jenkins+git+docker构建持续化集成环境

CI/CD介绍

 

发布流程设计

服务器	IP地址	主机名
Git/Harbor	192.168.200.70	git-harbor
Docker	192.168.200.111	docker
Jenkins	192.168.200.112	jenkins

---

工具	版本
CentOS	7.5_x64
Maven	3.5
Tomcat	8
JDK	1.8
Jenkins	2.6
Docker CE	18.03.1

---

cat /etc/redhat-release

uname -r

 

Jenkins+Docker+Git所有包

链接：https://pan.baidu.com/s/10GWHTqAx9E9d1hhJNuI1gw 
提取码：py3b

 

部署Harbor镜像仓库

服务器	IP地址
Git/Harbor	192.168.200.70

 

创建ca证书

mkdir -p /data/ssl

cd /data/ssl

which openssl

openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

 

1. Generating a 4096 bit RSA private key
2. .................................................++
3. ......................................................................................................................++
4. writing new private key to 'ca.key'
5. -----
6. You are about to be asked to enter information that will be incorporated
7. into your certificate request.
8. What you are about to enter is what is called a Distinguished Name or a DN.
9. There are quite a few fields but you can leave some blank
10. For some fields there will be a default value,
11. If you enter '.', the field will be left blank.
12. -----
13. Country Name (2 letter code) [XX]:CN
14. State or Province Name (full name) []:Beijing
15. Locality Name (eg, city) [Default City]:Beijing
16. Organization Name (eg, company) [Default Company Ltd]:yunjisuan
17. Organizational Unit Name (eg, section) []:yunjisuan
18. Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com
19. Email Address []：

 

生成证书请求

openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr

 

1. Generating a 4096 bit RSA private key
2. ..........................................................++
3. .......................................................................................................................++
4. writing new private key to 'www.yunjisuan.com.key'
5. -----
6. You are about to be asked to enter information that will be incorporated
7. into your certificate request.
8. What you are about to enter is what is called a Distinguished Name or a DN.
9. There are quite a few fields but you can leave some blank
10. For some fields there will be a default value,
11. If you enter '.', the field will be left blank.
12. -----
13. Country Name (2 letter code) [XX]:CN
14. State or Province Name (full name) []:Beijing
15. Locality Name (eg, city) [Default City]:Beijing
16. Organization Name (eg, company) [Default Company Ltd]:yunjisuan
17. Organizational Unit Name (eg, section) []:yunjisuan
18. Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com
19. Email Address []:
21. Please enter the following 'extra' attributes
22. to be sent with your certificate request
23. A challenge password []:
24. An optional company name []:

 

生成注册表主机的证书

openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt

 

1. Signature ok
2. subject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.com
3. Getting CA Private Key

ll

 

信任自签发的证书

cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/

update-ca-trust enable

update-ca-trust extract

 

安装docker-ce社区版

setenforce 0

yum -y install yum-utils device-mapper-persistent-data lvm2

curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

systemctl start docker

systemctl enable docker

docker version

---

 

安装harbor仓库

mkdir -p /etc/ssl/harbor

cp /data/ssl/www.yunjisuan.com.key /etc/ssl/harbor/

cp /data/ssl/www.yunjisuan.com.crt /etc/ssl/harbor/

wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz 
上文有下载包，这里就没有wget下载。

mkdir -p /data/install

cd /data/install

ls

tar xf harbor-offline-installer-v1.5.0.tgz

cd harbor

cp harbor.cfg{,.bak}

vim harbor.cfg

cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p'

 

1. 7 hostname = www.yunjisuan.com
2. 11 ui_url_protocol = https
3. 23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt
4. 24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key
5. 68 harbor_admin_password = Harbor12345

 

安装命令docker-compose（需要1.21版本）

 

1. curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname
2. -s)-$(uname -m) -o /usr/local/bin/docker-compose
3. 上文有下载包，这里就没有下载

cd /usr/local/bin/

ls

chmod +x /usr/local/bin/docker-compose

which docker-compose

docker-compose -version

 

启动harbor私有镜像仓库

cd /data/install/harbor

./install.sh --with-clair

 

为其他服务器下发证书，并映射域名

 

为其他服务器下发证书

scp /data/ssl/www.yunjisuan.com.crt 192.168.200.111:/etc/pki/ca-trust/source/anchors/

scp /data/ssl/www.yunjisuan.com.crt 192.168.200.112:/etc/pki/ca-trust/source/anchors/

 

在Docker客户端上（192.168.200.111）

update-ca-trust enable

update-ca-trust extract

vim /etc/hosts

tail -1 /etc/hosts

 

1. 192.168.200.70 www.yunjisuan.com

 

在jenkins服务器上（192.168.200.203）

update-ca-trust enable

update-ca-trust extract

vim /etc/hosts

tail -1 /etc/hosts

 

1. 192.168.200.70 www.yunjisuan.com

 

部署Git服务器

服务器	IP地址	主机名
Git/Harbor	192.168.200.70	git-harbor
Jenkins服务器	192.168.200.112	jenkins

 

以下操作在Harbor/Git上（192.168.200.70）

yum -y install git

which git

 

创建git用户密码

useradd git

passwd git

su - git

 

创建git项目目录

mkdir solo.git

cd solo.git/

 

初始化git目录

git --bare init

ls

 

以下的操作在Jenkins上（192.168.200.112）

 

在192.168.200.112上也安装git模拟项目代码提交

yum -y install git

which git

 

创建用于提交的git目录

mkdir -p /code

cd /code

git clone root@192.168.200.70:/home/git/solo.git

ls

 

将solo项目的源码拷贝到git的上传目录下(solo源代码在上文有下载链接)

mv ~/solo/* solo/

ls solo/

 

添加需要提交的文件目标

cd solo

git add .

 

进行代码提交

git commit -m "all"

 

1. *** Please tell me who you are. #出现这个提示是让你补充提交信息
3. Run
5. git config --global user.email "you@example.com" #你的邮箱
6. git config --global user.name "Your Name" #你的名字
8. to set your account's default identity.
9. Omit --global to set the identity only in this repository.
11. fatal: unable to auto-detect email address (got 'root@JenkinsServer.(none)')

git config --global user.email "1123400300@qq.com"

git config --global user.name "Mr.sun"

git commit -m "all" #补充信息后，即可提交成功

 

提交完代码之后，需要推送到git服务端

git push origin master --->origin master版本信息

 

为了最后的solo项目测试，我们需要修改一下solo项目源代码的某个配置文件

cd /code/solo/src/main/resources

ls

cat -n latke.properties | sed -n '29p;31p'

 

1. 29 serverHost=localhost
2. 31 serverPort=8080

 

将文件的上边两行代码修改成如下所示

vim latke.properties

cat -n latke.properties | sed -n '29p;31p'

 

1. 29 serverHost=192.168.200.111 #修改成docker的IP地址
2. 31 serverPort=8888

 

再次进行git版本提交

cd /code/solo/

git add .

git commit -m "latke.properties"

git push origin master

 

构建业务基础镜像(tomcat:v1)

在后边构建

服务器	IP地址	主机名
Docker	192.168.200.111	docker

 

安装docker

yum -y install yum-utils device-mapper-persistent-data lvm2

curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

docker --version

---

 

添加docker国内镜像源

mkdir -p /etc/docker

vim /etc/docker/daemon.json

cat /etc/docker/daemon.json

 

1. {
2. "registry-mirrors":[ "https://registry.docker-cn.com" ]
3. }

systemctl daemon-reload

systemctl restart docker

 

部署jdk环境（不需要添加环境变量）

ls

tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/

---

cd /usr/local

ls

ln -s jdk1.8.0_45 jdk

 

Jenkins安装

服务器	IP地址	主机名
Jenkins服务器	192.168.200.112	jenkins

 

安装docker-ce环境

yum -y install yum-utils device-mapper-persistent-data lvm2

curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

mkdir -p /etc/docker

vim /etc/docker/daemon.json

cat /etc/docker/daemon.json

 

1. {
2. "registry-mirrors":[ "https://registry.docker-cn.com" ]
3. }

systemctl daemon-reload

systemctl restart docker

---

 

安装JDK环境（因为是要用在容器中，因此宿主机不配PATH）

ls

tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/

---

cd /usr/local

ls

ln -s jdk1.8.0_45 jdk

 

安装maven-3.5.0

ls

tar xf apache-maven-3.5.0-bin.tar.gz -C /usr/local/

---

cd /usr/local

ls

ln -s apache-maven-3.5.0 maven

 

创建jenkins镜像的Dockerfile

没有wget命令需要提前yum安装

mkdir -p dockerfile/jenkins

cd dockerfile/jenkins

vim Dockerfile

cat Dockerfile

 

1. FROM jenkins
3. USER root
5. RUN echo "" > /etc/apt/sources.list.d/jessie-backports.list && \
6. wget http://mirrors.163.com/.help/sources.list.jessie -O /etc/apt/sources.list
7. RUN apt-get update && apt-get install -y git libltdl-dev

 

创建jenkins镜像

docker build -t jenkins:v1 .

docker images

 

由于我们是在镜像中去构建Jenkins的，所以

• jenkins容器的数据目录我们需要从宿主机上挂载（避免容器数据丢失）

• jenkins的运行需要jdk环境，所以我们直接挂载宿主机上的jdk

• jenkins构建java代码需要maven支持，所以我们直接挂载宿主机上的maven

• Jenkins需要docker支持

• Jenkins需要免交互拉取git代码，因此挂载本地的ssh密钥

 

创建jenkins数据目录

mkdir -p /var/jenkins_home

 

进行ssh免密钥交互验证

ssh-keygen --->一律回车即可

ssh-copy-id git@192.168.200.70

 

进行免交互测试

ssh git@192.168.200.70

 

启动jenkins容器

docker run -dit --name jenkins -p 8080:8080 -v /var/jenkins_home/:/var/jenkins_home/ -v /usr/local/apache-maven-3.5.0:/usr/local/maven -v /usr/local/jdk1.8.0_45:/usr/local/jdk -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker -v ~/.ssh:/root/.ssh jenkins:v1

 

利用浏览器访问Jenkins容器

http://192.168.200.112:8080

---

docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword

 

1. c7e4ae00fd5941d6b20f1e45ab6835b6 #这就是密码，输入到浏览器里

---

选择所有插件后，直接点install即可

---

 

我们现在构建一个可以运行solo代码的tomcat镜像

mkdir -p /root/dockerfile/solo

cd /root/dockerfile/solo

vim Dockerfile

cat Dockerfile

 

1. FROM centos:7
2. MAINTAINER www.yunjisuan.com
4. RUN yum install unzip iproute -y
6. ENV JAVA_HOME /usr/local/jdk
8. ADD apache-tomcat-8.0.46.tar.gz /usr/local
9. RUN mv /usr/local/apache-tomcat-8.0.46 /usr/local/tomcat
11. WORKDIR /usr/local/tomcat
12. EXPOSE 8080
13. ENTRYPOINT ["./bin/catalina.sh", "run"]

---

ls

 

构建镜像

docker build -t tomcat:v1 .

docker images

 

登陆harbor私有仓库

docker login -uadmin -pHarbor12345 www.yunjisuan.com

 

推送镜像到harbor仓库（如果推送失败请查看证书验证或者docker是否登陆）

docker images

docker tag tomcat:v1 www.yunjisuan.com/library/tomcat:v1

docker push www.yunjisuan.com/library/tomcat:v1

---

 

Jenkins基本配置

用户名：admin 密码:linyaonie

 

设定全局配置

---

---

---

 

设定ssh连接凭据

 

jenkins连接Docker测试服务器免交互验证

ssh-copy-id root@192.168.200.111

ssh root@192.168.200.111

 

在Jenkins的Web界面上添加凭据

---

---

---

cat ~/.ssh/id_rsa #就是把这些内容复制

---

---

 

Jenkins创建项目

 

我们先开始一个新的任务

---

图片说明

---

图片说明

 

到这里我们先来测试一下maven构建java代码的效果

点击solo_blog项目的立刻构建，查看构建信息

 

在Jenkins服务器上查看构建后的结果

cd /var/jenkins_home/workspace/solo_blog/target

ls

ll solo.war --->这就是构建出来的war包

 

1. 2.[root@JenkinsServer target]# pwd
2. 3./var/jenkins_home/workspace/solo_blog/target
3. 4.[root@JenkinsServer target]# ls
4. 5.classes generated-test-sources maven-status solo_h2_test surefire-reports
5. 6.generated-sources maven-archiver solo solo.war test-classes
6. 7.[root@JenkinsServer target]# ll solo.war #这就是构建出来的war包
7. 8.-rw-r--r-- 1 root root 43037193 7月 25 22:12 solo.war

 

通过脚本将war包封装进一个tomcat的镜像中，然后推送到harbor

所以利用maven构建java的源代码实际上就是生成可以在tomcat等容器中运行的war包  
现在我们重新修改一下项目的配置，增加POST Steps（构建之后的操作）  
其实，构建之后，我们只需要通过脚本将war包封装进一个tomcat的镜像中，然后推送到harbor里即可。

 

这就是需要添加进去的脚本内容

cd $WORKSPACE --->这是jenkins的可用变量，具体可以在上图下边查看

 

1. cd $WORKSPACE
2. cat > Dockerfile << FOF
3. FROM www.yunjisuan.com/library/tomcat:v1
4. MAINTAINER www.yunjisuan.com
5. COPY target/solo.war /tmp/ROOT.war
6. RUN rm -rf /usr/local/tomcat/webapps/* && \
7. unzip /tmp/ROOT.war -d /usr/local/tomcat/webapps/ROOT && \
8. rm -f /tmp/ROOT.war
9. WORKDIR /usr/local/tomcat
10. EXPOSE 8080
11. ENTRYPOINT ["./bin/catalina.sh","run"]
12. FOF
14. docker build -t www.yunjisuan.com/library/solo:v1 .
15. docker login -uadmin -pHarbor12345 www.yunjisuan.com
16. docker push www.yunjisuan.com/library/solo:v1

 

然后我们再次进行构建查看

 

至此我们就完成了以下几步

git拉取java的solo项目源代码 
maven构建java的solo项目war包 
将war包封装成tomcat的容器启动镜像 
将镜像上传harbor私有镜像仓库

 

我们还需要能够直接部署到远程测试主机

 

（192.168.200.111）上，因此我们继续设置

 

在远程主机（Docker测试服务器）执行的脚本如下

 

1. docker rm -f solo #清理旧的solo容器进程
2. docker rmi -f www.yunjisuan.com/library/solo:v1 #清理旧的solo:v1镜像（不清理就不拉取镜像了）
3. docker login -uadmin -pHarbor12345 www.yunjisuan.com
4. docker run -d --name solo -p 8888:8080 -v /usr/local/jdk1.8.0_45/:/usr/local/jdk www.yunjisuan.com/library/solo:v1

 

再次进行构建，并在docker主机上查看构建结果

docker images --->docker测试服务器上有镜像了

 

1. 2.REPOSITORY TAG IMAGE ID CREATED SIZE
2. 3.www.yunjisuan.com/library/solo v1 e1b0d010c11b 11 minutes ago 408MB
3. 4.redis latest f06a5773f01e 8 days ago 83.4MB
4. 5.centos latest 49f7960eb7e4 7 weeks ago 200MB

docker ps -a --->启动容器进程了

 

1. 7.CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2. 8.c4dba5567fd5 www.yunjisuan.com/library/solo:v1 "./bin/catalina.sh r…" 11 minutes ago Up 11 minutes 0.0.0.0:8888->8080/tcp solo

 

我们通过浏览器访问

http://192.168.200.112:8888