docker集成jenkins、harbor搭建简易cicd平台
docker集成jenkins、harbor搭建简易cicd平台实现应用发布|回滚
默认已部署docker服务,关闭防火墙
软件默认安装在/opt目录下,docker容器映射目录为/opt/docker/xxx
服务器环境
| 服务器 | 系统 | ip | 说明 |
|---|---|---|---|
| 发布服务器 | centos7.3 | 192.168.10.10 | 部署docker、 jenkins、harbor |
| 应用服务器 | centos7.3 | 192.168.10.12 | 部署docker |
发布服务器部署harbor
部署docker容器看板,方便查看容器
docker run -d -p 9000:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock --name portainer portainer/portainer
访问地址 http://192.168.10.10:9000/
部署docker-compose
#1.下载
wget https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64
#2.安装
chmod +x docker-compose-linux-x86_64
mv docker-compose-linux-x86_64 /usr/bin/docker-compose
#3.查看
docker-compose version
部署harbor
配置流程如下:
- 修改harbor.yml
- 执行./prepare 生成 docker-compose.yml (每次自行都会覆盖)
- 修改docker-compose.yml自定义容器
- docker-compose 启动容器
#1.harbor离线部署文件获取
wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz
#2.解压
tar xf harbor-offline-installer-v2.4.1.tgz -C /opt
#3.进入解压目录
cd /opt/harbor
#4.拷贝配置文件
cp harbor.yml.tmpl harbor.yml
#5.修改配置
vim harbor.yml
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
# 修改harbor访问地址
hostname: 192.168.10.10
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 10001 #改端口号
# https related config
#https: 注释
# https port for harbor, default is 443
# port: 443 注释
# The path of cert and key files for nginx
# certificate: /your/certificate/path 注释
# private_key: /your/private/key/path 注释
# 修改docker映射目录
data_volume: /opt/docker/harbor
#6.执行脚本生成 docker-compose.yml 文件
./prepare
#7.修改启动后容器名称,不需要修改的可以忽略 !!!
vim docker-compose.yml
#找到对应的行
#container_name: registry 改成 container_name: harbor-registry
#container_name: registryctl 改成 container_name: harbor-registryctl
#container_name: redis 改成 container_name: harbor-redis
#container_name: nginx 改成 container_name: harbor-nginx
#8.启动容器
docker-compose up -d
操作截图
访问harbor:
http://192.168.10.10:10001
初始的默认用户是admin,密码Harbor12345
如部容器名已存在启动失败,则docker-compose.yml 文件里对应的container_name
由于没有配置https证书,docker访问harbor私服地址需要修改配置,
192.168.10.10,192.168.10.12 都需要修改
vim /etc/docker/daemon.json
{
"insecure-registries": ["http://192.168.10.10:10001"]
}
#修改后重启docker
systemctl restart docker
发布服务器部署jenkins
首先在宿主机部署jdk,maven,git映射给jenkins容器使用
宿主机部署jdk
jdk下载地址:
https://www.oracle.com/java/technologies/downloads/#java8
#1.创建文件夹
mkdir /opt/jdk
#2.下载好的jdk解压到jdk到/opt/jdk
tar -xzvf jdk-8u131-linux-x64.tar.gz -C /opt/jdk
#3.配置jdk环境变量
vim /etc/profile
#在/etc/profile文件末尾添加一下内容
export JAVA_HOME=/opt/jdk/jdk1.8.0_131
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib:$CLASSPATH
export JAVA_PATH=${JAVA_HOME}/bin:${JRE_HOME}/bin
export PATH=$PATH:${JAVA_PATH}
#4.环境变量立即生效
source /etc/profile
#5.查看jdk环境变量是否设置成功
java -version
操作截图
宿主机部署maven
maven下载地址:
https://mirrors.tuna.tsinghua.edu.cn/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz --no-check-certificate
#1.创建maven存放目录
mkdir /opt/maven
#2.下载maven
wget https://mirrors.tuna.tsinghua.edu.cn/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz --no-check-certificate
#3.解压到/opt/maven
tar -xzvf apache-maven-3.6.3-bin.tar.gz -C /opt/maven
#4.配置maven环境变量
vim /etc/profile
# 修改在/etc/profile
#添加这一行
export MAVEN_HOME=/opt/maven/apache-maven-3.6.3
#修改这一行
export PATH=$PATH:${JAVA_PATH}:${MAVEN_HOME}/bin
#5.环境变量立即生效
source /etc/profile
#6.查看mvn-v环境变量是否设置成功
mvn -v
操作截图
最终环境变量截图
部署jenkins
#1.创建jenkins挂在目录
mkdir /opt/docker/jenkins
#2.设置权限
chmod 777 /opt/docker/jenkins
#3.docker启动命令
docker run -d -p 18080:8080 -p 50000:50000 \
-v /etc/localtime:/etc/localtime \
-e TZ=Asia/Shanghai \
-v /opt/docker/jenkins:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /opt/maven:/opt/maven \
-v /opt/jdk:/opt/jdk \
-u 0 \
--privileged=true --restart=always --name jenkins jenkins/jenkins:2.346.3
操作截图
查看jenkins初始化密码:
docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
jenkins登录地址:
http://192.168.10.10:18080/
登录jenkins>默认下一步>安装社区推荐插件
使用admin账户继续
看到这个页面说明jenkins已经成功安装了
portainer看下起了哪些容器
Jenkins pipeline 实现cicd发布
安装插件
如图所示安装以下插件:
Date Parameter、List Git Branches Parameter、SSH、SSH Pipeline Steps、Groovy、Locale plugin、Environment Injector、Extended Choice Parameter、Blue Ocean
安装之后重启jenkins
方法1、docker restart jenkins
方法2、 http://192.168.10.10:18080/restart
全局工具配置
将docker run -v宿主机映射的maven、jdk、git目录给jenkins内部使用
配置如图所示
宿主机修改maven配置文件
#1.创建maven本地repository
mkdir /opt/maven/repository
#2.修改maven setttin配置
vim /opt/maven/apache-maven-3.6.3/conf/settings.xml
#修改1 本地存储
<localRepository>/opt/maven/repository</localRepository>
#添加2 添加阿里镜像
<mirror>
<id>alimaven</id>
<name>aliyun maven</name>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
<mirrorOf>central</mirrorOf>
</mirror>
修改截图
添加git,应用服务器登录凭证
添加git凭证,添加完之后再添加应用服务器登录账号
添加结果,这里的凭证唯一标识在后pipeline脚本中会使用到
设置jdk环境变量、添加应用服务器
新建pipeline任务
如图所示配置入参
pipeline脚本
//构建镜像
def build_image(app_name) {
stages = {
stage("构建,上传${app_name}镜像") {
switch("${app_name}"){
case 'my_app':
withEnv ([
"app_jar_name=${my_app_name}",
"app_target_dir=${my_app_target_dir}"])
{
build_image_stage()
}
break;
default:
echo("error app_name>>> ${app_name}")
}
}
}
return stages
}
//构建docker镜像函数
def build_image_stage(){
sh '''
docker build -t ${harbor_resp_url}/${app_jar_name}:${tag} .
docker push ${harbor_resp_url}/${app_jar_name}:${tag}
docker images | grep ${app_jar_name}:${tag} | awk '{print \$3}' | xargs -r docker rmi
'''
}
pipeline {
agent any
environment {
//私服
harbor_acount='admin'
harbor_pwd='Harbor12345'
harbor_url='192.168.10.10:10001'
harbor_resp_url='192.168.10.10:10001/library'
//版本号
tag="${sh(returnStdout: true, script: "echo ${branch}_${version}").trim()}"
docker_build_dir='docker_build_dir'
//项目变量
my_app_name='demo-project'
my_app_port='8080'
//打成jar包后相对目录
my_app_target_dir='/'
}
//存放所有阶段
stages {
stage('拉取代码') {
when {
environment name: 'action',value: 'deploy'
}
steps {
git branch: "${branch}", credentialsId: '99d7ad8d-84c7-4a3e-b22b-4d5da2641994', url: 'https://gitee.com/haige66/xdclass-boot.git'
}
}
stage('编译打包') {
when {
environment name: 'action',value: 'deploy'
}
steps {
sh '/opt/maven/apache-maven-3.6.3/bin/mvn clean install -D maven.test.skip=true'
}
}
stage('构建,上传镜像') {
when {
environment name: 'action',value: 'deploy'
}
steps {
script {
def buildImageStages = [:]
for(appName in env.app_names.tokenize(',')){
buildImageStages[appName] = build_image(appName)
}
echo "${env.app_names} 构建,上传镜像"
sh "docker login ${harbor_url} -u ${harbor_acount} -p ${harbor_pwd}"
//并行构建镜像
parallel buildImageStages
sh "docker logout ${harbor_url}"
echo "${env.app_names} 构建,上传镜像完成"
}
}
}
stage('确认发布') {
when {
environment name: 'action',value: 'deploy'
}
steps {
timeout(time:180, unit:'SECONDS') {
input message: "确认发布以下服务:\n${env.app_names} \n版本号:${tag}", ok: '确认'
}
}
}
stage('部署服务器发布') {
steps {
script {
def remote = [:]
remote.name = "test-dev"
remote.host = "192.168.10.12"
remote.allowAnyHosts = true
withCredentials([usernamePassword(credentialsId: 'b1667fae-6a05-4c7a-a159-dd9797eaa911', passwordVariable: 'password', usernameVariable: 'username')]) {
remote.user = "${username}"
remote.password = "${password}"
}
//远程启动步骤
if("${env.action}" == 'deploy'){
echo "部署服务器发布服务>>>>>> ${env.app_names}"
}else{
echo "部署服务器回滚服务>>>>>> ${env.app_names}"
}
for(appName in env.app_names.tokenize(',')){
echo "正在发布>>>>>> ${appName}"
switch(appName){
case 'my_app':
sshCommand remote: remote, command: """
docker pull ${harbor_resp_url}/${my_app_name}:${tag}
docker rm -f ${my_app_name}
docker run -d --name ${my_app_name} -p ${my_app_port}:${my_app_port} --restart=always ${harbor_resp_url}/${my_app_name}:${tag}
"""
if("${env.action}" == 'deploy'){
sshCommand remote: remote, command:"docker images | grep ${harbor_resp_url}/${my_app_name} | grep -v ${branch}_${version} | awk '{print \$3}' | xargs -r docker rmi"
}
break;
default:
echo('error app_name')
}
echo "发布结束>>>>>> ${appName}"
}
if("${env.action}" == 'deploy'){
echo "部署服务器发布结束>>>>>> ${env.app_names}"
}else{
echo "部署服务器回滚结束>>>>>> ${env.app_names}"
}
}
}
}
}
}
如果聚合工程想一次发布多个服务则需更改脚本:
项目添加Dockerfile
Dockerfile:
# 基础镜像使用java
FROM java:8u111-jdk
# 作者
MAINTAINER xiaoqingge
# VOLUME 指定了临时文件目录为/tmp。
# 其效果是在主机 /var/lib/docker 目录下创建了一个临时文件,并链接到容器的/tmp
VOLUME /tmp
# 将jar包添加到容器中并更名为app.jar
ADD target/*.jar app.jar
# 运行jar包
ENV TIME_ZONE=Asia/Shanghai
EXPOSE 8080
RUN ln -snf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime && echo $TIME_ZONE > /etc/timezone
CMD java -jar -Xms512M -Xmx512M -Duser.timezone=GMT+8 /app.jar
开始构建任务
设置构建参数开始构建
打开任务,通过Blue Ocean查看
Blue Ocean确认发布
发布结束
应用服务器 http://192.168.10.12:9000
可以查看服务已成功发布
参考:
[1]: https://blog.51cto.com/kaliarch/2050862
[2]: https://blog.csdn.net/jy02268879/article/details/89819598
[3]: https://www.cnblogs.com/lvlinguang/p/15500171.html