[root@harbor ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) [root@harbor ~]# uname -r 3.10.0-862.el7.x86_64
[root@harbor ~]# ls
anaconda-ks.cfg docker-compose harbor-offline-installer-v1.5.0.tgzhtml
[root@harbor ~]# mkdir -p /data/ssl
[root@harbor ~]# cd /data/ssl/
[root@harbor ssl]# which openssl
[root@harbor ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
writing new private key to 'ca.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com
Email Address []:node
[root@harbor ssl]# linux
[root@harbor ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr
Generating a 4096 bit RSA private key
writing new private key to 'www.yunjisuan.com.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com
Email Address []:github
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@harbor ssl]# web
[root@harbor ssl]# openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt
Signature ok
Getting CA Private Key
[root@harbor ssl]#apache
[root@harbor ssl]# ls
ca.crt ca.key ca.srl www.yunjisuan.com.crt www.yunjisuan.com.csr www.yunjisuan.com.key
[root@harbor ssl]# cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/
[root@harbor ssl]# update-ca-trust enable
[root@harbor ssl]# update-ca-trust extract
[root@harbor ssl]# setenforce 0
[root@harbor ssl]# sestatus
[root@harbor ssl]# yum -y install yum-utils device-mapper-persistent-data 1vm2 wget
[root@harbor yum.repos.d]# wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@harbor yum.repos.d]# yum -y install docker-ce
[root@harbor yum.repos.d]# systemctl start docker
[root@harbor yum.repos.d]# vim /etc/docker/daemon.json
[root@harbor yum.repos.d]# cat /etc/docker/daemon.json
"registry-mirrors":[ "https://registry.docker-cn.com" ]
[root@harbor yum.repos.d]# systemctl daemon-reload
[root@harbor yum.repos.d]# systemctl restart docker
[root@harbor yum.repos.d]# docker version
Version: 18.09.0
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:48:22 2018
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Version: 18.09.0
API version: 1.39 (minimum version 1.12)
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:19:08 2018
OS/Arch: linux/amd64
Experimental: false
[root@harbor ssl]# cd /data/ssl/
[root@harbor ssl]# mkdir -p /etc/ssl/harbor
[root@harbor ssl]# cp /data/ssl/www.yunjisuan.com.key /etc/ssl/harbor/
[root@harbor ssl]# cp /data/ssl/www.yunjisuan.com.crt /etc/ssl/harbor/
[root@harbor install]# wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz
[root@harbor install]# cd ~
[root@harbor ~]# tar xf harbor-offline-installer-v1.5.0.tgz -C /data/install/
[root@harbor ~]# cd /data/install/harbor/
[root@harbor harbor]# cp harbor.cfg{,.bak}
[root@harbor harbor]# cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p'
7 hostname = www.yunjisuan.com
11 ui_url_protocol = https
23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt
24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key
68 harbor_admin_password = Harbor12345
[root@harbor harbor]#
[root@harbor harbor]# cd ~
[root@harbor ~]# chmod +x docker-compose
[root@harbor ~]# mv docker-compose /usr/bin/
[root@harbor ~]# which docker-compose
[root@harbor ~]# cd /data/install/harbor/
[root@harbor harbor]# ./install.sh --with-clair
[root@harbor ~]# scp /data/ssl/www.yunjisuan.com.crt The authenticity of host ' (' can't be established. ECDSA key fingerprint is SHA256:gm/RhqGrfDo5Rgcr/LmBAaqPv6tmni7cRpXjGEWZQpg. ECDSA key fingerprint is MD5:ae:f6:0b:6e:80:96:67:cf:bd:e8:f5:b5:c4:e0:da:11. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '' (ECDSA) to the list of known hosts. root@'s password: www.yunjisuan.com.crt 100% 1931 5.9KB/s 00:00 [root@harbor ~]# scp /data/ssl/www.yunjisuan.com.crt The authenticity of host ' (' can't be established. ECDSA key fingerprint is SHA256:gm/RhqGrfDo5Rgcr/LmBAaqPv6tmni7cRpXjGEWZQpg. ECDSA key fingerprint is MD5:ae:f6:0b:6e:80:96:67:cf:bd:e8:f5:b5:c4:e0:da:11. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '' (ECDSA) to the list of known hosts. root@'s password: www.yunjisuan.com.crt 100% 1931 19.5KB/s 00:00 [root@harbor ~]#
[root@docker ~]# update-ca-trust enable [root@docker ~]# update-ca-trust extract [root@docker ~]# echo " www.yunjisuan.com" >> /etc/hosts [root@docker ~]# systemctl restart docker
[root@jenkins ~]# update-ca-trust enable [root@jenkins ~]# update-ca-trust extract [root@jenkins ~]# echo " www.yunjisuan.com" >> /etc/hosts [root@jenkins ~]# systemctl restart docker
[root@harbor harbor]# yum -y install git
[root@harbor harbor]# useradd git [root@harbor harbor]# echo "123123" | passwd --stdin git Changing password for user git. passwd: all authentication tokens updated successfully.
[root@harbor ~]# su - git
Last login: Thu Dec 20 18:34:32 CST 2018 on pts/0
[git@harbor ~]$ mkdir solo.git
[git@harbor ~]$ cd solo.git/
[git@harbor solo.git]$ git --bare init
Initialized empty Git repository in /home/git/solo.git/
[git@harbor solo.git]$ ls
branches config description HEAD hooks info objects refs
[git@harbor solo.git]$
[root@jenkins ~]# yum -y install git
[root@jenkins ~]# git clone https://github.com/b3log/solo.git
[root@jenkins ~]# cd solo/
[root@jenkins solo]# ls
CHANGE_LOGS.html Dockerfile LICENSE pom.xml README_zh_CN.md
docker-compose.yml gulpfile.js package.json README.md src
[root@jenkins solo]# mkdir -p /code
[root@jenkins solo]# cd /code/
[root@jenkins code]# git clone root@
Cloning into 'solo'...
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:gm/RhqGrfDo5Rgcr/LmBAaqPv6tmni7cRpXjGEWZQpg.
ECDSA key fingerprint is MD5:ae:f6:0b:6e:80:96:67:cf:bd:e8:f5:b5:c4:e0:da:11.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
root@'s password:
warning: You appear to have cloned an empty repository.
[root@jenkins code]# ls
[root@jenkins code]# ls solo/
[root@jenkins code]#
[root@jenkins solo]# cd solo/
[root@jenkins solo]# git add .
[root@jenkins solo]# git commit -m "all"
[root@jenkins solo]# git config --global user.email "493115250@qq.com" #第一次提交會報錯,須要告訴git全局變量,郵箱和使用者
[root@jenkins solo]# git config --global user.name "suge" #第一次提交會報錯,須要告訴git全局變量,郵箱和使用者
[root@jenkins solo]# git commit -m "all"
[root@jenkins solo]# git push origin master
root@'s password:
Counting objects: 2099, done.
Compressing objects: 100% (2044/2044), done.
Writing objects: 100% (2099/2099), 27.44 MiB | 12.93 MiB/s, done.
Total 2099 (delta 367), reused 0 (delta 0)
To root@
* [new branch] master -> master
[root@jenkins solo]# cd /code/solo/src/main/resources/
[root@jenkins resources]# vim latke.properties
[root@jenkins resources]# cat -n latke.properties | sed -n '29p;31p'
29 serverHost= #修改爲docker的ip
31 serverPort=8888 #監聽端口
[root@jenkins resources]# cd /code/solo/
[root@jenkins solo]# git add .
[root@jenkins solo]# git commit -m "latke"
[master 82250cf] latke
1 file changed, 2 insertions(+), 2 deletions(-)
[root@jenkins solo]# git push origin master
root@'s password:
Counting objects: 11, done.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 534 bytes | 0 bytes/s, done.
Total 6 (delta 3), reused 0 (delta 0)
To root@
705030c..82250cf master -> master
[root@jenkins solo]#
[root@docker ~]# ls anaconda-ks.cfg jdk-8u45-linux-x64.tar.gz [root@docker ~]# tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/
[root@jenkins ~]# ls anaconda-ks.cfg apache-tomcat-8.0.46.tar.gz jdk-8u45-linux-x64.tar.gz apache-maven-3.5.0-bin.tar.gz docker-compose solo [root@jenkins ~]# tar xf jdk-8u45-linux-x64.tar.gz -C /usr/local/ #由於是鏡像的全部不用設置環境變量 [root@jenkins ~]# tar xf apache-maven-3.5.0-bin.tar.gz -C /usr/local/
[root@jenkins ~]# mkdir -p dockerfile/jenkins
[root@jenkins ~]# cd dockerfile/jenkins/
[root@jenkins jenkins]# vim Dockerfile
[root@jenkins jenkins]# cat Dockerfile #下的Jenkins鏡像是Ubuntu的
FROM jenkins
USER root
RUN echo "" > /etc/apt/sources.list.d/jessie-backports.list && \
wget http://mirrors.163.com/.help/sources.list.jessie -O /etc/apt/sources.list
RUN /usr/bin/apt-get update && /usr/bin/apt-get install -y git libltdl-dev
[root@jenkins jenkins]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:tlI4gYrpwQsCX+6DdsnphBl3QFldtkB/tlRQtmCAfJQ root@jenkins The key's randomart image is: +---[RSA 2048]----+ | .o.+o+=o+o+ | | ... ++Eo + . | |. + . .o + . | |o+ + . o + . | |=o+ o + S . | |+ oO + + . | | o= O . . | | . + . . | | . | +----[SHA256]-----+ [root@jenkins jenkins]# ssh-copy-id -i ~/.ssh/id_rsa.pub git@ /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys git@'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'git@'" and check to make sure that only the key(s) you wanted were added. [root@jenkins jenkins]# ssh git@ Last login: Thu Dec 20 18:34:53 2018 [git@harbor ~]$ exit logout
[root@jenkins jenkins]# docker build -t jenkins:1 .
[root@jenkins jenkins]# docker run -dit --name jenkins -p 8080:8080 -v /var/jenkins_home/:/var/jenkins_home/ -v /usr/local/apache-maven-3.5.0/:/usr/local/maven -v /usr/local/jdk1.8.0_45/:/usr/local/jdk -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker -v ~/.ssh/:/root/.ssh jenkins:1
[root@jenkins jenkins]# docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword 67a7a47315314a76bcae06ee790309a4
[root@jenkins jenkins]# mkdir -p /root/dockerfile/solo [root@jenkins jenkins]# cd /root/dockerfile/solo/ [root@jenkins solo]# vim Dockerfile
[root@jenkins solo]# cat Dockerfile
FROM centos:7
MAINTAINER www.yunjisuan.com
RUN /usr/bin/yum -y install unzip iproute
ENV JAVA_HOME /usr/local/jdk
ADD apache-tomcat-8.0.46.tar.gz /usr/local
RUN mv /usr/local/apache-tomcat-8.0.46 /usr/local/tomcat
WORKDIR /usr/local/tomcat
ENTRYPOINT ["./bin/catalina.sh","run"]
[root@jenkins solo]# ls
apache-tomcat-8.0.46.tar.gz Dockerfile
[root@jenkins solo]# docker build -t tomcat:v1 .
[root@jenkins solo]# docker images
tomcat v1 eba33a67bb74 2 minutes ago 302MB
jenkins 1 60f11a4065d4 43 minutes ago 738MB
centos 7 1e1148e4cc2c 2 weeks ago 202MB
jenkins latest cd14cecfdb3a 5 months ago 696MB
[root@jenkins solo]# docker login -uadmin -pHarbor12345 www.yunjisuan.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
Login Succeeded
[root@jenkins solo]# docker tag tomcat:v1 www.yunjisuan.com/library/tomcat:v1
[root@jenkins solo]# docker push www.yunjisuan.com/library/tomcat:v1
The push refers to repository [www.yunjisuan.com/library/tomcat]
68c3eb65b757: Pushed
ff448c703734: Pushed
5a25c30f7a36: Pushed
071d8bd76517: Pushed
v1: digest: sha256:1e7203c1caeace697e8057f9b69f70e20dc744e1fea9ff9c36e9fd8c6720188f size: 1163
[root@jenkins solo]#
[root@jenkins solo]# ll ~/.ssh/ total 12 -rw-------. 1 root root 1679 Dec 20 20:19 id_rsa -rw-r--r--. 1 root root 394 Dec 20 20:19 id_rsa.pub -rw-r--r--. 1 root root 177 Dec 20 18:54 known_hosts [root@jenkins solo]# ssh-copy-id root@ /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host ' (' can't be established. ECDSA key fingerprint is SHA256:gm/RhqGrfDo5Rgcr/LmBAaqPv6tmni7cRpXjGEWZQpg. ECDSA key fingerprint is MD5:ae:f6:0b:6e:80:96:67:cf:bd:e8:f5:b5:c4:e0:da:11. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@'" and check to make sure that only the key(s) you wanted were added. [root@jenkins solo]# ssh root@ Last login: Sat Dec 22 11:43:47 2018 from [root@docker ~]# exit
[root@jenkins solo]# cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAyzG46DWQfUOpgoyaKPAYRsqYSdjqsaFHlQRO94Oo0y7anL1l 3EnCgGXkfnrQWgE9HKPQuiY00VFvfihOC1xUBd/N6I4F3pIF54vLCpSxbl477ibL HgW/k8S4UQqihe+FTY1gOwiTxQREOqTCx0Gn0iXvWt/hP1AWeGy39u0+1Npg6yrs x+9OWygYswHv4CrMKgzrxsIozOiw4+y+OmDbKcRwGAo+M1fbo+0Ryc/3rAq7Kmdi CDm7V91kOs9t0DdvB7v5ZRXn4O9vFWqS1kORHGOssVuFVKbrLJCiPaT4YD3CI1KB CSjBwOXJ7ur2YQWnIVuKJdiBMZL1C5JVjwEOzQIDAQABAoIBAQC/OsZY08BuA3XO hWC4Um2mghict2b5UV264tkmnGQQjDH1/VGV5l0E1eAbIJ5hdnT7NTjFWBuxO0EA rBH3Iyd4d86jpLXlZ+vipG+sP5BU3J7uXNggIyzPdv44VxfpkSgVeo4sQMBBVOiZ gGJHgITehBElpzmnikn7f+YKn/DYBBatE7Wom79aJ/hVfdZBDykjZR4Agh4wTAd1 CqbqGL0rR/E7Eh3vbYnGB/fWdqaVY7hmcQkzo6jqTLGLzJ/1f74KzbwR/lSrLm6E ljw9MYnXk7Knfqxlw+t6bC87xb6kr3B85X3ULkR8RwLtR+smOjTd2GYnJHz1t/yr 8iMRHVUBAoGBAPqNNNjW6T7VEKo/MLHw2w9Bt6qdjgN38CLfd0fh0JY+bMWfncUg /NQawezKMWaYICqB8pKhUf3MucwALK+BpQwa/ky7pnJOLnpKjXDKeiOIcHYOx/sH V4QDAbfRXq4GwQTX3dYrsRjcq8e6QjLqvTIItioDLfAed3n8qEEhCWMhAoGBAM+c 4e+p/jMYQM+P0yb6dD7ktFBWSXGZ9gpfdtUIzInvaejmPAGpQa5TKYJ+LVe1TFZT Mn5YssbOy5YRle+ISoiI/rGm6QCaeCGZFBmW6lzhL6UgiGrH1Y+6kItO6MSEJYwb 35vGYaaKPnHa9iUzEjJFhnQihcJEPPMNU1ODaGItAoGBAIQDkNvL6NvNYdmCMAMh 2Bpi0wZXu7MCKAoH2o6KYeA4BhHetz9d0Tlk29cK9hqLfy9GhuxRiaUDkMX3NZRH 6BHHy0Pc/6dsoDqZO4s5dD9yrWbXBPG0fZ02BFq5O3zQXDVUFDO7k7V42B4Fesnf O064nlrmj/bb5rHkuTaP1KVhAoGAZkCobrfVASlS0mfN4Ya9NjTCMkctSQxBR/6Y snfw9Ya7LQAoUdEhDlDbQvAOOQKMJIA5gE0DUDONxc3HgQApZXHDr4+7dpad0D5q zeesai5mnveU+LKPloiWpGYq8o77RzR7P2fHtJSmCMGFNfEfZy8i95QBORsOwc6w WZOBF8kCgYB7RzhXxWZ4mZEY4KZ4+ywOGxU6lTgkO7touqgSLMn8oqs7SBvG5+DA sKXnHvYHESUmMzBH0eJiMCQqywAXYXtbRPUtwxLilg1mxObASbNhOh7Lx+Wia37r 9FFqjYE9YmPwegMI/FiPrfHCrlOJTf5eAECQnJgKfuLlIEnfExcFHA== -----END RSA PRIVATE KEY-----
[root@jenkins solo]# cd /var/jenkins_home/workspace/ [root@jenkins workspace]# ls solo_bolg [root@jenkins workspace]# cd solo_bolg/ [root@jenkins solo_bolg]# l -bash: l: command not found [root@jenkins solo_bolg]# ls CHANGE_LOGS.html Dockerfile LICENSE pom.xml README_zh_CN.md target docker-compose.yml gulpfile.js package.json README.md src [root@jenkins solo_bolg]# cd target/ [root@jenkins target]# ls classes generated-sources generated-test-sources maven-status test-classes
cd $WORKSPACE car > Dockerfile << fof FROM www.yunjisuan.com/library/tomcat:v1 MAINTAINER www.yunjisuan.com COPY target/solo.war /tmp/ROOT.war RUN rm -rf /usr/local/tomcat/webapps/* &&\ unzip /tmp/ROOT.war -d /usr/local//tomcat/webapps/ROOT && \ rm-f /tmp/ROOT.war WORKDIR /usr/local/tomcat EXPOSE 8080 ENTRYPOINT ["./bin/catalina.sh","run"] fof docker build -t www.yunjisuan.com/library/solo:v1 . docker login -uadmin -pHarbor12345 www.yunjisuan.com docker push www.yunjisuan.com/library/solo:v1
docker rm -f solo docker rmi -f www.yunjisuan.com/library/solo:v1 docker login -uadmin -pHarbor12345 www.yunjisuan.com docker run -d --name solo -p 8888:8080 -v /usr/local/jdk1.8.0_45/:/usr/local/jdk www.yunjisuan.com/library/solo:v1