如何在京東雲上簡單實踐CI流程
在現在的互聯網時代,隨着軟件開發複雜度的不斷提升,軟件開發和發佈管理也愈來愈重要。目前已經造成一套標準的流程,最重要的組成部分就是持續集成及持續交付、部署。在此,咱們在京東雲上以一個案例簡單實踐下 CI 流程。html
在初探前,咱們有幾個概念和工具須要瞭解下:前端
1)、CI/CD:
持續集成(Continuous Integration,CI),它屬於開發人員的自動化流程。成功的 CI 意味着應用代碼的新更改會按期構建、測試併合併到共享存儲庫中。該解決方案能夠解決在一次開發中有太多應用分支,從而致使相互衝突的問題。java
持續交付(Continuous Delivery,CD),一般是指開發人員對應用的更改會自動進行錯誤測試並上傳到存儲庫(如 GitHub 或容器註冊表),而後由運維團隊將其部署到實時生產環境中。這旨在解決開發和運維團隊之間可見性及溝通較差的問題。所以,持續交付的目的就是確保儘量減小部署新代碼時所需的工做量。node
持續部署(Continuous Deployment,CD),這是另外一種「CD」,指的是自動將開發人員的更改從存儲庫發佈到生產環境,以供客戶使用。它主要爲了解決因手動流程下降應用交付速度,從而使運維團隊超負荷的問題。linux
2)、Jenkins:
Jenkins是一個開源軟件項目,是基於Java開發的一種持續集成工具,用於監控持續重複的工做,旨在提供一個開放易用的軟件平臺,使軟件的持續集成變成可能。
3)、Docker:
Docker 是一個開源的應用容器引擎,讓開發者能夠打包他們的應用以及依賴包到一個可移植的容器中,而後發佈到任何流行的 Linux 機器上,也能夠實現虛擬化。容器是徹底使用沙箱機制,相互之間不會有任何接口。
4)、Git:
Git(讀音爲/gɪt/),是一個開源的分佈式版本控制系統,提供代碼倉庫,能夠有效、高速地處理從很小到很是大的項目版本管理。 Git 是 Linus Torvalds 爲了幫助管理 Linux 內核開發而開發的一個開放源碼的版本控制軟件。nginx
CI流程設計圖:git
工做流程:github
- 開發人員提交代碼到Git版本倉庫;
- Jenkins人工/定時觸發項目構建;
- Jenkins拉取代碼、代碼編碼、打包鏡像、推送到鏡像倉庫;
- Jenkins在Docker主機建立容器併發布
主機環境規劃:web
docker-jenkins:構建;拉取代碼、代碼編碼、打包鏡像、推送鏡像到鏡像倉庫 116.196.85.174(公) 10.0.0.20 (內)
docker-git:代碼倉庫 116.196.86.207(公) 10.0.0.22 (內)
docker-harbor:私有鏡像倉庫 116.196.88.91(公) 10.0.0.21 (內)
buildimage:build docker鏡像 116.196.89.139(公) 10.0.0.4 (內)
1、主機建立
在京東雲控制檯建立4臺雲主機,地址:https://console.jdcloud.com/redis
配置以下,購買時數量直接選擇4,購買完成後再修更名稱,分別爲:docker-jenkins、docker-git、docker-harbor、buildimage
建立修更名稱後以下:
2、環境配置
一、雲主機docker-git
1.1. 修改主機名爲:docker-git
[root@112 ~]# hostnamectl set-hostname docker-git [root@112 ~]# hostname docker-git [root@112 ~]# logout [root@docker-git ~]#
Ctrl+D退出後從新登錄生效
1.2. 部署Git代碼版本倉庫
安裝:
[root@docker-git ~]# yum install git -y
配置git用戶:
[root@docker-git ~]# useradd git [root@docker-git ~]# passwd git
建立庫:
[root@docker-git ~]# su git [git@docker-git root]$ cd [git@docker-git ~]$ mkdir tomcat-java-demo.git [git@docker-git ~]$ cd tomcat-java-demo.git/ [git@docker-git tomcat-java-demo.git]$ git --bare init Initialized empty Git repository in /home/git/tomcat-java-demo.git/ [git@docker-git tomcat-java-demo.git]$ ls branches config description HEAD hooks info objects refs [git@docker-git tomcat-java-demo.git]$
二、雲主機docker-jenkins
2.1. 修改主機名爲:docker-jenkins
[root@113 ~]# hostnamectl set-hostname docker-jenkins [root@113 ~]# hostname docker-jenkins [root@113 ~]# logout [root@docker-jenkins ~]#
Ctrl+D退出後從新登錄生效
2.2. jenkins環境部署
部署jdk環境及maven
[root@docker-jenkins tomcat-java-demo]# cd [root@docker-jenkins ~]# mkdir tools [root@docker-jenkins ~]# cd tools [root@docker-jenkins tools]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/jdk-8u191-linux-x64.tar.gz;tar zxf jdk-8u191-linux-x64.tar.gz;mv jdk1.8.0_191/ /usr/local/;ln -s /usr/local/jdk1.8.0_191/ /usr/local/jdk; [root@docker-jenkins tools]# vim /etc/profile ######## JDK ####### JAVA_HOME=/usr/local/jdk1.8.0_191 JAVA_BIN=/usr/local/jdk1.8.0_191/bin PATH=$PATH:$JAVA_BIN CLASSPATH=$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export JAVA_HOME JAVA_BIN PATH CLASSPATH [root@docker-jenkins tools]# source /etc/profile [root@docker-jenkins tools]# java -version java version "1.8.0_191" Java(TM) SE Runtime Environment (build 1.8.0_191-b12) Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode) [root@docker-jenkins tools]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/apache-maven-3.5.0-bin.tar.gz;tar zxf apache-maven-3.5.0-bin.tar.gz;mv apache-maven-3.5.0 /usr/local/maven [root@docker-jenkins tools]#
安裝Jenkins,下載Tomcat二進制包將war包到webapps下便可:
[root@docker-jenkins tools]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/jenkins.war [root@docker-jenkins tools]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/apache-tomcat-8.5.38.tar.gz [root@docker-jenkins tools]# tar zxf apache-tomcat-8.5.38.tar.gz [root@docker-jenkins tools]# ls apache-maven-3.5.0-bin.tar.gz apache-tomcat-8.5.38 apache-tomcat-8.5.38.tar.gz jdk-8u191-linux-x64.tar.gz jenkins.war [root@docker-jenkins tools]# mv apache-tomcat-8.5.38 /usr/local/tomcat-jenkins [root@docker-jenkins tools]# ls /usr/local/tomcat-jenkins/webapps/ docs examples host-manager manager ROOT [root@docker-jenkins tools]# rm -rf /usr/local/tomcat-jenkins/webapps/* [root@docker-jenkins tools]# mv jenkins.war /usr/local/tomcat-jenkins/webapps/ROOT.war [root@docker-jenkins tools]# ll /usr/local/tomcat-jenkins/webapps/ total 75520 -rw-r--r--. 1 root root 77330344 Mar 15 00:55 ROOT.war [root@docker-jenkins tools]# cd /usr/local/tomcat-jenkins/bin/ [root@docker-jenkins bin]# ./startup.sh Using CATALINA_BASE: /usr/local/tomcat-jenkins Using CATALINA_HOME: /usr/local/tomcat-jenkins Using CATALINA_TMPDIR: /usr/local/tomcat-jenkins/temp Using JRE_HOME: /usr/local/jdk1.8 Using CLASSPATH: /usr/local/tomcat-jenkins/bin/bootstrap.jar:/usr/local/tomcat-jenkins/bin/tomcat-juli.jar Tomcat started. [root@docker-jenkins bin]#
啓動後,瀏覽器訪問(docker-jenkins):http://Jenkins主機公網IP:8080/,按提示輸入密碼,登陸便可。
在/root/.jenkins/secrets/initialAdminPassword文件裏,查看密碼後填入便可
按照你本身的需求安裝插件
設置管理員
開始使用Jenkins
2.3. 安裝DOCKER CE
安裝所需包
yum install -y yum-utils device-mapper-persistent-data lvm2 -y
設置穩定存儲庫
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo -y
安裝DOCKER CE(這一步比較慢,耐心等會兒~~)
yum install docker-ce docker-ce-cli containerd.io -y
啓動Docker
systemctl start docker
三、雲主機docker-harbor
3.1. 修改主機名爲:docker-harbor
[root@c-dfjgjesgqe ~]# hostnamectl set-hostname docker-harbor [root@c-dfjgjesgqe ~]# hostname docker-harbor
Ctrl+D退出後從新登錄生效
3.2. 企業級harbor鏡像倉庫部署
Habor是由VMWare公司開源的容器鏡像倉庫。事實上,Habor是在Docker Registry上進行了相應的 企業級擴展,從而得到了更加普遍的應用,這些新的企業級特性包括:管理用戶界面,基於角色的訪 問控制,AD/LDAP集成以及審計日誌等,足以知足基本企業需求。
harbor各組件介紹:
| 組件 | 功能 |
| :-------- | :--------|
| harbor-adminserver | 配置管理中心 |
| harbor-db | MySQL數據庫 |
| harbor-jobservice | 負責鏡像複製 |
| harbor-log | 記錄操做日誌 |
| harbor-ui | Web管理頁面和API |
| nginx | 前端代理,負責前端頁面和鏡像上傳/下載轉發 |
| redis | 會話 |
| registry | 鏡像存儲 |
Harbor安裝有3種方式
1)在線安裝:從Docker Hub下載Harbor相關鏡像,所以安裝軟件包很是小
2)離線安裝:安裝包包含部署的相關鏡像,所以安裝包比較大
3)OVA安裝程序:當用戶具備vCenter環境時,使用此安裝程序,在部署OVA後啓動Harb
在此咱們使用第二種離線安裝方式來搭建基於 https 訪問的 harbor 鏡像倉庫。
3.2.1. 下載並解壓離線安裝包
harbor離線包下載地址:https://github.com/goharbor/h...
爲方便下載,我在京東雲對象存儲上也存了一份,可直接wget:https://pocenv-hcc.oss.cn-nor...
[root@docker-harbor ~]# yum install vim wget openssl -y [root@docker-harbor ~]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/harbor-offline-installer-v1.7.4.tgz [root@docker-harbor ~]# tar zxf harbor-offline-installer-v1.7.4.tgz [root@docker-harbor ~]# cd harbor [root@docker-harbor harbor]# ll total 570744 drwxr-xr-x 3 root root 23 Apr 1 15:05 common -rw-r--r-- 1 root root 939 Mar 4 15:33 docker-compose.chartmuseum.yml -rw-r--r-- 1 root root 975 Mar 4 15:33 docker-compose.clair.yml -rw-r--r-- 1 root root 1434 Mar 4 15:33 docker-compose.notary.yml -rw-r--r-- 1 root root 5608 Mar 4 15:33 docker-compose.yml -rw-r--r-- 1 root root 8033 Mar 4 15:33 harbor.cfg -rw-r--r-- 1 root root 583086399 Mar 4 15:33 harbor.v1.7.4.tar.gz -rwxr-xr-x 1 root root 5739 Mar 4 15:33 install.sh -rw-r--r-- 1 root root 11347 Mar 4 15:33 LICENSE -rw-r--r-- 1 root root 1263409 Mar 4 15:33 open_source_license -rwxr-xr-x 1 root root 36337 Mar 4 15:33 prepare
3.2.2. 自籤http證書
1)獲取權威認證證書
[root@docker-harbor harbor]# mkdir ssl [root@docker-harbor harbor]# cd ssl [root@docker-harbor ssl]# openssl genrsa -out ca.key 4096 Generating RSA private key, 4096 bit long modulus ...................................++ .....................................................................................................................................++ e is 65537 (0x10001) [root@docker-harbor ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=ZH/ST=ShangHai/L=ShangHai/O=example/OU=Personal/CN=reg.marin.com" -key ca.key -out ca.crt [root@docker-harbor ssl]# ll total 8 -rw-r--r-- 1 root root 2037 Apr 4 18:41 ca.crt -rw-r--r-- 1 root root 3243 Apr 4 18:41 ca.key
2)獲取服務端證書
1.Create your own Private Key: [root@docker-harbor ssl]# openssl genrsa -out reg.marin.com.key 4096 Generating RSA private key, 4096 bit long modulus .............................................++ ............................................................................................................................................................................................................................++ e is 65537 (0x10001) [root@docker-harbor ssl]# openssl req -sha512 -new -subj "/C=ZH/ST=ShangHai/L=ShangHai/O=example/OU=Personal/CN=reg.marin.com" -key reg.marin.com.key -out reg.marin.com.csr [root@docker-harbor ssl]# ll total 16 -rw-r--r-- 1 root root 2037 Apr 4 18:41 ca.crt -rw-r--r-- 1 root root 3243 Apr 4 18:41 ca.key -rw-r--r-- 1 root root 1708 Apr 4 18:42 reg.marin.com.csr -rw-r--r-- 1 root root 3243 Apr 4 18:42 reg.marin.com.key [root@docker-harbor ssl]# cat > v3.ext <<-EOF > authorityKeyIdentifier=keyid,issuer > basicConstraints=CA:FALSE > keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment > extendedKeyUsage = serverAuth > subjectAltName = @alt_names > > [alt_names] > DNS.1=reg.marin.com > DNS.2=reg.marin > DNS.3=marin > EOF [root@docker-harbor ssl]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in reg.marin.com.csr -out reg.marin.com.crt Signature ok subject=/C=ZH/ST=ShangHai/L=ShangHai/O=example/OU=Personal/CN=reg.marin.com Getting CA Private Key [root@docker-harbor ssl]# ll total 28 -rw-r--r-- 1 root root 2037 Apr 4 18:41 ca.crt -rw-r--r-- 1 root root 3243 Apr 4 18:41 ca.key -rw-r--r-- 1 root root 17 Apr 4 18:44 ca.srl -rw-r--r-- 1 root root 2098 Apr 4 18:44 reg.marin.com.crt -rw-r--r-- 1 root root 1708 Apr 4 18:42 reg.marin.com.csr -rw-r--r-- 1 root root 3243 Apr 4 18:42 reg.marin.com.key -rw-r--r-- 1 root root 260 Apr 4 18:43 v3.ext
3)修改harbor配置,以及爲Docker配置服務端證書,key和CA。
[root@docker-harbor ssl]# cd .. [root@docker-harbor harbor]# vim harbor.cfg ...... hostname = reg.marin.com ui_url_protocol = https ssl_cert = ./ssl/reg.marin.com.crt ssl_cert_key = ./ssl/reg.marin.com.key harbor_admin_password = 123456 ......
密碼也能夠不修改,默認登陸用戶admin,密碼Harbor12345
Docker守護進程會將.crt文件解釋爲CA證書,將.cert文件解釋爲客戶機證書,先將.crt文件轉換一份.cert文件。
[root@docker-harbor harbor]# cd ssl/ [root@docker-harbor ssl]# mkdir -p /etc/docker/certs.d/reg.marin.com [root@docker-harbor ssl]# openssl x509 -inform PEM -in reg.marin.com.crt -out reg.marin.com.cert [root@docker-harbor ssl]# cp reg.marin.com.cert reg.marin.com.key ca.crt /etc/docker/certs.d/reg.marin.com/
到此自籤成功!
3.2.3. 安裝DOCKER CE
安裝所需包
yum install -y yum-utils device-mapper-persistent-data lvm2 -y
設置穩定存儲庫
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo -y
安裝DOCKER CE(這一步比較慢,耐心等會兒~~)
yum install docker-ce docker-ce-cli containerd.io -y
啓動Docker
systemctl start docker
經過運行hello-world 映像驗證是否正確安裝了Docker CE 。
docker run hello-world
3.2.4. 初始化及安裝驗證
初始化安裝:
[root@docker-harbor ssl]# [root@docker-harbor ssl]# cd .. [root@docker-harbor harbor]# ./prepare Generated and saved secret to file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/core/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/registryctl/env Generated configuration file: ./common/config/core/app.conf Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service.
執行install.sh腳本,安裝harbor倉庫
注意:在執行install.sh腳本以前,先檢查兩個問題:
1)docker-compose是否安裝,不然在運行install.sh時會失敗,報錯「✖ Need to install docker-compose(1.7.1+) by yourself first and run this script again.」
2)docker服務是否正常運行,不然在運行install.sh會失敗,報錯「Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?」
安裝Compose
運行此命令如下載Docker Compose的當前穩定版本:
curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
對二進制文件應用可執行權限:
chmod +x /usr/local/bin/docker-compose
執行install.sh腳本,安裝harbor倉庫
[root@docker-harbor harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.09.4 Note: docker-compose version: 1.24.0 [Step 1]: loading Harbor images ... bffe2a0fec66: Loading layer [==================================================>] 33.22MB/33.22MB 38e174bed467: Loading layer [==================================================>] 8.964MB/8.964MB 427e4936ae66: Loading layer [==================================================>] 35.77MB/35.77MB 3bfd5214250a: Loading layer [==================================================>] 2.048kB/2.048kB f30df776629d: Loading layer [==================================================>] 3.072kB/3.072kB f87afad43f43: Loading layer [==================================================>] 22.8MB/22.8MB ...... 953717aa0afc: Loading layer [==================================================>] 22.8MB/22.8MB Loaded image: goharbor/registry-photon:v2.6.2-v1.7.4 [Step 2]: preparing environment ... Clearing the configuration file: ./common/config/adminserver/env Clearing the configuration file: ./common/config/core/env Clearing the configuration file: ./common/config/core/app.conf Clearing the configuration file: ./common/config/core/private_key.pem Clearing the configuration file: ./common/config/db/env ...... Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service. [Step 3]: checking existing instance of Harbor ... [Step 4]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating redis ... done Creating registryctl ... done Creating harbor-db ... done Creating harbor-adminserver ... done Creating registry ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating harbor-portal ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at https://reg.marin.com. For more details, please visit https://github.com/goharbor/harbor .
瀏覽器訪問驗證:
瀏覽器訪問要作域名解析,在本地hosts(C:WindowsSystem32driversetchosts)文件中加入:116.196.88.91 reg.marin.com
訪問:https://reg.marin.com,並登錄。
登陸後界面基本操做:
新建項目test
新建用戶marin
將用戶marin設置爲test項目管理員
3、環境測試
一、遠程clone代碼測試
clone 雲主機docker-git上的倉庫tomcat-java-demo.git:
[root@docker-jenkins ~]# yum install git vim wget -y [root@docker-jenkins ~]# git config --global user.email "hcc@c.com" [root@docker-jenkins ~]# git config --global user.name "hcc" [root@docker-jenkins ~]# git clone git@10.0.0.22:/home/git/tomcat-java-demo.git Cloning into 'solo'... The authenticity of host '10.0.0.22 (10.0.0.22)' can't be established. ECDSA key fingerprint is SHA256:XNWQhGsAsqd84k/6OYV3xl1+mPGjtASsxeV1YVLZVas. ECDSA key fingerprint is MD5:b4:bd:16:2b:de:e7:7c:fd:c5:dd:91:75:20:ff:3e:0a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.22' (ECDSA) to the list of known hosts. git@10.0.0.22's password: warning: You appear to have cloned an empty repository. [root@docker-jenkins ~]# ls tomcat-java-demo [root@docker-jenkins ~]# ls tomcat-java-demo/ doc Dockerfile LICENSE pom.xml README.md src [root@docker-jenkins ~]#
二、拉取Github demo代碼
模擬生產項目,拉取github上的一個demo,並上傳至本地git庫
[root@docker-jenkins ~]# mv tomcat-java-demo tomcat-java-demo.bak
[root@docker-jenkins ~]# git clone https://github.com/dingkai163/tomcat-java-demo.git
Cloning into 'tomcat-java-demo'...
remote: Enumerating objects: 185, done.
remote: Counting objects: 100% (185/185), done.
remote: Compressing objects: 100% (165/165), done.
remote: Total 185 (delta 5), reused 178 (delta 4), pack-reused 0
Receiving objects: 100% (185/185), 4.50 MiB | 870.00 KiB/s, done.
Resolving deltas: 100% (5/5), done.
[root@docker-jenkins ~]# cd tomcat-java-demo
[root@docker-jenkins tomcat-java-demo]# vim .git/config
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = git@10.0.0.22:/home/git/tomcat-java-demo.git # 修改成本地的git庫地址
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
[root@docker-jenkins tomcat-java-demo]# git add .
[root@docker-jenkins tomcat-java-demo]# git status
# On branch master
nothing to commit, working directory clean
[root@docker-jenkins tomcat-java-demo]# git commit -m "all"
# On branch master
nothing to commit, working directory clean
[root@docker-jenkins tomcat-java-demo]# git push origin master
git@10.0.0.22's password:
Counting objects: 229, done.
Compressing objects: 100% (185/185), done.
Writing objects: 100% (229/229), 4.52 MiB | 0 bytes/s, done.
Total 229 (delta 25), reused 229 (delta 25)
To git@10.0.0.22:/home/git/tomcat-java-demo.git
* [new branch] master -> master
[root@docker-jenkins tomcat-java-demo]#
三、自建鏡像倉庫上傳下載
用雲主機buildimage上傳及下載鏡像
修改主機名爲:buildimage
[root@c-dfjgjesgqe ~]# hostnamectl set-hostname buildimage [root@c-dfjgjesgqe ~]# hostname buildimage
Ctrl+D退出後從新登錄生效
安裝DOCKER CE
安裝所需包
yum install -y yum-utils device-mapper-persistent-data lvm2 -y
設置穩定存儲庫
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo -y
安裝DOCKER CE(這一步比較慢,耐心等會兒~~)
yum install docker-ce docker-ce-cli containerd.io -y
啓動Docker
systemctl start docker
首先在雲主機buildimage上作本地hosts解析
[root@buildimage ~]# echo "10.0.0.21 reg.marin.com" >> /etc/hosts
其次編輯/etc/docker/daemon.json文件,保存退出
[root@buildimage ~]# vim /etc/docker/daemon.json
{"insecure-registries":["reg.marin.com"] }
最後重啓下docker,讓配置生效
[root@buildimage ~]# systemctl restart docker
若是沒有此步docker login將會報錯:
[root@buildimage ~]# docker login reg.marin.com Username (admin): admin Password: Error response from daemon: Get https://reg.marin.com/v1/users/: x509: certificate signed by unknown authority
此時能夠經過docker login reg.marin.com 登陸harbor,輸入用戶名及密碼:
[root@buildimage ~]# docker login reg.marin.com Username (admin): admin Password: Login Succeeded
在buildimage雲主機上構建Tomcat基礎鏡像,並推送到harbor鏡像庫:
[root@buildimage ~]# mkdir tomcat
[root@buildimage ~]# cd tomcat
[root@buildimage tomcat]# vim Dockerfile-tomcat
FROM centos:7
MAINTAINER hanchaochao www.jdcloud.com
ENV VERSION=8.5.39
RUN yum install java-1.8.0-openjdk wget curl unzip iproute net-tools -y && \
yum clean all && \
rm -rf /var/cache/yum/*
RUN wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz && \
tar zxf apache-tomcat-${VERSION}.tar.gz && \
mv apache-tomcat-${VERSION} /usr/local/tomcat && \
rm -rf apache-tomcat-${VERSION}.tar.gz /usr/local/tomcat/webapps/* && \
mkdir /usr/local/tomcat/webapps/test && \
echo "ok" > /usr/local/tomcat/webapps/test/status.html && \
sed -i '1a JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"' /usr/local/tomcat/bin/catalina.sh && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ENV PATH $PATH:/usr/local/tomcat/bin
EXPOSE 8080
CMD ["catalina.sh", "run"]
[root@harbor tomcat]# docker build -t tomcat:v1 -f Dockerfile-tomcat .
[root@harbor tomcat]# docker tag tomcat:v1 reg.marin.com/test/tomcat:v1 [root@docker-git-harbor tomcat]# docker login reg.marin.com [root@docker-git-harbor tomcat]# docker push reg.marin.com/test/tomcat:v1
打開harbor的test倉庫,查看鏡像已經push成功
4、CI流程測試
一、Jenkins安裝必要插件
因爲jenkins是離線安裝,全部在此須要配置一下插件下載地址:系統管理-->插件管理-->Advanced(高級)
修改下方地址,將https修改成http 再點提交
若出現問題沒法獲取插件,請嘗試更換地址,如: https://mirrors.tuna.tsinghua...
提交後點擊可選插件,此時咱們能夠看到不少可得到插件
首先搜索並安裝Pipeline插件(若是搜索不到,在已安裝中查看是否已經安裝完畢)
pipeline 是一套運行於jenkins上的工做流框架,將本來獨立運行於單個或者多個節點的任務鏈接起來,實現單個任務難以完成的複雜流程編排與可視化。
再安裝SCM to job 插件,同上步驟(搜索,安裝)。
二、Jenkins項目建立
建立jobs
選擇流水線類型
到這裏咱們就開始配置Pipeline script,點擊流水線語法,來自動生成咱們須要的配置。
以下圖,咱們Git方式,配置Git倉庫地址,再添加認證相關。
在示例步驟中下拉選擇如圖選項,在Repository URL中填寫docker-git上的git倉庫地址,由於沒有添加jenkins到docker-git容器的免密碼登錄,因此截圖中咱們能夠看到鏈接被拒絕的一大串紅色提示,咱們點擊添加按鈕
這裏咱們使用的是祕鑰認證方式,須要在容器docker-jenkins上生成密鑰,而後將jenkins上生成的公鑰發送到(docker-git)git服務器上,而後將jenkins上的生成的私鑰內容粘貼到下圖Key中,這樣jenkins就能夠免交互的拉取git倉庫中的代碼了。
[root@docker-jenkins ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:RQZ78bcVhLRQi8fWFPYmyvcnOqlxy980QwLsYFT/iz8 root@docker-jenkins The key's randomart image is: +---[RSA 2048]----+ | .o=oooo*.| | .+.o=.* o| | .oo+.Bo.+| | .oo.+o.= | | S .o.oo | | .+..| | . .o.++| | +oo.E+| | ..+o..o| +----[SHA256]-----+ [root@docker-jenkins ~]# cd [root@docker-jenkins ~]# ls .ssh/ id_rsa id_rsa.pub known_hosts [root@docker-jenkins ~]# ssh-copy-id git@10.0.0.22 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys git@10.0.0.22's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'git@10.0.0.22'" and check to make sure that only the key(s) you wanted were added. [root@docker-jenkins ~]# cat .ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAvrI8lBov+W8v+zSGdu2EP4BPP7Ml+T5KUwc2MKX1RNMMNQxc tPUf7PjhbJJvuTpPPbS1+9PAlrPhikDrug3K4+sF/Fiy+/YgoVMlEFrXiSJK1xHi ErDLA39WGq+E4ssth3JfrQHV+AINGAh1/NR+Uk+YmPDAuQgA1l7jSH1PN6qTdrYt 95HbklAA+Q3omAJJ4Uc80lk7ZdMcdCc0OAtHjCfbRv287qrH4U2OKSlOLljiBHBN ...... -----END RSA PRIVATE KEY----- [root@docker-jenkins ~]#
配置完成後,咱們就能夠生成Pipeline腳本了。點擊下方生成流水線腳本
,而後複製方框內的內容。
將生成的流水線腳本複製出來,我生成的流水線腳本以下:
checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '9baf7156-9ac6-435d-b0db-86cae51c8fe6', url: 'git@10.0.0.22:/home/git/tomcat-java-demo.git']]])
將生成的流水線腳本記錄完成後,咱們點擊左上角返回
繼續點擊配置,完成流水線項目tomcat-java-demo的配置
點擊流水線,咱們所須要的Pipeline腳本以下,將其粘貼到script的拉取代碼模塊中,並修改分支*/master爲${branch},其餘模塊內容自行編寫,具體須要修改的地方和腳本以下:
node {
// 拉取代碼
stage('Git Checkout') {
checkout([$class: 'GitSCM', branches: [[name: '${branch}']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '9baf7156-9ac6-435d-b0db-86cae51c8fe6', url: 'git@10.0.0.22:/home/git/tomcat-java-demo.git']]])
}
// 代碼編譯
stage('Maven Build') {
sh '''
export JAVA_HOME=/usr/local/jdk
/usr/local/maven/bin/mvn clean package -Dmaven.test.skip=true
'''
}
// 項目打包到鏡像並推送到鏡像倉庫
stage('Build and Push Image') {
sh '''
REPOSITORY=reg.marin.com/test/tomcat-java-demo:${branch}
cat > Dockerfile << EOF
FROM reg.marin.com/test/tomcat:v1
MAINTAINER marin
RUN rm -rf /usr/local/tomcat/webapps/*
ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
EOF
docker build -t $REPOSITORY .
docker login reg.marin.com -u admin -p 123456
docker push $REPOSITORY
'''
}
// 部署到Docker主機
stage('Deploy to Docker') {
sh '''
REPOSITORY=reg.marin.com/test/tomcat-java-demo:${branch}
docker rm -f tomcat-java-demo |true
docker pull $REPOSITORY
docker container run -d --name tomcat-java-demo -p 88:8080 $REPOSITORY
'''
}
}
在Pipeline腳本里面咱們指定了一個branch參數,因此咱們須要傳遞一個參數變量,這裏咱們選擇參數化構建,默認值爲master分支。
而後保存配置。
三、Jenkins構建任務
構建前咱們還須要作兩個操做:
添加reg.marin.com的hosts解析
[root@docker-jenkins ~]# echo "10.0.0.21 reg.marin.com" >> /etc/hosts
編輯/etc/docker/daemon.json文件,輸入以下信息,保存退出
[root@docker-jenkins ~]# vim /etc/docker/daemon.json
{"insecure-registries":["reg.marin.com"] }
最後重啓下docker,讓配置生效
[root@docker-jenkins ~]# systemctl restart docker
返回到工做臺,咱們開始構建任務
構建開始
構建完成
能夠經過Console Output輸出查看jenkins構建流程
成功構建會提示: SUCCESS
經過瀏覽器來訪問tomcat-java-demo項目:http://Jenkins主機公網IP:88/
![圖片上傳中...]
能夠看到正常訪問,至此在京東雲上基ker+Git 的簡單CI流程實踐已經成功部署了。
歡迎點擊「連接」瞭解京東雲更多精彩
原參考地址:https://www.toutiao.com/a6
相關文章
- 1. 京東雲Kubernetes集羣最佳實踐
- 2. 京東618:ReactNative框架在京東無線端的實踐
- 3. 雲原生在京東丨揭祕五大雲原生項目在京東的落地實踐
- 4. 獨家揭祕 | 京東物流Elasticsearch大規模「遷移上雲」實踐
- 5. 京東架構師:前端工程化在京東首頁實踐
- 6. CI基於Jenkins的簡單實踐
- 7. 如何註冊京東雲申請圖片上傳
- 8. 雲原生在京東丨如何在 Kubernetes 上部署有狀態的雲原生應用?(上)
- 9. 京東雲的雲原生理念及 Serverless 最佳實踐
- 10. 雲時代如何藉助雲的力量實現自動化CI/CD流程?
- 更多相關文章...
- • XSD 如何使用? - XML Schema 教程
- • Thymeleaf項目實踐 - Thymeleaf 教程
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • Github 簡明教程
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
