云中客

梦想有多大,就能走多远

  博客园 :: 首页 :: 博问 :: 闪存 :: 新随笔 :: 联系 :: 订阅 订阅 :: 管理 ::

思路

  1. 合并代码到master分支,触发Pipeline Job
  2. GitLab Runner Job拉取最新代码
  3. 创建部署用docker image
  4. 提交docker image到GitLab Container Registry
  5. SSH登录部署主机,拉取最新image
  6. 重启docke容器

准备工作 注册自己的Gitlab runner

  1. 准备编译服务器Ubuntu
  2. 下载安装包
# Replace ${arch} with any of the supported architectures, e.g. amd64, arm, arm64
# A full list of architectures can be found here https://gitlab-runner-downloads.s3.amazonaws.com/latest/index.html
curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_${arch}.deb"
  1. 安装deb包
dpkg -i gitlab-runner_<arch>.deb
  1. runner的docker权限添加
sudo usermod -aG docker gitlab-runner
  1. 获取GitLab分组的CI/CD Runner注册Token

  2. 注册runner到GitLab分组

  • executor: 类型根据情况修改,一般使用docker
sudo gitlab-runner register \
  --non-interactive \
  --url "https://gitlab.com/" \
  --registration-token "PROJECT_REGISTRATION_TOKEN" \
  --executor "docker" \
  --name "docker-runner" \
  --description "docker-runner" \
  --tag-list "docker,aws" \
  --run-untagged="true" \
  --locked="false" \
  --access-level="not_protected" \
  --docker-image "docker:19.03.12" \
  --docker-privileged \
  --docker-volumes "/certs/client"
  • 查看登录情况(TLS启用情况)
cat /etc/gitlab-runner/config.toml
[[runners]]
  name = "docker-runner"
  url = "https://gitlab.com/"
  token = TOKEN
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "docker:19.03.12"
    privileged = true
    disable_cache = false
    volumes = ["/certs/client", "/cache"]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
  1. GitLab分组查看注册的runner

配置GitLab与服务器

  1. 项目仓库根目录下添加创建镜像的Dockerfile
  2. 项目仓库根目录下添加.gitlab-ci.yml模板
  3. 编译服务器ssh-key创建
  • 千万别设置密码passphrase 内容
ssh-keygen -t rsa -b 2048
  1. 添加id_rsa内容到GitLab分组参数:SSH_PRIVATE_KEY
  1. 添加部署服务器ip地址与用户名到GitLab分组参数
  • SSH_KNOWN_HOST:ip地址
  • SSH_KNOWN_HOST_USER:用户名
  1. 添加id_rsa.pub内容到部署服务器
  2. 上传文件id_rsa.pub到部署服务器
    - /home/ubuntu/.ssh
  3. 添加认证信息到authorized_keys
    - cat id_rsa.pub >> ~/.ssh/authorized_keys
  4. 部署服务器docker-compose.yml配置
  5. 修改.gitlab-ci.yml添加ssh命令
  • 多行命令用&&链接
image: docker:19.03.12
services:
  - docker:19.03.12-dind

stages: 
  - build
  - deploy

variables:
  DOCKER_TLS_CERTDIR: "/certs"
  IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  
before_script:
    - echo "$CI_REGISTRY"
    - echo "$IMAGE_TAG"
    - echo "$CI_REGISTRY_USER"
    - echo "$CI_REGISTRY_PASSWORD"
    - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin

build: 
  stage: build
  script:  
    - docker build -t $IMAGE_TAG .
    - docker push $IMAGE_TAG

deploy:
  stage: deploy
  script:  
    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan $SSH_KNOWN_HOST >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
    - ssh $SSH_KNOWN_HOST_USER@$SSH_KNOWN_HOST "sudo echo $CI_REGISTRY_PASSWORD | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin && docker pull $IMAGE_TAG && docker-compose -f /home/ubuntu/docker-compose.yml restart"
  only:
    - main

常见问题与解决

Error loading key "(stdin)": invalid format gitlab
  • 解决办法: 把参数的Protected去掉
posted on 2021-06-12 19:06  走遍江湖  阅读(730)  评论(0编辑  收藏  举报