Docker和CI/CD實戰

1、CICD和DevOps

前面已經瞭解了CI/CD,其實CI/CD已經存在多年了，只是最近軟件工程方面又提出了敏捷開發、DevOps，又把CI/CD炒火了。

那麼什麼是DevOps？DevOps和CI/CD有又什麼關係呢？

如下內容摘自https://en.wikipedia.org/wiki/DevOps

DevOps (a clipped compound of "development" and "operations") is a software development methodology that combines software development (Dev) with information technology operations (Ops). The goal of DevOps is to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.

DevOps(是由"development" and "operations"兩個單詞合成）是一個軟件開發工程的方法論，它包含了軟件開發和IT操做（測試和部署）。DevOps的目標是在持續交付、修改、更新時，緊密結合業務，旨在縮短系統開發的生命週期。

 

我這裏爲何提出DevOps呢？由於DevOps實際上是一套方法論，涵蓋了咱們將要說的CI/CD。從上圖能夠看出，DevOps包含了如下內容：

1. Coding – code development and review, source code management tools, code merging（代碼）
2. Building – continuous integration tools, build status（構建）
3. Testing – continuous testing tools that provide feedback on business risks（測試）
4. Packaging – artifact repository, application pre-deployment staging（打包）
5. Releasing – change management, release approvals, release automation（發版）
6. Configuring – infrastructure configuration and management, infrastructure as code tools（發佈）
7. Monitoring – applications performance monitoring, end-user experience（監控）

CI基本上包括了編碼、構建、測試、打包、發版。

CD基本上主要就是發佈。

2、CI/CD和Docker結合

結合Docker，咱們能夠快速實現CI/CD，固然有少不了版本管理和編譯工具。

 

具體流程以下：

流程解析：

1. 開發人員提交代碼到代碼庫（Git Push）
2. Jenkins從版本庫拉取最新代碼（Pull Code）
3. Jenkins經過Maven進行構建打包（Build Package）
4. 經過Docker將最新版本作成鏡像，並推算至鏡像倉庫（Push/Harbor）
5. 測試環境直接拉取最新版本鏡像，並部署到測試環境（Pull/Docker Build）

服務器分佈：

軟件環境：

 

3、實現

一、安裝Docker

Docker服務三臺機器上都須要安裝：

• 191上的Jenkins須要經過Docker編譯打包；
• 192上的Docker須要進行版本發佈，即將191上打好的最新版本包發佈到線上；
• 192上安裝Harbor須要依賴Docker；

Docker安裝過程在Docker安裝一文中有介紹，三步就搞定。

最後可以正常輸出docker info算是完成。

[root@localhost local]# docker info
Containers: 1
 Running: 1
 Paused: 0
 Stopped: 0
Images: 5
Server Version: 18.09.0
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-693.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.639GiB
Name: localhost.localdomain
ID: GUA5:BZVI:PA5N:7ASK:RZQN:I6VL:IGXE:XCRC:TBFN:7UFI:Y5WS:4O7L
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Registry Mirrors:
 https://registry.docker-cn.com/
Live Restore Enabled: false
Product License: Community Engine

　　

二、安裝Jenkins

在191服務器上安裝Jenkins，包括JDK、Tomcat、Maven環境的安裝。由於咱們會模擬一個java工程，經過maven進行編譯打包，經過Tomcat跑起來。

將apache-maven-3.5.0-bin.tar.gz、apache-tomcat-8.0.46.tar.gz、jdk-8u45-linux-x64.tar.gz解壓到/usr/local目錄下。

[root@localhost local]# ll
total 52
drwxr-xr-x  6 root root 4096 Dec 20 11:15 apache-maven-3.5.0
drwxr-xr-x  9 root root 4096 Dec 20 11:44 apache-tomcat-8.0.46
drwxr-xr-x. 2 root root 4096 Nov  5  2016 bin
drwxr-xr-x. 2 root root 4096 Nov  5  2016 etc
drwxr-xr-x. 2 root root 4096 Nov  5  2016 games
drwxr-xr-x. 2 root root 4096 Nov  5  2016 include
drwxr-xr-x  8   10  143 4096 Apr 11  2015 jdk1.8.0_45
drwxr-xr-x. 2 root root 4096 Nov  5  2016 lib
drwxr-xr-x. 2 root root 4096 Nov  5  2016 lib64
drwxr-xr-x. 2 root root 4096 Nov  5  2016 libexec
drwxr-xr-x. 2 root root 4096 Nov  5  2016 sbin
drwxr-xr-x. 5 root root 4096 Mar 19  2018 share
drwxr-xr-x. 2 root root 4096 Dec 20 09:35 src

　　

經過Docker運行Jenkins，Dockerfile以下：

FROM jenkins
USER root
RUN echo '' > /etc/apt/sources.list.d/jessie-backports.list && \
wget http://mirrors.163.com/.help/sources.list.jessie -O /etc/apt/sources.list
RUN apt-get update && apt-get install -y git libltdl-dev

　　使用線上的Jenkins基礎鏡像，替換apt源，初始化安裝git客戶端和libltdl-dev包

構建Jenkins鏡像：

docker build -t jenkins:v1 .

　　

啓動Jenkins

docker run -d --name jenkins -p 8080:8080 \
-v /var/jenkins_home/:/var/jenkins_home \
-v /usr/local/apache-maven-3.5.0:/usr/local/maven \
-v /usr/local/jdk1.8.0_45:/usr/local/jdk \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(which docker):/usr/bin/docker \
-v ~/.ssh:/root/.ssh \
jenkins:v1

　　

 

三、安裝Git Server

1 、安裝 Git
 yum install git
2 2 、建立 Git 用戶
 useradd git
 passwd git
3 3 、建立倉庫
su – git
mkdir app.git
 git -bare init

　　

四、安裝Harbor

[root@reg harbor]# ll
total 651416
drwxr-xr-x 4 root root      4096 Dec 20 10:40 common
-rw-r--r-- 1 root root       813 Nov 19 15:02 docker-compose.chartmuseum.yml
-rw-r--r-- 1 root root       863 Nov 19 15:02 docker-compose.clair.yml
-rw-r--r-- 1 root root      1258 Nov 19 15:02 docker-compose.notary.yml
-rw-r--r-- 1 root root      3675 Nov 19 15:02 docker-compose.yml
drwxr-xr-x 3 root root      4096 Nov 19 15:02 ha
-rw-r--r-- 1 root root      7928 Dec 20 14:57 harbor.cfg
-rw-r--r-- 1 root root 665406909 Nov 19 15:02 harbor.v1.6.2.tar.gz
-rwxr-xr-x 1 root root      6162 Nov 19 15:02 install.sh
-rw-r--r-- 1 root root     10768 Nov 19 15:02 LICENSE
-rw-r--r-- 1 root root       482 Nov 19 15:02 NOTICE
-rw-r--r-- 1 root root   1535603 Nov 19 15:02 open_source_license
-rw-r--r-- 1 root root        18 Dec 24 22:30 password
-rwxr-xr-x 1 root root     39132 Nov 19 15:02 prepare

　　配置harbor.cfg，修改hostname。

 

prepare

Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[root@localhost harbor]# 

　　

錯誤提示：

[root@localhost harbor]# ./install.sh [Step 0]: checking installation environment ... ✖ Need to install docker(1.10.0+) first and run this script again. [root@localhost harbor]# [root@localhost harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.09.0 ✖ Need to install docker-compose(1.7.1+) by yourself first and run this script again. 

　　

 

install

[root@localhost harbor]# ./install.sh 

[Step 0]: checking installation environment ...

Note: docker version: 18.09.0

Note: docker-compose version: 1.15.0

[Step 1]: loading Harbor images ...
4de51055f30c: Loading layer [==================================================>]  133.2MB/133.2MB
e42dc4492c57: Loading layer [==================================================>]  23.38MB/23.38MB
6fd7d92da0ec: Loading layer [==================================================>]  3.072kB/3.072kB
92c622c62d9c: Loading layer [==================================================>]   2.56kB/2.56kB
eee26e869426: Loading layer [==================================================>]   2.56kB/2.56kB
0bdc2068fdfa: Loading layer [==================================================>]  2.048kB/2.048kB
1161820c2669: Loading layer [==================================================>]   22.8MB/22.8MB
1eebb5c60237: Loading layer [==================================================>]   22.8MB/22.8MB
Loaded image: goharbor/registry-photon:v2.6.2-v1.6.2
0155cb3a636c: Loading layer [==================================================>]  23.38MB/23.38MB
62f917db5fed: Loading layer [==================================================>]  12.16MB/12.16MB
2e192a070c25: Loading layer [==================================================>]   17.3MB/17.3MB
64fa72e486ec: Loading layer [==================================================>]  11.26kB/11.26kB
23afd47b0f1a: Loading layer [==================================================>]  3.072kB/3.072kB
3fa7415d357e: Loading layer [==================================================>]  29.46MB/29.46MB
Loaded image: goharbor/notary-server-photon:v0.5.1-v1.6.2
2f06068ec40a: Loading layer [==================================================>]    158MB/158MB
d6e5bcc842f3: Loading layer [==================================================>]  10.93MB/10.93MB
c272c6b03ae0: Loading layer [==================================================>]  2.048kB/2.048kB
7b0653de0007: Loading layer [==================================================>]  48.13kB/48.13kB
484f0b8e979d: Loading layer [==================================================>]  3.072kB/3.072kB
72004696fb26: Loading layer [==================================================>]  10.98MB/10.98MB
Loaded image: goharbor/clair-photon:v2.0.6-v1.6.2
c5362d9a52ab: Loading layer [==================================================>]    158MB/158MB
547ee492a9fc: Loading layer [==================================================>]  35.08MB/35.08MB
72ca312cce32: Loading layer [==================================================>]  2.048kB/2.048kB
ba7a5e9f2574: Loading layer [==================================================>]  3.072kB/3.072kB
8fabfc794eb2: Loading layer [==================================================>]  35.08MB/35.08MB
Loaded image: goharbor/chartmuseum-photon:v0.7.1-v1.6.2
a86040096f1b: Loading layer [==================================================>]  73.32MB/73.32MB
d81fe13ca34f: Loading layer [==================================================>]  3.584kB/3.584kB
a25703e967fd: Loading layer [==================================================>]  3.072kB/3.072kB
5a619498aaf0: Loading layer [==================================================>]  4.096kB/4.096kB
490efa0d32bb: Loading layer [==================================================>]  3.584kB/3.584kB
0a8ef8ce5e5e: Loading layer [==================================================>]  9.728kB/9.728kB
Loaded image: goharbor/harbor-log:v1.6.2
192ffc0c6a5f: Loading layer [==================================================>]  95.86MB/95.86MB
a0f6ec07aba5: Loading layer [==================================================>]  6.656kB/6.656kB
5cb4047d9a6f: Loading layer [==================================================>]  2.048kB/2.048kB
3c5d322a1758: Loading layer [==================================================>]   7.68kB/7.68kB
d69b5a088645: Loading layer [==================================================>]   2.56kB/2.56kB
38a2b4654f0b: Loading layer [==================================================>]   2.56kB/2.56kB
4f04d5805632: Loading layer [==================================================>]   2.56kB/2.56kB
Loaded image: goharbor/harbor-db:v1.6.2
b6bb4bf71953: Loading layer [==================================================>]  23.38MB/23.38MB
2c121a1131b7: Loading layer [==================================================>]  21.15MB/21.15MB
bdea637333e2: Loading layer [==================================================>]  21.15MB/21.15MB
Loaded image: goharbor/harbor-jobservice:v1.6.2
15e806b56692: Loading layer [==================================================>]  5.124MB/5.124MB
Loaded image: goharbor/nginx-photon:v1.6.2
b777c542e104: Loading layer [==================================================>]  10.95MB/10.95MB
c2ccff7df242: Loading layer [==================================================>]   17.3MB/17.3MB
e188e4d1b597: Loading layer [==================================================>]  11.26kB/11.26kB
ca7cd6746e0b: Loading layer [==================================================>]  3.072kB/3.072kB
c7d958c5de1a: Loading layer [==================================================>]  28.24MB/28.24MB
Loaded image: goharbor/notary-signer-photon:v0.5.1-v1.6.2
fbc524a787eb: Loading layer [==================================================>]    684MB/684MB
e8e8215cd36d: Loading layer [==================================================>]   7.68kB/7.68kB
d061c1c55f93: Loading layer [==================================================>]  197.6kB/197.6kB
Loaded image: goharbor/harbor-migrator:v1.6.2
77719882ce23: Loading layer [==================================================>]  23.38MB/23.38MB
1136e0b049e1: Loading layer [==================================================>]  15.58MB/15.58MB
4469c6f64c47: Loading layer [==================================================>]  15.36kB/15.36kB
91ffefa33975: Loading layer [==================================================>]  15.58MB/15.58MB
Loaded image: goharbor/harbor-adminserver:v1.6.2
0d6ec75380ac: Loading layer [==================================================>]  23.38MB/23.38MB
5ffcef8af51b: Loading layer [==================================================>]  26.88MB/26.88MB
334a9c59109a: Loading layer [==================================================>]  7.168kB/7.168kB
15b85ff320f4: Loading layer [==================================================>]  11.32MB/11.32MB
5118ce7d7887: Loading layer [==================================================>]  26.87MB/26.87MB
Loaded image: goharbor/harbor-ui:v1.6.2
4316b32f3d05: Loading layer [==================================================>]  84.34MB/84.34MB
0ba9b0933327: Loading layer [==================================================>]  3.072kB/3.072kB
65e524929f77: Loading layer [==================================================>]   59.9kB/59.9kB
8675c8d64203: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v1.6.2



[Step 2]: preparing environment ...
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/log/logrotate.conf
Clearing the configuration file: ./common/config/registryctl/config.yml
Clearing the configuration file: ./common/config/registryctl/env
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... 
Creating harbor-log ... done
Creating registry ... 
Creating harbor-db ... 
Creating redis ... 
Creating harbor-adminserver ... 
Creating registry
Creating redis
Creating harbor-adminserver
Creating registry ... done
Creating harbor-ui ... 
Creating harbor-ui ... done
Creating nginx ... 
Creating harbor-jobservice ... 
Creating nginx
Creating nginx ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://reg.xuequn.com. 
For more details, please visit https://github.com/goharbor/harbor .

　　

啓動harbor：

[root@reg harbor]# docker-compose -f docker-compose.yml up -d
harbor-log is up-to-date
harbor-adminserver is up-to-date
registry is up-to-date
harbor-db is up-to-date
Starting redis ... 
Starting harbor-ui ... 
Starting redis
Starting harbor-ui ... done
nginx is up-to-date
Starting harbor-jobservice ... 
Starting harbor-jobservice ... done

　　

Harbor支持Https配置（後面pull鏡像的時候須要使用，從安全角度來講，最好也是https）

[root@reg harbor]# cat harbor.cfg |grep -v "#"|grep -v ^$
_version = 1.6.0
hostname = reg.xuequn.com
ui_url_protocol = https
max_job_workers = 10 
customize_crt = on
ssl_cert = /data/cert/reg.xuequn.com.crt
ssl_cert_key = /data/cert/reg.xuequn.com.key
secretkey_path = /data

　　

證書生成：

[root@reg data]# openssl req \
>     -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
>     -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
.........................................++
..................................................................................................................................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:china
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:zh
Locality Name (eg, city) [Default City]:zhuhai
Organization Name (eg, company) [Default Company Ltd]:king
Organizational Unit Name (eg, section) []:seasun
Common Name (eg, your name or your server's hostname) []:reg.xuequn.com
Email Address []:xuequn@qq.com


[root@reg data]# openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout reg.xuequn.com.key \
> -out reg.xuequn.com.csr
Generating a 4096 bit RSA private key
..................++
..............................................................................................................................................++
writing new private key to 'reg.xuequn.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:zh
Locality Name (eg, city) [Default City]:zhuhai
Organization Name (eg, company) [Default Company Ltd]:king
Organizational Unit Name (eg, section) []:seasun
Common Name (eg, your name or your server's hostname) []:reg.xuequn.com
Email Address []:xuequn@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:xuequn123
An optional company name []:king
[root@reg data]# 


[root@reg data]# openssl x509 -req -days 365 -in reg.xuequn.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.xuequn.com.crt
Signature ok
subject=/C=ch/ST=zh/L=zhuhai/O=king/OU=seasun/CN=xuequn/emailAddress=xuequn@qq.com
Getting CA Private Key
[root@reg data]# 


[root@localhost solo]# docker login reg.xuequn.com
Username: xuequn
Password: 
Error response from daemon: Get https://reg.xuequn.com/v2/: x509: certificate signed by unknown authority
[root@localhost solo]# mkdir -p /etc/docker/
daemon.json  key.json     
[root@localhost solo]# mkdir -p /etc/docker/
daemon.json  key.json     
[root@localhost solo]# mkdir -p /etc/docker/cert.d/
[root@localhost solo]# cd /etc/docker/cert.d/
[root@localhost cert.d]# ls
[root@localhost cert.d]# rz -y
rz waiting to receive.
 zmodem trl+C ȡ

  100%       1 KB    1 KB/s 00:00:01       0 Errors

[root@localhost cert.d]# ls
reg.xuequn.com.crt
[root@localhost cert.d]# systemctl restart docker

　　注意：修改harbor.cfg文件後，須要從新prepare，生成配置文件。

 

登錄鏡像倉庫，提示x509: certificate signed by unknown authority錯誤，解決辦法以下：

[root@localhost cert.d]# docker login reg.xuequn.com
Username: xuequn
Password: 
Error response from daemon: Get https://reg.xuequn.com/v2/: x509: certificate signed by unknown authority
[root@localhost cert.d]# chmod 644 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

[root@localhost cert.d]# 
[root@localhost cert.d]# cat reg.xuequn.com.crt >>/etc/pki/tls/certs/ca-bundle.crt
[root@localhost cert.d]# chmod 444 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
[root@localhost cert.d]# systemctl restart docker
[root@localhost cert.d]# docker login reg.xuequn.com
Username: xuequn
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@localhost cert.d]# docker logout reg.xuequn.com
Removing login credentials for reg.xuequn.com
[root@localhost cert.d]# 

　　

https方式訪問Harbor，並建立項目：

 

新建test項目：

 

五、Jenkins配置

全局工具配置，JDK、Git、Maven環境：

 

 

構建配置,配置項目名稱

配置源碼倉庫

建立構建觸發器，每分鐘拉取一次，若是有新的版本生成的話，會自動構建：

跳過測試樣例，節省構建時間

正式構建，在工做目錄下新建Dockerfile，構建好鏡像文件後，推送到遠程鏡像倉庫，以便部署時能夠直接從遠程鏡像倉庫拉取：

遠程部署，即從鏡像倉庫拉取最新鏡像文件，並進行部署：

 

六、測試服務是否正常

一、構建

二、查看構建log，中間省略若干文字

Started by user xuequn
Building in workspace /var/jenkins_home/workspace/solo_blog
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url git@10.11.97.193:/home/git/solo.git # timeout=10
Fetching upstream changes from git@10.11.97.193:/home/git/solo.git
 > git --version # timeout=10
 > git fetch --tags --progress git@10.11.97.193:/home/git/solo.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision ff738c19ebc781c2adbe5907a24df824a4a787d9 (refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f ff738c19ebc781c2adbe5907a24df824a4a787d9
Commit message: "aaa"
 > git rev-list --no-walk ff738c19ebc781c2adbe5907a24df824a4a787d9 # timeout=10
No emails were triggered.
Parsing POMs
Established TCP socket on 33529
[solo_blog] $ /usr/local/jdk/bin/java -cp /var/jenkins_home/plugins/maven-plugin/WEB-INF/lib/maven35-agent-1.12.jar:/usr/local/maven/boot/plexus-classworlds-2.5.2.jar:/usr/local/maven/conf/logging jenkins.maven3.agent.Maven35Main /usr/local/maven /var/jenkins_home/war/WEB-INF/lib/remoting-3.7.jar /var/jenkins_home/plugins/maven-plugin/WEB-INF/lib/maven35-interceptor-1.12.jar /var/jenkins_home/plugins/maven-plugin/WEB-INF/lib/maven3-interceptor-commons-1.12.jar 33529
<===[JENKINS REMOTING CAPACITY]===>channel started
Executing Maven:  -B -f /var/jenkins_home/workspace/solo_blog/pom.xml clean package -Dmaven.test.skip=true
[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for org.b3log:solo:war:2.7.0
[WARNING] 'dependencies.dependency.systemPath' for org.patchca:patchca:jar should not point at files within the project directory, ${project.basedir}/src/main/resources/lib/net/pusuo/patchca-0.5.0.jar will be unresolvable by dependent projects @ line 237, column 25
[WARNING] 
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING] 
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING] 
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] Building Solo 2.7.0
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ solo ---
[INFO] Deleting /var/jenkins_home/workspace/solo_blog/target
[INFO] 
[INFO] --- maven-resources-plugin:2.7:resources (default-resources) @ solo ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 9 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ solo ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 159 source files to /var/jenkins_home/workspace/solo_blog/target/classes
[INFO] /var/jenkins_home/workspace/solo_blog/src/main/java/org/b3log/solo/util/Markdowns.java: /var/jenkins_home/workspace/solo_blog/src/main/java/org/b3log/solo/util/Markdowns.java uses or overrides a deprecated API.
[INFO] /var/jenkins_home/workspace/solo_blog/src/main/java/org/b3log/solo/util/Markdowns.java: Recompile with -Xlint:deprecation for details.
[INFO] /var/jenkins_home/workspace/solo_blog/src/main/java/org/b3log/solo/repository/impl/ArticleRepositoryImpl.java: Some input files use unchecked or unsafe operations.
[INFO] /var/jenkins_home/workspace/solo_blog/src/main/java/org/b3log/solo/repository/impl/ArticleRepositoryImpl.java: Recompile with -Xlint:unchecked for details.
[INFO] 
[INFO] --- maven-resources-plugin:2.7:testResources (default-testResources) @ solo ---
[INFO] Not copying test resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.3:testCompile (default-testCompile) @ solo ---
[INFO] Not compiling test sources
[INFO] 
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ solo ---
[INFO] Tests are skipped.
[INFO] 
[INFO] --- maven-war-plugin:3.0.0:war (default-war) @ solo ---
[INFO] Packaging webapp
[INFO] Assembling webapp [solo] in [/var/jenkins_home/workspace/solo_blog/target/solo]
[INFO] Processing war project
[INFO] Copying webapp webResources [/var/jenkins_home/workspace/solo_blog/src/main/resources/lib/net/pusuo] to [/var/jenkins_home/workspace/solo_blog/target/solo]
[INFO] Copying webapp resources [/var/jenkins_home/workspace/solo_blog/src/main/webapp]
[INFO] Webapp assembled in [1831 msecs]
[INFO] Building war: /var/jenkins_home/workspace/solo_blog/target/solo.war
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 12.332 s
[INFO] Finished at: 2018-12-31T05:34:01Z
[INFO] Final Memory: 32M/294M
[INFO] ------------------------------------------------------------------------
Waiting for Jenkins to finish collecting data
[JENKINS] Archiving /var/jenkins_home/workspace/solo_blog/pom.xml to org.b3log/solo/2.7.0/solo-2.7.0.pom
[JENKINS] Archiving /var/jenkins_home/workspace/solo_blog/target/solo.war to org.b3log/solo/2.7.0/solo-2.7.0.war
[solo_blog] $ /bin/sh -xe /tmp/jenkins1057186757167035727.sh
channel stopped
+ cd /var/jenkins_home/workspace/solo_blog
+ cat
+ docker build -t reg.xuequn.com/test/solo:v1 .
Sending build context to Docker daemon  81.43MB

Step 1/5 : FROM reg.xuequn.com/test/tomcat:v1
 ---> f2cc90fa1b2d
Step 2/5 : MAINTAINER xuequn
 ---> Using cache
 ---> cbf693fd58b6
Step 3/5 : COPY target/solo.war /tmp/ROOT.war
 ---> a0f92a38817e
Step 4/5 : RUN rm -rf /usr/local/tomcat/webapps/* &&     unzip /tmp/ROOT.war -d /usr/local/tomcat/webapps/ROOT &&     rm -rf /tmp/ROOT.war
 ---> Running in e5fe01176375
Archive:  /tmp/ROOT.war
  inflating: /usr/local/tomcat/webapps/ROOT/META-INF/MANIFEST.MF  
   creating: /usr/local/tomcat/webapps/ROOT/css/
   creating: /usr/local/tomcat/webapps/ROOT/css/fonts/
   中間省略若干字.........
  inflating: /usr/local/tomcat/webapps/ROOT/META-INF/maven/org.b3log/solo/pom.properties  
Removing intermediate container e5fe01176375
 ---> df6ccb273fff
Step 5/5 : ENTRYPOINT ["./bin/catalina.sh", "run"]
 ---> Running in 5fbd157b4bca
Removing intermediate container 5fbd157b4bca
 ---> f3973c67b6d9
Successfully built f3973c67b6d9
Successfully tagged reg.xuequn.com/test/solo:v1
+ docker login -uxuequn -pXUEqun123 reg.xuequn.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
+ docker push reg.xuequn.com/test/solo:v1
The push refers to repository [reg.xuequn.com/test/solo]
b2ea9726881e: Preparing
39ec58847bc2: Preparing
dbfd362fd452: Preparing
8e53cd053a9e: Preparing
7914b85f4bf8: Preparing
071d8bd76517: Preparing
071d8bd76517: Waiting
8e53cd053a9e: Layer already exists
7914b85f4bf8: Layer already exists
dbfd362fd452: Layer already exists
071d8bd76517: Layer already exists
39ec58847bc2: Pushed
b2ea9726881e: Pushed
v1: digest: sha256:17c9dcb2ea28bab46adebd5c38ee8acd34abc2d63eef55e449a1338598904447 size: 1587
[SSH] script:

docker rmi -f reg.xuequn.com/test/solo:v1|true
docker rm -f  solo|true
docker login -uxuequn -pXUEqun123 reg.xuequn.com
docker run -d --name solo -p 8888:8080 -v /usr/local/jdk1.8.0_45:/usr/local/jdk reg.xuequn.com/test/solo:v1


[SSH] executing...
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Unable to find image 'reg.xuequn.com/test/solo:v1' locally
v1: Pulling from test/solo
a02a4930cb5d: Already exists
498cfd4001de: Already exists
5338299d7f49: Already exists
13ead51b14a6: Already exists
33bbfcb012e2: Pulling fs layer
cba7031d67c2: Pulling fs layer
Login Succeeded
cba7031d67c2: Verifying Checksum
cba7031d67c2: Download complete
33bbfcb012e2: Download complete
33bbfcb012e2: Pull complete
cba7031d67c2: Pull complete
Digest: sha256:17c9dcb2ea28bab46adebd5c38ee8acd34abc2d63eef55e449a1338598904447
Status: Downloaded newer image for reg.xuequn.com/test/solo:v1
4c24f68a36ac688d723b6d9df1862038144139141fdb8fa61faceeb5592f3743
[SSH] completed
[SSH] exit-status: 0

No emails were triggered.
Finished: SUCCESS

　　

三、查看服務

在docker服務器上，查看服務是否正常運行：

web訪問服務：

 至此，整個流程已完成。

 

七、注意事項

一、Jenkins服務器到git服務器無密碼登錄：ssh-copy-id  git@10.11.97.193

[root@localhost t]# git clone git@10.11.97.193:/home/git/solo.git
Cloning into 'solo'...
remote: Counting objects: 2534, done.
remote: Compressing objects: 100% (1878/1878), done.
remote: Total 2534 (delta 646), reused 2462 (delta 587)
Receiving objects: 100% (2534/2534), 28.00 MiB | 43.45 MiB/s, done.
Resolving deltas: 100% (646/646), done.

　　

二、Jenkins服務和Docker服務器都須要可以login鏡像倉庫，第一次須要輸入用戶名和密碼，後續可無密碼登錄

將證書加入信任：

[root@localhost cert.d]# docker login reg.xuequn.com
Username: xuequn
Password: 
Error response from daemon: Get https://reg.xuequn.com/v2/: x509: certificate signed by unknown authority
[root@localhost cert.d]# chmod 644 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

[root@localhost cert.d]# 
[root@localhost cert.d]# cat reg.xuequn.com.crt >>/etc/pki/tls/certs/ca-bundle.crt
[root@localhost cert.d]# chmod 444 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
[root@localhost cert.d]# systemctl restart docker
[root@localhost cert.d]# docker login reg.xuequn.com
Username: xuequn
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@localhost cert.d]# docker logout reg.xuequn.com
Removing login credentials for reg.xuequn.com
[root@localhost cert.d]# 

　　

再次登錄，無需輸入密碼：

[root@localhost t]# docker login reg.xuequn.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded