runner register
# 输入 GitLab 地址
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
http://139.224.119.184/
# 输入 GitLab Token
Please enter the gitlab-ci token for this runner:
1Lxq_f1NRfCfeNbE5WRh
# 输入 Runner 的说明
Please enter the gitlab-ci description for this runner:
可以为空
# 设置 Tag,可以用于指定在构建规定的 tag 时触发 ci
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
# 选择 runner 执行器,这里我们选择的是 shell
Please enter the executor: virtualbox, docker+machine, parallels, shell, ssh, docker-ssh+machine, kubernetes, docker, docker-ssh:
shell
查看是否有注册信息
root@faramita:/usr/local/docker/runner/config# cat config.toml
concurrent = 1
check_interval = 0
[[runners]]
name = "d574e3e8c5ce"
url = "http://139.224.119.184/"
token = "a16c82dfc6631e1779d238481e3206"
executor = "shell"
[runners.cache]
测试流水线.gitlab-ci.yml
在项目工程下编写 .gitlab-ci.yml 配置文件:
stages:
- test
test:
stage: test
script:
- echo "hello gitlabrunner"
-
statges是阶段,下面是阶段的名字,stage: test这里必须和stages下的阶段名一致,告知是哪个阶段,script是脚本,因为选的是shell,所以这里执行的是shell脚本
-
查看gitlib对应项目的流水线中是否有成功运行,进入容器中的/home/gitlab-runner/builds/a16c82df/0/faramita-itoken/itoken-config目录下,可以看到自动下载源码
持续集成config和erreka
项目下新建docker文件,里面新增docker-compos.yml和Dockerfile,项目根目录新建.gitlab-ci.yml
config
.gitlab-ci.yml
stages:
- build
- run
- clean
test:
stage: build
script:
- /usr/local/maven/apache-maven-3.5.3/bin/mvn clean package
- cp target/itoken-config-1.0.0-SNAPSHOT.jar docker
- cd docker
- docker build -t itoken-config .
run:
stage: run
script:
- cd docker
- docker-compose down
- docker-compose up -d
clean:
stage: clean
script:
- docker image prune
docker-compos.yml
version: '3.1'
services:
itoken-config:
restart: always
image: itoken-config
container_name: itoken-config
ports:
- 8888:8888
networks:
- config_network
networks:
config_network:
这里设置networks是为了部署别的工程的时候网络不重复,不然全是network_default会报错
Dockerfile
FROM openjdk:8-jre
MAINTAINER Lusifer <topsale@vip.qq.com>
# ENV APP_VERSION 1.0.0-SNAPSHOT
RUN mkdir /app
COPY itoken-config-1.0.0-SNAPSHOT.jar /app/app.jar
ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/app/app.jar", "--spring.profiles.active=prod"]
EXPOSE 8888
Eureka
.gitlab-ci.yml
stages:
- build
- run
- clean
test:
stage: build
script:
- /usr/local/maven/apache-maven-3.5.3/bin/mvn clean package
- cp target/itoken-eureka-1.0.0-SNAPSHOT.jar docker
- cd docker
- docker build -t itoken-eureka .
run:
stage: run
script:
- cd docker
- docker-compose down
- docker-compose up -d
clean:
stage: clean
script:
- docker image prune
docker-compos.yml
version: '3.1'
services:
itoken-eureka:
restart: always
image: itoken-eureka
container_name: itoken-eureka
ports:
- 8761:8761
networks:
- eureka_network
networks:
eureka_network:
这里设置networks是为了部署别的工程的时候网络不重复,不然全是network_default会报错
Dockerfile
FROM openjdk:8-jre
MAINTAINER Lusifer <topsale@vip.qq.com>
ENV DOCKERIZE_VERSION v0.6.1
RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
# ENV APP_VERSION 1.0.0-SNAPSHOT
RUN mkdir /app
COPY itoken-eureka-1.0.0-SNAPSHOT.jar /app/app.jar
ENTRYPOINT ["dockerize", "-timeout", "5m", "-wait", "http://139.224.117.172:8888", "java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/app/app.jar", "--spring.profiles.active=prod"]
ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/app/app.jar", "--spring.profiles.active=prod"]
EXPOSE 8761
dockerize是一个插件,实现等等机制,当配置它时,如果
附:项目配置 Dockerfile 案例
FROM openjdk:8-jre
MAINTAINER Lusifer <topsale@vip.qq.com>
ENV APP_VERSION 1.0.0-SNAPSHOT
ENV DOCKERIZE_VERSION v0.6.1
RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
RUN mkdir /app
COPY itoken-eureka-$APP_VERSION.jar /app/app.jar
ENTRYPOINT ["dockerize", "-timeout", "5m", "-wait", "tcp://192.168.75.128:8888", "java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/app/app.jar", "--spring.profiles.active=prod"]
EXPOSE 8761
基于 Docker 安装 Nexus(最好2G内存)
拉取镜像
docker pull sonatype/nexus3
配置docker-compose.yml
version: '3.1'
services:
nexus:
restart: always
image: sonatype/nexus3
container_name: nexus
ports:
- 8081:8081
volumes:
- /usr/local/docker/nexus/data:/nexus-data
分配data文件夹权限
chmod 777 data/
//启动
docker-compose up
//默认初始账号admin 密码admin123
在项目中使用 Maven 私服
配置认证信息
在 Maven settings.xml 中添加 Nexus 认证信息(servers 节点下):
<server>
<id>nexus-releases</id>
<username>admin</username>
<password>admin123</password>
</server>
<server>
<id>nexus-snapshots</id>
<username>admin</username>
<password>admin123</password>
</server>
配置自动化部署
在 pom.xml 中添加如下代码:
<distributionManagement>
<repository>
<id>nexus-releases</id>
<name>Nexus Release Repository</name>
<url>http://192.168.132.131:8081/repository/maven-releases/</url>
</repository>
<snapshotRepository>
<id>nexus-snapshots</id>
<name>Nexus Snapshot Repository</name>
<url>http://192.168.132.131:8081/repository/maven-snapshots/</url>
</snapshotRepository>
</distributionManagement>
注意事项:
ID 名称必须要与 settings.xml 中 Servers 配置的 ID 名称保持一致。项目版本号中有 SNAPSHOT 标识的,会发布到 Nexus Snapshots Repository, 否则发布到 Nexus Release Repository,并根据 ID 去匹配授权账号。
部署到仓库
mvn deploy -Dmaven.test.skip=true
上传第三方 JAR 包的方式
Nexus 3.0 不支持页面上传,可使用 maven 命令:
如第三方JAR包:com.google.code.kaptcha
mvn deploy:deploy-file -DgroupId=com.google.code.kaptcha -DartifactId=kaptcha -Dversion=2.3 -Dpackaging=jar -Dfile=D:\kaptcha-2.3.jar -Durl=http://192.168.132.131:8081/repository/maven-releases/ -DrepositoryId=nexus-releases
注意事项:
- 建议在上传第三方 JAR 包时,创建单独的第三方 JAR 包管理仓库,便于管理有维护。(maven-3rd)
- -DrepositoryId=nexus-releases 对应的是 settings.xml 中 Servers 配置的 ID 名称。(授权)
配置代理仓库
<repositories>
<repository>
<id>nexus</id>
<name>Nexus Repository</name>
<url>http://192.168.132.131:8081/repository/maven-public/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>nexus</id>
<name>Nexus Plugin Repository</name>
<url>http://192.168.132.131:8081/repository/maven-public/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</pluginRepository>
</pluginRepositories>
安装 Docker Registry 私服
-
Docker Registry虚拟机
私服的服务端
安装Docker私有仓库和部署 Docker Registry WebUI
目的:为了直观的查看 registry 中的资源情况
docker-compose.yml 配置如下
/usr/local/docker/registry/
version: '3.1'
services:
registry:
image: registry
restart: always
container_name: registry
ports:
- 5000:5000
volumes:
- /usr/local/docker/registry/data:/var/lib/registry
frontend:
image: konradkleine/docker-registry-frontend:v2
ports:
- 8080:80
volumes:
- ./certs/frontend.crt:/etc/apache2/server.crt:ro
- ./certs/frontend.key:/etc/apache2/server.key:ro
environment:
- ENV_DOCKER_REGISTRY_HOST=192.168.132.133
- ENV_DOCKER_REGISTRY_PORT=5000
守护态启动容器
docker-compose up -d
浏览器访问http://192.168.132.133:8080/repositories/
-
Docker Deploy虚拟机
客户端
配置客户端让它能够识别私服的服务端
/etc/docker/daemon.json 中增加如下内容(如果文件不存在请新建该文件)
{
"registry-mirrors": [
"https://registry.docker-cn.com"
],
"insecure-registries": [
"192.168.132.133:5000"
]
}
重启
export JAVA_HOME=/usr/local/java/jdk1.8.0_152
export JRE_HOME=/usr/local/java/jdk1.8.0_152/jre
export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH:$HOME/bin:$MAVEN_HOME/bin:$PATH:$HOME/bin
systemctl restart docker
//查看是否生效
docker info
测试镜像上传
我们以 tomcat 为例测试镜像上传功能
## 拉取一个镜像
docker pull tomcat
## 查看全部镜像
docker images
## 标记本地镜像并指向目标仓库(ip:port/image_name:tag,该格式为标记版本号)
docker tag tomcat 192.168.132.133:5000/tomcat
## 提交镜像到仓库
docker push 192.168.132.133:5000/tomcat
查看全部镜像
curl -XGET http://192.168.132.133:5000/v2/_catalog
查看指定镜像
以 tomcat 为例,查看已提交的列表
curl -XGET http://192.168.132.133:5000/v2/tomcat/tags/list
测试拉取镜像
- 先删除镜像
docker rmi tomcat
docker rmi 192.168.132.133:5000/tomcat
- 再拉取镜像
docker pull 192.168.132.133:5000/tomcat
配置项目
-
分别打开gitLib(代码托管),Nexus(maven仓库),Registry(docker镜像托管服务器)和(docker镜像托管服务端)Deploy
操作Docker Deploy虚拟机
-
通过git把本地项目上传到gitLib
-
设置秘钥免密登陆
-
解压java和maven
-
配置java和maven
export MAVEN_HOME=/usr/local/maven/apache-maven-3.5.3
export JAVA_HOME=/usr/local/java/jdk1.8.0_152
export JRE_HOME=/usr/local/java/jdk1.8.0_152/jre
export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH:$HOME/bin:$MAVEN_HOME/bin:$PATH:$HOME/bin
2安装数据库虚拟机 DockerMySQL
/usr/local/docker/mysql# vi docker-compose.yml
version: '3.1'
services:
mysql:
restart: always
image: mysql:5.7.22
container_name: mysql
ports:
- 3306:3306
environment:
TZ: Asia/Shanghai
MYSQL_ROOT_PASSWORD: 123456
command:
--character-set-server=utf8mb4
--collation-server=utf8mb4_general_ci
--explicit_defaults_for_timestamp=true
--lower_case_table_names=1
--max_allowed_packet=128M
--sql-mode="STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ERROR_FOR_DIVISION_BY_ZERO"
volumes:
- mysql-data:/var/lib/mysql
volumes:
mysql-data:
docker-compose up -d
-
从gitLib上把之前上传的代码拉取到dDocker Deploy客户端的/usr/local/docker
-
打包之前拉下来的源码
mvn clean package -Dmaven.test.skip=true
- 创建image文件夹放镜像,把admin项目打包成tar包放到里面
cd /user/local/docker/myshop
mkdir image
cd /user/local/docker/myshop/my-shop-web-admin/target/my-shop-web-admin-1.0.0-SNAPSHOT
tar -zcvf myshop.tar.gz .
mv myshop.tar.gz ../../../image/
- 配置Dockerfile
cd /user/local/docker/myshop
FROM tomcat
WORKDIR /usr/local/tomcat/webapps/ROOT/
RUN rm -fr *
ADD myshop.tar.gz /usr/local/tomcat/webapps/ROOT/
RUN rm -fr myshop.tar.gz
WORKDIR /usr/local/tomcat
- 构建镜像,把当前目录打包给Docker私服Docker Registry
docker build -t 192.168.132.133:5000/myshop .
- 提交镜像到仓库
docker push 192.168.132.133:5000/myshop
创建Docker Myshop虚拟机运行项目
配置客户端
vi /etc/docker/daemon.json
{
"registry-mirrors": [
"https://registry.docker-cn.com"
],
"insecure-registries": [
"192.168.132.133:5000"
]
}
systemctl restart docker
创建docker-compose.yml
version: '3.1'
services:
myshop:
restart: always
image: 192.168.132.133:5000/myshop
container_name: myshop
ports:
- 8000:8000
docker-compose up -d
