自动化部署 docker 项目
Jenkins + Ansible + Gitlab 自动化部署 基于docker的nginx+flask+gunicorn+mysql项目
三剑客环境搭建
确保两台服务器一台 gitlab.example.com 提供 gitlab 代码仓库服务, 一台 jenkins.example.com 提供 jenkins + ansible 服务。两台服务器三个服务部署主机 flask.example.com 上的 flask 项目
搭建过程参考
GitLab
准备 flask 项目
[[email protected] lab_project]# tree -L 3 ./
./
├── docker-compose.yml
├── flask
│ ├── Dockerfile
│ └── lab_app
│ ├── app
│ ├── manage.py
│ ├── __pycache__
│ ├── requirement.txt
│ └── venv
├── mysql
│ ├── Dockerfile
│ └── laboratory_web.sql
├── nginx
│ ├── Dockerfile
│ ├── nginx.conf
│ └── seafile.conf
└── seafile
└── docker-compose.yml
8 directories, 10 files
将 flask 项目添加进gitlab
# 在gitlab页面建好一个项目
# 登录gitlab主界面,添加一个New project,输入 Project name: lab_project 和 Project description : lab_project repo,Visibility Level 选择默认 Private,创建好后复制仓库http地址 COPY URL
# 回到 gitlab.example.com 服务器,在用户下创建 repo 目录
mkdir repo
cd repo
# 这里的 -c http.sslVerify=false 用来避免本地证书无法进行clone操作,如果没有添加dns,则直接访问ip/root/test-repo.git 输入用户名和密码
git -c http.sslVerify=false clone https://gitlab.example.com/root/lab_project.git
mv /root/lab_project/ /root/repo/lab_project/
# 添加lab_project到本地仓库
git add .
# 提交
git commit -m"First commit of lab_project"
# 提示创建本地git全局的邮箱和用户名,再次运行 git commit -m"First commit" 即可提交成功
git config --global user.email "[email protected]"
git config --global user.name "admin"
# 输入账号密码,同步本地master分支到远程服务器当中
git -c http.sslVerify=false push origin master
Ansible
ansible-playbook
在 jenkins.example.com 上配置 ansible-playbook
# 加载ansible
source /root/ansible/hacking/env-setup -q
# 验证是否开启ansible服务
ansible-playbook --version
cd repo
mkdir ansible-playbook-repo
cd ansible-playbook-repo
# 创建如下目录结构
[[email protected] ~]# tree ./lab_project_playbook/
./lab_project_playbook/
├── deploy.retry
├── deploy.yml
├── inventory
│ ├── dev
│ └── prod
└── roles
├── docker-ce
│ ├── handlers
│ │ ├── main.yml
│ │ ├── yum-clean-metadata.yml
│ │ └── yum-makecache.yml
│ ├── tasks
│ │ ├── install_docker-ce_based.yml
│ │ ├── install_docker-compose.yml
│ │ ├── main.yml
│ │ └── remove_oldder_version_docker.yml
│ └── vars
│ └── main.yml
└── lab_project
├── tasks
│ ├── install_based.yml
│ ├── main.yml
│ └── pull_base_image.yml
└── vars
└── main.yml
9 directories, 16 files
vim deploy.retry
flask.example.com
vim deploy.yml
- hosts: "lab_project"
gather_facts: true
remote_user: root
roles:
- { role: docker-ce }
- { role: lab_project }
vim inventory/dev
vim inventory/prod
[lab_project]
flask.example.com
vim roles/docker-ce/tasks/main.yml
---
# tasks file for docker-ce
- include: remove_oldder_version_docker.yml
- name: clean repo
yum_repository:
name: docker-ce
state: absent
notify: yum-clean-metadata
- include: install_docker-ce_based.yml
- name: config repo
shell: yum-config-manager --add-repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
notify: yum-makecache
- name: install docker-ce
yum:
name: docker-ce
state: present
register: docker_installed
- name: enable & start docker
when: docker_installed is success
service:
name: docker
enabled: yes
state: started
- include: install_docker-compose.yml
vim roles/docker-ce/tasks/remove_oldder_version_docker.yml
---
# possible saved as remove_oldder_version_docker.yml
- name: remove oldder version docker
yum:
name: "{{ item }}"
state: absent
with_items:
- docker
- docker-client
- docker-client-latest
- docker-common
- docker-latest
- docker-latest-logrotate
- docker-selinux
- docker-engine
- docker-engine-selinux
vim roles/docker-ce/tasks/install_docker-ce_based.yml
---
# possible saved as install_docker-ce-based.yml
- name: install yum-utils device-mapper-persistent-data lvm2
yum:
name: "{{ item }}"
state: latest
with_items:
- yum-utils
- device-mapper-persistent-data
- lvm2
vim roles/docker-ce/tasks/install_docker-compose.yml
---
# possible saved as install_docker-compose.yml
- name: check if docker-compose exists
stat: "path={{ docker_compose_file_path }}"
register: docker_compose_file
- name: install docker-compose
when: not docker_compose_file.stat.exists
get_url:
url: "{{ docker_compose_file_url }}"
dest: "{{ docker_compose_file_path }}"
validate_certs: no
mode: 0755
vim roles/docker-ce/handlers/main.yml
---
# handlers file for docker-ce
- include: yum-clean-metadata.yml
- include: yum-makecache.yml
vim roles/docker-ce/handlers/yum-clean-metadata.yml
---
- name: yum-clean-metadata
command: "yum clean metadata"
vim roles/docker-ce/handlers/yum-makecache.yml
---
- name: yum-makecache
command: "yum makecache"
vim roles/docker-ce/vars/main.yml
---
# vars file for docker-ce
docker_compose_file_url: https://github.com/docker/compose/releases/download/1.23.2/docker-compose-Linux-x86_64
docker_compose_file_path: /usr/local/bin/docker-compose
vim roles/lab_project/tasks/main.yml
---
# tasks file for start lab_app
- include: install_based.yml
- include: pull_base_image.yml
- name: close git ssl verification
command: "git config --global http.sslVerify false"
register: git_sslVerify
- name: clone git.repo to remote
when: git_sslVerify is success
git:
repo: "https://{{ gitlab_user | urlencode }}:{{ gitlab_pass | urlencode }}@192.168.220.132/root/lab_project.git"
dest: "{{ lab_project_dir }}"
force: yes
- name: check if lab_project exists
stat: 'path={{ lab_project_dir }}'
register: lab_project_stat
- name: run the docker-compose
when: lab_project_stat.stat.exists
command: 'docker-compose up -d'
args:
chdir: "{{ lab_project_dir }}"
vim roles/lab_project/tasks/install_base.yml
---
# possible saved as install_based.yml
- name: Install pip
yum:
name: python2-pip
state: installed
- name: Install docker python lib
pip:
name: docker
- name: Install git package
yum:
name: git
state: present
vim roles/lab_project/tasks/pull_base_image.yml
---
# possible saved as pull_base_image.yml
- name: pull base image
docker_image:
name: "{{ item }}"
state: present
with_items:
- mysql:5.7.20
- python:3.8.0-alpine
- nginx:1.16.1
vim roles/lab_project/vars/main.yml
---
lab_project_dir: /root/lab_project
gitlab_user: root
gitlab_pass: 1234qwer
cd root/repo/ansible-playbook
# 添加修改后的 ansible-playbook 项目到 gitlab
git add .
# 提交
git commit -m"This is my lab_project ansible playbook commit"
# 输入账号密码,同步本地master分支到远程服务器当中
git -c http.sslVerify=false push origin master
Jenkins
Freestyle 任务构建和自动化部署
# 进入 Jenkins
# Jenkins 进入 New Item 新建任务
输入 lab_project 选择Freestyle project
# 编辑描述信息
Description:This is lab project job
# 选择参数化构建过程,添加参数
# This project is parameterized -> Add Parameter -> Choice Parameter (选项参数)
Name : deploy_env
Choices : dev
prod
Description : Choose deploy environment
# 选择 add Parameter 选择 String Parameter (文本参数)
Name : branch
Default Value : master
Description : Build branch
# 配置源代码管理
进入 gitlab 仓库, 选择 Administrator / test-repo 代码仓库 clone URL
将 https://gitlab.example.com/root/ansible-playbook-repo.git 粘贴到
Jenkins Source Code Management 的 Git 选项中的 Repository URL
Credentials 选择之前创建的 Git Credential 凭据 (凭据验证通过可以看到错误消失)
# Build配置 -e branch=$branch -e env=$deploy_env 表示在 jenkins 的环境变量引入到 ansible
选则 Build,点击 Add build step,选则 Execute shell
在 command 中输入
#!/bin/sh
set +x
source /root/ansible/hacking/env-setup -q
cd $WORKSPACE/lab_project_playbook
ansible --version
ansible-playbook --version
ansible-playbook -i inventory/$deploy_env ./deploy.yml -e project=nginx -e branch=$branch -e env=$deploy_env
# 保存并开始构建
# 访问部署目标主机的域名或ip地址,即可访问