1 Jenkins设置
1.1 构建maven项目
1、添加git地址
2、添加webhook
此处需要安装插件Generic Webhook Trigger、GitLab两个插件才能有此选项。
要记清楚URL因为后面gitlab需要使用此URL。
2 Gitlab设置
2.1 设置webhook
此版本的gitlab webhook在
在url上填写jenkins上的URL
填写URL及token(由于我的没做ssh认证,所以没用ssl认证)
2.2 测试webhook是否成功
2.3 验证webhook
测试webhook,并且查看jenkins
Jenkins出现构建说明webhook生效,并且构建是gitlab的管理员构建的。如果出现404、401等报错请看报错解决。
3 报错解决
3.1 jenkins连接git
报错内容:
Failed to connect to repository : Error performing command: git ls-remote -h http://10.10.8.116/ucbms/ucbms.git HEAD
解决办法:
在jenkins机器上安装git。说明无git命令。或者git版本比较低。一般情况下使用yum安装一个git就可以解决问题。
3.2 webhook本地网络限制
报错内容:
Urlis blocked:Requests to the local network are not allowed
解决办法:
gitlab 10.6 版本以后为了安全,不允许向本地网络发送webhook请求,如果想向本地网络发送webhook请求,则需要使用管理员帐号登录,默认管理员帐号是[email protected],密码就是你gitlab搭建好之后第一次输入的密码。
3.3 HTTP 403
报错内容:
Hook executed successfully but returned HTTP 403
Error 403 No valid crumb was included in the request HTTP ERROR 403
Problem accessing /job/eureka-service/build. Reason:
No valid crumb was included in the request
Powered by Jetty:// 9.4.z-SNAPSHOT
>
解决办法:
由于Jenkins的安全策略配置了CSRF跨站点保护。进入Jenkins,系统管理-->全局安全配置,勾选匿名用户具有可读权限和去掉CSRF防止跨站点请求伪造:
3.4 HTTP 401
报错内容:
Hook executed successfully but returned HTTP 401
HTTP Status 401 – Unauthorized
Type Status Report
Message Invalid token
Description The request has not been applied because it lacks valid authentication credentials for the target resource.
Apache Tomcat/8.5.34
解决办法:
在jenkins上生成密钥,填写在gitlab
4 我的jenkins配置
5 脚本
脚本写在jenkins构建shell上编写
LOG_PATH=/docker/logs/${JOB_NAME}
HARBOR_URL=www.btharbor.com
PROJECT_NAME=bytuetech
#www.btharbor.com/bytuetech/tomcat:8.5.34 的bytuetech
case $Options in
Deploy)
IMAGE_VERSION=`head /root/.jenkins/workspace/${JOB_NAME}/pom.xml |grep '' |awk -F '[<>]' '{print $3}'`
TOMCAT_VERSION=`cat /root/.jenkins/workspace/${JOB_NAME}/Dockerfile/Dockerfile |grep FROM |awk -F '[ :./]+' '{printf $7}'`
# TOMCAT_VERSION=`cat /root/.jenkins/workspace/${JOB_NAME}/Dockerfile/Dockerfile |grep FROM |awk -F '[ :.]+' '{printf $3}'`
mkdir -p ${LOG_PATH}
mkdir -p /root/project
cd /root/project
cp -rp /root/.jenkins/workspace/${JOB_NAME}/target/${JOB_NAME}.war .
cp -rp /root/.jenkins/workspace/${JOB_NAME}/Dockerfile/${JOB_NAME}.xml .
cp -rp /root/.jenkins/workspace/${JOB_NAME}/Dockerfile/Dockerfile .
docker build -t ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION} .
docker login --username=admin -p 12345 ${HARBOR_URL}
docker push ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION}
docker rmi -f ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION}
rm -f ./${JOB_NAME}.war
rm -f ./${JOB_NAME}.xml
rm -f ./Dockerfile
#ansible
#删除同名docker容器
docker_id=$(docker ps | grep "${JOB_NAME}" | awk '{print $1}')
if [ "${docker_id}" != "" ]; then
docker rm -f ${docker_id}
fi
docker login --username=admin -p 12345 ${HARBOR_URL}
# docker pull ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION}
docker run -itd -p 8888:8080 --name ${JOB_NAME}-${IMAGE_VERSION} -v ${LOG_PATH}:/opt/tomcat/logs ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION}
;;
RollBack)
docker_id=$(docker ps | grep "${JOB_NAME}" | awk '{print $1}')
if [ "${docker_id}" != "" ]; then
docker rm -f ${docker_id}
fi
docker run -itd -p 8888:8080 --name ${JOB_NAME}-${Jobs_Version} -v ${LOG_PATH}:/opt/tomcat/logs ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${Jobs_Version}
;;
esac
6 Dockerfile
Dockerfile要在源码的dockerfile目录内
FROM www.btharbor.com/bytuetech/tomcat:8.5.34
RUN mkdir -p /opt/tomcat/conf/Catalina/localhost/
COPY ./ucbms.war /data/webapps/
COPY ./ucbms.xml /opt/tomcat/conf/Catalina/localhost/
EXPOSE 8080
ENTRYPOINT ["/opt/tomcat/bin/catalina.sh", "run" ]
7 .xml
和dockerfile在一个目录上