通过jenkins流水线(pipeline)实现持续发布
===============================================
2021/1/14_第2次修改 ccb_warlock
更新说明:
2021/1/14:
1.修改jenkinsfile脚本,ssh命令中增加取消检查主机密钥的参数“-o StrictHostKeyChecking=no”;
===============================================
最近根据领导的要求,要改用jenkins的流水线来部署项目,同时要求部署的修改可以通过在jenkins上进行操作来实现。
由于其他项目使用流水线的方案和我们项目的差异较大(1.我们的jenkins使用docker运行;2.我们的项目编译构建不是在jenkins服务器而是在开发服务器上),经过摸索试验,最终实现了一个可行的版本供参考。
PS.通过"构建一个自由风格的软件项目",请参考:https://www.cnblogs.com/straycats/p/14065719.html
本篇就依据上次持续发布的文章(https://www.cnblogs.com/straycats/p/14065719.html)进行改写,如果只想了解流水线如何部署可以直接看这篇文章。
可以选择一些免费的镜像仓库(dockerhub、阿里云等等)用于存放构建的镜像。如果需要搭私有仓库可以选择搭建harbor(https://www.cnblogs.com/straycats/p/8850693.html)
这里选择了阿里云(registry.cn-beijing.aliyuncs.com)作为镜像仓库
sudo yum install -y git
2.3 安装.net core
centos7上部署参考https://docs.microsoft.com/zh-cn/dotnet/core/install/linux-centos
2.4 创建rsa证书
因为我拉取git常用ssh,故需要在builder服务器上创建rsa证书,通过公钥拉源码。
sudo ssh-keygen -t rsa
接着将公钥(/root/.ssh/id_rsa.pub)的内容贴到git账号中。
这里将dev分支的源码拷贝到目录/opt/src下。
sudo mkdir -p /opt/src cd /opt/src sudo git clone -b dev <git项目地址>
三、部署jenkins服务器
3.1 部署jenkins服务器
参考:https://www.cnblogs.com/straycats/p/14033405.html
sudo ssh-keygen -t rsa cd /root/.ssh sudo cp id_rsa.pub id_rsa.pub.jenkins
这样,在/root/.ssh下生成id_rsa(私钥) 和 id_rsa.pub (公钥)两个文件。
sudo mkdir -p /root/.ssh sudo touch /root/.ssh/authorized_keys
cd /root/.ssh sudo cat id_rsa.pub.jenkins >> /root/.ssh/authorized_keys
3.4 添加凭据
1)"系统管理" - "Manage Credentials",进入凭据管理界面,点击“全局”旁边的箭头,点击“添加凭据”。
2)由于使用ssh密钥对,故"类型"选择"SSH Username with private key",填写ID、Username,选中"Enter directly",填入私钥(id_rsa)的内容,点击"确定"。
3.5 创建jenkins任务
1)点击“新建任务”
2)选择"Pipeline script",填写jenkinsfile脚本,点击“保存”。
pipeline { agent any stages { stage('1.Prepare & Upload script') { steps { echo "=== Begin 1.Prepare & Upload script ===========" sh ''' pwd tee ./gitclone.sh <<-'EOF' #!/bin/bash source_dir="/opt/src/abc" cd $source_dir sudo git checkout dev sudo git pull EOF tee ./build_src.sh <<-'EOF' #!/bin/bash source_dir="/opt/src/abc" publish_dir="/opt/publish/abc" sudo rm -rf $publish_dir"/published" sudo mkdir -p $publish_dir"/published" cd $source_dir sudo dotnet publish -o $publish_dir"/published" EOF tee ./build_images.sh <<-'EOF' #!/bin/bash source_dir="/opt/src/abc" publish_dir="/opt/publish/abc" sudo yes| cp -rf $source_dir"/Server/Dockerfile" $publish_dir cd $publish_dir sudo docker build --rm -t registry.cn-beijing.aliyuncs.com/abc/abc:latest . sudo docker push registry.cn-beijing.aliyuncs.com/abc/abc:latest EOF tee ./abc-stack.yml <<-'EOF' version: '3.7' services: abc: image: registry.cn-beijing.aliyuncs.com/abc/abc:latest environment: - TZ=Asia/Shanghai - ASPNETCORE_ENVIRONMENT=Production deploy: replicas: 1 restart_policy: condition: any #on-failure resources: limits: cpus: "2" memory: 2048M update_config: parallelism: 1 delay: 5s max_failure_ratio: 0.1 order: start-first ports: - 35000:5000 networks: - swarm-net networks: swarm-net: external: true EOF tee ./deploy.sh <<-'EOF' #!/bin/bash cd /opt/docker/compose/abc sudo docker stack rm abc-stack sudo docker stack deploy -c abc-stack.yml abc-stack EOF ''' withCredentials([sshUserPrivateKey(credentialsId: 'mypk', keyFileVariable: 'keyfile', passphraseVariable: '', usernameVariable: 'user')]) { sh "scp -o StrictHostKeyChecking=no -i ${keyfile} *.sh ${user}@192.168.1.1:/opt/jenkinsfiles/" sh "scp -o StrictHostKeyChecking=no -i ${keyfile} abc-stack.yml ${user}@192.168.1.1:/opt/docker/compose/abc/" } echo "=== End 1.Prepare & Upload script ===========" } } stage('2.Git clone') { steps { echo "=== Begin 2.Git clone ===========" withCredentials([sshUserPrivateKey(credentialsId: 'mypk', keyFileVariable: 'keyfile', passphraseVariable: '', usernameVariable: 'user')]) { sh 'ssh -o StrictHostKeyChecking=no -i ${keyfile} ${user}@192.168.1.1 "cd /opt/jenkinsfiles/; sh ./gitclone.sh"' } echo "=== End 2.Git clone ===========" } } stage('3.Build src') { steps { echo "=== Begin 3.Build src ===========" withCredentials([sshUserPrivateKey(credentialsId: 'mypk', keyFileVariable: 'keyfile', passphraseVariable: '', usernameVariable: 'user')]) { sh 'ssh -o StrictHostKeyChecking=no -i ${keyfile} ${user}@192.168.1.1 "cd /opt/jenkinsfiles/; sh ./build_src.sh"' } echo "=== End 3.Build src ===========" } } stage('4.Build images') { steps { echo "=== Begin 4.Build images ===========" withCredentials([sshUserPrivateKey(credentialsId: 'mypk', keyFileVariable: 'keyfile', passphraseVariable: '', usernameVariable: 'user')]) { sh 'ssh -o StrictHostKeyChecking=no -i ${keyfile} ${user}@192.168.1.1 "cd /opt/jenkinsfiles/; sh ./build_images.sh"' } echo "=== End 4.Build images ===========" } } stage('5.Deploy') { steps { echo "=== Begin 5.Deploy ===========" withCredentials([sshUserPrivateKey(credentialsId: 'mypk', keyFileVariable: 'keyfile', passphraseVariable: '', usernameVariable: 'user')]) { sh 'ssh -o StrictHostKeyChecking=no -i ${keyfile} ${user}@192.168.1.1 "cd /opt/jenkinsfiles/; sh ./deploy.sh"' } echo "=== End 5.Deploy ===========" } } } }
3.6 执行任务
1)点击任务进入任务界面。
2)点击“立即构建”,该任务就会执行一次。
