存储架构

如何在京东云上简单实践CI流程

微信扫一扫,分享到朋友圈

如何在京东云上简单实践CI流程
0

在如今的互联网时代,随着软件开发复杂度的不断提高,软件开发和发布管理也越来越重要。目前已经形成一套标准的流程,最重要的组成部分就是持续集成及持续交付、部署。在此,我们在京东云上以一个案例简单实践下 CI 流程。

在初探前,我们有几个概念和工具需要了解下:

1)、CI/CD:

持续集成(Continuous Integration,CI),它属于开发人员的自动化流程。成功的 CI 意味着应用代码的新更改会定期构建、测试并合并到共享存储库中。该解决方案可以解决在一次开发中有太多应用分支,从而导致相互冲突的问题。

持续交付(Continuous Delivery,CD),通常是指开发人员对应用的更改会自动进行错误测试并上传到存储库(如 GitHub 或容器注册表),然后由运维团队将其部署到实时生产环境中。这旨在解决开发和运维团队之间可见性及沟通较差的问题。因此,持续交付的目的就是确保尽可能减少部署新代码时所需的工作量。

持续部署(Continuous Deployment,CD),这是另一种“CD”,指的是自动将开发人员的更改从存储库发布到生产环境,以供客户使用。它主要为了解决因手动流程降低应用交付速度,从而使运维团队超负荷的问题。

2)、Jenkins:

Jenkins是一个开源软件项目,是基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。

3)、Docker

Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的 Linux 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。

4)、Git:

Git(读音为/gɪt/),是一个开源的分布式版本控制系统,提供代码仓库,可以有效、高速地处理从很小到非常大的项目版本管理。 Git 是 Linus Torvalds 为了帮助管理 Linux 内核开发而开发的一个开放源码的版本控制软件。

CI流程设计图:

工作流程:

  1. 开发人员提交代码到Git版本仓库;
  2. Jenkins人工/定时触发项目构建;
  3. Jenkins拉取代码、代码编码、打包镜像、推送到镜像仓库;
  4. Jenkins在Docker主机创建容器并发布

主机环境规划:

docker-jenkins :构建;拉取代码、代码编码、打包镜像、推送镜像到镜像仓库 116.196.85.174(公) 10.0.0.20 (内)

docker-git :代码仓库 116.196.86.207(公) 10.0.0.22 (内)

docker-harbor :私有镜像仓库 116.196.88.91(公) 10.0.0.21 (内)

buildimage :build docker镜像 116.196.89.139(公) 10.0.0.4 (内)

一、主机创建

在京东云控制台创建4台云主机,地址: https://console.jdcloud.com/

配置如下,购买时数量直接选择4,购买完成后再修改名称,分别为: docker-jenkinsdocker-gitdocker-harborbuildimage

创建修改名称后如下:

二、环境配置

1、云主机docker-git

1.1. 修改主机名为: docker-git

[root@112 ~]# hostnamectl set-hostname docker-git
[root@112 ~]# hostname  docker-git
[root@112 ~]# logout
[root@docker-git ~]#

Ctrl+D退出后重新登陆生效

1.2. 部署Git代码版本仓库

安装:

[root@docker-git ~]# yum install git -y

配置git用户:

[root@docker-git ~]# useradd git
[root@docker-git ~]# passwd git

创建库:

[root@docker-git ~]# su git
[git@docker-git root]$ cd
[git@docker-git ~]$ mkdir tomcat-java-demo.git
[git@docker-git ~]$ cd tomcat-java-demo.git/
[git@docker-git tomcat-java-demo.git]$ git --bare init
Initialized empty Git repository in /home/git/tomcat-java-demo.git/
[git@docker-git tomcat-java-demo.git]$ ls
branches  config  description  HEAD  hooks  info  objects  refs
[git@docker-git tomcat-java-demo.git]$

2、云主机docker-jenkins

2.1. 修改主机名为: docker-jenkins

[root@113 ~]# hostnamectl set-hostname docker-jenkins
[root@113 ~]# hostname  docker-jenkins
[root@113 ~]# logout
[root@docker-jenkins ~]#

Ctrl+D退出后重新登陆生效

2.2. jenkins环境部署

部署jdk环境及maven

[root@docker-jenkins tomcat-java-demo]# cd
[root@docker-jenkins ~]# mkdir tools
[root@docker-jenkins ~]# cd tools
[root@docker-jenkins tools]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/jdk-8u191-linux-x64.tar.gz;tar zxf jdk-8u191-linux-x64.tar.gz;mv jdk1.8.0_191/ /usr/local/;ln -s /usr/local/jdk1.8.0_191/ /usr/local/jdk;
[root@docker-jenkins tools]# vim /etc/profile
######## JDK #######
JAVA_HOME=/usr/local/jdk1.8.0_191
JAVA_BIN=/usr/local/jdk1.8.0_191/bin
PATH=$PATH:$JAVA_BIN
CLASSPATH=$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export JAVA_HOME JAVA_BIN PATH CLASSPATH
[root@docker-jenkins tools]# source /etc/profile
[root@docker-jenkins tools]# java -version
java version "1.8.0_191"
Java(TM) SE Runtime Environment (build 1.8.0_191-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode) 
[root@docker-jenkins tools]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/apache-maven-3.5.0-bin.tar.gz;tar zxf apache-maven-3.5.0-bin.tar.gz;mv apache-maven-3.5.0 /usr/local/maven
[root@docker-jenkins tools]#

安装Jenkins,下载Tomcat二进制包将war包到webapps下即可:

[root@docker-jenkins tools]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/jenkins.war
[root@docker-jenkins tools]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/apache-tomcat-8.5.38.tar.gz
[root@docker-jenkins tools]# tar zxf apache-tomcat-8.5.38.tar.gz
[root@docker-jenkins tools]# ls
apache-maven-3.5.0-bin.tar.gz  apache-tomcat-8.5.38  apache-tomcat-8.5.38.tar.gz  jdk-8u191-linux-x64.tar.gz  jenkins.war
[root@docker-jenkins tools]# mv apache-tomcat-8.5.38 /usr/local/tomcat-jenkins
[root@docker-jenkins tools]# ls /usr/local/tomcat-jenkins/webapps/
docs  examples  host-manager  manager  ROOT
[root@docker-jenkins tools]# rm -rf /usr/local/tomcat-jenkins/webapps/*
[root@docker-jenkins tools]# mv jenkins.war /usr/local/tomcat-jenkins/webapps/ROOT.war
[root@docker-jenkins tools]# ll /usr/local/tomcat-jenkins/webapps/
total 75520
-rw-r--r--. 1 root root 77330344 Mar 15 00:55 ROOT.war
[root@docker-jenkins tools]# cd /usr/local/tomcat-jenkins/bin/
[root@docker-jenkins bin]# ./startup.sh
Using CATALINA_BASE:   /usr/local/tomcat-jenkins
Using CATALINA_HOME:   /usr/local/tomcat-jenkins
Using CATALINA_TMPDIR: /usr/local/tomcat-jenkins/temp
Using JRE_HOME:        /usr/local/jdk1.8
Using CLASSPATH:       /usr/local/tomcat-jenkins/bin/bootstrap.jar:/usr/local/tomcat-jenkins/bin/tomcat-juli.jar
Tomcat started.
[root@docker-jenkins bin]#

启动后,浏览器访问(docker-jenkins): http://Jenkins主机公网IP :8080/,按提示输入密码,登录即可。

/root/.jenkins/secrets/initialAdminPassword 文件里,查看密码后填入即可

按照你自己的需求安装插件

设置管理员

开始使用Jenkins

2.3. 安装DOCKER CE

安装所需包

yum install -y yum-utils device-mapper-persistent-data lvm2 -y

设置稳定存储库

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo -y

安装DOCKER CE(这一步比较慢,耐心等会儿~~)

yum install docker-ce docker-ce-cli containerd.io -y

启动Docker

systemctl start docker

3、云主机docker-harbor

3.1. 修改主机名为: docker-harbor

[root@c-dfjgjesgqe ~]# hostnamectl set-hostname docker-harbor
[root@c-dfjgjesgqe ~]# hostname  docker-harbor

Ctrl+D退出后重新登陆生效

3.2. 企业级harbor镜像仓库部署

Habor是由VMWare公司开源的容器镜像仓库。事实上,Habor是在Docker Registry上进行了相应的 企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访 问控制,AD/LDAP集成以及审计日志等,足以满足基本企业需求。

harbor各组件介绍:

| 组件 | 功能 |

| :——– | :——–|

| harbor-adminserver | 配置管理中心 |

| harbor-db | MySQL数据库 |

| harbor-jobservice | 负责镜像复制 |

| harbor-log | 记录操作日志 |

| harbor-ui | Web管理页面和API |

| nginx | 前端代理,负责前端页面和镜像上传/下载转发 |

| redis | 会话 |

| registry | 镜像存储 |

Harbor安装有3种方式

1)在线安装:从Docker Hub下载Harbor相关镜像,因此安装软件包非常小

2)离线安装:安装包包含部署的相关镜像,因此安装包比较大

3)OVA安装程序:当用户具有vCenter环境时,使用此安装程序,在部署OVA后启动Harb

在此我们使用第二种离线安装方式来搭建基于 https 访问的 harbor 镜像仓库。

3.2.1. 下载并解压离线安装包

harbor离线包下载地址: https://github.com/goharbor/h…

为方便下载,我在京东云对象存储上也存了一份,可直接wget: https://pocenv-hcc.oss.cn-nor…

[root@docker-harbor ~]# yum install vim wget openssl -y
[root@docker-harbor ~]# wget https://pocenv-hcc.oss.cn-north-1.jcloudcs.com/harbor-offline-installer-v1.7.4.tgz
[root@docker-harbor ~]# tar zxf harbor-offline-installer-v1.7.4.tgz
[root@docker-harbor ~]# cd harbor
[root@docker-harbor harbor]# ll
total 570744
drwxr-xr-x 3 root root        23 Apr  1 15:05 common
-rw-r--r-- 1 root root       939 Mar  4 15:33 docker-compose.chartmuseum.yml
-rw-r--r-- 1 root root       975 Mar  4 15:33 docker-compose.clair.yml
-rw-r--r-- 1 root root      1434 Mar  4 15:33 docker-compose.notary.yml
-rw-r--r-- 1 root root      5608 Mar  4 15:33 docker-compose.yml
-rw-r--r-- 1 root root      8033 Mar  4 15:33 harbor.cfg
-rw-r--r-- 1 root root 583086399 Mar  4 15:33 harbor.v1.7.4.tar.gz
-rwxr-xr-x 1 root root      5739 Mar  4 15:33 install.sh
-rw-r--r-- 1 root root     11347 Mar  4 15:33 LICENSE
-rw-r--r-- 1 root root   1263409 Mar  4 15:33 open_source_license
-rwxr-xr-x 1 root root     36337 Mar  4 15:33 prepare

3.2.2. 自签http证书

1)获取权威认证证书

[root@docker-harbor harbor]# mkdir ssl
[root@docker-harbor harbor]# cd ssl
[root@docker-harbor ssl]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
...................................++
.....................................................................................................................................++
e is 65537 (0x10001)
[root@docker-harbor ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=ZH/ST=ShangHai/L=ShangHai/O=example/OU=Personal/CN=reg.marin.com" -key ca.key -out ca.crt
[root@docker-harbor ssl]# ll
total 8
-rw-r--r-- 1 root root 2037 Apr  4 18:41 ca.crt
-rw-r--r-- 1 root root 3243 Apr  4 18:41 ca.key

2)获取服务端证书

1.Create your own Private Key:
[root@docker-harbor ssl]# openssl genrsa -out reg.marin.com.key 4096
Generating RSA private key, 4096 bit long modulus
.............................................++
............................................................................................................................................................................................................................++
e is 65537 (0x10001)
[root@docker-harbor ssl]# openssl req -sha512 -new -subj "/C=ZH/ST=ShangHai/L=ShangHai/O=example/OU=Personal/CN=reg.marin.com" -key reg.marin.com.key -out reg.marin.com.csr
[root@docker-harbor ssl]# ll
total 16
-rw-r--r-- 1 root root 2037 Apr  4 18:41 ca.crt
-rw-r--r-- 1 root root 3243 Apr  4 18:41 ca.key
-rw-r--r-- 1 root root 1708 Apr  4 18:42 reg.marin.com.csr
-rw-r--r-- 1 root root 3243 Apr  4 18:42 reg.marin.com.key
[root@docker-harbor ssl]# cat > v3.ext <<-EOF
> authorityKeyIdentifier=keyid,issuer
> basicConstraints=CA:FALSE
> keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
> extendedKeyUsage = serverAuth
> subjectAltName = @alt_names
> 
> [alt_names]
> DNS.1=reg.marin.com
> DNS.2=reg.marin
> DNS.3=marin
> EOF
[root@docker-harbor ssl]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in reg.marin.com.csr -out reg.marin.com.crt
Signature ok
subject=/C=ZH/ST=ShangHai/L=ShangHai/O=example/OU=Personal/CN=reg.marin.com
Getting CA Private Key
[root@docker-harbor ssl]# ll
total 28
-rw-r--r-- 1 root root 2037 Apr  4 18:41 ca.crt
-rw-r--r-- 1 root root 3243 Apr  4 18:41 ca.key
-rw-r--r-- 1 root root   17 Apr  4 18:44 ca.srl
-rw-r--r-- 1 root root 2098 Apr  4 18:44 reg.marin.com.crt
-rw-r--r-- 1 root root 1708 Apr  4 18:42 reg.marin.com.csr
-rw-r--r-- 1 root root 3243 Apr  4 18:42 reg.marin.com.key
-rw-r--r-- 1 root root  260 Apr  4 18:43 v3.ext

3)修改harbor配置,以及为Docker配置服务端证书,key和CA。

[root@docker-harbor ssl]# cd ..
[root@docker-harbor harbor]# vim harbor.cfg
......
hostname = reg.marin.com
ui_url_protocol = https
ssl_cert = ./ssl/reg.marin.com.crt
ssl_cert_key = ./ssl/reg.marin.com.key
harbor_admin_password = 123456
......

密码也可以不修改,默认登录用户admin,密码Harbor12345

Docker守护进程会将.crt文件解释为CA证书,将.cert文件解释为客户机证书,先将.crt文件转换一份.cert文件。

[root@docker-harbor harbor]# cd ssl/
[root@docker-harbor ssl]# mkdir -p /etc/docker/certs.d/reg.marin.com
[root@docker-harbor ssl]# openssl x509 -inform PEM -in reg.marin.com.crt -out reg.marin.com.cert
[root@docker-harbor ssl]# cp reg.marin.com.cert reg.marin.com.key ca.crt /etc/docker/certs.d/reg.marin.com/

到此自签成功!

3.2.3. 安装DOCKER CE

安装所需包

yum install -y yum-utils device-mapper-persistent-data lvm2 -y

设置稳定存储库

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo -y

安装DOCKER CE(这一步比较慢,耐心等会儿~~)

yum install docker-ce docker-ce-cli containerd.io -y

启动Docker

systemctl start docker

通过运行hello-world 映像验证是否正确安装了Docker CE 。

docker run hello-world

3.2.4. 初始化及安装验证

初始化安装:

[root@docker-harbor ssl]# 
[root@docker-harbor ssl]# cd ..
[root@docker-harbor harbor]# ./prepare
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/core/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/core/app.conf
Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.

执行install.sh脚本,安装harbor仓库

注意:在执行install.sh脚本之前,先检查两个问题:

1)docker-compose是否安装,否则在运行install.sh时会失败,报错“✖ Need to install docker-compose(1.7.1+) by yourself first and run this script again.”

安装Compose

运行此命令以下载Docker Compose的当前稳定版本:

curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

对二进制文件应用可执行权限:

chmod +x /usr/local/bin/docker-compose

执行install.sh脚本,安装harbor仓库

[root@docker-harbor harbor]# ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.09.4

Note: docker-compose version: 1.24.0

[Step 1]: loading Harbor images ...
bffe2a0fec66: Loading layer [==================================================>]  33.22MB/33.22MB
38e174bed467: Loading layer [==================================================>]  8.964MB/8.964MB
427e4936ae66: Loading layer [==================================================>]  35.77MB/35.77MB
3bfd5214250a: Loading layer [==================================================>]  2.048kB/2.048kB
f30df776629d: Loading layer [==================================================>]  3.072kB/3.072kB
f87afad43f43: Loading layer [==================================================>]   22.8MB/22.8MB
......
953717aa0afc: Loading layer [==================================================>]   22.8MB/22.8MB
Loaded image: goharbor/registry-photon:v2.6.2-v1.7.4


[Step 2]: preparing environment ...
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/core/env
Clearing the configuration file: ./common/config/core/app.conf
Clearing the configuration file: ./common/config/core/private_key.pem
Clearing the configuration file: ./common/config/db/env
......
Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis              ... done
Creating registryctl        ... done
Creating harbor-db          ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating harbor-core        ... done
Creating harbor-jobservice  ... done
Creating harbor-portal      ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://reg.marin.com. 
For more details, please visit https://github.com/goharbor/harbor .

浏览器访问验证:

浏览器访问要做域名解析,在本地hosts(C:WindowsSystem32driversetchosts)文件中加入:116.196.88.91 reg.marin.com

访问: https://reg.marin.com ,并登陆。

登录后界面基本操作:

新建项目test

新建用户marin

将用户marin设置为test项目管理员

三、环境测试

1、远程clone代码测试

clone 云主机 docker-git 上的仓库tomcat-java-demo.git:

[root@docker-jenkins ~]# yum install git vim wget -y
[root@docker-jenkins ~]# git config --global user.email "hcc@c.com"
[root@docker-jenkins ~]# git config --global user.name "hcc"
[root@docker-jenkins ~]# git clone git@10.0.0.22:/home/git/tomcat-java-demo.git
Cloning into 'solo'...
The authenticity of host '10.0.0.22 (10.0.0.22)' can't be established.
ECDSA key fingerprint is SHA256:XNWQhGsAsqd84k/6OYV3xl1+mPGjtASsxeV1YVLZVas.
ECDSA key fingerprint is MD5:b4:bd:16:2b:de:e7:7c:fd:c5:dd:91:75:20:ff:3e:0a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.22' (ECDSA) to the list of known hosts.
git@10.0.0.22's password:
warning: You appear to have cloned an empty repository.
[root@docker-jenkins ~]# ls
tomcat-java-demo
[root@docker-jenkins ~]# ls tomcat-java-demo/
doc  Dockerfile  LICENSE  pom.xml  README.md  src
[root@docker-jenkins ~]#

2、拉取Github demo代码

模拟生产项目,拉取github上的一个demo,并上传至本地git库

[root@docker-jenkins ~]# mv tomcat-java-demo tomcat-java-demo.bak
[root@docker-jenkins ~]# git clone https://github.com/dingkai163/tomcat-java-demo.git
Cloning into 'tomcat-java-demo'...
remote: Enumerating objects: 185, done.
remote: Counting objects: 100% (185/185), done.
remote: Compressing objects: 100% (165/165), done.
remote: Total 185 (delta 5), reused 178 (delta 4), pack-reused 0
Receiving objects: 100% (185/185), 4.50 MiB | 870.00 KiB/s, done.
Resolving deltas: 100% (5/5), done.
[root@docker-jenkins ~]# cd tomcat-java-demo
[root@docker-jenkins tomcat-java-demo]# vim .git/config
[core]
    repositoryformatversion = 0
    filemode = true
    bare = false
    logallrefupdates = true
[remote "origin"]
    url = git@10.0.0.22:/home/git/tomcat-java-demo.git  # 修改为本地的git库地址
    fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
    remote = origin
    merge = refs/heads/master
[root@docker-jenkins tomcat-java-demo]# git add .
[root@docker-jenkins tomcat-java-demo]# git status
# On branch master
nothing to commit, working directory clean
[root@docker-jenkins tomcat-java-demo]# git commit -m "all"
# On branch master
nothing to commit, working directory clean
[root@docker-jenkins tomcat-java-demo]# git push origin master
git@10.0.0.22's password:
Counting objects: 229, done.
Compressing objects: 100% (185/185), done.
Writing objects: 100% (229/229), 4.52 MiB | 0 bytes/s, done.
Total 229 (delta 25), reused 229 (delta 25)
To git@10.0.0.22:/home/git/tomcat-java-demo.git
 * [new branch]      master -> master
[root@docker-jenkins tomcat-java-demo]#

3、自建镜像仓库上传下载

用云主机buildimage上传及下载镜像

修改主机名为: buildimage

[root@c-dfjgjesgqe ~]# hostnamectl set-hostname buildimage
[root@c-dfjgjesgqe ~]# hostname  buildimage

Ctrl+D退出后重新登陆生效

安装DOCKER CE

安装所需包

yum install -y yum-utils device-mapper-persistent-data lvm2 -y

设置稳定存储库

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo -y

安装DOCKER CE(这一步比较慢,耐心等会儿~~)

yum install docker-ce docker-ce-cli containerd.io -y

启动Docker

systemctl start docker

首先在云主机buildimage上做本地hosts解析

[root@buildimage ~]# echo "10.0.0.21 reg.marin.com" >> /etc/hosts

其次编辑/etc/docker/daemon.json文件,保存退出

[root@buildimage ~]# vim /etc/docker/daemon.json
{"insecure-registries":["reg.marin.com"] }

最后重启下docker,让配置生效

[root@buildimage ~]# systemctl restart docker

如果没有此步docker login将会报错:

[root@buildimage ~]# docker login reg.marin.com
Username (admin): admin
Password: 
Error response from daemon: Get https://reg.marin.com/v1/users/: x509: certificate signed by unknown authority

此时可以通过docker login reg.marin.com 登录harbor,输入用户名及密码:

[root@buildimage ~]# docker login reg.marin.com
Username (admin): admin
Password: 
Login Succeeded

在buildimage云主机上构建Tomcat基础镜像,并推送到harbor镜像库:

[root@buildimage ~]# mkdir tomcat
[root@buildimage ~]# cd tomcat
[root@buildimage tomcat]# vim Dockerfile-tomcat
FROM centos:7
MAINTAINER hanchaochao www.jdcloud.com
 
ENV VERSION=8.5.39
 
RUN yum install java-1.8.0-openjdk wget curl unzip iproute net-tools -y && 
    yum clean all && 
    rm -rf /var/cache/yum/*
RUN wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz && 
    tar zxf apache-tomcat-${VERSION}.tar.gz && 
    mv apache-tomcat-${VERSION} /usr/local/tomcat && 
    rm -rf apache-tomcat-${VERSION}.tar.gz /usr/local/tomcat/webapps/* && 
    mkdir /usr/local/tomcat/webapps/test && 
    echo "ok" > /usr/local/tomcat/webapps/test/status.html && 
    sed -i '1a JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"' /usr/local/tomcat/bin/catalina.sh && 
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 
ENV PATH $PATH:/usr/local/tomcat/bin
 
EXPOSE 8080
CMD ["catalina.sh", "run"]
[root@harbor tomcat]# docker build -t tomcat:v1 -f Dockerfile-tomcat .

[root@harbor tomcat]# docker tag tomcat:v1 reg.marin.com/test/tomcat:v1
[root@docker-git-harbor tomcat]# docker login reg.marin.com
[root@docker-git-harbor tomcat]# docker push reg.marin.com/test/tomcat:v1

打开harbor的test仓库,查看镜像已经push成功

四、CI流程测试

1、Jenkins安装必要插件

由于jenkins是离线安装,所有在此需要配置一下插件下载地址:系统管理–>插件管理–>Advanced(高级)

修改下方地址,将https修改为http 再点提交

若出现问题无法获取插件,请尝试更换地址,如: https://mirrors.tuna.tsinghua…

提交后点击可选插件,此时我们可以看到很多可获得插件

首先搜索并安装Pipeline插件(如果搜索不到,在 已安装 中查看是否已经安装完毕)

pipeline 是一套运行于jenkins上的工作流框架,将原本独立运行于单个或者多个节点的任务连接起来,实现单个任务难以完成的复杂流程编排与可视化。

再安装SCM to job 插件,同上步骤(搜索,安装)。

2、Jenkins项目创建

创建jobs

选择流水线类型

到这里我们就开始配置Pipeline script,点击 流水线语法 ,来自动生成我们需要的配置。

如下图,我们Git方式,配置Git仓库地址,再添加认证相关。

在示例步骤中下拉选择如图选项,在Repository URL中填写docker-git上的git仓库地址,因为没有添加jenkins到docker-git容器的免密码登陆,所以截图中我们可以看到连接被拒绝的一大串红色提示,我们点击 添加 按钮

这里我们使用的是秘钥认证方式,需要在容器docker-jenkins上生成密钥,然后将jenkins上生成的公钥发送到(docker-git)git服务器上,然后将jenkins上的生成的私钥内容粘贴到下图Key中,这样jenkins就可以免交互的拉取git仓库中的代码了。

[root@docker-jenkins ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RQZ78bcVhLRQi8fWFPYmyvcnOqlxy980QwLsYFT/iz8 root@docker-jenkins
The key's randomart image is:
+---[RSA 2048]----+
|        .o=oooo*.|
|        .+.o=.* o|
|        .oo+.Bo.+|
|        .oo.+o.= |
|        S  .o.oo |
|             .+..|
|          . .o.++|
|           +oo.E+|
|          ..+o..o|
+----[SHA256]-----+
[root@docker-jenkins ~]# cd
[root@docker-jenkins ~]# ls .ssh/
id_rsa  id_rsa.pub  known_hosts
[root@docker-jenkins ~]# ssh-copy-id git@10.0.0.22
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
git@10.0.0.22's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'git@10.0.0.22'"
and check to make sure that only the key(s) you wanted were added.

[root@docker-jenkins ~]# cat .ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvrI8lBov+W8v+zSGdu2EP4BPP7Ml+T5KUwc2MKX1RNMMNQxc
tPUf7PjhbJJvuTpPPbS1+9PAlrPhikDrug3K4+sF/Fiy+/YgoVMlEFrXiSJK1xHi
ErDLA39WGq+E4ssth3JfrQHV+AINGAh1/NR+Uk+YmPDAuQgA1l7jSH1PN6qTdrYt
95HbklAA+Q3omAJJ4Uc80lk7ZdMcdCc0OAtHjCfbRv287qrH4U2OKSlOLljiBHBN
......
-----END RSA PRIVATE KEY-----
[root@docker-jenkins ~]#

配置完成后,我们就可以生成Pipeline脚本了。点击下方
生成流水线脚本

,然后复制方框内的内容。

将生成的流水线脚本复制出来,我生成的流水线脚本如下:

checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '9baf7156-9ac6-435d-b0db-86cae51c8fe6', url: 'git@10.0.0.22:/home/git/tomcat-java-demo.git']]])

将生成的流水线脚本记录完成后,我们点击左上角 返回

继续点击 配置 ,完成流水线项目tomcat-java-demo的配置

点击 流水线 ,我们所需要的Pipeline脚本如下,将其粘贴到script的拉取代码模块中,并修改分支 */master${branch} ,其他模块内容自行编写,具体需要修改的地方和脚本如下:

node { 
   // 拉取代码
   stage('Git Checkout') { 
       checkout([$class: 'GitSCM', branches: [[name: '${branch}']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '9baf7156-9ac6-435d-b0db-86cae51c8fe6', url: 'git@10.0.0.22:/home/git/tomcat-java-demo.git']]])
   }
   // 代码编译
   stage('Maven Build') {
        sh '''
        export JAVA_HOME=/usr/local/jdk
        /usr/local/maven/bin/mvn clean package -Dmaven.test.skip=true
        '''
   }
   // 项目打包到镜像并推送到镜像仓库
   stage('Build and Push Image') {
sh '''
REPOSITORY=reg.marin.com/test/tomcat-java-demo:${branch}
cat > Dockerfile << EOF
FROM reg.marin.com/test/tomcat:v1 
MAINTAINER marin
RUN rm -rf /usr/local/tomcat/webapps/*
ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
EOF
docker build -t $REPOSITORY .
docker login reg.marin.com -u admin -p 123456
docker push $REPOSITORY
'''
   }
   // 部署到Docker主机
   stage('Deploy to Docker') {
        sh '''
        REPOSITORY=reg.marin.com/test/tomcat-java-demo:${branch}
        docker rm -f tomcat-java-demo |true
        docker pull $REPOSITORY
        docker container run -d --name tomcat-java-demo -p 88:8080 $REPOSITORY
        '''
   }
}

在Pipeline脚本里面我们指定了一个branch参数,所以我们需要传递一个参数变量,这里我们选择参数化构建,默认值为master分支。

然后保存配置。

3、Jenkins构建任务

构建前我们还需要做两个操作:

添加reg.marin.com的hosts解析

[root@docker-jenkins ~]# echo "10.0.0.21 reg.marin.com" >> /etc/hosts

编辑/etc/docker/daemon.json文件,输入如下信息,保存退出

[root@docker-jenkins ~]# vim /etc/docker/daemon.json
{"insecure-registries":["reg.marin.com"] }

最后重启下docker,让配置生效

[root@docker-jenkins ~]# systemctl restart docker

返回到工作台,我们开始构建任务

构建开始

构建完成

可以通过Console Output输出查看jenkins构建流程

成功构建会提示: SUCCESS

通过浏览器来访问tomcat-java-demo项目: http://Jenkins主机公网IP :88/

![图片上传中…]

可以看到正常访问,至此在京东云上基

ker+Git 的简单CI流程实践已经成功部署了。

原参考地址: https://www.toutiao.com/a6

中…]

阅读原文...


微信扫一扫,分享到朋友圈

如何在京东云上简单实践CI流程
0

SegmentFault博客

Unauthenticated Remote Code Execution in Kentico CMS

上一篇

传微软正在开发AirPods竞争对手Surface Buds

下一篇

评论已经被关闭。

插入图片

热门分类

往期推荐

如何在京东云上简单实践CI流程

长按储存图像,分享给朋友