Harbor 环境搭建
https://github.com/goharbor/harbor/releases/tag/v2.5.6
点击下载地址安装包
安装
解压安装包
[root@localhost ~]# tar -zxvf harbor-offline-installer-v2.5.6.tgz -C /usr/local/
修改harbor.yml配置
image.png
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# vi harbor.yml
[root@localhost harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 23.0.3
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.17.2
[Step 2]: loading Harbor images ...
登录
Harbor http://192.168.232.7 admin/Harbor12345
image.png
创建账户
在某些情况下,为了 Harbor仓库的安全性考虑,在流水线任务中直接配置用户的话,后面还要维护其权限,命名项目是公开的了,登录成功在构建步骤中推送时,提示没有权限,直接配置 admin 用户,又不太合适,这时,可以考虑使用 Harbor 自带的 机器人账号。
image.png
docker 添加harbor支持
修改daemon.json,支持Docker仓库,并重启Docker。
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://jrabvn1q.mirror.aliyuncs.com"],
"insecure-registries":["192.168.232.7:80"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
发布镜像到Harbor
登录方式一、直接使用admin账户登录
docker login -u admin -p Harbor12345 http://192.168.232.7:80
登录方式二、机器人账户登录
官方文档 https://goharbor.io/docs/1.10/working-with-projects/project-configuration/create-robot-accounts/
[root@localhost ~]# docker login http://192.168.232.7:80
Username: robot$devops
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
博客文档 https://www.cnblogs.com/phpper/p/12899895.html
创建一个~/password.txt文件,将我们的机器人secret写到文件中,然后执行如下命令
cat ~/password.tx | docker login --username 'robot$devops' --password-stdin http://92.168.232.7:80
用机器人账户登录harbor,登录后会生成一个~/.docker/config.json文件,有了这个文件后,后续就不用再次输入密码了。
登录成功修改镜像名称,然后推送镜像,发布镜像到Harbor名称要求:[harbor地址/项目名/镜像名:版本] (192.168.232.7:80/repository/mytest:v1.0.0)
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.232.7:80/repository/mytest v1.0.0 66bbba1a6aa6 11 hours ago 832MB
mytest v1.0.0 66bbba1a6aa6 11 hours ago 832MB
[root@localhost ~]# docker tag mytest:v1.0.0 192.168.232.7:80/repository/mytest:v1.0.0
[root@localhost ~]# docker push 192.168.232.7:80/repository/mytest:v1.0.0
从Harbor拉取镜像
先配置/etc/docker/daemon.json文件,然后重启docker,最后拉取镜像。
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://jrabvn1q.mirror.aliyuncs.com"],
"insecure-registries":["192.168.232.7:80"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
# 拉取镜像
[root@localhost ~]# docker pull 192.168.232.7:80/repository/mytest:v1.0.0
v1.0.0: Pulling from repository/mytest
Jenkins打通Harbor
构建镜像和发布镜像到harbor都需要使用到docker命令。而在Jenkins容器内部默认是不带docker的,但是我们建议直接使用宿主机带的Docker即可。
设置宿主机docker.sock权限
sudo chown root:root /var/run/docker.sock
sudo chmod o+rw /var/run/docker.sock
查看结果
[root@localhost run]# ll | grep docker
drwx------. 8 root root 180 4月 8 07:22 docker
-rw-r--r--. 1 root root 5 4月 8 07:22 docker.pid
srw-rw-rw-. 1 root root 0 4月 6 16:52 docker.sock
[root@localhost run]#
添加Jenkins数据卷
修改/usr/local/docker/jenkins/docker-compose.yml文件,
version: "3.1"
services:
jenkins:
image: jenkins/jenkins:2.346.3-2-lts-jdk11
container_name: jenkins
ports:
- 8080:8080
- 50000:50000
volumes:
# 将jenkins的工作目录映射到宿主机的data目录
- ./data/:/var/jenkins_home/
# 将宿主机的docker映射到jenkins容器
- /usr/bin/docker:/usr/bin/docker
- /var/run/docker.sock:/var/run/docker.sock
- /etc/docker/daemon.json:/etc/docker/daemon.json
然后重启容器:
cd /usr/local/docker/jenkins
docker-compose down
docker-compose up -d
Jenkins 任务配置
定义参数
image.png
image.png
image.png
image.png
拉取分支代码
image.png
# 配置参数
REMOTE_NAME="origin" # 远程仓库名
BRANCH_NAME=$branch # 拉取的分支名
BRANCH_NAME=${BRANCH_NAME#*/}
# 检查输入参数
if [ -z "$BRANCH_NAME" ]; then
echo "Please provide the branch name as the first argument."
exit 1
fi
# 判断本地分支是否存在
if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
echo "Local branch $BRANCH_NAME exists."
git checkout $BRANCH_NAME
git config pull.rebase false
git pull $REMOTE_NAME $BRANCH_NAME
else
echo "Local branch $BRANCH_NAME does not exist."
git fetch $REMOTE_NAME $BRANCH_NAME
git checkout -b $BRANCH_NAME $REMOTE_NAME/$BRANCH_NAME
fi
# 执行完毕
echo "The latest code has been successfully pulled from the remote branch."
exit 0
maven 打包
image.png
构建docker镜像并上传
image.png
mv **/target/*.jar docker/app.jar
echo "build Image start"
docker build -t $JOB_BASE_NAME:$tag docker/
echo "build Image success"
password=ucTv2l1XeBdgO9tkseoyWVLh47sRN9Py
echo "$password" | docker login $harbor_url --username 'robot$devops' --password-stdin
docker tag $JOB_BASE_NAME:$tag $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
echo "push Image start"
docker push $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
echo "push Image success"
远程服务器拉取镜像并运行
image.png
harbor_url=$harbor_url
port=$port
tag=$tag
project_name=$JOB_BASE_NAME
imageName=$harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
containerId=`docker ps -a | grep ${project_name} | awk '{print $1}'`
if [ "$containerId" != "" ] ; then
docker stop $containerId
docker rm $containerId
echo "Delete Container Success $containerId"
fi
imageId=`docker images | grep ${project_name} | awk '{print $3}'`
if [ "$imageId" != "" ] ; then
docker rmi -f $imageId
echo "Delete Image Success $imageId"
fi
password=ucTv2l1XeBdgO9tkseoyWVLh47sRN9Py
echo "$password" | docker login 192.168.232.7:80 --username 'robot$devops' --password-stdin
docker pull $imageName
docker run -d -p $port --name $project_name $imageName
echo "Start Container Success"
echo $project_name