Outlook(^_^)
Outlook(^_^)

7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建

7.1 CI/CD 持续集成/持续交付_Git分布式版本控制系统
7.2 CI/CD 持续集成/持续交付_GitLab代码仓库
7.3 CI/CD 持续集成/持续交付_Jenkins整合Git 容器镜像

7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建

  • 1. 上传容器镜像到仓库
  • 2. 部署远程仓库
  • 3. 整体推送:开发到上线
  • 4. 参数化构建(Jenkins结合ansible)
  • 5. 部署企业级的仓库(Jenkins结合harbor)
    • 5.1 Jenkins和harbor仓库结合
    • 5.2 Jenkins自动化构建harbor仓库

1. 上传容器镜像到仓库

  1. 先确定服务是否正常
  • GitLab正常
[root@server51 ~]# gitlab-ctl status
run: alertmanager: (pid 3562) 165s; run: log: (pid 3561) 165s
run: gitaly: (pid 3546) 165s; run: log: (pid 3545) 165s
run: gitlab-exporter: (pid 3574) 165s; run: log: (pid 3571) 165s
run: gitlab-workhorse: (pid 3555) 165s; run: log: (pid 3554) 165s
run: grafana: (pid 3587) 165s; run: log: (pid 3585) 165s
run: logrotate: (pid 3569) 165s; run: log: (pid 3568) 165s
run: nginx: (pid 3548) 165s; run: log: (pid 3547) 165s
run: node-exporter: (pid 3560) 165s; run: log: (pid 3559) 165s
run: postgres-exporter: (pid 3586) 165s; run: log: (pid 3584) 165s
run: postgresql: (pid 3550) 165s; run: log: (pid 3549) 165s
run: prometheus: (pid 3566) 165s; run: log: (pid 3565) 165s
run: puma: (pid 3572) 165s; run: log: (pid 3567) 165s
run: redis: (pid 3540) 165s; run: log: (pid 3538) 165s
run: redis-exporter: (pid 3564) 165s; run: log: (pid 3563) 165s
run: sidekiq: (pid 3573) 165s; run: log: (pid 3570) 165s
  • 删除之前的demo镜像
[root@server52 ~]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
localhost:5000/webserver   7                   35ec4ba474e8        9 hours ago         133MB
localhost:5000/webserver   8                   35ec4ba474e8        9 hours ago         133MB
localhost:5000/webserver   latest              35ec4ba474e8        9 hours ago         133MB
localhost:5000/webserver   5                   9d8f2817c33a        9 hours ago         133MB
localhost:5000/webserver   6                   9d8f2817c33a        9 hours ago         133MB
nginx                      latest              f0b8a9a54136        3 days ago          133MB
[root@server52 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                   PORTS               NAMES
a13c63227ff5        9d8f2817c33a        "/docker-entrypoint.…"   9 hours ago         Exited (0) 9 hours ago                       demo
[root@server52 ~]# docker rm -f demo
demo
[root@server52 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
  • 虚拟机正常上网,可以拉取镜像
[root@server52 ~]# ping 14.215.177.38
PING 14.215.177.38 (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38: icmp_seq=1 ttl=52 time=268 ms
64 bytes from 14.215.177.38: icmp_seq=2 ttl=52 time=105 ms
64 bytes from 14.215.177.38: icmp_seq=3 ttl=52 time=314 ms
  1. 拉取registry镜像
    注意registry的挂载点/var/lib/registry
[root@server52 ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
ddad3d7c1e96: Pull complete 
6eda6749503f: Pull complete 
363ab70c2143: Pull complete 
5b94580856e6: Pull complete 
12008541203a: Pull complete 
Digest: sha256:bac2d7050dc4826516650267fe7dc6627e9e11ad653daca0641437abdf18df27
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@server52 ~]# docker history registry:latest 
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
1fd8e1b0bb7e        4 weeks ago         /bin/sh -c #(nop)  CMD ["/etc/docker/registr…   0B                  
<missing>           4 weeks ago         /bin/sh -c #(nop)  ENTRYPOINT ["/entrypoint.…   0B                  
<missing>           4 weeks ago         /bin/sh -c #(nop) COPY file:507caa54f88c1f38…   155B                
<missing>           4 weeks ago         /bin/sh -c #(nop)  EXPOSE 5000                  0B                  
<missing>           4 weeks ago         /bin/sh -c #(nop)  VOLUME [/var/lib/registry]   0B                  
<missing>           4 weeks ago         /bin/sh -c #(nop) COPY file:4544cc1555469403…   295B                
<missing>           4 weeks ago         /bin/sh -c #(nop) COPY file:21256ff7df5369f7…   20.1MB              
<missing>           4 weeks ago         /bin/sh -c set -ex     && apk add --no-cache…   549kB               
<missing>           4 weeks ago         /bin/sh -c #(nop)  CMD ["/bin/sh"]              0B                  
<missing>           4 weeks ago         /bin/sh -c #(nop) ADD file:282b9d56236cae296…   5.62MB
  1. registry仓库搭建完成
    -v:挂载位置
    -p:端口映射 5000:5000
[root@server52 ~]# docker run -d --name registry -v /opt/registry:/var/lib/registry -p 5000:5000 registry
9dbc5071a78ef20a0ccb4b45e8dbe4df3bb39e7c08da6cd4e9bb4a285283e993
  1. 查看运行的镜像
    注意镜像的名字:仓库的地址+镜像的名称=镜像名称
[root@server52 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
9dbc5071a78e        registry            "/entrypoint.sh /etc…"   20 seconds ago      Up 18 seconds       0.0.0.0:5000->5000/tcp   registry

[root@server52 ~]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
localhost:5000/webserver   7                   35ec4ba474e8        9 hours ago         133MB
localhost:5000/webserver   8                   35ec4ba474e8        9 hours ago         133MB
localhost:5000/webserver   latest              35ec4ba474e8        9 hours ago         133MB
localhost:5000/webserver   5                   9d8f2817c33a        10 hours ago        133MB
localhost:5000/webserver   6                   9d8f2817c33a        10 hours ago        133MB
nginx                      latest              f0b8a9a54136        3 days ago          133MB
registry                   latest              1fd8e1b0bb7e        4 weeks ago         26.2MB
  1. 编辑test项目
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第1张图片
  2. 测试:手动触发

注意:这里有可能出现报错
docker重启之后,docker引擎的权限会变化
7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第2张图片解决方法:改权限

[root@server52 ~]# ll /var/run/docker.sock 
srw-rw---- 1 root docker 0 May 16 09:39 /var/run/docker.sock
[root@server52 ~]# usermod -G docker jenkins 
[root@server52 ~]# chmod 777 /var/run/docker.sock 
[root@server52 ~]# ll /var/run/docker.sock 
srwxrwxrwx 1 root docker 0 May 16 09:39 /var/run/docker.sock

此时再去手动触发,就会成功
7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第3张图片

查看运行的镜像,发现这3个镜像都指向同一个标签。因为,镜像没有什么变化。在抓取数据时,使用的是Cache

[root@server52 ~]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
localhost:5000/webserver   10                  35ec4ba474e8        10 hours ago        133MB
localhost:5000/webserver   7                   35ec4ba474e8        10 hours ago        133MB
localhost:5000/webserver   8                   35ec4ba474e8        10 hours ago        133MB
localhost:5000/webserver   latest              35ec4ba474e8        10 hours ago        133MB
localhost:5000/webserver   5                   9d8f2817c33a        10 hours ago        133MB
localhost:5000/webserver   6                   9d8f2817c33a        10 hours ago        133MB
nginx                      latest              f0b8a9a54136        3 days ago          133MB
registry                   latest              1fd8e1b0bb7e        4 weeks ago         26.2MB

进入镜像的搭载点,也能看到对应的目录

[root@server52 ~]# cd /opt/registry/
[root@server52 registry]# ls
docker
[root@server52 registry]# ls -l docker/
total 0
drwxr-xr-x 3 root root 16 May 16 09:54 registry
[root@server52 registry]# ls -Rl docker/
docker/:
total 0
drwxr-xr-x 3 root root 16 May 16 09:54 registry

docker/registry:
total 0
drwxr-xr-x 4 root root 39 May 16 09:54 v2

docker/registry/v2:
total 0
drwxr-xr-x 3 root root 20 May 16 09:54 blobs
drwxr-xr-x 3 root root 23 May 16 09:54 repositories
......

7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第4张图片

  1. 测试:自动触发

当前docker项目会一直关注test项目。
如果test项目正常触发,那么docker项目才会触发

  • 先在本地测试一下,看Jenkins用户是否可以执行
    注意:docker的权限是不允许普通用户直接使用docker。但是,之前已经将Jenkins用户加入到docker组里面了,所以,这里不需要担心这个问题
  • 修改Jenkins的shell,并测试Jenkins用户是否可以使用docker
[root@server52 registry]# cat /etc/passwd | grep jenkins
jenkins:x:998:996:Jenkins Automation Server:/var/lib/jenkins:/bin/false
[root@server52 registry]# usermod -s /bin/bash jenkins 
[root@server52 registry]# su - jenkins 
-bash-4.2$ id
uid=998(jenkins) gid=996(jenkins) groups=996(jenkins),994(docker)
-bash-4.2$ docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
localhost:5000/webserver   10                  35ec4ba474e8        10 hours ago        133MB
localhost:5000/webserver   7                   35ec4ba474e8        10 hours ago        133MB
localhost:5000/webserver   8                   35ec4ba474e8        10 hours ago        133MB
localhost:5000/webserver   latest              35ec4ba474e8        10 hours ago        133MB
localhost:5000/webserver   5                   9d8f2817c33a        10 hours ago        133MB
localhost:5000/webserver   6                   9d8f2817c33a        10 hours ago        133MB
nginx                      latest              f0b8a9a54136        3 days ago          133MB
registry                   latest              1fd8e1b0bb7e        4 weeks ago         26.2MB
-bash-4.2$ docker run -d --name demo -p 80:80 localhost:5000/webserver
662d2aea648c6d5f982145322351259aab00f4023bbc06590a478f38fbf7c3c0
-bash-4.2$ docker ps
CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS              PORTS                    NAMES
662d2aea648c        localhost:5000/webserver   "/docker-entrypoint.…"   37 seconds ago      Up 23 seconds       0.0.0.0:80->80/tcp       demo
9dbc5071a78e        registry                   "/entrypoint.sh /etc…"   11 minutes ago      Up 11 minutes       0.0.0.0:5000->5000/tcp   registry
-bash-4.2$ curl localhost
www.westos.org
www.westos.org
www.westos.org
www.westos.org
www.westos.org
www.westos.org
-bash-4.2$ docker rm -f demo
demo
-bash-4.2$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
9dbc5071a78e        registry            "/entrypoint.sh /etc…"   11 minutes ago      Up 11 minutes       0.0.0.0:5000->5000/tcp   registry

  • 测试完成之后,新建任务

  • 新建任务docker(自由风格)
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第5张图片

    • 不需要Git
    • 构建触发器(其他工程构建后触发)
      关注test项目,只有test构建成功时,才会触发事件
      7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第6张图片
    • 构建(shell)
      先过滤一下,如果webserver这个进程存在,则删除
      休眠1秒
      之后,再建立一个新的容器镜像
      Q:为什么要有删除的操作
      A:因为shell脚本中定义的容器名字必须唯一。
docker ps -a | grep webserver && docker rm -f webserver
sleep 1
docker run -d --name webserver -p 80:80 localhost:5000/webserver:latest

7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第7张图片

  • 检测docker项目,手动触发
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第8张图片
    【test运行成功,上传镜像到仓库,docker测试镜像是否OK,并运行】
[root@server52 registry]# docker ps
CONTAINER ID        IMAGE                             COMMAND                  CREATED              STATUS              PORTS                    NAMES
c60288855632        localhost:5000/webserver:latest   "/docker-entrypoint.…"   About a minute ago   Up About a minute   0.0.0.0:80->80/tcp       webserver
9dbc5071a78e        registry                          "/entrypoint.sh /etc…"   17 minutes ago       Up 16 minutes       0.0.0.0:5000->5000/tcp   registry
[root@server52 registry]# curl localhost
www.westos.org
www.westos.org
www.westos.org
www.westos.org
www.westos.org
www.westos.org

用户通过git版本控制系统,把代码push到gitlab中,gitlab触发Jenkins Jenkins首先触发test项目(从dockerfile文件中构建image镜像,并push镜像到registry) 完成之后,去触发docker项目,运行容器

2. 部署远程仓库

第3台虚拟机server53,作为生产环境
在server53上去做远程部署

  1. server53的docker环境部署
    安装dcoker-ce
  • 将server52上docker的yum源拷贝到server53上
[root@server52 registry]# cd /etc/yum.repos.d/
[root@server52 yum.repos.d]# ls
docker.repo  redhat.repo  rhel7.repo
[root@server52 yum.repos.d]# scp docker.repo [email protected]:/etc/yum.repos.d/

[root@server53 ~]# yum install -y docker-ce
  • server52上/etc/sysctl.d/docker.conf发送到server53上
[root@server52 sysctl.d]# scp docker.conf [email protected]:/etc/sysctl.d/
  • server53激活服务
[root@server53 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/docker.conf ...
* Applying /etc/sysctl.conf ...
  1. 开机自启docker
[root@server53 ~]# systemctl enable --now docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@server53 ~]# docker info
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 19.03.15
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
 runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.el7.x86_64
 Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 991MiB
 Name: server53
 ID: V7A2:C2XE:VT46:FWHN:5PZ2:GUBD:74N2:T6HG:BBT4:CF3O:7XFN:WNTI
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
  1. 删除之前server52上的webserver镜像
[root@server52 sysctl.d]# docker ps
CONTAINER ID        IMAGE                             COMMAND                  CREATED             STATUS              PORTS                    NAMES
c60288855632        localhost:5000/webserver:latest   "/docker-entrypoint.…"   About an hour ago   Up About an hour    0.0.0.0:80->80/tcp       webserver
9dbc5071a78e        registry                          "/entrypoint.sh /etc…"   About an hour ago   Up About an hour    0.0.0.0:5000->5000/tcp   registry
[root@server52 sysctl.d]# docker rm -f webserver 
webserver
  1. 手动执行:server53到server52上拉取镜像

  • 注意:
    现在仓库在server52上,server53要去server52上拉取。
    直接拉取会被拒绝,因为默认拉取路径走的是443端口(https)
    但是,因为当前实验环境是内网,所以,我们可以设定就走80端口(http)

  • 告诉docker可以走非安全端口去拉取数据

[root@server53 ~]# vim /etc/docker/daemon.json
{
        "insecure-registries": ["172.25.21.52:5000"]
}
  • reload之后docker info 可以查看到设定被加载
[root@server53 ~]# systemctl reload docker.service 
[root@server53 ~]# docker info 
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 19.03.15
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
 runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.el7.x86_64
 Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 991MiB
 Name: server53
 ID: V7A2:C2XE:VT46:FWHN:5PZ2:GUBD:74N2:T6HG:BBT4:CF3O:7XFN:WNTI
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  172.25.21.52:5000				//设定成功
  127.0.0.0/8
 Live Restore Enabled: false
  • 到server52上拉取最新的webserver镜像(拉取成功)
[root@server53 ~]# docker pull 172.25.21.52:5000/webserver:latest
latest: Pulling from webserver
69692152171a: Pull complete 
49f7d34d62c1: Pull complete 
5f97dc5d71ab: Pull complete 
cfcd0711b93a: Pull complete 
be6172d7651b: Pull complete 
de9813870342: Pull complete 
cf95e669b696: Pull complete 
Digest: sha256:0ed15e7ef742ad598ae3ddb950125bab848b5992e138cc1af4effd3456b5cf2b
Status: Downloaded newer image for 172.25.21.52:5000/webserver:latest
172.25.21.52:5000/webserver:latest
  1. 自动化执行:server53到server52上拉取镜像

  • 现在需要server53自动拉取镜像,而不是像我们现在这样手动拉取

  • 安装SSH插件
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第9张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第10张图片

  • 修改docker项目
    添加全局凭证(用户名密码认证)
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第11张图片在这里插入图片描述7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第12张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第13张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第14张图片

  • 系统配置
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第15张图片

  • docek项目配置
    构建
    通过ssh连接远程主机,执行shell脚本
    shell:从172.25.21.52的5000端口仓库下载镜像
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第16张图片

  • 手动触发,检查是否自动到server52的仓库中拉取镜像
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第17张图片
    server53上运行着镜像,拉取成功

[root@server53 ~]# docker ps
CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS              PORTS                NAMES
f24aebec1b0c        172.25.21.52:5000/webserver:latest   "/docker-entrypoint.…"   31 seconds ago      Up 27 seconds       0.0.0.0:80->80/tcp   webserver

3. 整体推送:开发到上线

  1. 推动index.html文件到gitlab中
[root@server51 ~]# cd demo/
[root@server51 demo]# vim index.html 
www.redhat.org
www.redhat.org
www.redhat.org
www.redhat.org
www.redhat.org
www.redhat.org
[root@server51 demo]# git commit -a -m "v4"
[master 177db88] v4
 1 file changed, 6 insertions(+), 6 deletions(-)
[root@server51 demo]# git push -u origin master
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 251 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To [email protected]:root/demo.git
   cbd16da..177db88  master -> master
Branch master set up to track remote branch master from origin.
  • test项目中会有新的构建
    (自动生成镜像,推送到仓库)
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第18张图片
[root@server52 sysctl.d]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED              SIZE
localhost:5000/webserver   11                  e00d313d867d        About a minute ago   133MB
localhost:5000/webserver   latest              e00d313d867d        About a minute ago   133MB
localhost:5000/webserver   10                  35ec4ba474e8        11 hours ago         133MB
localhost:5000/webserver   7                   35ec4ba474e8        11 hours ago         133MB
localhost:5000/webserver   8                   35ec4ba474e8        11 hours ago         133MB
localhost:5000/webserver   5                   9d8f2817c33a        11 hours ago         133MB
localhost:5000/webserver   6                   9d8f2817c33a        11 hours ago         133MB
nginx                      latest              f0b8a9a54136        3 days ago           133MB
registry                   latest              1fd8e1b0bb7e        4 weeks ago          26.2MB
  1. 修改docker项目
  • docker项目的shell脚本需要修改一下,删除之前的镜像
    否则,之后创建容器都使用的是之前的镜像
    (先删除容器,释放容器,再删镜像)
docker ps -a | grep webserver && docker rm -f webserver
sleep 1
docker rmi 172.25.21.52:5000/webserver:latest
sleep 1
docker run -d --name webserver -p 80:80 172.25.21.52:5000/webserver:latest

7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第19张图片

  • 测试成功
[root@server53 ~]# curl localhost
www.redhat.org
www.redhat.org
www.redhat.org
www.redhat.org
www.redhat.org
www.redhat.org
  1. 汇总:第二次完整推送(重复上面的操作)
[root@server51 demo]# vim index.html 
www.linux.org
www.linux.org
www.linux.org
www.linux.org
www.linux.org
www.linux.org
[root@server51 demo]# git commit -a -m "v5"
[master bc036d6] v5
 1 file changed, 6 insertions(+), 6 deletions(-)
[root@server51 demo]# git push -u origin master
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 249 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To [email protected]:root/demo.git
   177db88..bc036d6  master -> master
Branch master set up to track remote branch master from origin.
  • test项目生成镜像
[root@server52 sysctl.d]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
localhost:5000/webserver   12                  b92fb520afb0        34 seconds ago      133MB
localhost:5000/webserver   latest              b92fb520afb0        34 seconds ago      133MB
localhost:5000/webserver   11                  e00d313d867d        8 minutes ago       133MB
localhost:5000/webserver   10                  35ec4ba474e8        11 hours ago        133MB
localhost:5000/webserver   7                   35ec4ba474e8        11 hours ago        133MB
localhost:5000/webserver   8                   35ec4ba474e8        11 hours ago        133MB
localhost:5000/webserver   5                   9d8f2817c33a        11 hours ago        133MB
localhost:5000/webserver   6                   9d8f2817c33a        11 hours ago        133MB
nginx                      latest              f0b8a9a54136        3 days ago          133MB
registry                   latest              1fd8e1b0bb7e        4 weeks ago         26.2MB
  • server53上查看本地服务,测试成功
[root@server53 ~]# curl localhost
www.linux.org
www.linux.org
www.linux.org
www.linux.org
www.linux.org
www.linux.org

4. 参数化构建(Jenkins结合ansible)

由用户来选择生产环境

  1. 安装ansible
  • 复制宿主主机上的ansible依赖性安装包到 发布目录下
[root@foundation21 docs]# cp -r ansible/ /var/www/html/
  • 准备好yum源
[root@server52 yum.repos.d]# pwd
/etc/yum.repos.d
[root@server52 yum.repos.d]# vim ansible.repo
[ansible]
name=ansible 2.8
baseurl=http://172.25.21.250/ansible
gpgcheck=0
[root@server52 yum.repos.d]# yum repolist 
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
ansible                                                                | 3.0 kB  00:00:00     
docker                                                                 | 3.0 kB  00:00:00     
rhel7.6                                                                | 4.3 kB  00:00:00     
ansible/primary_db                                                     | 7.9 kB  00:00:00     
repo id                                   repo name                                     status
ansible                                   ansible 2.8                                      10
docker                                    docker-ce                                        20
rhel7.6                                   rhel7.6                                       5,152
repolist: 5,182
  • 安装
[root@server52 yum.repos.d]# yum install -y ansible
  1. Jenkins用户
[root@server52 yum.repos.d]# su - jenkins 
Last login: Sun May 16 10:00:03 CST 2021 on pts/0
-bash-4.2$

  1. 在GitLab上创建一个playbook项目
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第20张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第21张图片

  2. 克隆playbook到本地

[root@server51 ~]# git clone [email protected]:root/playbook.git
Cloning into 'playbook'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.
[root@server51 ~]# ls
demo  gitlab-ce-13.2.2-ce.0.el7.x86_64.rpm  playbook
[root@server51 ~]# cd playbook/
[root@server51 playbook]# ls
README.md
  1. 删除server53之前的容器,因为它占用着80端口
[root@server53 ~]# docker ps
CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS              PORTS                NAMES
0831dda1358a        172.25.21.52:5000/webserver:latest   "/docker-entrypoint.…"   2 hours ago         Up 2 hours          0.0.0.0:80->80/tcp   webserver
[root@server53 ~]# docker rm -f webserver
webserver
[root@server53 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
  1. 在server53上创建devops用户
[root@server53 ~]# useradd devops
[root@server53 ~]# id devops
uid=1000(devops) gid=1000(devops) groups=1000(devops)
[root@server53 ~]# echo westos | passwd --stdin devops
Changing password for user devops.
passwd: all authentication tokens updated successfully.
[root@server53 ~]# su - devops
[devops@server53 ~]$ whoami
devops
  1. 免密
    server52上的Jenkins生成公私钥。将公钥发送给server53的devops用户
[root@server52 yum.repos.d]# su - jenkins 
Last login: Sun May 16 10:00:03 CST 2021 on pts/0
-bash-4.2$ whoami 
jenkins
-bash-4.2$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/lib/jenkins/.ssh/id_rsa.
Your public key has been saved in /var/lib/jenkins/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3wgWmEsF4Io7ybx+V7ElnHJzsTcsivPovgBRAQ/4bhE jenkins@server52
The key's randomart image is:
+---[RSA 2048]----+
|.o.oo....        |
|. E.   + .       |
| o o. = o +      |
| .+. o O * +     |
|.o..  = S o .    |
|oo+  o = o o     |
|++ .  =   o .    |
| ....o .         |
|.o. ++.          |
+----[SHA256]-----+
-bash-4.2$ ssh-copy-id [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/jenkins/.ssh/id_rsa.pub"
The authenticity of host '172.25.21.53 (172.25.21.53)' can't be established.
ECDSA key fingerprint is SHA256:pDVMlne1o6BzdQs4hHFSykp2uF5AikPpjxB9HjgwoS4.
ECDSA key fingerprint is MD5:43:77:e7:0f:9f:5f:c8:d7:42:8b:9e:db:6c:46:ed:5a.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
  1. 权力下放
    远程登陆的是普通用户(server52的Jenkins),权限不足
    因此要实现权力下放
    给devops授权
[root@server53 ~]# visudo
devops  ALL=(ALL)       NOPASSWD: ALL
  1. server51——远程控制节点
    注意:server51上还有别的服务,因此,要注意服务之间不要冲突
  • server51写ansible的主配置文件
    远端访问用户改成devops
[root@server51 playbook]# vim ansible.cfg
[defaults]
command_warnings=False
remote_user=devops

[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
  • server51编写部署服务的配置文件
[root@server51 playbook]# ls
ansible.cfg  README.md
[root@server51 playbook]# vim playbook.yml
---
- hosts: all
  tasks:
  - name: install apache
    yum:
      name: httpd
      state: present
  - name: config apache
    template:
      src: httpd.conf.j2
      dest: /etc/httpd/conf/httpd.conf
    notify: restart apache
  - name: enable apache
    service:
      name: httpd
      state: started
      enabled: yes
  handlers:
  - name: restart apache
    service:
      name: httpd
      state: restarted
  • 注意,因为ansible部署服务的配置文件中设定要使用apache的配置文件,所以,作为生产环境的server53需要安装apache
    将server53上的apache配置文件scp到server51
[root@server53 ~]# yum install -y httpd
[root@server53 ~]# cd /etc/httpd/conf
[root@server53 conf]# ls
httpd.conf  magic
[root@server53 conf]# scp httpd.conf [email protected]:/root/playbook
  • server51创建模板文件
  • 创建清单inventry,在其中书写2个文件,分别包含生产环境的路径和测试环境的路径
    (注意端口不要冲突)
[root@server51 playbook]# ls
ansible.cfg  httpd.conf  playbook.yml  README.md
[root@server51 playbook]# mv httpd.conf httpd.conf.j2
[root@server51 playbook]# vim httpd.conf.j2 
#Listen 12.34.56.78:80
Listen {{ http_port }}

[root@server51 playbook]# mkdir inventry
[root@server51 playbook]# cd inventry/
[root@server51 inventry]# vim prod
[prod]
172.25.21.53 http_port=80

[root@server51 inventry]# vim test
[test]
172.25.21.51 http_port=8000
  • 上传
[root@server51 inventry]# git add .
[root@server51 inventry]# git status -s
A  prod
A  test
?? ../ansible.cfg
?? ../httpd.conf.j2
?? ../playbook.yml
[root@server51 inventry]# git commit -m "update playbook"
[master bc03547] update playbook
 2 files changed, 4 insertions(+)
 create mode 100644 inventry/prod
 create mode 100644 inventry/test
[root@server51 inventry]# git status -s
?? ../ansible.cfg
?? ../httpd.conf.j2
?? ../playbook.yml
[root@server51 inventry]# cd ..
[root@server51 playbook]# git add .
[root@server51 playbook]# git status -s
A  ansible.cfg
A  httpd.conf.j2
A  playbook.yml
[root@server51 playbook]# git commit -m "update playbook"
[master 2dd3384] update playbook
 3 files changed, 384 insertions(+)
 create mode 100644 ansible.cfg
 create mode 100644 httpd.conf.j2
 create mode 100644 playbook.yml
[root@server51 playbook]# git status -s
[root@server51 playbook]# git push -u origin master
Counting objects: 11, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (10/10), 5.48 KiB | 0 bytes/s, done.
Total 10 (delta 0), reused 0 (delta 0)
To [email protected]:root/playbook.git
   42cb41c..2dd3384  master -> master
Branch master set up to track remote branch master from origin.

7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第22张图片

  1. Jenkins新建ansible任务

  • 新建任务
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第23张图片

  • 源码管理
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第24张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第25张图片

  • General——参数化构建
    参数选项是上面设定的2个环境
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第26张图片

  • 构建
    执行shell
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第27张图片

cd $WORKSPACE
ansible-playbook -i inventry/$deploy  playbook.yml

-i:指定inventry下的定义的部署变量(prod和test)
注意,shell脚本中的workspace是server52上的/var/lib/jenkins/workspace
(每个项目都有对应的工作区,比如docker的工作区是/var/lib/jenkins/workspace/docker

  1. server51创建一个新的用户devops
[root@server51 playbook]# useradd devops
[root@server51 playbook]# echo westos | passwd --stdin devops
Changing password for user devops.
passwd: all authentication tokens updated successfully.
  • 免密
    server52上的Jenkins将公钥发送给server51的devops
-bash-4.2$ pwd
/var/lib/jenkins
-bash-4.2$ whoami 
jenkins
-bash-4.2$ ssh-copy-id [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/jenkins/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

-bash-4.2$ ssh [email protected]
[devops@server51 ~]$ pwd
/home/devops
  • server51权力下方
[root@server51 playbook]# visudo 
devops  ALL=(ALL)       NOPASSWD: ALL
  1. 选择test环境,手动执行
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第28张图片
  • web界面
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第29张图片
    (如果有报错,就检查文件写的是否正确,然后记得git push)
    成功
[root@server51 playbook]# curl localhost:8000
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
	<head>
		<title>Test Page for the Apache HTTP Server on Red Hat Enterprise Linux</title>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
		<style type="text/css">
			/*<![CDATA[*/
			body {
				background-color: #fff;
				color: #000;
				font-size: 0.9em;
				font-family: sans-serif,helvetica;
				margin: 0;
				padding: 0;
			}
			:link {
				color: #c00;
			}
			:visited {
				color: #c00;
			}
			a:hover {
				color: #f50;
			}
			h1 {
				text-align: center;
				margin: 0;
				padding: 0.6em 2em 0.4em;
				background-color: #900;
				color: #fff;
				font-weight: normal;
				font-size: 1.75em;
				border-bottom: 2px solid #000;
			}
			h1 strong {
				font-weight: bold;
			}
			h2 {
				font-size: 1.1em;
				font-weight: bold;
			}
			hr {
				display: none;
			}
			.content {
				padding: 1em 5em;
			}
			.content-columns {
				/* Setting relative positioning allows for 
				absolute positioning for sub-classes */
				position: relative;
				padding-top: 1em;
			}
			.content-column-left {
				/* Value for IE/Win; will be overwritten for other browsers */
				width: 47%;
				padding-right: 3%;
				float: left;
				padding-bottom: 2em;
			}
			.content-column-left hr {
				display: none;
			}
			.content-column-right {
				/* Values for IE/Win; will be overwritten for other browsers */
				width: 47%;
				padding-left: 3%;
				float: left;
				padding-bottom: 2em;
			}
			.content-columns>.content-column-left, .content-columns>.content-column-right {
				/* Non-IE/Win */
			}
			img {
				border: 2px solid #fff;
				padding: 2px;
				margin: 2px;
			}
			a:hover img {
				border: 2px solid #f50;
			}
			/*]]>*/
		</style>
	</head>

	<body>
		<h1>Red Hat Enterprise Linux <strong>Test Page</strong></h1>

		<div class="content">
			<div class="content-middle">
				<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly.</p>
			</div>
			<hr />

			<div class="content-columns">
				<div class="content-column-left">
					<h2>If you are a member of the general public:</h2>

					<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.</p>

					<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>

					<p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to "[email protected]".</p>

					<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
					<hr />
				</div>

				<div class="content-column-right">
					<h2>If you are the website administrator:</h2>

					<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>

                                        <p>You are free to use the image below on web sites powered by the Apache HTTP Server:</p>
					
                                        <p align="center"><a href="http://httpd.apache.org/"><img src="/icons/apache_pb2.gif" alt="[ Powered by Apache ]"/></a></p>

				</div>
			</div>
		</div>
	</body>
</html>
  1. 完善ansible,要求自动生成apache页面
  • 创建一个首页
  • 修改ansible的执行文件
[root@server51 playbook]# ls
ansible.cfg  httpd.conf.j2  inventry  playbook.yml  README.md
[root@server51 playbook]# vim playbook.yml 
---
- hosts: all
  tasks:
  - name: install apache
    yum:
      name: httpd
      state: present
  - name: config apache
    template:
      src: httpd.conf.j2
      dest: /etc/httpd/conf/httpd.conf
    notify: restart apache
  - name: enable apache
    service:
      name: httpd
      state: started
      enabled: yes
  - name: create index.html			//创建新的发布页面
    lineinfile:
      path: /var/www/html/index.html
      create: yes
      line: "{{ ansible_hostname }}"
  handlers:
  - name: restart apache
    service:
      name: httpd
      state: restarted

[root@server51 playbook]# git commit -a -m "update playbook.yml"
[master 6e80765] update playbook.yml
 1 file changed, 5 insertions(+)
[root@server51 playbook]# git push -u origin master
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 383 bytes | 0 bytes/s, done.
Total 3 (delta 2), reused 0 (delta 0)
To [email protected]:root/playbook.git
   f0f3825..6e80765  master -> master
Branch master set up to track remote branch master from origin.
  • 手动执行:test环境
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第30张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第31张图片
  • curl命令查看
[root@server51 playbook]# curl localhost:8000
server51
  1. 生产环境prod
    为什么要使用server53上主机的apache主配置文件,因为server53要作为生产环境
    根据就是之前编写的环境文件里写的是172.25.21.53:80
  • web界面
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第32张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第33张图片
  • curl命令查看
[root@server51 playbook]# curl 172.25.21.53
server53

5. 部署企业级的仓库(Jenkins结合harbor)

企业级的仓库:有加密,有认证,之前的仓库都没有

server53作为仓库

  1. 部署环境
[root@server53 ~]# ls
docker-compose-Linux-x86_64-1.27.0  harbor-offline-installer-v1.10.1.tgz
[root@server53 ~]# mv docker-compose-Linux-x86_64-1.27.0 /usr/local/bin/docker-compose
[root@server53 ~]# chmod +x /usr/local/bin/docker-compose
[root@server53 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz
  1. 激活证书
  • 进入harbor目录,编辑主配置文件
    保证证书位置一致
[root@server53 ~]# ls
harbor  harbor-offline-installer-v1.10.1.tgz
[root@server53 ~]# cd harbor/
[root@server53 harbor]# ls
common.sh  harbor.v1.10.1.tar.gz  harbor.yml  install.sh  LICENSE  prepare
[root@server53 harbor]# vim harbor.yml
hostname: reg.westos.org

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /data/certs/westos.org.crt
  private_key: /data/certs/westos.org.key
harbor_admin_password: westos
  • 创建证书
[root@server53 harbor]# cd /data/
[root@server53 data]# mkdir certs
[root@server53 data]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
Generating a 4096 bit RSA private key
...................................................................................................................................................................................................++
..........................................................................................................................................................................++
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:reg.westos.org
Email Address []:[email protected]
[root@server53 data]# cd certs/
[root@server53 certs]# ls
westos.org.crt  westos.org.key
  1. 因为之前做参数化构建实验,server53上运行着apache服务,占用了80端口。所以,记得关闭apache,为了避免端口冲突。部署harbor需要用到80端口
[root@server53 certs]# systemctl disable --now httpd.service 
Removed symlink /etc/systemd/system/multi-user.target.wants/httpd.service.
  1. 部署harbor仓库
[root@server53 ~]# cd harbor/
[root@server53 harbor]# ls
common.sh  harbor.v1.10.1.tar.gz  harbor.yml  install.sh  LICENSE  prepare
[root@server53 harbor]# ./install.sh 
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db     ... done
Creating harbor-portal ... done
Creating redis         ... done
Creating registry      ... done
Creating registryctl   ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
  1. 删除不需要的镜像
[root@server52 yum.repos.d]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
9dbc5071a78e        registry            "/entrypoint.sh /etc…"   6 hours ago         Up 6 hours          0.0.0.0:5000->5000/tcp   registry
[root@server52 yum.repos.d]# docker rm -f registry
registry
  1. 查看各模块的状态。要求都是UP的状态
[root@server53 harbor]# docker-compose ps
      Name                    Command                 State                  Ports            
----------------------------------------------------------------------------------------------
harbor-core         /harbor/harbor_core            Up (healthy)                               
harbor-db           /docker-entrypoint.sh          Up (healthy)   5432/tcp                    
harbor-jobservice   /harbor/harbor_jobservice      Up (healthy)                               
                    ...                                                                       
harbor-log          /bin/sh -c /usr/local/bin/     Up (healthy)   127.0.0.1:1514->10514/tcp   
                    ...                                                                       
harbor-portal       nginx -g daemon off;           Up (healthy)   8080/tcp                    
nginx               nginx -g daemon off;           Up (healthy)   0.0.0.0:80->8080/tcp,       
                                                                  0.0.0.0:443->8443/tcp       
redis               redis-server /etc/redis.conf   Up (healthy)   6379/tcp                    
registry            /home/harbor/entrypoint.sh     Up (healthy)   5000/tcp                    
registryctl         /home/harbor/start.sh          Up (healthy)

  1. web界面测试:访问53的80端口,会重定向到443端口
    企业级仓库部署完毕
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第34张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第35张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第36张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第37张图片

  2. 如何在harbor仓库中放入镜像

  • 下载镜像到docker主机
[root@foundation21 images]# scp game2048.tar [email protected]:
  • 导入docker引擎
[root@server52 ~]# ls
game2048.tar  index.html  jdk-8u171-linux-x64.rpm  jenkins-2.293-1.1.noarch.rpm
[root@server52 ~]# docker load -i game2048.tar 
011b303988d2: Loading layer   5.05MB/5.05MB
36e9226e74f8: Loading layer  51.46MB/51.46MB
192e9fad2abc: Loading layer  3.584kB/3.584kB
6d7504772167: Loading layer  4.608kB/4.608kB
88fca8ae768a: Loading layer  629.8kB/629.8kB
Loaded image: game2048:latest
[root@server52 ~]# docker images | grep game
game2048                   latest              19299002fdbe        4 years ago         55.5MB
  • 写好解析
[root@server52 ~]# vim /etc/hosts
172.25.21.53    server53        reg.westos.org
  • 把这个镜像推送到这个仓库reg.westos.org的library项目中
[root@server52 ~]# docker images game2048
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
game2048            latest              19299002fdbe        4 years ago         55.5MB
[root@server52 ~]# docker tag game2048:latest reg.westos.org/library/game2048:latest
  • 上传,出现第一个报错:访问harbor是需要一个证书的,因为当前走的是443端口
[root@server52 ~]# docker push reg.westos.org/library/game2048:latest
The push refers to repository [reg.westos.org/library/game2048]
Get https://reg.westos.org/v2/: x509: certificate signed by unknown authority

解决方法:获取证书
创建一个/etc/docker/certs.d的目录,在其中创建reg的目录,用来存放该仓库的证书

[root@server52 ~]# cd /etc/docker/
[root@server52 docker]# ls
key.json
[root@server52 docker]# mkdir certs.d
[root@server52 docker]# cd certs.d/
[root@server52 certs.d]# mkdir reg.westos.org
[root@server52 certs.d]# cd reg.westos.org/

将harbor主机的证书发送给docker主机

[root@server53 harbor]# cd /data/
[root@server53 data]# ls
ca_download  certs  database  job_logs  psc  redis  registry  secret
[root@server53 data]# cd certs/
[root@server53 certs]# ls
westos.org.crt  westos.org.key
[root@server53 certs]# scp westos.org.crt server52:/etc/docker/certs.d/reg.westos.org/ca.crt
The authenticity of host 'server52 (172.25.21.52)' can't be established.
ECDSA key fingerprint is SHA256:5MeIHED928GSroSsK9KPHYQnw6xIzXiwAsOpWvGjlQQ.
ECDSA key fingerprint is MD5:ed:12:13:da:9c:47:75:73:ac:42:cf:7c:a4:8b:52:3d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server52,172.25.21.52' (ECDSA) to the list of known hosts.
root@server52's password: 
westos.org.crt                                              100% 2106     3.0MB/s   00:00
  • 上传,出现第二个报错:没有权限访问
[root@server52 reg.westos.org]# ls
ca.crt
[root@server52 reg.westos.org]# docker push reg.westos.org/library/game2048:latest
The push refers to repository [reg.westos.org/library/game2048]
88fca8ae768a: Preparing 
6d7504772167: Preparing 
192e9fad2abc: Preparing 
36e9226e74f8: Preparing 
011b303988d2: Preparing 
denied: requested access to the resource is denied

解决方法:授权登录

[root@server52 reg.westos.org]# docker login reg.westos.org
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

  • 总结:先认证,再授权

  • 上传成功
    (此时,还没有和Jenkins结合)
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第38张图片

5.1 Jenkins和harbor仓库结合

  1. 拉取镜像
  • 先做好解析
[root@server53 harbor]# vim /etc/hosts
172.25.21.53    server53        reg.westos.org
  • 证书
[root@server53 harbor]# cd /etc/docker/
[root@server53 docker]# ls
daemon.json  key.json
[root@server53 docker]# mkdir certs.d
[root@server53 docker]# cd certs.d/
[root@server53 certs.d]# mkdir reg.westos.org
[root@server53 certs.d]# cd reg.westos.org/
[root@server53 reg.westos.org]# cp /data/certs/westos.org.crt ca.crt
[root@server53 reg.westos.org]# ls
ca.crt
  • 拉取
[root@server53 reg.westos.org]# cd
[root@server53 ~]# docker pull reg.westos.org/library/game2048:latest
latest: Pulling from library/game2048
534e72e7cedc: Pull complete 
f62e2f6dfeef: Pull complete 
fe7db6293242: Pull complete 
3f120f6a2bf8: Pull complete 
4ba4e6930ea5: Pull complete 
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for reg.westos.org/library/game2048:latest
reg.westos.org/library/game2048:latest
  1. 运行2048的镜像
[root@server53 ~]# docker run -d --name game2048 -p 8080:80 reg.westos.org/library/game2048
d12fef277b0ab12668ea6104cc996643e3d359eef4d4e71de5b74b7a9ca4a087

7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第39张图片成功之后,删除该镜像

[root@server53 ~]# docker rm -f game2048 
game2048

【以上是手动部署harbor仓库】

5.2 Jenkins自动化构建harbor仓库

  1. test项目负责镜像构建
    推送镜像到远端,要求仓库加密
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第40张图片
  • 添加凭据
    使用用户名和密码
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第41张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第42张图片
    因为test运行,docker就会被触发。所以,先禁用docker项目
    在这里插入图片描述
  1. 触发test项目
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第43张图片7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第44张图片
  • harbor的web界面
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第45张图片
  1. 启用docker
  • 修改/etc/dacker/daemon.json文件。docker访问的是reg.westos.org这个仓库
[root@server53 ~]# cd -
/etc/docker
[root@server53 docker]# vim daemon.json 
{
        "registry-mirrors": ["https://reg.westos.org"]
}

[root@server53 docker]# systemctl reload docker.service 
[root@server53 docker]# docker info
Client:
 Debug Mode: false

Server:
 Containers: 9
  Running: 9
  Paused: 0
  Stopped: 0
 Images: 18
 Server Version: 19.03.15
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
 runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.el7.x86_64
 Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 991MiB
 Name: server53
 ID: V7A2:C2XE:VT46:FWHN:5PZ2:GUBD:74N2:T6HG:BBT4:CF3O:7XFN:WNTI
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  172.25.21.52:5000
  127.0.0.0/8
 Registry Mirrors:
  https://reg.westos.org/
 Live Restore Enabled: false
  • 确保没有webserver镜像,才可以拉取webserver
[root@server53 docker]# docker images | grep webserver
172.25.21.52:5000/webserver       latest                           b92fb520afb0        6 hours ago         133MB
[root@server53 docker]# docker rmi 172.25.21.52:5000/webserver:latest
Untagged: 172.25.21.52:5000/webserver:latest
Untagged: 172.25.21.52:5000/webserver@sha256:2b8eea0aa6aa7d15ed382ed583a80e65f94f96c7193a46cfcae940d9e4b3907a
Deleted: sha256:b92fb520afb0a6fe3bac4a3715c6eea3011a87e9402a50b0c9ea3cfa8a56db70
Deleted: sha256:2604841ece4e84311aa5f11b798901049493801af924c2005d3e4893817f4da7
Deleted: sha256:60f61ee7da08c2a5c5f6a76c1f2926f50ba1d01d8ec4af9afb8fdcd3d97ef6f9
Deleted: sha256:affa58c5a9d1d907c11d8589d4e08d2dc8e4e6b71b141269405a2e67d0a8b011
Deleted: sha256:6b1533d42f38a9c55cad97d4e01c03756ab82b61798b6c4f4bc9122093bb6ebd
Deleted: sha256:5c3e94c8305f2a4158258725fe33d2451842c13a97c76f02042a7a7e0aa3799a
Deleted: sha256:adda6567aeaa86913f56f0e4647032e1d9347bd63ed98a320f904c71df2637c1
Deleted: sha256:02c055ef67f5904019f43a41ea5f099996d8e7633749b6e606c400526b2c4b33
  1. 修改docker项目的shell脚本
docker ps -a | grep webserver && docker rm -f webserver
sleep 1
docker rmi webserver:latest
sleep 1
docker run -d --name webserver webserver:latest

7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第46张图片

  1. 触发docker
    7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第47张图片部署成功
[root@server53 docker]# docker images | grep webserver
webserver                         latest                           b92fb520afb0        6 hours ago         133MB
[root@server53 docker]# ip addr show docker0
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:4a:25:dc:d6 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:4aff:fe25:dcd6/64 scope link 
       valid_lft forever preferred_lft forever

[root@server53 docker]# docker inspect webserver
                   "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null

[root@server53 docker]# curl 172.17.0.2
www.linux.org
www.linux.org
www.linux.org
www.linux.org
www.linux.org
www.linux.org

7.4 CI/CD 持续集成/持续交付_Jenkins部署远程仓库和企业级仓库 Jenkins实现参数化构建_第48张图片

你可能感兴趣的:(企业实战,docker,jenkins)

  • PHP环境搭建详细教程 好看资源平台 前端php
    PHP是一个流行的服务器端脚本语言,广泛用于Web开发。为了使PHP能够在本地或服务器上运行,我们需要搭建一个合适的PHP环境。本教程将结合最新资料,介绍在不同操作系统上搭建PHP开发环境的多种方法,包括Windows、macOS和Linux系统的安装步骤,以及本地和Docker环境的配置。1.PHP环境搭建概述PHP环境的搭建主要分为以下几类:集成开发环境:例如XAMPP、WAMP、MAMP,这
  • docker igotyback eureka云原生
    Docker容器的文件系统是隔离的,但是可以通过挂载卷(Volumes)或绑定挂载(BindMounts)将宿主机的文件系统目录映射到容器内部。要查看Docker容器的映射路径,可以使用以下方法:查看容器配置:使用dockerinspect命令可以查看容器的详细配置信息,包括挂载的卷。例如:bashdockerinspect在输出的JSON格式中,查找"Mounts"部分,这里会列出所有的挂载信息
  • Some jenkins settings SnC_
    Jenkins连接到特定gitlabproject的特定branch我采用的方法是在pipeline的script中使用git命令来指定branch。如下:stage('Clonerepository'){steps{gitbranch:'develop',credentialsId:'gitlab-credential-id',url:'http://gitlab.com/repo.git'}}
  • 06选课支付模块之基于消息队列发送支付通知消息 echo 云清 学成在线javarabbitmq消息队列支付通知学成在线
    消息队列发送支付通知消息需求分析订单服务作为通用服务,在订单支付成功后需要将支付结果异步通知给其他对接的微服务,微服务收到支付结果根据订单的类型去更新自己的业务数据技术方案使用消息队列进行异步通知需要保证消息的可靠性即生产端将消息成功通知到服务端:消息发送到交换机-->由交换机发送到队列-->消费者监听队列,收到消息进行处理,参考文章02-使用Docker安装RabbitMQ-CSDN博客生产者确
  • Ubuntu18.04 Docker部署Kinship(Django)项目过程 Dante617
    1Docker的安装https://blog.csdn.net/weixin_41735055/article/details/1003551792下载镜像dockerpullprogramize/python3.6.8-dlib下载的镜像里包含python3.6.8和dlib19.17.03启动镜像dockerrun-it--namekinship-p7777:80-p3307:3306-p55
  • docker from指令的含义_多个FROM-含义 weixin_39722188 dockerfrom指令的含义
    小编典典什么是基本图片?一组文件,加上EXPOSE端口ENTRYPOINT和CMD。您可以添加文件并基于该基础图像构建新图像,Dockerfile并以FROM指令开头:后面提到的图像FROM是新图像的“基础图像”。这是否意味着如果我neo4j/neo4j在FROM指令中声明,则在运行映像时,neo数据库将自动运行并且可在端口7474的容器中使用?仅当您不覆盖CMD和时ENTRYPOINT。但是图像
  • Dockerfile FROM 两个 redDelta
    Docker相关视频讲解:什么是容器Docker介绍实现"DockerfileFROM两个"的步骤步骤表格步骤操作1创建一个Dockerfile文件2写入FROM指令3构建第一个镜像4创建第二个Dockerfile文件5写入FROM指令6构建第二个镜像7合并两个镜像操作步骤说明步骤1:创建一个Dockerfile文件使用任意文本编辑器创建一个名为Dockerfile的文件。登录后复制#Docker
  • Dockerfile命令详解之 FROM 清风怎不知意 容器化java前端javascript
    许多同学不知道Dockerfile应该如何写,不清楚Dockerfile中的指令分别有什么意义,能达到什么样的目的,接下来我将在容器化专栏中详细的为大家解释每一个指令的含义以及用法。专栏订阅传送门https://blog.csdn.net/qq_38220908/category_11989778.html指令不区分大小写。但是,按照惯例,它们应该是大写的,以便更容易地将它们与参数区分开来。(引用
  • Dockerfile(1) - FROM 指令详解 小菠萝测试笔记 dockerpythonjavacmd大数据
    FROM指明当前的镜像基于哪个镜像构建dockerfile必须以FROM开头,除了ARG命令可以在FROM前面FROM[--platform=][AS]FROM[--platform=][:][AS]FROM[--platform=][@][AS]小栗子FROMalpine:latest一个dockerfile可以有多个FROM可以有多个FROM来创建多个镜像,或区分构建阶段,将一个构建阶段作为另
  • 【从问题中去学习k8s】k8s中的常见面试题(夯实理论基础)(二十八) 向往风的男子 k8s学习kubernetes容器
    本站以分享各种运维经验和运维所需要的技能为主《python零基础入门》:python零基础入门学习《python运维脚本》:python运维脚本实践《shell》:shell学习《terraform》持续更新中:terraform_Aws学习零基础入门到最佳实战《k8》从问题中去学习k8s《docker学习》暂未更新《ceph学习》ceph日常问题解决分享《日志收集》ELK+各种中间件《运维日常》
  • 【K8s】专题十一:Kubernetes 集群证书过期处理方法 行者Sun1989 Kuberneteskubernetes云原生容器
    本文内容均来自个人笔记并重新梳理,如有错误欢迎指正!如果对您有帮助,烦请点赞、关注、转发、订阅专栏!专栏订阅入口Linux专栏|Docker专栏|Kubernetes专栏往期精彩文章【Docker】(全网首发)KylinV10下MySQL容器内存占用异常的解决方法【Docker】(全网首发)KylinV10下MySQL容器内存占用异常的解决方法(续)【Docker】MySQL源码构建Docker镜
  • Docker学习十一:Kubernetes概述 爱打羽球的程序猿 Docker学习系列dockerkubernetes学习
    一、Kubernetes简介2006年,Google提出了云计算的概念,当时的云计算领域还是以虚拟机为代表的云平台。2013年,Docker横空出世,Docker提出了镜像、仓库等核心概念,规范了服务的交付标准,使得复杂服务的落地变得更加简单,之后Docker又定义了OCI标准,Docker在容器领域称为事实的标准。但是,Docker诞生只是帮助定义了开发和交付标准,如果想要在生产环境中大批量的使
  • 安装 `privoxy` 将 Socks5 转换为 HTTP 代理 MonkeyKing.sun 网络
    (base)shgbitai@shgbitai-C9X299-PGF:~/tools$curl-xhttp://127.0.0.1:1080https://registry-1.docker.io/v2/curl:(56)ProxyCONNECTaborted(base)shgbitai@shgbitai-C9X299-PGF:~/tools$curl-xhttps://127.0.0.1:108
  • Halo 开发者指南——容器私有化部署 SHENHUANJIE DockerHalo华为云SWRRegistry
    华为云SWR私有化部署镜像构建dockerbuild-thalo-dev/halo:2.20.0.上传镜像镜像标签sudodockertag{镜像名称}:{版本名称}swr.cn-south-1.myhuaweicloud.com/{组织名称}/{镜像名称}:{版本名称}sudodockertaghalo-dev/halo:2.20.0swr.cn-south-1.myhuaweicloud.co
  • SpringBoot整合ES搜索引擎 实现网站热搜词及热度计算 码踏云端 springbootElasticsearchspringbootelasticsearch后端热搜词热度计算java
    博主简介:历代文学网(PC端可以访问:https://literature.sinhy.com/#/literature?__c=1000,移动端可微信小程序搜索“历代文学”)总架构师,15年工作经验,精通Java编程,高并发设计,Springboot和微服务,熟悉Linux,ESXI虚拟化以及云原生Docker和K8s,热衷于探索科技的边界,并将理论知识转化为实际应用。保持对新技术的好奇心,乐于
  • 小白 | 华为云docker设置镜像加速器 伏一 工具安装华为云docker容器
    一、操作场景通过dockerpull命令下载镜像中心的公有镜像时,往往会因为网络原因而需要很长时间,甚至可能因超时而下载失败。为此,容器镜像服务提供了镜像下载加速功能,帮助您获得更快的下载体验。二、约束与限制构建镜像的客户端所安装的容器引擎(Docker)版本必须为1.11.2及以上。“华北-乌兰察布一”、“亚太-雅加达”、“拉美-墨西哥城一”、“拉美-墨西哥城二”和“拉美-圣保罗一”区域不支持该
  • docker改容器IP的两种方法 redmond88 linuxdockertcp/ip容器
    最简单实用的方法:docker默认的内网网段为172.17.0.0/16,如果公司内网网段也是172.17.x.x的话,就会发生路由冲突。解决办法改路由比较办法,可以一开始就将docker配置的bip改成169.254.0.1/24,可以避免冲突。在daemon配置文件里加个"bip":“169.254.0.1/24”,重启docker就可以了1234[root@st-dev6~]#vim/etc
  • docker 安装、运行nginx shell脚本 三希 dockernginx容器
    以下是一个简单的用于安装和运行DockerNginx的shell脚本:bash#!/bin/bash#安装Docker(如果还未安装)#请根据实际情况调整安装命令#拉取Nginx镜像dockerpullnginx#运行Nginx容器dockerrun-d--namemynginx-p80:80nginx
  • docker项目切换(nginx)、重启shell 脚本 懒惰的小蜗牛 dockerdockernginx容器
    docker项目切换、重启脚本背景具体操作nginx配置配置文件1配置文件2编写nginx替换脚本(用来执行端口替换)编写启动脚本dockerfile文件正常编写给脚本授权执行./start脚本背景项目部署docker中,更新项目时,需要将原原来的容器停止,再启动新的容器,这样会有一个空窗期,导致不可用解决方案:映射不同的端口并启动新的容器,将nginx转发到新容器,停止旧容器具体操作说明ngin
  • FastCGI结合docker下的Nginx执行shell脚本 南波波 nginxdocker
    1使用docker下载Nginx下面展示一些内联代码片。a.#dockerpullnginx#dockerrun--namerunoob-php-nginx-p8088:80-d\-v~/nginx/www:/usr/share/nginx/html:ro\-v~/nginx/conf/conf.d:/etc/nginx/conf.d:ro\nginxb.在~/nginx/conf/conf.d创
  • 【docker npm】npm 私库 琴 韵 dockernpm容器
    1.部署环境window11x64DockerDesktop4.34.1(166053)DockerEnginev27.2.01.1.Docker镜像源1.1.1.DockerEngine配置{"builder":{"features":{"buildkit":true},"gc":{"defaultKeepStorage":"32GB","enabled":true}},"experimenta
  • Docker安装Kafka和Kafka-Manager 阿靖哦
    本文介绍如何通过Docker安装kafka与kafka界面管理界面一、拉取zookeeper由于kafka需要依赖于zookeeper,因此这里先运行zookeeper1、拉取镜像dockerpullwurstmeister/zookeeper2、启动dockerrun-d--namezookeeper-p2181:2181-eTZ="Asia/Shanghai"--restartalwayswu
  • 主流行架构 rainbowcheng 架构架构
    nexus,gitlab,svn,jenkins,sonar,docker,apollo,catteambition,axure,蓝湖,禅道,WCP;redis,kafka,es,zookeeper,dubbo,shardingjdbc,mysql,InfluxDB,Telegraf,Grafana,Nginx,xxl-job,Neo4j,NebulaGraph是一个高性能的,NOSQL图形数据库
  • 单节点canal的介绍和搭建(对接mysql和rocketMQ) 汀风 中间件阿里云mysqljava
    单节点canal-server+canal-admin的介绍和搭建(对接mysql和rocketMQ)一、简介1、Canal1、工作原理2、MySQL主从复制实现3、canal架构4、binarylog1、新增binlog2、更新binglog3、增加字段bin-log4、删除字段bin-log5、修改字段bin-log二、使用2.1安装1、本地安装2、docker安装canal-admincan
  • 【大模型】triton inference server idiotyi 大模型自然语言处理语言模型人工智能
    前言:tritoninferenceserver常用于大模型部署,可以采用http或GRPC调用,支持大部分的backend,单GPU、多GPU都可以支持,CPU也支持。本文主要是使用tritoninferenceserver部署大模型的简单流程示例。目录1.整体流程2.搭建本地仓库3.服务端代码4.启动服务5.客户端调用1.整体流程搭建模型仓库模型配置服务端调用代码docker启动服务客户端调用
  • 基于Prometheus和Grafana的现代服务器监控体系构建 golove666 运维prometheusgrafana服务器
    构建一个基于Prometheus和Grafana的现代服务器监控体系涉及多个步骤。以下是大体的流程和步骤说明:1.Prometheus监控系统Prometheus是一个开源的系统监控和报警工具,专门设计用于抓取时间序列数据。1.1Prometheus的安装Docker安装Prometheusdockerrun-d--name=prometheus-p9090:9090prom/prometheus
  • 手把手教你企业微信SCRM源码下载和私有化部署教程 MoChat-1号 php微信微信公众平台微信开放平台
    服务器要求MoChat对系统环境有一些要求,仅可运行于Linux和Mac环境下,但由于Docker虚拟化技术的发展,在Windows下也可以通过DockerforWindows来作为运行环境,通常来说Mac环境下,我们更推荐本地环境部署,以避免Docker共享磁盘缓慢导致MoChat启动速度慢的问题。提示MoChat基于Docker-compose方式的安装视频https://www.bilibi
  • Docker 常用命令 C语言扫地僧 Linux专栏docker容器
    1Docker镜像命令1.1dockerimages#语法dockerimages[OPTIONS][REPOSITORY[:TAG]]#别名dockerimagels,dockerimagelist功能列出本地镜像。关键参数-a:列出本地所有的镜像(含中间映像层,默认情况下,过滤掉中间映像层);--digests:显示镜像的摘要信息;-f:显示满足条件的镜像;--format:指定返回值的模板文
  • Docker 安装配置和基本命令详解以及案例示范 J老熊 docker容器运维面试linux
    1.引言容器化技术的快速发展给软件开发和运维带来了革命性的变化,Docker作为这一领域的领军者,已经成为软件开发和部署流程中的重要工具。Docker的轻量化、快速启动和高效资源利用让开发者能够在不同的环境中实现一致的开发体验。本篇文章将详细讲解如何在CentOS系统中安装Docker,如何配置阿里云镜像加速,Docker的基本命令和语法,以及通过实际的电商交易系统案例来演示如何在Docker环境
  • docker镜像的批量备份和加载 小卡车555 docker
    随着微服务的不断发展,docker在微服务的部署中也占着不可缺少的角色,有这样一种场景,需要将服务器上的若干个最新的镜像打成tar.gz做一个备份或者异地部署。针对此问题尝试写了如下shell脚本#vimsaveImages.sh脚本内容如下:#当前需要打包的版本号version=xxx.0.0.1-RELEASE#仓库rep=defaultRep#名称name=defaultNameforiin
  • 对于规范和实现,你会混淆吗? yangshangchuan HotSpot
    昨晚和朋友聊天,喝了点咖啡,由于我经常喝茶,很长时间没喝咖啡了,所以失眠了,于是起床读JVM规范,读完后在朋友圈发了一条信息: JVM Run-Time Data Areas:The Java Virtual Machine defines various run-time data areas that are used during execution of a program. So
  • android 网络 百合不是茶 网络
    android的网络编程和java的一样没什么好分析的都是一些死的照着写就可以了,所以记录下来  方便查找   ,  服务器使用的是TomCat   服务器代码;  servlet的使用需要在xml中注册 package servlet; import java.io.IOException; import java.util.Arr
  • [读书笔记]读法拉第传 comsci 读书笔记
          1831年的时候,一年可以赚到1000英镑的人..应该很少的...       要成为一个科学家,没有足够的资金支持,很多实验都无法完成       但是当钱赚够了以后....就不能够一直在商业和市场中徘徊......
  • 随机数的产生 沐刃青蛟 随机数
    c++中阐述随机数的方法有两种:   一是产生假随机数(不管操作多少次,所产生的数都不会改变)          这类随机数是使用了默认的种子值产生的,所以每次都是一样的。   //默认种子 for (int i = 0; i < 5; i++) { cout<<
  • PHP检测函数所在的文件名 IT独行者 PHP函数
    很简单的功能,用到PHP中的反射机制,具体使用的是ReflectionFunction类,可以获取指定函数所在PHP脚本中的具体位置。 创建引用脚本。 代码:   [php]   view plain copy // Filename: functions.php    <?php&nbs
  • 银行各系统功能简介 文强chu 金融
    银行各系统功能简介   业务系统 核心业务系统 业务功能包括:总账管理、卡系统管理、客户信息管理、额度控管、存款、贷款、资金业务、国际结算、支付结算、对外接口等 清分清算系统 以清算日期为准,将账务类交易、非账务类交易的手续费、代理费、网络服务费等相关费用,按费用类型计算应收、应付金额,经过清算人员确认后上送核心系统完成结算的过程 国际结算系
  • Python学习1(pip django 安装以及第一个project) 小桔子 pythondjangopip
        最近开始学习python,要安装个pip的工具。听说这个工具很强大,安装了它,在安装第三方工具的话so easy!然后也下载了,按照别人给的教程开始安装,奶奶的怎么也安装不上! 第一步:官方下载pip-1.5.6.tar.gz, https://pypi.python.org/pypi/pip easy! 第二部:解压这个压缩文件,会看到一个setup.p
  • php 数组 aichenglong PHP排序数组循环多维数组
    1 php中的创建数组 $product = array('tires','oil','spark');//array()实际上是语言结构而不  是函数 2 如果需要创建一个升序的排列的数字保存在一个数组中,可以使用range()函数来自动创建数组 $numbers=range(1,10)//1 2 3 4 5 6 7 8 9 10 $numbers=range(1,10,
  • 安装python2.7 AILIKES python
    安装python2.7 1、下载可从 http://www.python.org/进行下载#wget https://www.python.org/ftp/python/2.7.10/Python-2.7.10.tgz 2、复制解压 #mkdir -p /opt/usr/python #cp  /opt/soft/Python-2
  • java异常的处理探讨 百合不是茶 JAVA异常
    //java异常  /* 1,了解java 中的异常处理机制,有三种操作 a,声明异常  b,抛出异常  c,捕获异常 2,学会使用try-catch-finally来处理异常 3,学会如何声明异常和抛出异常 4,学会创建自己的异常   */   //2,学会使用try-catch-finally来处理异常  
  • getElementsByName实例 bijian1013 element
    实例1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/x
  • 探索JUnit4扩展:Runner bijian1013 java单元测试JUnit
            参加敏捷培训时,教练提到Junit4的Runner和Rule,于是特上网查一下,发现很多都讲的太理论,或者是举的例子实在是太牵强。多搜索了几下,搜索到两篇我觉得写的非常好的文章。         文章地址:http://www.blogjava.net/jiangshachina/archive/20
  • [MongoDB学习笔记二]MongoDB副本集 bit1129 mongodb
    1. 副本集的特性   1)一台主服务器(Primary),多台从服务器(Secondary)   2)Primary挂了之后,从服务器自动完成从它们之中选举一台服务器作为主服务器,继续工作,这就解决了单点故障,因此,在这种情况下,MongoDB集群能够继续工作   3)挂了的主服务器恢复到集群中只能以Secondary服务器的角色加入进来   2
  • 【Spark八十一】Hive in the spark assembly bit1129 assembly
    Spark SQL supports most commonly used features of HiveQL. However, different HiveQL statements are executed in different manners: 1. DDL statements (e.g. CREATE TABLE, DROP TABLE, etc.)
  • Nginx问题定位之监控进程异常退出 ronin47
    nginx在运行过程中是否稳定,是否有异常退出过?这里总结几项平时会用到的小技巧。 1. 在error.log中查看是否有signal项,如果有,看看signal是多少。 比如,这是一个异常退出的情况: $grep signal error.log 2012/12/24 16:39:56 [alert] 13661#0: worker process 13666 exited on s
  • No grammar constraints (DTD or XML schema).....两种解决方法 byalias xml
    方法一:常用方法   关闭XML验证 工具栏:windows => preferences => xml => xml files => validation => Indicate when no grammar is specified:选择Ignore即可。 方法二:(个人推荐) 添加 内容如下 <?xml version=
  • Netty源码学习-DefaultChannelPipeline bylijinnan netty
    package com.ljn.channel; /** * ChannelPipeline采用的是Intercepting Filter 模式 * 但由于用到两个双向链表和内部类,这个模式看起来不是那么明显,需要仔细查看调用过程才发现 * * 下面对ChannelPipeline作一个模拟,只模拟关键代码: */ public class Pipeline {
  • MYSQL数据库常用备份及恢复语句 chicony mysql
    备份MySQL数据库的命令,可以加选不同的参数选项来实现不同格式的要求。 mysqldump -h主机 -u用户名 -p密码 数据库名 > 文件 备份MySQL数据库为带删除表的格式,能够让该备份覆盖已有数据库而不需要手动删除原有数据库。 mysqldump -–add-drop-table -uusername -ppassword databasename > ba
  • 小白谈谈云计算--基于Google三大论文 CrazyMizzz Google云计算GFS
        之前在没有接触到云计算之前,只是对云计算有一点点模糊的概念,觉得这是一个很高大上的东西,似乎离我们大一的还很远。后来有机会上了一节云计算的普及课程吧,并且在之前的一周里拜读了谷歌三大论文。不敢说理解,至少囫囵吞枣啃下了一大堆看不明白的理论。现在就简单聊聊我对于云计算的了解。     我先说说GFS   &n
  • hadoop 平衡空间设置方法 daizj hadoopbalancer
    在hdfs-site.xml中增加设置balance的带宽,默认只有1M: <property>   <name>dfs.balance.bandwidthPerSec</name>     <value>10485760</value>     <description&g
  • Eclipse程序员要掌握的常用快捷键 dcj3sjt126com 编程
      判断一个人的编程水平,就看他用键盘多,还是鼠标多。用键盘一是为了输入代码(当然了,也包括注释),再有就是熟练使用快捷键。 曾有人在豆瓣评 《卓有成效的程序员》:“人有多大懒,才有多大闲”。之前我整理了一个 程序员图书列表,目的也就是通过读书,让程序员变懒。  程序员作为特殊的群体,有的人可以这么懒,懒到事情都交给机器去做,而有的人又可以那么勤奋,每天都孜孜不倦得
  • Android学习之路 dcj3sjt126com Android学习
    转自:http://blog.csdn.net/ryantang03/article/details/6901459 以前有J2EE基础,接触JAVA也有两三年的时间了,上手Android并不困难,思维上稍微转变一下就可以很快适应。以前做的都是WEB项目,现今体验移动终端项目,让我越来越觉得移动互联网应用是未来的主宰。 下面说说我学习Android的感受,我学Android首先是看MARS的视
  • java 遍历Map的四种方法 eksliang javaHashMapjava 遍历Map的四种方法
    转载请出自出处: http://eksliang.iteye.com/blog/2059996 package com.ickes; import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; /** * 遍历Map的四种方式
  • 【精典】数据库相关相关 gengzg 数据库
    package C3P0; import java.sql.Connection; import java.sql.SQLException; import java.beans.PropertyVetoException; import com.mchange.v2.c3p0.ComboPooledDataSource; public class DBPool{
  • 自动补全 huyana_town 自动补全
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml&quo
  • jquery在线预览PDF文件,打开PDF文件 天梯梦 jquery
    最主要的是使用到了一个jquery的插件jquery.media.js,使用这个插件就很容易实现了。   核心代码 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.
  • ViewPager刷新单个页面的方法 lovelease androidviewpagertag刷新
      使用ViewPager做滑动切换图片的效果时,如果图片是从网络下载的,那么再子线程中下载完图片时我们会使用handler通知UI线程,然后UI线程就可以调用mViewPager.getAdapter().notifyDataSetChanged()进行页面的刷新,但是viewpager不同于listview,你会发现单纯的调用notifyDataSetChanged()并不能刷新页面
  • 利用按位取反(~)从复合枚举值里清除枚举值 草料场 enum
    以 C# 中的 System.Drawing.FontStyle 为例。   如果需要同时有多种效果, 如:“粗体”和“下划线”的效果,可以用按位或(|) FontStyle style = FontStyle.Bold | FontStyle.Underline;   如果需要去除 style 里的某一种效果,
  • Linux系统新手学习的11点建议 刘星宇 编程工作linux脚本
      随着Linux应用的扩展许多朋友开始接触Linux,根据学习Windwos的经验往往有一些茫然的感觉:不知从何处开始学起。这里介绍学习Linux的一些建议。   一、从基础开始:常常有些朋友在Linux论坛问一些问题,不过,其中大多数的问题都是很基础的。例如:为什么我使用一个命令的时候,系统告诉我找不到该目录,我要如何限制使用者的权限等问题,这些问题其实都不是很难的,只要了解了 Linu
  • hibernate dao层应用之HibernateDaoSupport二次封装 wangzhezichuan DAOHibernate
    /** * <p>方法描述:sql语句查询 返回List<Class> </p> * <p>方法备注: Class 只能是自定义类 </p> * @param calzz * @param sql * @return * <p>创建人:王川</p> * <p>创建时间:Jul
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他