基于docker容器实现devops应用
文章目录
- 基于docker容器实现devops应用
-
- 1. 部署Gitlab并上传一个项目
- 2. 基于tomcat部署jenkins
-
- 2.1 部署tomcat
- 2.2 部署Jenkins
- 3. 部署harbor仓库
-
- 3.1 在其它需要用到私有仓库的主机修改映射文件
- 3.2 部署harbor仓库
- 4. 部署docker
- 5. 制作tomcat镜像上传到harbor仓库
- 6. 在developer上传一个项目到Gitlab,并设置sshkey免密登录
-
- 6.1 上传项目
- 6.2 设置sshkey免密登录
- 7. 在jenkins主机上将项目打包成war包并传到docker主机,然后再用tomcat镜像上线项目
-
- 7.1 创建流水线
基于docker容器实现devops应用
| 主机名 | ip | 角色 | 系统版本 |
|---|---|---|---|
| Gitlab | 192.168.234.22 | Gitlab | CentOS-8 |
| Jenkins | 192.168.234.33 | Jenkins | CentOS-8 |
| harbor | 192.168.234.111 | harbor | CentOS-8 |
| docker | 192.168.234.123 | docker | CentOS-8 |
| developer(开发者) | 192.168.234.100 | developer | CentOS-8 |
1. 部署Gitlab并上传一个项目
部署Gitlab详细介绍可参考博客 《GitLab》
//先关闭防火墙与SElinux
[root@Gitlab ~]# systemctl disable --now firewalld
[root@Gitlab ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@Gitlab ~]# setenforce 0
//安装Gitlab环境依赖
[root@Gitlab ~]# yum install -y git perl curl openssh-server openssh-clients postfix cronie
//用源码包的方式安装一个依赖
[root@Gitlab ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/policycoreutils-python-2.5-34.el7.x86_64.rpm
[root@Gitlab ~]# rpm -ivh --nodeps --force policycoreutils-python-2.5-34.el7.x86_64.rpm
//下载gitlab的rpm包
[root@Gitlab ~]# wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-16.4.1-ce.0.el7.x86_64.rpm
//安装gitlab
[root@Gitlab ~]# rpm -ivh gitlab-ce-16.4.1-ce.0.el7.x86_64.rpm
//修改gitlab的配置文件
[root@Gitlab ~]# vim /etc/gitlab/gitlab.rb
## 修改一下两行
external_url 'http://192.168.234.33' ## 添加
gitlab_workhorse['auth_backend'] = "http://localhost:8080" ## 去掉注释
//开启邮箱服务
[root@Gitlab ~]# systemctl enable --now postfix
//重新加载gitlab配置文件并重启服务
[root@Gitlab ~]# gitlab-ctl reconfigure
//重新加载gitlab
[root@Gitlab ~]# gitlab-ctl restart
2. 基于tomcat部署jenkins
部署tomcat与Jenkins详细介绍可参考博客 《Jenkins》与《Tomcat》
2.1 部署tomcat
//关闭防火墙与selinux
[root@Jenkins ~]# systemctl disable --now firewalld
[root@Jenkins ~]# setenforce 0
[root@Jenkins ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
//安装Java包
[root@Jenkins ~]# yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel
//获取tomcat包
[root@Jenkins ~]# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.80/bin/apache-tomcat-9.0.80.tar.gz
//解压tomcat包
[root@Jenkins ~]# tar xf apache-tomcat-9.0.80.tar.gz -C /usr/local/
//创建软连接
[root@Jenkins ~]# cd /usr/local/
[root@Jenkins local]# ln -s apache-tomcat-9.0.80/ tomcat
//启动tomcat
[root@Jenkins ~]# /usr/local/tomcat/bin/catalina.sh start
2.2 部署Jenkins
//安装依赖环境
[root@Jenkins ~]# yum install -y java-17-openjdk-devel java-17-openjdk
//获取Jenkins的war包
[root@Jenkins ~]# wget https://get.jenkins.io/war-stable/2.414.2/jenkins.war
//如果后面maven冲突的话可以选择一下系统的Java版本
[root@Jenkins ~]# alternatives --config java
There are 2 programs which provide 'java'.
Selection Command
-----------------------------------------------
*+ 1 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-2.el8_5.x86_64/jre/bin/java)
2 java-17-openjdk.x86_64 (/usr/lib/jvm/java-17-openjdk-17.0.1.0.12-2.el8_5.x86_64/bin/java)
Enter to keep the current selection[+], or type selection number: 2 ## 选择17的版本
//运行war包
[root@Jenkins ~]# java -jar jenkins.war
//将运行后的war包复制到webapps下
[root@Jenkins ~]# cp jenkins.war /usr/local/tomcat/webapps/
//重启tomcat服务
[root@Jenkins ~]# /usr/local/tomcat/bin/catalina.sh stop
[root@Jenkins ~]# /usr/local/tomcat/bin/catalina.sh start
//访问的时候ip地址后面要加上8080端口
//后面web界面安装省略,具体步骤可参考另外一篇博客
//安装git与maven
[root@Jenkins ~]# yum install -y git maven
3. 部署harbor仓库
3.1 在其它需要用到私有仓库的主机修改映射文件
//在docker主机上添加一个映射
[root@docker ~]# vim /etc/hosts
192.168.234.111 harbor
//在harbor主机上添加一个映射
[root@harbor ~]# vim /etc/hosts
192.168.234.111 harbor
3.2 部署harbor仓库
//关闭防火墙以及selinux
[root@harbor ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@harbor ~]# setenforce 0
[root@harbor ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
//安装docker服务
[root@harbor ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@harbor ~]# sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
[root@harbor ~]# yum makecache
[root@harbor ~]# yum -y install docker-ce
[root@harbor ~]# systemctl enable --now docker
//安装docker-compose
[root@harbor ~]# curl -SL https://github.com/docker/compose/releases/download/v2.23.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
//给执行权限
[root@harbor bin]# chmod +x docker-compose
//创建软连接
[root@harbor bin]# ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
//安装harbor
//获取harbor包
[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.9.1/harbor-offline-installer-v2.9.1.tgz
//解压harbor包
[root@harbor ~]# tar xf harbor-offline-installer-v2.9.1.tgz -C /usr/local/
//修改harbor.yml文件
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# vim harbor.yml
······················略
hostname: harbor
······················略
# 如果不需要https可将https进行注释
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
//执行安装脚本
[root@harbor harbor]# ./install.sh
//启动命令与停止命令,必须在/usr/local/harbor/目录执行
[root@harbor harbor]# docker-compose start
[root@harbor harbor]# docker-compose stop
//设置开机自启
[root@harbor harbor]# vim /etc/rc.local
## 添加这一行
cd /usr/local/harbor/ && docker-compose start
//添加执行权限
[root@harbor harbor]# chmod +x /etc/rc.d/rc.local
在web端查看是否安装成功
4. 部署docker
//关闭防火墙与selinux
[root@docker ~]# systemctl disable --now firewalld
[root@docker ~]# setenforce 0
[root@docker ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
//安装docker
[root@docker ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@docker ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@docker ~]# sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
//更新并安装docker
[root@docker ~]# yum makecache
[root@docker ~]# yum -y install docker-ce
//启动服务并设置开机自启
[root@docker ~]# systemctl enable --now docker
//启用阿里云容器镜像加速服务
[root@docker ~]# mkdir -p /etc/docker
[root@docker ~]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://ye25aygs.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://ye25aygs.mirror.aliyuncs.com"]
}
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker
5. 制作tomcat镜像上传到harbor仓库
//在/etc/docker/daemon.json配置文件里配置insecure-registries参数
[root@docker ~]# vim /etc/docker/daemon.json
{
## 添加下面这行
"insecure-registries": ["192.168.234.111"],
"registry-mirrors": ["https://ye25aygs.mirror.aliyuncs.com"]
}
//重启docker服务
[root@docker ~]# systemctl restart docker
//登陆到私有仓库
[root@docker ~]# docker login harbor
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker ~]#
//制作tomcat镜像
//获取tomcat包
[root@Jenkins ~]# scp apache-tomcat-9.0.80.tar.gz [email protected]:/root
//写一个dockerfile
[root@docker ~]# cat dockerfile
FROM centos
RUN rm -rf /etc/yum.repos.d/* && \
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo && \
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo && \
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm && \
sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel* && \
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
RUN yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel
COPY apache-tomcat-9.0.80.tar.gz /
RUN tar xf apache-tomcat-9.0.80.tar.gz -C /usr/local/ && \
cd /usr/local/ && \
ln -s apache-tomcat-9.0.80/ tomcat && \
/usr/local/tomcat/bin/catalina.sh start
CMD ["/usr/local/tomcat/bin/catalina.sh","run"]
-----------------------------------------------------------------
//开始构建镜像
[root@docker ~]# docker build -t kiwi/tomcat .
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kiwi/tomcat latest 675004d972f9 59a452cbfb05 About a minute ago 600MB
centos latest 5d0da3dc9764 2 years ago 231MB
[root@docker ~]#
//重新打标签
[root@docker ~]# docker tag harbor/tomcat 192.168.234.111/library/tomcat:alpine
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.234.111/library/tomcat alpine 59a452cbfb05 37 minutes ago 600MB
//上传镜像
[root@docker ~]# docker push 192.168.234.111/library/tomcat:alpine
在web界面查看是否有镜像
6. 在developer上传一个项目到Gitlab,并设置sshkey免密登录
6.1 上传项目
//安装git
[root@developer ~]# yum install -y git
//获取一个项目到本地
[root@Gitlab ~]# git clone https://gitee.com/forgotten/tomcat-java-demo.git
在web端新建一个项目
//获取项目目录
[root@Gitlab ~]# git config --global user.name "kiwi111"
[root@Gitlab ~]# git config --global user.email "[email protected]"
[root@Gitlab ~]# git clone http://192.168.234.22/root/tomcat.git
//添加项目
[root@Jenkins tomcat]# cp -r ../tomcat-java-demo/* .
[root@Gitlab ~]# cd tomcat
[root@Gitlab tomcat]# ls
db Dockerfile LICENSE README.md
deploy.yaml jenkinsfile pom.xml src
//提交项目
[root@Gitlab tomcat]# git add *
[root@Gitlab tomcat]# git commit -m "first commit"
//上传项目
[root@Gitlab tomcat]# git push --set-upstream origin
在web端看是否上传成功
6.2 设置sshkey免密登录
//生成密钥
## 一直按回车即可
[root@Jenkins ~]# cat .ssh/id_rsa.pub
//复制密钥内容
[root@Jenkins ~]# cat .ssh/id_rsa.pub
在web端上登陆想要设置免密登录的账号
然后开始设置免密登录
添加一个sshkey
验证
[root@Jenkins ~]# ssh -T [email protected]
Welcome to GitLab, @root!
//这样表示免密登录成功
//尝试拉取,注意要用ssh的地址
[root@Jenkins ~]# git clone [email protected]:root/tomcat.git
7. 在jenkins主机上将项目打包成war包并传到docker主机,然后再用tomcat镜像上线项目
7.1 创建流水线
//给docker主机做免密登录
[root@Jenkins ~]# ssh-copy-id [email protected]
//在jenkins流水线写脚本,脚本如下
pipeline {
agent any
stages {
stage("pull code"){
steps {
sh """
mkdir /project
git clone [email protected]:root/tomcat.git /project/tomcat
cd
"""
}
}
stage("mvn project"){
steps {
sh """
cd /project/tomcat
mvn package -Dmaven.test.skikp=true
scp /root/tomcat/target/ly-simple-tomcat-0.0.1-SNAPSHOT.war [email protected]:/root/
"""
}
}
stage("copy war project from make docker image"){
steps {
sh """
ssh [email protected] "
cd &&
docker run -p 80:8080 --name tomcat -itd 192.168.234.111/library/tomcat:alpine &&
docker cp /root/ly-simple-tomcat-0.0.1-SNAPSHOT.war tomcat:/usr/local/tomcat/webapps/ &&
exit "
"""
}
}
stage("write dockfile"){
steps {
sh """
ssh [email protected] "cd
echo "FROM 192.168.234.111/library/tomcat:alpine" > dockerfile &&
echo "RUN rm -rf /usr/local/tomcat/webapps/ROOT" >> dockerfile &&
echo "COPY ly-simple-tomcat-0.0.1-SNAPSHOT.war /usr/local/tomcat/webapps/ROOT.war" >> dockerfile &&
docker build -t harbor/libary/tamcat:v0.1 ."
"""
}
}
}
}
可以看到项目上线成功