持续集成与持续交付(2)
目录
-
- 1.Jenkins & docker
-
- ssh & docker
- 2.jenkins & Ansible
- 3.jenkins & harbor
1.Jenkins & docker
需要下载的插件
[root@server2 ~]# docker pull registry
[root@server2 ~]# docker run -d --name registry -v /opt/registry:/var/lib/registry -p 5000:5000 registry
[root@server2 ~]# chmod 777 /var/run/docker.sock
新建一个docker的自由风格项目
手动触发
ssh & docker
开启一个server3,安装docker
[root@server3 ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["172.25.4.2:5000"]
}
[root@server3 ~]# systemctl reload docker
安装插件
添加凭证
ssh配置
docker项目配置
docker ps -a | grep webserver && docker rm -f webserver
sleep 1
docker rmi 172.25.4.2:5000/webserver:latest
sleep 1
docker run -d --name webserver -p 80:80 172.25.4.2:5000/webserver:latest
[root@server1 demo]# cat index.html
www.redhat.org
www.redhat.org
www.redhat.org
www.redhat.org
[root@server1 demo]# git commit -a -m "v3"
[root@server1 demo]# git push -u origin master
手动触发
成功
访问
2.jenkins & Ansible
[root@server2 ~]# vim /etc/yum.repos.d/ansible.repo
[ansible]
name=ansible 2.8
baseurl=http://172.25.4.250/ansible
gpgcheck=0
[root@server2 ~]# yum install ansible -y
[root@server1 ~]# git clone [email protected]:root/playbook.git
[root@server2 ~]# vim /etc/passwd
jenkins行最后把false改为bash
[root@server2 ~]# su - jenkins
-bash-4.2$ ssh-keygen
-bash-4.2$ ssh-copy-id [email protected]
[root@server3 ~]# useradd devops
[root@server3 ~]# passwd devops
[root@server3 ~]# visudo
[root@server1 playbook]# vim ansible.cfg
[defaults]
command_warnings=False
remote_user=devops
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
[root@server1 playbook]# vim playbook.yml
---
- hosts: all
tasks:
- name: install apache
yum:
name: httpd
state: present
- name: config apache
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify: restart apache
- name: enable apache
service:
name: httpd
state: started
enabled: yes
- name: create index.html
lineinfile:
path: /var/www/html/index.html
create: yes
line: "{
{ ansible_hostname }}"
handlers:
- name: restart apache
service:
name: httpd
state: restarted
[root@server3 ~]# yum install httpd -y
[root@server3 conf]# scp httpd.conf server1:/root/playbook/
[root@server1 playbook]# mv httpd.conf httpd.conf.j2
[root@server1 playbook]# vim httpd.conf.j2
Listen {
{
http_port }}
[root@server1 playbook]# mkdir inventry
[root@server1 playbook]# cd inventry/
[root@server1 inventry]# vim prod
[prod]
172.25.4.3 http_port=80
[root@server1 inventry]# vim test
[test]
172.25.4.1 http_port=8000
[root@server1 inventry]# cd ..
[root@server1 playbook]# git add .
[root@server1 playbook]# git status -s
[root@server1 playbook]# git commit -m "add playbook"
[root@server1 playbook]# git push -u origin master
新建一个自由风格的ansible项目
配置
[root@server2 ~]# su - jenkins
-bash-4.2$ ssh-copy-id [email protected]
[root@server1 playbook]# useradd devops
[root@server1 playbook]# passwd devops
[root@server1 playbook]# visudo
测试
正式部署
3.jenkins & harbor
首先部署harbor仓库
[root@server3 ~]# ls
docker-compose-Linux-x86_64-1.27.0 harbor-offline-installer-v1.10.1.tgz
[root@server3 ~]# mv docker-compose-Linux-x86_64-1.27.0 /usr/local/bin/docker-compose
[root@server3 ~]# chmod +x /usr/local/bin/docker-compose
[root@server3 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz
[root@server3 ~]# cd harbor/
[root@server3 harbor]# vim harbor.yml
创建证书
[root@server3 harbor]# mkdir /data
[root@server3 harbor]# cd /data/
[root@server3 data]# mkdir certs
[root@server3 data]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
安装
[root@server3 data]# cd certs/
[root@server3 certs]# ls
westos.org.crt westos.org.key
[root@server3 harbor]# systemctl disable --now httpd.service
[root@server3 harbor]# ./install.sh
server2建立证书目录
[root@server2 ~]# docker rm -f registry
[root@server2 ~]# cd /etc/docker/
[root@server2 docker]# mkdir certs.d
[root@server2 docker]# cd certs.d/
[root@server2 certs.d]# mkdir reg.westos.org
server3证书传给server2
[root@server3 certs]# scp westos.org.crt server2:/etc/docker/certs.d/reg.westos.org/ca.crt
server2登录仓库
[root@server2 docker]# vim /etc/hosts
172.25.4.3 server3 reg.westos.org
[root@server2 docker]# docker login reg.westos.org
[root@server2 docker]# cd
[root@server2 ~]# cd .docker/
[root@server2 .docker]# cat config.json
[root@server3 harbor]# cd /etc/docker/
[root@server3 docker]# ls
daemon.json key.json
[root@server3 docker]# mkdir certs.d
[root@server3 docker]# cd certs.d/
[root@server3 certs.d]# mkdir reg.westos.org
[root@server3 certs.d]# cd reg.westos.org/
[root@server3 reg.westos.org]# cp /data/certs/westos.org.crt ca.crt
[root@server3 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://reg.westos.org"]
}
[root@server3 ~]# systemctl reload docker.service
测试,需要关闭docker项目
部署,打开docker项目
手动触发
[root@server3 ~]# docker images | grep webserver
[root@server3 ~]# docker inspect webserver
[root@server3 ~]# curl 172.17.0.2
