git clone https://git.oschina.net/99fu/CI.git
FROM jenkins:latestENV JENKINS_HOME /var/jenkins_homeENV JENKINS_SLAVE_AGENT_PORT 50000# Jenkins is ran with user `root`, so can operate dockerUSER rootRUN apt-get update \&& apt-get install -y sudo \&& rm -rf /var/lib/apt/lists/*RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoersUSER jenkinsCOPY plugins.txt /usr/share/jenkins/plugins.txtRUN /usr/local/bin/plugins.sh /usr/share/jenkins/plugins.txt
咱們須要賦予jenkins用戶sudo權限以便能在容器內運行Docker命令。固然,也能夠將jenkins用戶加入到Docker組中來避免在全部Docker命令前使用‘sudo’,不過因爲這個組gid的不一樣會形成不可移植(如Pini文中所述)。html
最後兩行用於處理 plugins.txt 文件中定義的插件。若是你不須要任何插件能夠忽略這兩行,不過1.6前推薦至少包括以下內容:java
$ cat plugins.txt
scm-api:latest
git-client:latest
git:latest
greenballs:latest
sudo docker build -t 99fu.cn:5000/fu/jenkins:latest .
sudo docker run -d -p 8080:8080 --name jenkins -v /usr/bin/docker:/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock -v /home/fu/maven-tar:/root 99fu.cn:5000/fu/jenkins:latest
sudo docker run -d -p 8080:8080 --name jenkins -v $(which docker):/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock -v /home/fu/maven-tar:/root 99fu.cn:5000/fu/jenkins:latest
sudo docker run -d -p 8080:8080 --name jenkins -v /home/fu/jenkins_home:/var/jenkins_home -v /usr/bin/docker:/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock -v /home/fu/maven-tar:/root 99fu.cn:5000/fu/jenkins:latest
ouch: cannot touch ‘/var/jenkins_home/copy_reference_file.log’: Permission deniedCan not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
If the directory is empty:sudo chown 1000 volume_dirIf the directory already contains files:sudo chown -R 1000 volume_dir
sudo docker exec -it jenkins /bin/bash
sudo docker logs jenkins
sudo docker exec -it jenkins /bin/bash
cat /var/jenkins_home/secrets/initialAdminPassword
sudo docker run hello-world
在容器中調用docker的方式如今的問題是,jenkins是運行docker容器中,沒法感知docker的存在。在Docker中使用Docker有三種方:DooD(Docker-outside-of-Docker)咱們須要賦予jenkins用戶sudo權限以便能在容器內運行Docker命令。固然,也能夠將jenkins用戶加入到Docker組中來避免在全部Docker命令前使用‘sudo’,不過因爲這個組gid的不一樣會形成不可移植DinD(Docker in Docker)在docker鏡像中要再安裝docker服務。此時,在容器中的docker和宿主機的docker是兩個不一樣的程序,相互沒有關聯,DinD並不比使用特權模式的容器安全性高,不過確實能避免使用sudo。DinD最主要的劣勢是你沒法重用宿主緩存的鏡像(不過若是須要爲測試容器提供一個與宿主隔離的乾淨環境,這將頗有用)。使用HTTPS與Docker後臺程序通信jenkins配置docker插件,而且docker進行端口配置。經過HTTPS暴露socket不須要sudo而且可使用宿主的鏡像,但由於打開了端口增長了攻擊面,能夠說是最不安全的
REGISTRY_URL=192.168.80.146:5000cp /root/apache-maven-3.3.9-bin.tar.gz $WORKSPACE/mavensudo docker build -t $REGISTRY_URL/fu/maven:3.3.9 $WORKSPACE/mavenif sudo docker ps -a | grep -i maven ;then sudo docker rm -f mavenfisudo docker create --name maven $REGISTRY_URL/fu/maven:3.3.9sudo docker cp maven:/hello/target/hello.war $WORKSPACE/hellosudo docker build -t $REGISTRY_URL/fu/hello:1.0 $WORKSPACE/hellosudo docker push $REGISTRY_URL/fu/hello:1.0if sudo docker ps -a | grep -i hello; then sudo docker rm -f hellofisudo docker run -d -p 80:8080 --name hello $REGISTRY_URL/fu/hello:1.0
- 注:需要在registry中加入REGISTRY_URL=192.168.80.146:5000 的過濾,如{ "insecure-registries":["99fu.cn:5000","192.168.80.146:5000"] }
設置registry路徑copy maven的tar包到項目maven中( $WORKSPACE爲git pull下來項目中)build maven 項目查看當前容器,-i 忽略大小寫,若是存在剛刪除而後再建立一個新的maven容器重新建立的容器中取出maven項目下的hello的war包,到hello中而後再構建hello項目將hello應用push到registry中,以便別的服務能夠拉取若是hello容器已存在,須先刪除,容器名字相同會使容器啓動失敗啓動hello容器,可從瀏覽器中查看更改
http://fu:8b1a616bb9f22c01542465b81c3e5ad7@192.168.80.147:8080/job/docker-app/build?token=java-token
/job/docker-app/build?token=
java-token
fu:8b1a616bb9f22c01542465b81c3e5ad7@ 從jenkins中獲取
docker pull sameersbn/gitlab:8.13.3
docker pull sameersbn/gitlab:8.13.3
wget https://raw.githubusercontent.com/sameersbn/docker-gitlab/master/docker-compose.yml
docker-compose up
docker run --name gitlab-postgresql -d \ --env 'DB_NAME=gitlabhq_production' \ --env 'DB_USER=gitlab' --env 'DB_PASS=password' \ --env 'DB_EXTENSION=pg_trgm' \ --volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \ sameersbn/postgresql:9.5-3
docker run --name gitlab-redis -d \ --volume /srv/docker/gitlab/redis:/var/lib/redis \ sameersbn/redis:latest
docker run --name gitlab -d \ --link gitlab-postgresql:postgresql --link gitlab-redis:redisio \ --publish 10022:22 --publish 10080:80 \ --env 'GITLAB_PORT=10080' --env 'GITLAB_SSH_PORT=10022' \ --env 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \ --env 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \ --env 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ sameersbn/gitlab:8.13.3
docker run --name gitlab-mysql -d \ --env 'DB_NAME=gitlabhq_production' \ --env 'DB_USER=gitlab' --env 'DB_PASS=password' \ --volume /srv/docker/gitlab/mysql:/var/lib/mysql \ sameersbn/mysql:latest
docker run --name gitlab -d \ --link gitlab-mysql:mysql --link gitlab-redis:redisio \ --publish 10022:22 --publish 10080:80 \ --env 'GITLAB_PORT=10080' --env 'GITLAB_SSH_PORT=10022' \ --env 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \ --env 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \ --env 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ sameersbn/gitlab:8.13.3
git initgit remote add origin http://192.168.80.147:10080/root/app-test.gitgit add .git commit -m "init"git push -u origin master
remote: GitLab: You are not allowed to push code to protected branches on this project.To http://192.168.1.103:10080/fu/CI.git ! [remote rejected] master -> master (pre-receive hook declined)error: failed to push some refs to 'http://192.168.1.103:10080/fu/CI.git'
Use the following URL to trigger build remotely: JENKINS_URL/job/CI/build?token=TOKEN_NAME 或者 /buildWithParameters?token=TOKEN_NAMEOptionally append &cause=Cause+Text to provide text that will be included in the recorded build cause.
Hook executed successfully but returned HTTP 403 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 403 No valid crumb was included in the request</title> </head> <body><h2>HTTP ERROR 403</h2> <p>Problem accessing /job/CI/build. Reason: <pre> No valid crumb was included in the request</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html>
Hook executed successfully: HTTP 201
docker run --name mysql -d -p 3307:3306 \ --env 'DB_NAME=xc' \ --env 'DB_USER=admin' --env 'DB_PASS=admin' \ --volume /srv/docker/mysql_data/mysql:/var/lib/mysql \ sameersbn/mysql:latest
============================> dev-springemp <============================#jenkins docker 命令說明--persistent String parameter2個參數Registry_URLimage_repository--Registry_URL默認值:localhost描述:registry倉庫地址例如:139.129.21.58:443--image_repository描述:應用鏡像名csphere/my-web-app--githttps://git.oschina.net/2839543/springemp.git--Execute Shell 4 step# build imagedocker build -t ${Registry_URL}/${image_repository}:$GIT_COMMIT $WORKSPACE/# push image to registrydocker push ${Registry_URL}/${image_repository}:$GIT_COMMIT# tag with latestdocker tag -f ${Registry_URL}/${image_repository}:$GIT_COMMIT ${Registry_URL}/${image_repository}:latest# push image to registrydocker push ${Registry_URL}/${image_repository}:latest============================> test-springemp <============================--persistent String parameter4個參數Registry_URLimage_repositoryimage_tagtest_url--githttps://git.oschina.net/2839543/springemp.git--Execute Shell#增長可執行權限chmod u+x deploy.sh init.sh test-script.sh#執行測試./test-script.sh--增長郵件通知============================> prod-springemp <============================--persistent String parameter4個參數Registry_URLimage_repositoryimage_tagimage_new_tag--Execute Shell# new tagdocker tag -f ${Registry_URL}/${image_repository}:${image_tag} ${Registry_URL}/${image_repository}:${image_new_tag}# docker push imagedocker push ${Registry_URL}/${image_repository}:${image_new_tag}