启动gitlab和jenkins存在的问题
1)gitlab拉代码地址
2)Jenkins如何拉gitlab代码
3)Jenkins公钥如何永久保存
4)Jenkins拉下来代码之后,需要将代码打到docker镜像中,jenkins这台容器如何执行docker命令
5)Jenkins中,如何登录harbor(永久登录harbor)
主机 | IP | 角色 |
docker01 | 10.0.0.101 | web |
docker02 | 10.0.0.102 | gitlab、jenkins |
harbor | 10.0.0.100 | harbor私有镜像仓库 |
启动gitlab
# 先拉gitlab的镜像
docker pull gitlab/gitlab-ce:latest
# 启动gitlab
docker run -d \
--hostname 10.0.0.102 \
-p 443:443 \
-p 80:80 \
-p 2222:22 \
--name gitlab \
--restart always \
-v /data/gitlab/config:/etc/gitlab \
-v /data/gitlab/logs:/var/log/gitlab \
-v /data/gitlab/data:/var/opt/gitlab \
--shm-size 256m \
gitlab/gitlab-ce:latest
# 查看登录密码(docker logs gitlab也能看)
[root@docker01 ~]# docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
Password: gxElXe1MYHR7t9oPMksMpyz9xT7c7zcC7ntMNUUJwTY=
# 编辑gitlab配置文件(配置文件映射出来了,不用进gitlab也能改)
vim /data/gitlab/config/gitlab.rb(直接贴到最后)
gitlab_rails['gitlab_shell_ssh_port'] = 2222 #(为了克隆实现ssh://[email protected]:2222/root/web.git能带上端口)
prometheus['enable'] = false
prometheus['monitor_kubernetes'] = false
prometheus_monitoring['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
grafana['enable'] = false
# 重启gitlab
进入容器docker exec -it gitlab /bin/bash,执行gitlab-ctl reconfigure
或容器外直接执行docker restart gitlab
------------web端操作----------------------------------------
# 1.把web端公钥放入gitlab
(没有就先ssh-keygen)
[root@docker01 ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjjAsMKXeBTdTxHpmlm98/Rc+axu7s0PXcXsPSV3LTb3E8wgzOm7pEffRgd+cTkE91R7WhplPSf2P0i22GlSTvWsY/3JLLCDKQT03840+Mq7DQtyFLQvea6JnwUg1MkRJAJTsjMYfN3D31tUnKtipTceuSSg8GoHAAL+ZHD6LdjqdlwXDjWmaGfk1tH0N0m6N1S9iu3PpNkoDJlDcUNgAp0BZNYLE3ID+tDR4gfV63JBmLbgHYtBfXM2KMXN17lMP3mgBdOClVqs7xv7WXIg/lAOtRSTLCduidebVqH9xNG81s7dhfYN65SMrpTxc0Es5ZKmS3Wy962fr3f19R+bNb root@docker01
# 2.在web端安装git命令(为了拉取代码)
[root@docker01 ~]# yum install -y git
# 3.然后执行克隆拉代码测试
[root@docker01 ~]# git clone ssh://[email protected]:2222/root/web.git
Cloning into 'web'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.
# 4.能成功拉取代码后开始编写准备代码
[root@docker01 ~]# cd web/ (web目录是从gitlab上拉下来的项目)
[root@docker01 web]# ll
total 16
-rw-r--r-- 1 root root 368 Aug 23 16:34 index.html
-rw-r--r-- 1 root root 7 Sep 14 18:23 README.md
-rw-r--r-- 1 root root 227 Aug 23 09:21 src.js
-rw-r--r-- 1 root root 1006 Aug 23 15:50 style.css
# 5.全局执行
[root@docker01 web]# git config --global user.email "[email protected]"
[root@docker01 web]# git config --global user.name "Your Name"
# 6.提交代码到gitlab
[root@docker01 web]# git add .
[root@docker01 web]# git commit -m '官网v1'
[root@docker01 web]# git tag -a v1 -m v1
[root@docker01 web]# git push --tag
[root@docker01 web]# git push --all
# 7.gitlab里查看一下确认提交成功
启动jenkins
# 先拉取jenkins镜像
docker pull jenkins/jenkins
# 启动jenkins
docker run \
--name jenkins \
--restart always \
--user root \
--privileged \
-v /data/jenkins:/var/jenkins_home \
-v /root/.ssh/:/root/.ssh \
-v /usr/bin/docker:/usr/bin/docker \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /root/.docker/config.json:/root/.docker/config.json \
-v /tmp/plugins:/var/jenkins_home/plugins \
-p 8080:8080 \
-p 50000:50000 \
-d jenkins/jenkins:latest
解析:
--user root #jenkins使用root用户登录,否则默认的jenkins用户没有权限#
--privileged #Running Docker in Docker currently requires privileged为了容器里能够执行docker命令(docker in docker)#
-v /data/jenkins:/var/jenkins_home #把容器里的工作目录挂载出来到/data/jenkins,里面放的插件等等#
-v /root/.ssh/:/root/.ssh #把密钥映射出来,为了Jenkins公钥永久保存#
-v /usr/bin/docker:/usr/bin/docker #映射docker命令,不然容器里无法使用docker命令#
-v /var/run/docker.sock:/var/run/docker.sock #连服务端需要找这个文件#
-v /root/.docker/config.json:/root/.docker/config.json #存放登陆过harbor的验证信息,方便把打包后的镜像上传harbor,宿主机要先登陆过harbor#
-v /data/jenkins/plugins:/var/jenkins_home/plugins #准备好放在 /data/jenkins下的的插件直接映射进去#
(先mkdir -p data/jenkins ,把plugins插件放进去)
# 查看jenkins密码(日志docker logs jenkins也能看)
[root@docker02 ~]# docker exec -it jenkins cat /var/jenkins_home/secrets/initialAdminPassword
88880575470a40969bf4ef4702e678dc
登陆jenkins 10.0.0.102:8080
# 进入jenkins容器
[root@docker02 ~]# docker exec -it jenkins /bin/bash
# 把jenkins容器的公钥放入gitlab
(没有就先ssh-keygen)
[root@docker02 ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC27CbIYH0XiPqaZFlZEgPGfrzAYV7eoRX8FTWC+STvCNJvBGZYnOxvolKAHJWqgbmkcorGH0TJcXiAmdJWoGyM44P5vi//oQVnVB9UHmcKjqeOHFW7m9/EgSw4xmiv2bTvyBo3oxVaN4l0lACodXapCQVLJpB1w3TIln0JS8DT5fbNXrRjKOwp0x4ZzFydPPILkHfYT9a4CDb+esZR8tsqJ/ujpQTa2cqKYaMv/VIWgb8gXNaRxZgUXQedWZmefrzk9sXqGIl5YSlgcqMFOC3mBMublCJ72iBbi9KAXCLAaXWq+Z38Ew5S6wpPKWW3o6Nij81MTmC3Qedjiz1HlXMz root@docker02
# 进入容器后拉取代码(测试git 能不能拉取成功)
root@62728db68df9:/# git ssh://[email protected]:2222/root/web.git
-------把镜像上传harbor-----------------------------------
# 先把要上传的镜像规范命名
root@62728db68df9:/# docker tag nginx:alpine 10.0.0.100/wordpress/nginx:alpine
# 推到harbor上
root@62728db68df9:/# docker push 10.0.0.100/wordpress/nginx:alpine
# 去harbr页面检查确实有
容器化代码上线
freestyle风格
jenkins里先创建任务
丢弃旧的构建
参数化构建
源码管理
构建
# docker机器要与web机器免密
[root@docker02 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.101
-#测试一下
[root@docker02 ~]# ssh 10.0.0.101
Last login: Thu Sep 14 16:34:10 2023 from 10.0.0.1
[root@docker01 ~]# logout
Connection to 10.0.0.101 closed.
# 脚本内容
cd ${WORKSPACE} && \
cat > Dockerfile <<EOF
FROM nginx:alpine
COPY index.html style.css src.js /usr/share/nginx/html/
EOF
docker build -t 10.0.0.100/wordpress/web:${tag} .
docker push 10.0.0.100/wordpress/web:${tag}
ssh 10.0.0.101 "docker rm -f web"
ssh 10.0.0.101 "docker run --name web -p 80:80 -d 10.0.0.100/wordpress/web:${tag} "
修改代码后再次上次构建
----web端修改代码------------------
[root@docker01 web]# vim style.css
[root@docker01 web]# git add .
[root@docker01 web]# git commit -m '官网v2'
[root@docker01 web]# git tag -a v2 -m v2
[root@docker01 web]# git push --tag
[root@docker01 web]# git push --all
构建成功后刷新web网页查看效果
# 去harbor上查看也有
webhook
URL :http://10.0.0.102:8080/project/freestyle-web
token :b17b781271c652606bf8344a19818396
设置gitlab的网络
设置-网络
外发请求
允许webhook请求本地网络
记得保存!!
项目-设置-webhook
查看jenkins在自动构建
注意!!
webhook构建时,执行脚本时不识别{GIT_COMMIT}
cd ${WORKSPACE} && \
cat > Dockerfile <<EOF
FROM nginx:alpine
COPY index.html style.css src.js /usr/share/nginx/html/
EOF
docker build -t 10.0.0.100/wordpress/web:${GIT_COMMIT} .
docker push 10.0.0.100/wordpress/web:${GIT_COMMIT}
ssh 10.0.0.101 "docker rm -f web"
ssh 10.0.0.101 "docker run --name web -p 80:80 -d 10.0.0.100/wordpress/web:${GIT_COMMIT}"
在web端修改代码再次上传,jenkins会自动构建
[root@docker01 web]# vim style.css
[root@docker01 web]# git add .
[root@docker01 web]# git commit -m '官网v3'
[main 61d32db] 官网v3
1 file changed, 1 insertion(+), 1 deletion(-)
[root@docker01 web]# git tag -a v3 -m v3
[root@docker01 web]# git push --tag
Counting objects: 6, done.
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 414 bytes | 0 bytes/s, done.
Total 4 (delta 2), reused 0 (delta 0)
To ssh://[email protected]:2222/root/web.git
* [new tag] v3 -> v3
[root@docker01 web]# git push --all
Total 0 (delta 0), reused 0 (delta 0)
To ssh://[email protected]:2222/root/web.git
c8d9451..61d32db main -> main
web页面刷新访问-没有问题
harbor上也有打包好的镜像