jenkins搭建CICD,推送远程服务器,构建docker镜像,项目工程docker完美启动
Jenkins 是一个开源软件项目,是基于 Java 开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。
官方网站:https://jenkins.io/
使用docker镜像安装jenkins
我们希望实现持续集成持续部署,
1.对于一些基础依赖项目,比如说common-service,common-base,common-batch等这些项目
希望实现 通过jenkins对项目进行打包,将基础依赖的项目推送到nexus私服,供其他项目拉取依赖。
2.对于一些需要发布启动服务的项目,比如一些业务项目
希望实现 通过jenkins对项目进行打包,推送jar到目标服务器,然后打包成镜像,推送镜像私服,重启镜像,删除一些虚悬镜像。
1 在/usr/local/docker/jenkins 目录下创建 一个docker-compose.yml文件
version: '3.1'
services:
jenkins:
image: jenkins/jenkins:lts
volumes:
- ./data:/var/jenkins_home
- ./var/run/docker.sock:/var/run/docker.sock
- ./usr/bin/docker:/usr/bin/docker
- ./usr/lib/x86_64-linux-gnu/libltdl.so.7:/usr/lib/x86_64-linux-gnu/libltdl.so.7
ports:
- 10102:8080
- 50000:50000
privileged: true
user: root
restart: always
container_name: jenkins
environment:
JAVA_OPTS: '-Djava.util.logging.config.file=/var/jenkins_home/log.properties'
TZ: Asia/Shanghai
如果有权限问题 可以用root账号 chmod 777 /usr/local/docker/jenkins/data 进行授权
2 在 /usr/local/docker/jenkins的目录下启动容器
docker-compose up -d
3.docker logs jenkins 查看初始密码
4.http://192.168.40.129:10102/ 登录jenkins输入初始密码
注意: 除了默认勾选的插件外,一定要勾选 Publish over SSH 插件,这是我们实现持续交付的重点插件。
等待安装插件,很多插件安装不上,没关系,后面配置镜像加速器手动安装。
5. 配置插件加速器
进去数据卷目录 /usr/local/docker/jenkins/data/updates,配置加速器
执行命令
sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json
注意:需要安装的插件有 Local Publish Over SSH
6.配置jdk与maven
6.1 放开目录权限chmod 777 /usr/local/docker/jenkins/data
将下载好的jdk和maven的压缩包放到 /usr/local/docker/jenkins/data 的目录下 进行解压缩
配置
6.3 maven配置全局的集成nexus setting文件
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!--
| This is the configuration file for Maven. It can be specified at two levels:
|
| 1. User Level. This settings.xml file provides configuration for a single user,
| and is normally provided in ${user.home}/.m2/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -s /path/to/user/settings.xml
|
| 2. Global Level. This settings.xml file provides configuration for all Maven
| users on a machine (assuming they're all using the same Maven
| installation). It's normally provided in
| ${maven.conf}/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -gs /path/to/global/settings.xml
|
| The sections in this sample file are intended to give you a running start at
| getting the most out of your Maven installation. Where appropriate, the default
| values (values used when the setting is not specified) are provided.
|
|-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<!-- localRepository
| The path to the local repository maven will use to store artifacts.
|
| Default: ${user.home}/.m2/repository
-->
<localRepository>/var/jenkins_home/repository</localRepository>
<!-- interactiveMode
| This will determine whether maven prompts you when it needs input. If set to false,
| maven will use a sensible default value, perhaps based on some other setting, for
| the parameter in question.
|
| Default: true
<interactiveMode>true</interactiveMode>
-->
<!-- offline
| Determines whether maven should attempt to connect to the network when executing a build.
| This will have an effect on artifact downloads, artifact deployment, and others.
|
| Default: false
<offline>false</offline>
-->
<!-- pluginGroups
| This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e.
| when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers
| "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list.
|-->
<pluginGroups>
<!-- pluginGroup
| Specifies a further group identifier to use for plugin lookup.
<pluginGroup>com.your.plugins</pluginGroup>
-->
</pluginGroups>
<!-- proxies
| This is a list of proxies which can be used on this machine to connect to the network.
| Unless otherwise specified (by system property or command-line switch), the first proxy
| specification in this list marked as active will be used.
|-->
<proxies>
<!-- proxy
| Specification for one proxy, to be used in connecting to the network.
|
<proxy>
<id>optional</id>
<active>true</active>
<protocol>http</protocol>
<username>proxyuser</username>
<password>proxypass</password>
<host>proxy.host.net</host>
<port>80</port>
<nonProxyHosts>local.net|some.host.com</nonProxyHosts>
</proxy>
-->
</proxies>
<!-- servers
| This is a list of authentication profiles, keyed by the server-id used within the system.
| Authentication profiles can be used whenever maven must make a connection to a remote server.
|-->
<servers>
<!-- server
| Specifies the authentication information to use when connecting to a particular server, identified by
| a unique name within the system (referred to by the 'id' attribute below).
|
| NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
| used together.
|
<server>
<id>deploymentRepo</id>
<username>repouser</username>
<password>repopwd</password>
</server>
-->
<server>
<id>nexus-releases</id>
<username>admin</username>
<password>pt891209</password>
</server>
<server>
<id>nexus-snapshots</id>
<username>admin</username>
<password>pt891209</password>
</server>
<!-- Another sample, using keys to authenticate.
<server>
<id>siteServer</id>
<privateKey>/path/to/private/key</privateKey>
<passphrase>optional; leave empty if not used.</passphrase>
</server>
-->
</servers>
<!-- mirrors
| This is a list of mirrors to be used in downloading artifacts from remote repositories.
|
| It works like this: a POM may declare a repository to use in resolving certain artifacts.
| However, this repository may have problems with heavy traffic at times, so people have mirrored
| it to several places.
|
| That repository definition will have a unique id, so we can create a mirror reference for that
| repository, to be used as an alternate download site. The mirror site will be the preferred
| server for that repository.
|-->
<mirrors>
<!-- mirror
| Specifies a repository mirror site to use instead of a given repository. The repository that
| this mirror serves has an ID that matches the mirrorOf element of this mirror. IDs are used
| for inheritance and direct lookup purposes, and must be unique across the set of mirrors.
|
-->
<!--<mirror>
<id>alimaven</id>
<mirrorOf>central</mirrorOf>
<name>aliyun maven</name>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
</mirror>
-->
<mirrors>
<mirror>
<id>nexus-releases</id>
<mirrorOf>*</mirrorOf>
<url>http://192.168.40.129:8081/repository/maven-releases/</url>
</mirror>
<mirror>
<id>nexus-snapshots</id>
<mirrorOf>*</mirrorOf>
<url>http://192.168.40.129:8081/repository/maven-snapshots/</url>
</mirror>
</mirrors>
</mirrors>
<!-- profiles
| This is a list of profiles which can be activated in a variety of ways, and which can modify
| the build process. Profiles provided in the settings.xml are intended to provide local machine-
| specific paths and repository locations which allow the build to work in the local environment.
|
| For example, if you have an integration testing plugin - like cactus - that needs to know where
| your Tomcat instance is installed, you can provide a variable here such that the variable is
| dereferenced during the build process to configure the cactus plugin.
|
| As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles
| section of this document (settings.xml) - will be discussed later. Another way essentially
| relies on the detection of a system property, either matching a particular value for the property,
| or merely testing its existence. Profiles can also be activated by JDK version prefix, where a
| value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'.
| Finally, the list of active profiles can be specified directly from the command line.
|
| NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact
| repositories, plugin repositories, and free-form properties to be used as configuration
| variables for plugins in the POM.
|
|-->
<profiles>
<profile>
<id>nexusProfile</id>
<repositories>
<repository>
<id>public</id>
<name>local private nexus</name>
<url>http://192.168.40.129:8081/repository/maven-public/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>nexus</id>
<name>Nexus Repository</name>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>public</id>
<name>local private nexus</name>
<url>http://192.168.40.129:8081/repository/maven-public/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</pluginRepository>
<pluginRepository>
<id>nexus</id>
<name>local private nexus</name>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<!-- activeProfiles
| List of profiles that are active for all builds.
|
-->
<activeProfiles>
<activeProfile>nexusProfile</activeProfile>
</activeProfiles>
</settings>
7 开始集成gitlab
7.1 下载插件 GitLab
7.2 配置gitlab SSH免密登录
进入容器
docker exec -it jenkins /bin/bash
执行命令生成私钥和公钥
ssh-keygen -t rsa -C "tony@msl.com"
查看公钥配置到gitlab中
7.3 进入容器 进行首次代码拉取
docker exec -it jenkins /bin/bash
进入目录 cd /var/jenkins_home
首次代码依赖拉取,会获得会生成文件 known_hosts
7.4 构建maven 项目流水线
重启jenkins后
7.5 新建任务
9.7 配置项目参数化构建过程
需要下载插件 git parameter
配置shell执行过程
至此完成了git于jenkins的集成
我希望做到的效果是,jenkins自动打包,然后推送到远程服务器,然后打成docker镜像,推送镜像私服,再启动镜像来发布服务
10 jenkins 通过 open ssh 配置持续部署
10.1 系统配置->配置open ssh 中配置服务器地址
然后对于项目进行
打完的包在/usr/local/docker/jenkins/data/workspace目录下,将jar文件和工程中docker目录一起推送到远程服务器,然后在远程服务器执行docker相关的命令
贴下工程中的docker相关文件
springcould-eureka项目中的docker目录下的Dockerfile和docker-compose.yml文件
Dockerfile:
FROM openjdk:8-jre MAINTAINER tony_t_peng ENV APP_VERSION 0.0.1-SNAPSHOT #ENV DOCKERIZE_VERSION v0.6.1 #RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ # && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ # && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz RUN mkdir /app COPY eureka-service-$APP_VERSION.jar /app/app.jar ENTRYPOINT ["java","-jar","/app/app.jar"] EXPOSE 8761
docker-compose.yml
version: '3.1'
services:
springcould-eureka:
image: 192.168.40.129:5000/springcould-eureka:v1.0.0
container_name: springcould-eureka
ports:
- 8761:8761
10.3注意这边用到了镜像私服,需要将镜像私服的地址注册下,否则非https的地址,最新的registry版本不然上传http的请求
将/etc/docker/daemon.json中设置为
{ "registry-mirrors": ["https://registry.docker-cn.com"],"insecure-registries": ["192.168.40.129:5000"]}
贴上registry的docker-compose.yml
version: '3.1'
services:
registry:
image: registry
restart: always
container_name: registry
ports:
- 5000:5000
volumes:
- /usr/local/docker/registry/data:/var/lib/registry
11 启动jenkins任务,测试是否成功
查看输出,jenkins 命令执行成功
在远程服务器,去查看私服镜像是否上传镜像成功
curl -XGET http://192.168.40.129:5000/v2/_catalog
返回:
查看 推送的这个镜像的版本
-XGET http://192.168.40.129:5000/v2/springcould-eureka/tags/list
说明我们的工程镜像已经上传到私服了。
访问工程地址
http://192.168.40.129:8761/
服务启动成功,ok 完美!
