cicd架构 软件 版本 gogs 0.11.86 mysql 5.6.49 java 17.0.8 jenkins 2.401.3 sonarqube 7.3 sonar-l10n-zh-plugin 1.23 sonar-scanner-cli 4.2.0 docker 20.10.7 harbor 2.2.2 maven 3.9.0
节点 IP 系统 功能 CPU 内存 硬盘 node1 10.80.10.1 centos7.9 gogs、mysql、jenkins、docke、harbor、mave 4核心 8GB 20GB node2 10.80.10.2 centos7.9 maven 4核心 8GB 20GB
git服务器gogs搭建实战 node1
下载安装mysql:
下载地址:https://downloads.mysql.com/archives/community/
1 2 3 4 # cd /usr/local/src/ # wget https://downloads.mysql.com/archives/get/p/23/file/MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar # tar -xvf MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar # yum localinstall -y MySQL-shared-* MySQL-client* MySQL-server* MySQL-devel*
修改配置文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 # vim /etc/my.cnf [mysqld] bind-address=0.0.0.0 skip-name-resolve innodb-file-per-table=1 datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 [mysqld_safe] log-error=/var/log/mysql.log pid-file=/var/run/mysql.pid !includedir /etc/my.cnf.d
启动mysql,设置开机自启:
1 2 3 # systemctl start mysql # systemctl enable mysql # systemctl status mysql
查看密码:
1 2 # cat /root/.mysql_secret # The random password set for the root user at Tue Dec 12 20:12:58 2023 (local time): r0GZJn_g98vpTyR3
重置密码,123456:
1 2 3 4 5 6 7 8 9 # mysql_secure_installation 旧密码 Y 新密码 新密码 Y Y Y Y
登录数据库,创建gogs数据库:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 # mysql -uroot -p123456 -A mysql> create database gogs character set utf8 collate utf8_bin; Query OK, 1 row affected (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | gogs | | mysql | | performance_schema | +--------------------+ 4 rows in set (0.00 sec) mysql> quit
下载安装git,添加git用户:
1 2 3 4 # yum -y install git # git --version git version 1.8.3.1 # useradd git -s /sbin/nologin
下载安装gogs:
下载地址:https://dl.gogs.io/0.11.86/
1 2 3 4 5 6 # cd /usr/local/src/ # wget https://dl.gogs.io/0.11.86/gogs_0.11.86_linux_amd64.tar.gz # tar -xzvf gogs_0.11.86_linux_amd64.tar.gz # mv gogs /usr/local/ # /usr/local/gogs/gogs --version Gogs version 0.11.86.0130
systemctl管理gogs:
1 2 3 4 5 6 7 8 9 10 11 12 # vim /usr/lib/systemd/system/gogs.service [Unit] Description=gogs After=network.target [Service] Type=simple ExecStart=/usr/local/gogs/gogs web User=root [Install] WantedBy=multi-user.target
启动gogs,设置开机自启:
1 2 3 # systemctl start gogs # systemctl enable gogs # systemctl status gogs
查看端口和进程:
1 2 3 4 5 # netstat -tlunp | grep gogs tcp6 0 0 :::3000 :::* LISTEN 8638/gogs # ps -ef | grep gogs root 8638 1 0 20:17 ? 00:00:00 /usr/local/gogs/gogs web root 8670 8091 0 20:17 pts/0 00:00:00 grep --color=auto gogs
浏览器访问:http://10.80.10.1:3000/
1 2 3 4 5 6 7 8 9 10 11 12 13 14 数据库设置: 数据库用户密码:123456 应用基本设置: 运行系统用户:root 域名:10.80.10.1 应用URL:http://10.80.10.1:3000/ 可选设置: 服务器和其它服务设置: 禁止用户自主注册:勾选 管理员帐号设置: 管理员用户名:student 管理员密码:123456 确认密码:123456 管理员邮箱:student@localhost.com
浏览器访问:192.168.80.71:3000
查看配置文件:
1 # cat /usr/local/gogs/custom/conf/app.ini
查看日志文件:
1 # tail /usr/local/gogs/log/gogs.log
git代码推送和拉取实战 gogs创建新仓库:
右上角创建—>创建新的仓库
node1
git初始化推送实战,添加devops仓库:
1 2 3 4 # mkdir -p /soft/git # cd /soft/git/ # git init # git remote add origin http://10.80.10.1:3000/student/devops.git
编写代码:
1 2 # vim student.py print("student")
上传本地:
1 2 # git add * # git commit -m student
上传gogs:
1 2 3 # git push -u origin master 账户:student 密码:123456
配置上传gogs免密:
1 2 3 # vim .git/config # 7行,修改配置 url = http://student:123456@10.80.10.1:3000/student/devops.git
手动拉取代码:
1 2 3 4 5 6 7 8 9 # mkdir /tmp/0000 # cd /tmp/0000/ # git init # git remote add origin http://10.80.10.1:3000/student/devops.git # git pull origin master 账户:student 密码:123456 # ls student.py
配置下载gogs免密,同上传:
1 2 3 # vim .git/config # 7行,修改配置 url = http://student:123456@10.80.10.1:3000/student/devops.git
架构缺点:
svn版本服务器搭建 node1
下载安装svn:
1 2 3 # yum install -y subversion # svnversion --version svnversion, version 1.7.14 (r1542130)
创建svn数据目录:
1 2 3 4 5 # mkdir -p /data/svn # svnadmin create /data/svn # cd /data/svn/ # ls conf db format hooks locks README.txt
配置用户名密码:
1 2 3 # vim conf/passwd # 尾行,添加配置 student = 123456
配置权限,所有权限:
1 2 3 4 # vim conf/authz # 尾行,添加配置 [/] student = rw
修改服务器其它配置:
1 2 3 4 5 6 7 8 9 # vim conf/svnserve.conf # 19行,取消注释,修改配置 anon-access = none # 20行,取消注释 auth-access = write # 27行,取消注释 password-db = passwd # 34行,取消注释 authz-db = authz
systemctl管理svn:
1 2 3 4 5 6 7 8 9 10 11 12 # vim /usr/lib/systemd/system/svn.service [Unit] Description=svn After=network.target [Service] Type=forking ExecStart=/usr/bin/svnserve -d -r /data/svn/ User=root [Install] WantedBy=multi-user.target
启动svn,设置开机自启:
1 2 3 # systemctl start svn # systemctl enable svn # systemctl status svn
连接svn:
1 2 3 4 5 # svn checkout svn://10.80.10.1 /soft/svn/ 回车 账户:student 密码:123456 yes
编写代码:
1 2 3 # cd /soft/svn/ # vim studentsvn.py print('studentsvn')
提交代码:
1 2 # svn add * # svn commit -m studentsvn
新建终端,拉取代码:
1 2 3 4 5 # mkdir /tmp/1111 # cd /tmp/1111/ # svn checkout svn://10.80.10.1 ./ # ls studentsvn.py
添加代码文件:
1 2 3 # cd /soft/svn/ # vim studentsvn2.py print('studentsvn2')
提交代码,忽略报错:
1 2 # svn add * # svn commit -m studentsvn2
更新代码,下载新添加的代码:
1 2 3 4 # cd /tmp/1111/ # svn update # ls studentsvn2.py studentsvn.py
架构缺点:
jenkins环境搭建 node1
下载安装java:
下载地址:https://www.oracle.com/java/technologies/javase/jdk11-archive-downloads.html
1 2 3 4 5 6 7 # cd /usr/local/src/ # tar -xzvf jdk-17.0.8_linux-x64_bin.tar.gz # mv jdk-17.0.8 /usr/local/jdk17 # /usr/local/jdk17/bin/java -version java version "17.0.8" 2023-07-18 LTS Java(TM) SE Runtime Environment (build 17.0.8+9-LTS-211) Java HotSpot(TM) 64-Bit Server VM (build 17.0.8+9-LTS-211, mixed mode, sharing)
下载安装jenkins,查看lts版本:
下载地址:https://mirrors.jenkins.io/war-stable/2.401.3/
1 2 3 # cd /usr/local/src/ # wget https://mirrors.jenkins.io/war-stable/2.401.3/jenkins.war --no-check-certificate # cp jenkins.war /root/jenkins.war
systemctl管理jenkins:
1 2 3 4 5 6 7 8 9 10 11 12 # vim /usr/lib/systemd/system/jenkins.service [Unit] Description=jenkins After=network.target [Service] Type=simple ExecStart=/usr/local/jdk11/bin/java -jar /root/jenkins.war User=root [Install] WantedBy=multi-user.target
启动jenkins,设置开机自启:
1 2 3 # systemctl start jenkins # systemctl enable jenkins # systemctl status jenkins
查看日志:
1 # tail -f /var/log/messages
查看密码:
1 2 # cat /root/.jenkins/secrets/initialAdminPassword e21e1fb0315748068c2dd9d8275c69b4
浏览器访问:http://10.80.10.1:8080/
选择插件来安装:
不安装插件:
使用admin账户继续:
默认:
安装完成:
进入主页:
修改密码:
右上角admin—>Configure—>Password
1 2 Password:123456 Confirm Password:123456
重新登陆:
1 2 Username:admin Password:123456
进入主页:
jenkins插件安装插件优化 node1
修改插件配置:
1 2 # sed -i 's#updates.jenkins.io/download#mirrors.tuna.tsinghua.edu.cn/jenkins#g' /root/.jenkins/updates/default.json # sed -i 's/www.google.com/www.baidu.com/g' /root/.jenkins/updates/default.json
1 2 # systemctl restart jenkins # systemctl status jenkins
jenkins安装插件,Chinese:
Manage Jenkins—>Available plugs—>Plugins
重启jenkins,界面为中文:
安装其它插件,Git、Subversion、Publish Over SSH:
系统管理—>插件管理—>可选插件:
如果下载失败,下载插件文件上传到/root/.jenkins/plugins/
文件夹,重启jenkins。
jenkins架构下代码的分发 node1
生成秘钥:
1 2 3 4 5 # ssh-keygen -t rsa 回车 回车 回车 # ssh-copy-id 127.0.0.1
ssh免输入yes:
1 2 3 # vim /etc/ssh/ssh_config # 35行,取消注释,修改配置 StrictHostKeyChecking no
新建任务:
1 2 输入一个任务名称:student_publish_over_ssh 构建一个自由风格的软件项目
1 2 3 4 5 6 7 源码管理: Git: Repositories: Repository URL:http://10.80.10.1:3000/student/devops.git Credentials(添加jenkins后Credentials选择student用户): 用户名:student 密码:123456
创建成功后,立即构建:
查看输出:
点击构建记录—>控制台输出
查看jenkins构建空间,自动下拉代码:
1 2 3 4 # ls /soft/git/ student.py # ls /root/.jenkins/workspace/student_publish_over_ssh student.py
添加代码下发服务器:
系统管理—>系统配置
1 2 3 4 5 6 7 8 9 10 11 12 13 Publish over SSH: Jenkins SSH Key: Path to key:/root/.ssh/id_rsa SSH Servers(新增): Name:10.80.10.1 Hostname:10.80.10.1 Username:root Remote Directory:/tmp/ SSH Servers(新增): Name:127.0.0.1 Hostname:127.0.0.1 Username:root Remote Directory:/tmp/
修改student_publish_over_ssh任务:
点击student_publish_over_ssh—>配置
1 2 3 4 5 6 7 8 9 Build Steps: Send files or execute commands over SSH: SSH Publishers: SSH Server: Name:10.80.10.1 Transfers: Source files:** Remote directory:/studentgit/ Exec command:#make or cp
立即构建:
查看下发代码:
1 2 # ls /tmp/studentgit/ student.py
更新代码:
1 2 3 # cd /soft/git/ # vim student2.py print("new2")
提交代码:
1 2 3 # git add * # git commit -m student # git push -u origin master
再次构建:
查看代码:
1 2 # ls /tmp/studentgit/ student2.py student.py
jenkins+ansible批量服务器部署架构 publish over ssh缺点:
node1
下载安装ansible:
1 # yum install -y ansible
配置免密:
1 2 # ssh-copy-id 10.80.10.1 # ssh-copy-id 127.0.0.1
ansible命令测试:
1 2 3 # vim /root/hosts 127.0.0.1 10.80.10.1
ansible查看磁盘空间:
1 # ansible -i /root/hosts all -m shell -a "df -h"
ansible拷贝文件:
1 2 3 # mkdir -p /tmp/copy # touch /tmp/copy/{1,2,3}.txt # ansible -i /root/hosts all -m copy -a "src=/tmp/copy/ dest=/tmp/dest"
ansible同步文件,不同步.git:
1 2 3 4 5 6 7 # cd /tmp/copy/ # git init # ls -a . .. 1.txt 2.txt 3.txt .git # ansible -i /root/hosts all -m synchronize -a "src=/tmp/copy/ dest=/tmp/dest rsync_opts=--exclude=.git*" # ls -a /tmp/dest/ . .. 1.txt 2.txt 3.txt
安装插件,Ansible:
系统管理—>插件管理—>可选插件:
配置ansible环境:
系统管理—>全局工具配置
1 2 3 4 5 6 7 Ansible(新增Ansible): Ansible: Name:ansible Path to ansible executables directory:/usr/bin/ Ansible: Name:ansible-playbook Path to ansible executables directory:/usr/bin/
新建ansible任务:
1 2 输入一个任务名称:student_ansible 复制:student_publish_over_ssh
1 2 3 4 5 6 7 Build Steps(删除Send files or execute commands over SSH,新建Invoke Ansible Ad-Hoc Command): Host pattern:all Inventory:Inline content Content:127.0.0.1 10.80.10.1 Module:synchronize Module arguments or command to execute:src=/root/.jenkins/workspace/student_ansible/ dest=/tmp/student_ansible/ rsync_opts=--exclude=.git*
立即构建:
查看代码:
1 2 # ls /tmp/student_ansible/ student2.py student.py
新建playbook任务:
1 2 输入一个任务名称:student_playbook 复制:student_ansible
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Build Steps(重新配置): 执行shell: 命令: cat << EOF > /root/student.yml --- - hosts: all tasks: - name: copy synchronize: src=/root/.jenkins/workspace/student_playbook/ dest=/tmp/student_playbook rsync_opts=--exclude=.git* - name: student ifconfig shell: ls /tmp/student_playbook register: result - debug: var=result EOF Invoke Ansible Playbook Ansible installation:ansible-playbook Playbook path:/root/student.yml Inventory:Inline content Content:127.0.0.1 10.80.10.1
查看代码:
1 2 # ls /tmp/student_playbook/ student2.py student.py
更新代码:
1 2 3 # cd /soft/git/ # vim /soft/git/student3.py print("new3")
1 2 3 # git add * # git commit -m student # git push -u origin master
再次构建,查看代码:
1 2 # ls /tmp/student_playbook/ student2.py student3.py student.py
jenkins+pipeline批量服务器部署架构 安装插件,Pipeline:
系统管理—>插件管理—>可选插件:
node1
拉取git代码:
1 2 3 4 5 6 7 # mkdir -p /tmp/work/student/devops # cd /tmp/work/student/devops/ # git init # git remote add origin http://10.80.10.1:3000/student/devops.git # git pull origin master 账户:student 密码:123456
1 2 3 # vim .git/config # 7行,修改配置 url = http://student:123456@10.80.10.1:3000/student/devops.git
新建任务,pipeline下发代码:
1 2 输入一个任务名称:student_pipeline 流水线
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 流水线: 脚本: pipeline { agent any stages { stage("git pull") { steps { sh 'cd /tmp/work/student/devops; git pull origin master' } } stage("copy code") { steps { sh '''for i in 127.0.0.1 10.80.1; do rsync --exclude=.git -av /tmp/work/student/devops/ $i:/tmp/pipelinersync/; ssh $i 'ls /tmp/pipelinersync'; done''' } } } }
立即构建:
1 2 # ls /tmp/pipelinersync/ student2.py student3.py student.py
更新代码下发:
1 2 3 # cd /soft/git/ # vim /soft/git/student4.py print("new4")
1 2 3 # git add * # git commit -m student4 # git push -u origin master
再次构建:
1 2 # ls /tmp/pipelinersync/ student2.py student3.py student4.py student.py
pipeline调用git+ansible实现,也可以调用playbook。
jenkins开发环境scm持续集成 scm源代码管理:
当代码变化时自动触发构建,不需要人为去jenkins点击。 jenkins的scm:
* * * * * 每分钟检测代码是否更新。
H/5 * * * * 每5分钟。
H * * * * 每小时。
H H * * * 每天。
修改student_ansible配置,每分钟检测:
1 2 3 构建触发器: 轮训SCM: * * * * *
配置scm:
node1
查看代码:
1 2 # ls /tmp/student_ansible/ student2.py student.py
提交代码:
1 2 3 # cd /soft/git/ # vim /soft/git/student5.py print("new5")
1 2 3 # git add * # git commit -m student5 # git push -u origin master
1 2 # ls /tmp/student_ansible/ student2.py student3.py student4.py student5.py student.py
轮询日志有记录:
jenkins+githook秒级持续集成 修改student_pipeline配置:
1 2 3 General: 触发远程构建: 身份验证令牌:studenttoken
node1
使用命令构建:
1 # curl -u admin:123456 'http://10.80.10.1:8080/job/student_pipeline/build?token=studenttoken'
gogs对接jenkins:
进入仓库—>仓库设置—>管理Git钩子—> post-receive
1 2 #!/bin/bash curl -u admin:123456 'http://10.80.10.1:8080/job/student_pipeline/build?token=studenttoken'
更新代码:
1 2 3 # cd /soft/git/ # vim /soft/git/student6.py print("new6")
1 2 3 # git add * # git commit -m student6 # git push -u origin master
jenkins会自动构建代码:
查看代码:
1 2 # ls /tmp/student_ansible/ student2.py student3.py student4.py student5.py student6.py student.py
sonarscan代码质量分析服务搭建 node1
下载安装sonarqube和插件:
下载地址:https://binaries.sonarsource.com/?prefix=sonarqube/
下载地址:https://github.com/xuhuisheng/sonar-l10n-zh/tags
1 2 3 4 5 # cd /usr/local/src/ # wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.3.zip # wget https://github.com/xuhuisheng/sonar-l10n-zh/releases/download/sonar-l10n-zh-plugin-1.23/sonar-l10n-zh-plugin-1.23.jar # unzip sonarqube-7.3.zip -d /usr/local/ # cp sonar-l10n-zh-plugin-1.23.jar /usr/local/sonarqube-7.3/extensions/plugins/
修改sonar用户,sonar必须得用普通用户启动:
1 2 # useradd sonar # chown -R sonar:sonar /usr/local/sonarqube*
创建sonar数据库:
1 2 3 4 5 6 # mysql -uroot -p123456 mysql> create database sonar; Query OK, 1 row affected (0.01 sec) mysql> exit
切换用户,修改sonarqube配置:
1 2 3 4 5 6 7 # su - sonar $ vim /usr/local/sonarqube-7.3/conf/sonar.properties # 16~17行,修改配置 sonar.jdbc.username=root sonar.jdbc.password=123456 # 28行,修改配置 sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
启动sonarqube,需要普通用户:
1 2 3 4 $ cd /usr/local/sonarqube-7.3/bin/linux-x86-64/ $ ./sonar.sh start Starting SonarQube... Started SonarQube.
1 2 3 4 $ lsof -i:9000 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 26058 sonar 117u IPv6 107773 0t0 TCP *:cslistener (LISTEN) $ exit
浏览器访问:http://10.80.10.1:9000/
登录:
跳过教程,进入主页:
修改密码:
右上角—>我的账号—>安全—>修改密码
1 2 3 旧值:admin 新值:123456 确认新值:123456
关闭scm:
配置—>scm—>开启Disable the SCM Sensor
强制认证:
配置—>权限—>开启Force user authentication
admin用户的权限配置:开启执行分析权限
配置—>权限—>全局权限
sonarscan扫描代码生成代码质量报告 node1
下载安装sonarscaner:
下载地址:https://docs.sonarqube.org/latest/analyzing-source-code/scanners/sonarscanner/
1 2 3 # cd /usr/local/src/ # wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.2.0.1873-linux.zip # unzip -d /usr/local/ sonar-scanner-cli-4.2.0.1873-linux.zip
修改配置文件:
1 2 3 4 # cd /usr/local/sonar-scanner-4.2.0.1873-linux/conf/ # vim sonar-scanner.properties # 5行,取消注释,修改配置 sonar.host.url=http://10.80.10.1:9000
编写sonarscan配置文件:
1 2 3 4 5 6 7 # vim /soft/sonar-project.properties sonar.projectKey=student sonar.projectName=student sonar.projectVersion=1.0 sonar.sources=/soft/git sonar.login=admin sonar.password=123456
添加错误代码:
1 2 # vim /soft/git/error.py print 'error'
运行扫描:
1 2 # cd /soft/ # /usr/local/sonar-scanner-4.2.0.1873-linux/bin/sonar-scanner
浏览器访问:http://10.80.10.1:9000/
查看异常代码:
jenkins集成sonarscan自动扫描代码 jenkins安装插件:SonarQube Scanner
系统管理—>插件管理—>Available plugs
sonar生成token:
右上角我的账号—>安全—>生成令牌
1 2 student 6188701537f97dac3002505d83e85840cbb60941
jenkins添加sonar的token:
系统管理—>系统配置
1 2 3 4 5 6 7 8 SonarQube servers: Add SonarQube: Name:sonarqube Server URL:http://10.80.10.1:9000/ Server authentication token:添加 类型:Secret text Secret:6188701537f97dac3002505d83e85840cbb60941 描述:sonar_token
jenkins添加sonar的环境变量:
系统管理—>全局工具配置
1 2 3 4 5 SonarQube Scanner: 新增SonarQube Scanner: Name:sonar-scan 自动安装:取消勾选 SONAR_RUNNER_HOME:/usr/local/sonar-scanner-4.2.0.1873-linux/
修改student_ansible任务:
1 2 3 4 5 6 7 8 9 10 构建触发器: 轮训SCM:取消勾选 Build Steps: 添加构建步骤:Execute SonarQube Scanner,移动到下发之前 Analysis properties: sonar.projectKey=student_jenkins sonar.projectName=student_jenkins sonar.projectVersion=1.0 sonar.sources=./ Additional arguments:-X
node1
提交代码:
1 2 3 4 # cd /soft/git/ # git add * # git commit -m studenterror # git push -u origin master
立即构建:
生成新的报告:
docker安装和nginx镜像制作 node1
下载安装docker:
1 2 3 # cd /etc/yum.repos.d/ # wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # yum install -y docker-ce-20.10.7-3.el7 docker-ce-cli-20.10.7-3.el7 containerd.io-1.4.6-3.1.el7
修改docker网段:
1 2 3 4 5 6 # mkdir -p /etc/docker # vim /etc/docker/daemon.json { "bip":"10.55.0.1/16", "registry-mirrors": ["https://pmn1o05g.mirror.aliyuncs.com"] }
启动docker,设置开机自启:
1 2 3 # systemctl start docker # systemctl enable docker # systemctl status docker
拉取镜像:
创建构建nginx镜像脚本:
1 2 3 4 5 # mkdir -p /docker/nginx # vim /docker/nginx/install.sh curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo yum install -y nginx
创建dockerfile:
1 2 3 4 5 6 # vim /docker/nginx/Dockerfile FROM centos:7 COPY install.sh /tmp/install.sh RUN sh /tmp/install.sh COPY index.html /usr/share/nginx/html/index.html CMD ["/bin/bash", "-c", "nginx -g 'daemon off;'"]
创建index.html文件:
1 2 # vim /docker/nginx/index.html docker index
构建镜像:
1 2 3 4 5 # docker build -t nginx:1 /docker/nginx/ # docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx 1 8713d517fe65 2 minutes ago 507MB centos 7 eeb6ee3f44bd 2 years ago 204MB
启动nginx容器:
1 2 # docker run -d -p 9090:80 nginx:1 5a389cb78b774b836b2a32b92725d746b198654689bdccc318495b8a224e5547
访问测试:
1 2 # curl 10.80.10.1:9090 docker index
删除容器:
1 2 3 4 5 # docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5a389cb78b77 nginx:1 "/bin/bash -c 'nginx…" 20 seconds ago Up 19 seconds 0.0.0.0:9090->80/tcp, :::9090->80/tcp vigilant_goodall # docker rm -f 5a389cb78b77 5a389cb78b77
harbor私有镜像仓库搭建 node1
下载安装docker-compose:
1 # yum install -y docker-compose-1.18.0
下载安装harbor:
下载地址:https://github.com/goharbor/harbor/releases/tag/v2.2.2
1 2 3 # cd /usr/local/src/ # wget https://github.com/goharbor/harbor/releases/download/v2.2.2/harbor-offline-installer-v2.2.2.tgz # tar -xzvf harbor-offline-installer-v2.2.2.tgz -C /usr/local/
修改harbor配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 # cd /usr/local/harbor/ # cp harbor.yml.tmpl harbor.yml # vim harbor.yml # 5行,修改配置 hostname: 0.0.0.0 # 13~18行,注释配置 #https: # # https port for harbor, default is 443 # port: 443 # # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path # 34行,修改配置 harbor_admin_password: 123456
安装harbor:
1 2 3 4 5 6 7 8 9 10 11 12 13 # ./install.sh # docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------- harbor-core /harbor/entrypoint.sh Up harbor-db /docker-entrypoint.sh Up harbor-jobservice /harbor/entrypoint.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up nginx nginx -g daemon off; Up 0.0.0.0:80->8080/tcp,:::80->8080/tcp redis redis-server /etc/redis.conf Up registry /home/harbor/entrypoint.sh Up registryctl /home/harbor/start.sh Up
浏览器访问:http://10.80.10.1/
进入主页:
添加http镜像仓库:
1 2 3 4 5 6 # vim /etc/docker/daemon.json { "bip":"10.55.0.1/16", "registry-mirrors": ["http://10.80.10.1"], "insecure-registries": ["http://10.80.10.1"] }
重启docker和harbor:
1 2 3 # docker-compose down # systemctl restart docker # docker-compose up -d
harbor新建项目:
登录镜像仓库:
1 2 3 # docker login 10.80.10.1 账户:admin 密码:123456
镜像打标签并上传:
1 2 # docker tag nginx:1 10.80.10.1/student/nginx:1 # docker push 10.80.10.1/student/nginx:1
镜像上传成功:
jenkins+docker容器持续部署 node1
启动容器指定name:
1 2 3 4 # docker run -d -p 9090:80 --name studentnginx 10.80.10.1/student/nginx:1 cca68e9617f7c7f983f7f55ef7b96e7fd4f0c960b1b5c790fe37b9a979b4a2a1 # curl 10.80.10.1:9090 docker index
jenkins新建项目:
1 2 输入一个任务名称:student_docker 流水线
1 2 3 4 5 6 7 8 9 10 流水线: 脚本: node { stage("build images") { sh "docker build -t 10.80.10.1/student/nginx:1 /docker/nginx" } stage("push images") { sh "docker push 10.80.10.1/student/nginx:1" } }
立即构建:
修改indedx.html文件:
1 2 # vim /docker/nginx/index.html docker index version2
立即构建:
jenkins新建任务,升级容器:
1 2 输入一个任务名称:student_docker_update 复制:student_ansible
1 2 3 4 5 6 7 8 9 10 11 12 源码管理: 无: Build Steps: 删除Execute SonarQube Scanner Invoke Ansible Ad-Hoc Command: Inventory: Inline content:10.80.10.1 Module:shell Module arguments or command to execute: docker rm -f studentnginx docker pull 10.80.10.11/student/nginx:1 docker run -d -p 9090:80 --name studentnginx 10.80.10.1/student/nginx:1立即构建,构建成功:
访问测试:
1 2 # curl 10.80.10.1:9090 docker index version2
修改student_docker_update配置,持续集成:
1 2 3 构建触发器: 其他工程构建后触发:student_docker 只有构建稳定时触发:勾选
修改indedx.html文件:
1 2 # vim /docker/nginx/index.html docker index jenkins version3
构建student_docker,会自动触发student_docker_update:
访问测试:
1 2 # curl 10.80.10.1:9090 docker index jenkins version3
jenkins自动构建maven项目 node1
下载安装maven:
下载地址:https://archive.apache.org/dist/maven/maven-3/
1 2 3 4 5 6 7 8 9 10 # cd /usr/local/src/ # wget https://archive.apache.org/dist/maven/maven-3/3.9.0/binaries/apache-maven-3.9.0-bin.tar.gz # tar -xzvf apache-maven-3.9.0-bin.tar.gz # mv apache-maven-3.9.0 /usr/local/maven # /usr/local/maven/bin/mvn --version Apache Maven 3.9.0 (9b58d2bad23a66be161c4664ef21ce219c2c8584) Maven home: /usr/local/maven Java version: 1.8.0_392, vendor: Red Hat, Inc., runtime: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.392.b08-2.el7_9.x86_64/jre Default locale: zh_CN, platform encoding: UTF-8 OS name: "linux", version: "3.10.0-1160.el7.x86_64", arch: "amd64", family: "unix"
配置国内源:
1 2 3 4 5 6 7 8 # vim /usr/local/maven/conf/settings.xml # 160~166行,修改配置 <mirror> <id>aliyunmaven</id> <mirrorOf>*</mirrorOf> <name>阿里云公共仓库</name> <url>https://maven.aliyun.com/repository/public</url> </mirror>
jenkins安装插件:Maven Integration
系统管理—>插件管理—>Available plugs
jenkins配置maven环境变量:
系统管理—>全局工具配置
1 2 3 4 Maven: Name:student_mavem 自动安装:取消勾选 MAVEN_HOME:/usr/local/maven
gogs创建maven项目:
右上角创建—>创建新的仓库
1 2 仓库名称:studentmaven 可见性:勾选为私有
下载测试代码,进行提交:
网址:https://start.spring.io/
1 2 3 4 5 6 7 8 9 10 # cd /tmp/ # unzip demo.zip # cd demo # git init # git remote add origin http://10.80.10.1:3000/student/studentmaven.git # git add * -f # git commit -m "maven" # git push -u origin master 账户:student 密码:123456
配置java17环境变量:
系统管理—>全局环境变量
1 2 3 4 JDK: JDK安装: 别名:java17 JAVA_HOME:/usr/local/jdk17/
jenkins创建项目:
1 2 输入一个任务名称:studentmaven 构建一个maven项目
1 2 3 4 源码管理: Repositories: Git:http://10.80.10.1:3000/student/studentmaven.git Credentials:student/123456
立即构建,成功:
测试jar包:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 # cd /root/.jenkins/workspace/studentmaven/target/ # /usr/local/jdk17/bin/java -jar demo-0.0.1-SNAPSHOT.jar . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v3.2.0) 2023-12-13T01:54:02.826+08:00 INFO 77117 --- [ main] com.example.demo.DemoApplication : Starting DemoApplication v0.0.1-SNAPSHOT using Java 17.0.8 with PID 77117 (/root/.jenkins/workspace/studentmaven/target/demo-0.0.1-SNAPSHOT.jar started by root in /root/.jenkins/workspace/studentmaven/target) 2023-12-13T01:54:02.827+08:00 INFO 77117 --- [ main] com.example.demo.DemoApplication : No active profile set, falling back to 1 default profile: "default" 2023-12-13T01:54:03.087+08:00 INFO 77117 --- [ main] com.example.demo.DemoApplication : Started DemoApplication in 0.426 seconds (process running for 0.669)
jenkins批量部署jar包实战 修改student_maven配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Post Steps: Run regardless of build result: Add post-build step:执行 shell 命令: cat > /root/maven.yaml << EOF --- - hosts: all tasks: - name: synchronize synchronize: src=/root/.jenkins/workspace/studentmaven/target/demo-0.0.1-SNAPSHOT.jar dest=/root/ - name: run it shell: nohup /usr/local/jdk17/bin/java -jar /root/demo-0.0.1-SNAPSHOT.jar &> /tmp/java.log & EOF Add post-build step:Invoke Ansible Playbook Ansible installation:ansible-playbook Playbook path:/root/maven.yaml Inventory: 10.80.10.168.80.71
立即构建,成功:
node1
查看日志:
1 2 3 4 5 6 7 8 9 10 11 12 13 # cat /tmp/java.log . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v3.2.0) 2023-12-13T02:03:18.566+08:00 INFO 102937 --- [ main] com.example.demo.DemoApplication : Starting DemoApplication v0.0.1-SNAPSHOT using Java 17.0.8 with PID 102937 (/root/demo-0.0.1-SNAPSHOT.jar started by root in /root) 2023-12-13T02:03:18.568+08:00 INFO 102937 --- [ main] com.example.demo.DemoApplication : No active profile set, falling back to 1 default profile: "default" 2023-12-13T02:03:18.830+08:00 INFO 102937 --- [ main] com.example.demo.DemoApplication : Started DemoApplication in 0.428 seconds (process running for 0.656)
jenkins分布式子节点架构 node1
配置10.80.10.2免密登录:
1 # ssh-copy-id 10.80.10.2
node2
下载安装java:
1 # yum install -y java-11-openjdk java-11-openjdk-devel
jenkins安装插件:SSH Build Agents
系统管理—>插件管理—>Available plugins
jenkins添加子节点:
系统管理—>节点和云管理—>New node
1 2 3 4 5 6 远程工作目录:/tmp 用法:只允许运行绑定到这台机器的Job 启动方式:Launch agents via SSH 主机:10.80.10.2 Credentials:root/toortoor Host Key Verification Strategy:Non verifying Verification Strategy
手动重启节点连接:
下载安装ansible和git:
1 # yum install -y ansible git
关闭ssh认证:
1 2 3 # vim /etc/ssh/ssh_config # 35行,取消注释,修改配置 StrictHostKeyChecking no
配置免密登录:
1 2 3 4 5 # ssh-keygen -t rsa 回车 回车 回车 # ssh-copy-id 127.0.0.1
修改student_ansible配置:
1 2 3 4 5 6 7 8 9 10 11 12 General: 限制项目的运行节点: 标签表达式:10.80.10.2 源码管理: 无 Build Steps: 删除Execute SonarQube Scanner Invoke Ansible Ad-Hoc Command: Inline content: Content:10.80.10.2 Module:shell Module arguments or command to execute:df -h
立即构建:
修改student_ansible配置:
1 2 3 4 源码管理: Git: Repository URL:http://10.80.10.1:3000/student/devops.git Credentials:student/123456
立即构建:
查看代码:
1 2 # ls /tmp/workspace/student_ansible error.py student2.py student3.py student4.py student5.py student6.py student.py
jenkins分布式多区域部署实战 jenkins节点配置标签:
系统管理—>节点和云管理—>节点—>配置从节点
jenkins新建任务:
1 2 输入一个任务名称:student_pipeline_all 流水线
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 流水线: 定义:pipeline script 脚本: pipeline { agent none stages { stage("master copy") { agent {label "master"} steps { sh 'ansible -i /root/hosts all -m synchronize -a "src=/etc/hostname dest=/tmp/pipeline"' } } stage("10.80.10.2 copy") { agent {label "10.80.10.2"} steps { sh 'ansible -i /root/hosts all -m synchronize -a "src=/etc/hostname dest=/tmp/pipeline"' } } } }
node1
1 2 # vim /root/hosts 10.80.10.1
1 2 # vim /etc/hostname node1
node2
1 2 # vim /root/hosts 10.80.10.2
1 2 # vim /etc/hostname node2
立即构建:
node1、node2
1 2 3 4 5 6 # node1 # cat /tmp/pipeline node1 # node2 # cat /tmp/pipeline node2