docker-compose编排,gitlab安装和授权,git使用和jenkins安装和使用
一,基于docker-compose实现对nginx+tomcat web服务的单机编排。
介绍:docker-compose是实现对单机容器的快速编排,它将管理的容器分为三层,分别为project,service和container.
1.创建docker-compose.yml文件 每个service包含image,container_name,expose,ports,networks和links(依赖的服务)
cat docker-compose.yml
version: '3.6'
services:
nginx-server:
image: nginx:1.22.0-alpine
container_name: nginx-web1
expose:
- 80
- 443
ports:
- "80:80"
- "443:443"
networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有两块网卡
- front
- backend
links:
- tomcat-server
tomcat-server:
#image: tomcat:7.0.93-alpine
image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1
container_name: tomcat-app1
##network_mode: bridge #网络1,使用docker安装后的默认网桥
#expose:
# - 8080
#ports:
# - "8080:8080"
networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡
- backend
links:
- mysql-server
mysql-server:
image: mysql:5.6.48
container_name: mysql-container
**# network_mode: bridge #网络1,使用docker安装后的默认网桥**
volumes:
- /data/mysql:/var/lib/mysql
#- /etc/mysql/conf/my.cnf:/etc/my.cnf:ro
environment:
- "MYSQL_ROOT_PASSWORD=12345678"
- "TZ=Asia/Shanghai"
expose:
- 3306
ports:
- "3306:3306"
networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡
- backend
networks:
front: #自定义前端服务网络,需要docker-compose创建
driver: bridge
backend: #自定义后端服务的网络,要docker-compose创建
driver: bridge
default: #使用已经存在的docker0默认172.17.0.1/16的网络
external:
name: bridge
执行docker-compose up -d 命令
root@ubuntu-server1:/data/docker-compose/case3# docker-compose up -d
Creating network "case3_backend" with driver "bridge"
Creating network "case3_front" with driver "bridge"
Pulling mysql-server (mysql:5.6.48)...
5.6.48: Pulling from library/mysql
.....
Digest: sha256:2bf1a0a05a6ad437dcac6689e48a9c33774ac92c6213fce2c4196343210592f3
Status: Downloaded newer image for mysql:5.6.48
Pulling tomcat-server (registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1)...
v1: Pulling from zhangshijie/tomcat-myapp
.....
Digest: sha256:66b601cecdf422c112ba9e71d38e33e577691f91c41b2fe7b5a21055c6a7142a
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1
Creating mysql-container ... done
Creating tomcat-app1 ... done
Creating nginx-web1 ... done
创建网络和拉取镜像。注意里面的links 字段,表示依赖下面的服务。
修改nginx容器配置,访问nginx时转发到后端的tomcat服务上,
root@ubuntu-server1:/data/docker-compose/case3# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
81599b77c4fd nginx:1.22.0-alpine "/docker-entrypoint.…" 22 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp nginx-web1
aeb77640ef60 registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1 "/apps/tomcat/bin/do…" 22 minutes ago Up 22 minutes 8080/tcp, 8443/tcp tomcat-app1
e6806bf17625 mysql:5.6.48 "docker-entrypoint.s…" 22 minutes ago Exited (1) 6 seconds ago mysql-container
root@ubuntu-server1:/data/docker-compose/case3# docker exec -it 81599b77c4fd sh
/etc/nginx/conf.d # vim default.conf
.........
location /myapp {
proxy_pass http://tomcat-server:8080;
}
..........
访问nginx服务,跳转到tomcat服务,成功。
二, 安装gitlab,创建group、user和project并授权
**#安装gitlab**
root@yong:~# dpkg -i gitlab-ce_15.4.3-ce.0_amd64.deb
**#配置/etc/gitlab/gitlab.rb配置文件**
vim /etc/gitlab/gitlab.rb
external_url 'http://192.168.159.130'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = "gavtxtsroksubxfx"
gitlab_rails['smtp_domain'] = "qq.com"
gitlab_rails['smtp_authentication'] = :login
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = "[email protected]"
user["git_user_email"] = "[email protected]"
**#重新配置服务**
root@yong:~# gitlab-ctl reconfigure
#创建Group组
#创建user用户 user1 user2
#创建project
#对创建的用户user1,user2授权
三,熟练git命令的基本使用,通过git命令实现源代码的clone、push等基本操作。
登录另一台server1服务器,安装git工具
root@ubuntu-server1:/data# mkdir code
root@ubuntu-server1:/data# cd code
root@ubuntu-server1:/data/code# git clone http://192.168.159.130/primaryedu/app1.git
Cloning into 'app1'...
Username for 'http://192.168.159.130': user1
Password for 'http://[email protected]':
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (3/3), 2.78 KiB | 2.78 MiB/s, done.
root@ubuntu-server1:/data/code# ls
app1
root@ubuntu-server1:/data/code# cd app1/
#生成一个代码文件,把代码文件上传到git服务器
root@ubuntu-server1:/data/code/app1# cat index.html
This is a heading1
root@ubuntu-server1:/data/code/app1# git config --global user.email "[email protected]" #设置全局邮箱
root@ubuntu-server1:/data/code/app1# git config --global user.name "admin" #设置全局用户名
root@ubuntu-server1:/data/code/app1# git add . #添加当前目录下所有数据到暂存区
root@ubuntu-server1:/data/code/app1# git commit -m "add inde.html" #提交文件到工作区
root@ubuntu-server1:/data/code/app1# git push #提交代码到服务器,分支是master是受保护分支,无论是master还是开发者都无权限push,只有owner user2可以操作
Username for 'http://192.168.159.130': user2
Password for 'http://[email protected]':
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 2 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 295 bytes | 295.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To http://192.168.159.130/primaryedu/app1.git
e2b5f64..cacc324 main -> main
#更新代码,操作代码本地回退操作
root@ubuntu-server1:/data/code/app1# cat index.html
This is a heading1
This is a heading22222222222
root@ubuntu-server1:/data/code/app1# git add .
root@ubuntu-server1:/data/code/app1# git commit -m "v2"
[main 64b6ef4] v2
1 file changed, 1 insertion(+)
root@ubuntu-server1:/data/code/app1# git push
Username for 'http://192.168.159.130': user2
Password for 'http://[email protected]':
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 2 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 294 bytes | 294.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To http://192.168.159.130/primaryedu/app1.git
cacc324..64b6ef4 main -> main
root@ubuntu-server1:/data/code/app1# git reset --hard HEAD^ **#git版本回滚, HEAD为当前版**本,加一个^为上一个,^^为上上一个版本
HEAD is now at cacc324 add inde.html
root@ubuntu-server1:/data/code/app1# cat index.html
This is a heading1
四,熟练掌握对gitlab服务的数据备份与恢复
#执行备份命令
root@ubuntu-server1:/data/code/app1# gitlab-ctl stop unicorn sidekiq
root@ubuntu-server1:/data/code/app1# gitlab-rake gitlab:backup:create
2022-11-09 15:09:41 +0000 – Dumping main_database …
Dumping PostgreSQL database gitlabhq_production … [DONE]
2022-11-09 15:09:46 +0000 – Dumping main_database … done
root@ubuntu-server1:/data/code/app1# cd /var/opt/gitlab/backups/
root@ubuntu-server1:/var/opt/gitlab/backups# ls
1668006581_2022_11_09_15.4.3_gitlab_backup.tar #生成的备份文件包,用于恢复
…
删除用户user1,在线编辑修改代码,合并提交
#执行恢复操作
root@ubuntu-server1#gitlab-ctl stop unicorn sidekiq
root@ubuntu-server1#gitlab-rake gitlab:backup:create
root@ubuntu-server1# cd /var/opt/gitlab/backups/
root@ubuntu-server1:/var/opt/gitlab/backups# ls
1668006581_2022_11_09_15.4.3_gitlab_backup.tar
root@ubuntu-server1#gitlab-rake gitlab:backup:restore BACKUP=1668006581_2022_11_09_15.4.3
root@ubuntu-server1:/var/opt/gitlab/backups# gitlab-ctl start unicorn sidekiq #启动服务
五,部署jenkins服务器并安装gitlab插件、实现代码免秘钥clone
#安装jenkins服务,修改配置文件
root@jenkins:~# dpkg -i jenkins_2.361.2_all.deb && systemctl stop jenkins
Selecting previously unselected package jenkins.
(Reading database ... 73685 files and directories currently installed.)
Preparing to unpack jenkins_2.361.2_all.deb ...
...................
root@jenkins:~# vim /lib/systemd/system/jenkins.service
User=root
Group=root
Environment="JAVA_OPTS=-Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true"
root@jenkins:~# systemctl daemon-reload && systemctl start jenkins
#初次登录jenkins,需要copy密码黏贴到下面,后面安装推荐的插件,配置登录账号信息。
#安装插件后,重启jenkins服务。安装可选插件,配置邮件服务。
#配置任务,先配置shell命令方式来执行任务。
#配置脚本方式执行任务,需要把运行jenkins服务的root用户公钥copy到gitlab上,实现无密码登录拉取代码。
#jenkins产生秘钥对
root@jenkins:/data/scripts# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
#拷贝公钥到gitlab服务器上
root@jenkins:~/.ssh# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDM9BVhM2FsuY+t5LqhZIKDZWM4eQ0j9qocFI87OEGeJ7Ns6QA4m8d+62Md9Jb3XbzfsrMIGY/DOkW/H9ww9hE9KP4y20DUU5lIeRnQIsfJecdCrcSkBy4gFDu4oSBVcg7k4GFXCNoOkNPu79u87PrIV4QWPul2aDGv+CQM/ITb9fE8smSmocxKgbjd7ewyMmh4ev067huqbuC9FJgh4lqmvHamFBPk+TfCGZAILqqohY+q/77KJ+lG2Wj77dbz/+pat/N65a1MHJxwHrD+5WI4F7eEHxhKH7f7EvWk6sk02K94Ym/neJV+K0B1FgNNeW8SRWlYP2KDwXsua7t9DNrknw79eJ39M11j8qhHUUSEM2o5xX6UJBczdQJud1sSHoDCV7NgcOI6lcd/nnZbetBx6tVyMJdECkLnuA+cVnfCxzfMpyRAl37gCfRxwASGKqj44hmdLnP6UiW4oJ0l1o/E/nNCwvMcUZDDXW+ZDQJL3Y32VC1ucPP8XyqJX0PodN8= root@jenkins
#通过git协议clone gitlab上的代码,成功
root@jenkins:/tmp# git clone [email protected]:primaryedu/app1.git
Cloning into 'app1'...
The authenticity of host '192.168.159.130 (192.168.159.130)' can't be established.
ECDSA key fingerprint is SHA256:BvlthaVudES3m4d6odiQUIuOFMCLcd4KBuGAB5K++jk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.159.130' (ECDSA) to the list of known
.......
Unpacking objects: 100% (20/20), 4.46 KiB | 415.00 KiB/s, done.
#在jenkins上通过执行脚本拉取gitlab上代码,并copy到web1服务器nginx上
root@jenkins:/var/lib/jenkins/workspace/test-job1# cat /data/scripts/test.py
#!/bin/bash
#print("output for jenkins test")
cd /data/scripts/code/
rm -rf app1/
git clone [email protected]:primaryedu/app1.git
cd app1
scp index.html 192.168.159.132:/var/www/html/
在jenkins web界面上填入脚本路径,执行 成功
#在jenkins上配置,通过jenkins拉取gitlab上源码,并上传到web1服务器nginx服务,成功。
注意:把运行jenkins服务的root账号的private key复制到 Credentials里。之前gitlab上有jenkins服务器root用户的公钥,需要配对,才能正常拉取代码。
#登录web1服务器,查看nginx服务,有拉取到新的代码,并运行了。
