网站首页 编程语言 正文
文章目录
一、实验环境
系统 | 主机名 | ip地址 | 所用软件 | 扮演角色 |
---|---|---|---|---|
Centos7.4 | gitlab | 192.168.100.202 | gitlab | Gitlab仓库 |
Centos7.4 | jenkins | 192.168.100.203 | jenkins、docker、docker-compose | Jenkins |
Centos7.4 | test | 192.168.100.204 | docker、docker-compose | 测试环境 |
Centos7.4 | true | 192.168.100.205 | docker、docker-compose | 生产环境 |
Centos7.4 | harbor | 192.168.100.206 | harbor、docker、docker-compose | harbor镜像仓库 |
二、实验步骤
-目的
Jenkins+gitlab配合发布docker容器项目
-思路:
- 构建gitlab仓库,创建新项目
- 构建jenkins,把密钥传给其他的主机
- 构建harbor仓库,上传mysql、php、nginx的镜像
- 在测试主机、生产主机安装docker与docker-compose
- 使用jenkins登录git复制仓库,然后把compose-lnmp传到仓库
- 在jenkins创建流水线项目,使用流水线脚本,创建脚本先拉gitlab仓库的内容,在测试环境拉取harbor仓库的镜像,然后把jenkins拉取的gitlab数据scp到测试主机,然后在测试主机执行docker-compose up -d 命令构建lnmp,要记得scp的路径要和docker-compose.yml文件中挂载的目录相同
- 在测试主机测试成功后,再次创建一个流水线项目,这次写的流水线脚本是scp到生产主机,其他不变即可
(1)搭建Gitlab仓库,创建新项目
******(1)先做基础配置
[root@Centos7 ~]# hostnamectl set-hostname gitlab
[root@Centos7 ~]# su
[root@gitlab ~]# systemctl stop firewalld
[root@gitlab ~]# setenforce 0
setenforce: SELinux is disabled
[root@gitlab ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙
/dev/sr0 已经挂载到 /mnt 上
******(2)安装依赖包,安装gitlab
[root@gitlab ~]# yum install -y curl policycoreutils openssh-server openssh-clients postfix policycoreutils-python
。。。。。。
完毕!
[root@gitlab ~]# systemctl enable postfix #开启邮件服务
[root@gitlab ~]# systemctl start postfix
[root@gitlab ~]# ll #上传gitlab软件包
总用量 625204
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
-rw-r--r-- 1 root root 640204790 6月 29 18:41 gitlab-ce-12.0.2-ce.0.el7.x86_64.rpm
[root@gitlab ~]# yum -y install gitlab-ce-12.0.2-ce.0.el7.x86_64.rpm #安装gitlab-ce
。。。。。。
完毕!
[root@gitlab ~]# vim /etc/gitlab/gitlab.rb
12 ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
13 external_url 'http://192.168.100.202' #修改为本机ip地址
14
15 ## Ro
#保存退出
[root@gitlab ~]# gitlab-ctl reconfigure #修改完配置文件需要重置,等待重置完成
Running handlers:
Running handlers complete
Chef Client finished, 509/1343 resources updated in 02 minutes 39 seconds
gitlab Reconfigured! #重置完成
[root@gitlab ~]# netstat -anpt | grep 80 #验证端口
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 2027/unicorn master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2091/nginx: master
tcp 0 0 127.0.0.1:8082 0.0.0.0:* LISTEN 2047/sidekiq 5.2.7
tcp 0 0 0.0.0.0:8060 0.0.0.0:* LISTEN 2091/nginx: master
tcp 0 0 127.0.0.1:50362 127.0.0.1:8082 ESTABLISHED 2537/prometheus
tcp 0 0 127.0.0.1:8060 127.0.0.1:49838 ESTABLISHED 2092/nginx: worker
tcp 0 0 127.0.0.1:8082 127.0.0.1:50362 ESTABLISHED 2047/sidekiq 5.2.7
tcp 0 0 127.0.0.1:8080 127.0.0.1:35318 TIME_WAIT -
tcp 0 0 127.0.0.1:8080 127.0.0.1:35326 TIME_WAIT -
tcp 0 0 127.0.0.1:49838 127.0.0.1:8060 ESTABLISHED 2537/prometheus
tcp 0 0 127.0.0.1:8080 127.0.0.1:35320 TIME_WAIT -
(3)过一两分钟后访问gitlab,直接访问80端口即可,因为gitlab默认使用nginx作为web
成功访问!!!
******(4)汉化gitlab
[root@gitlab ~]# ll
总用量 699968
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
-rw-r--r-- 1 root root 76557595 6月 29 17:01 gitlab-12-0-stable-zh.tar.gz #上传汉化包
-rw-r--r-- 1 root root 640204790 6月 29 18:41 gitlab-ce-12.0.2-ce.0.el7.x86_64.rpm
[root@gitlab ~]# tar xf gitlab-12-0-stable-zh.tar.gz
[root@gitlab ~]# cat gitlab-12-0-stable-zh/VERSION #确认版本
12.0.3
[root@gitlab ~]# gitlab-ctl stop #先停止gitlab
ok: down: alertmanager: 1s, normally up
ok: down: gitaly: 0s, normally up
ok: down: gitlab-monitor: 1s, normally up
ok: down: gitlab-workhorse: 0s, normally up
ok: down: grafana: 1s, normally up
ok: down: logrotate: 0s, normally up
ok: down: nginx: 1s, normally up
ok: down: node-exporter: 0s, normally up
ok: down: postgres-exporter: 0s, normally up
ok: down: postgresql: 1s, normally up
ok: down: prometheus: 0s, normally up
ok: down: redis: 1s, normally up
ok: down: redis-exporter: 0s, normally up
ok: down: sidekiq: 0s, normally up
ok: down: unicorn: 0s, normally up
[root@gitlab ~]# unalias cp #删除cp别名
[root@gitlab ~]# cp -rf gitlab-12-0-stable-zh/* /opt/gitlab/embedded/service/gitlab-rails/
cp: 无法以目录"gitlab-12-0-stable-zh/log" 来覆盖非目录"/opt/gitlab/embedded/service/gitlab-rails/log" #报错不用管
cp: 无法以目录"gitlab-12-0-stable-zh/tmp" 来覆盖非目录"/opt/gitlab/embedded/service/gitlab-rails/tmp"
[root@gitlab ~]# gitlab-ctl start #开启gilab
ok: run: alertmanager: (pid 3470) 0s
ok: run: gitaly: (pid 3478) 1s
ok: run: gitlab-monitor: (pid 3498) 0s
ok: run: gitlab-workhorse: (pid 3502) 1s
ok: run: grafana: (pid 3510) 0s
ok: run: logrotate: (pid 3523) 1s
ok: run: nginx: (pid 3529) 0s
ok: run: node-exporter: (pid 3534) 1s
ok: run: postgres-exporter: (pid 3538) 0s
ok: run: postgresql: (pid 3619) 0s
ok: run: prometheus: (pid 3628) 1s
ok: run: redis: (pid 3637) 0s
ok: run: redis-exporter: (pid 3641) 1s
ok: run: sidekiq: (pid 3646) 0s
ok: run: unicorn: (pid 3652) 1s
同样过一两分钟再访问
Gitlan仓库搭建完成!!!
(5)创建一个新项目
成功创建项目!
(6)生成ssh密钥,因为是要配合jenkins,所有这里使用的密钥直接在jenkins主机上操作即可
[root@jenkins ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:e1olz2v3yPkgpuuP+C9bLRj5vDsRup46cH13uQq51y8 root@jenkins
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| |
| .. |
| S.+... .|
| . ..oX+....|
| o. +=Xo+..|
| .=o*=BE* |
| +*XOB==+=|
+----[SHA256]-----+
[root@jenkins ~]# cat .ssh/id_rsa.pub #查看公钥,复制公钥
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClc2b0yoL8i4O2TTO+n9w0EslQ3S5ekealEeMRnYxbWIDqW+d4X3SP2HacJWlkDl7unVNegzTrrXrzy4UWU1qgDI8C+94yVqKD2zF0PMZPO8e5ORD5N7gy5CIjEupbWHA2Xg7Hl8VX1h99VZcoERk1mnAtnZtSZyFtdGbg8QsX5PzW+mvHWwvilXJpXQHXeVHlPATGcObsVM5vkKxHajbYq1LZtYRA51J2jkKeUqPohqmYZZ+re9MXhVJl7uL+NgutxN+LcwpesH7Er7hF+iUD6JVrBKW7HkmZHZZpIllAMQI7aa9nqOWGkXIKr1jTDuiQIN+akPGfUEbWd5dxyC37 root@jenkins
(2)搭建Jenkins主机,把密钥传给其他的主机,把root用户的私钥放到自己上,方便拉取gitlab仓库的数据
这里做的时候直接把插件包上传了,然后重启jenkins就可以了
******(1)先做基础配置
[root@Centos7 ~]# hostnamectl set-hostname jenkins
[root@Centos7 ~]# su
[root@jenkins ~]# systemctl stop firewalld
[root@jenkins ~]# setenforce 0
setenforce: SELinux is disabled
[root@jenkins ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙
/dev/sr0 已经挂载到 /mnt 上
******(2)安装JDK环境
[root@jenkins ~]# ll
总用量 177124
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
-rw-r--r-- 1 root root 181367942 6月 30 2017 jdk-8u91-linux-x64.tar.gz
[root@jenkins ~]# tar xf jdk-8u91-linux-x64.tar.gz -C /usr/local/
[root@jenkins ~]# mv /usr/local/jdk1.8.0_91 /usr/local/java
[root@jenkins ~]# ls /usr/local/
bin etc games include java lib lib64 libexec sbin share src
[root@jenkins ~]# vim /etc/profile
。。。。。。最后一行添加
JAVA_HOME=/usr/local/java
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=$JAVA_HOME/jre/lib/ext:$JAVA_HOME/lib/tools.jar
export PATH JAVA_HOME CLASSPATH
#保存退出
[root@jenkins ~]# vim /etc/profile
[root@jenkins ~]# source /etc/profile #使配置生效
[root@jenkins ~]# java -version #查看java版本,确认jdk环境
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)
******(3)上传Jenkins软件包,安装、配置
[root@jenkins ~]# ll
总用量 241624
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
-rw-r--r-- 1 root root 181367942 6月 30 2017 jdk-8u91-linux-x64.tar.gz
-rw-r--r-- 1 root root 66044542 6月 29 17:03 jenkins-2.222.4-1.1.noarch.rpm
[root@jenkins ~]# yum -y install jenkins-2.222.4-1.1.noarch.rpm
。。。。。。
完毕!
[root@jenkins ~]# vim /etc/sysconfig/jenkins #修改配置文件
28 #
29 JENKINS_USER="root" #待会需要使用root传输密钥,所以这里要改一下
30
#保存退出
[root@jenkins ~]# ln -s /usr/local/java/bin/java /usr/bin/ #优化命令执行路径
[root@jenkins ~]# /etc/init.d/jenkins start #开启jenkins
Starting jenkins (via systemctl): [ 确定 ]
[root@jenkins ~]# netstat -anpt | grep 8080 #验证端口
tcp6 0 0 :::8080 :::* LISTEN 1241/java
[root@jenkins ~]# chkconfig jenkins on
(4)使用浏览器访问8080端口,解锁jenkins
提前获得密码
[root@jenkins ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
b90fe608d1024dd5ab9dd97b4251fdb0
这里如果机器是联网的话需要先断网再点击继续,因为下一步是下载插件,如果使用jenkins官网的会下载的很慢,可以先跳过插件安装
点击跳过插件安装
(5)升级jenkins(可以不升级)
[root@jenkins ~]# cd /usr/lib/jenkins/
[root@jenkins jenkins]# ll
总用量 64688
-rw-r--r-- 1 root root 66239216 5月 28 2020 jenkins.war
[root@jenkins jenkins]# mv jenkins.war jenkins.war.bak #把原来的包备份
[root@jenkins jenkins]# rz
z waiting to receive.**B0100000023be50
[root@jenkins jenkins]# ll
总用量 133996
-rw-r--r-- 1 root root 70969355 11月 30 2020 jenkins.war #上传新的war包
-rw-r--r-- 1 root root 66239216 5月 28 2020 jenkins.war.bak
[root@jenkins jenkins]# systemctl restart jenkins #重启jenkins
重新使用浏览器访问jenkins
(6)修改jenkins插件下载地址
修改为http://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
进入命令行修改配置文件重启jenkins
[root@jenkins ~]# cd /var/lib/jenkins/updates/
[root@jenkins updates]# sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json
[root@jenkins updates]# systemctl restart jenkins
[root@jenkins updates]# cd
)]
点击这个可以下载,但是如果下载无法成功的话,可以直接替换/var/lib/jenkins下的plugins插件包目录,然后重启即可,我这里直接俄上传替换了
这里上传后因为插件包的原因还变成了中文
至此成功搭建Jenkins
(7)上传自己root账户的私钥到jenkins上
[root@jenkins ~]# cat .ssh/id_rsa #复制私钥
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApXNm9MqC/IuDtk0zvp/cNBLJUN0uXpHmpRHjEZ2MW1iA6lvn
eF90j9h2nCVpZA5e7p1TXoM0661688uFFlNaoAyPAvveMlaig9sxdDzGTzvHuTkQ
+Te4MuQiIxLqW1hwNl4Ox5fFV9YffVWXKBEZNZpwLZ2bUmchbXRm4PELF+T81vpr
x1sL4pVyaV0B13lR5TwExnDm7FTOb5CsR2o22KtS2bWEQOdSdo5CnlKj6IapmGWf
q3vTF4VSZe7i/jYLrcTfi3MKXrB+xK+4RfolA+iVawSlux5JmR2WaSJZQDECO2mv
Z6jlhpFyCq9Y0w7okCDfmpDxn1BG1neXccgt+wIDAQABAoIBAEj7X+YJUsBuFlqb
MYEb6Tm7M7yM5IBo4ZHdEwnZMmm036EBi1ho2vT86k00n4m4YR3mnjjprbVsX/kc
xIc1m5tQDuGlEr2nw6ZgUS9SA7Q9zXsh9h/I+WLRiVFpbaF/oHgLA3/9rdpyJI/X
6oaNDE694k/s3u/5eCBdIWiGS3ttHHyqe3xRPRb3yLWmqb+a0uEeOFIVkfTAmMyv
GHpBuR9ohjPoKB/Ii/gVMIDVr0JJSMAjGdfdc8w2s2lrSg+3OhGyeAe8gDdgWMGg
rhj8h0RnjyxjhTYV76BYVlmi3mnSLSqZ1rUWn9+8BrYo0LGgZFBdSrBYmKFOTeJP
J3bHzXECgYEA1bkQmXE0lko7WC/elXtmCuiKUCdyuBD4rGLeClDVhdLLpG7dgRs+
tGngSeC4EAOqsPKIGKgPQn9Yn//KRTiAaVsACFagE2/JNA1fD/OlrPgO4Tz8or7l
GW9BOf+Tg8FL1Z/abD5+Y6zK5O/pG7CgmQp0LnFGEjKT5bRXKh3QnXMCgYEAxi3V
6dTkClrO6F1vO5c7pQgbnKfd8LT+V0JRaHiTcITsyCf2/zmGMJv3i7aLX0jSoOe3
GGIsiNuYUc2zTrqsVDg3OllrK9GPhmtSv/NgiVvwoBHY7B2Ersi1dAMbsipdjedT
fqSbZVeRKsOWq0YSsYbY06W3gHgtdft2uYUsi1kCgYEAmVtML+5tX5Iwdx0SSIzd
MeKerNlBlhaHeZsP3LMYJAiYG4t54dRc8DQwvpJDQSqAZqwBQEAHgx3ByD1RNM5Q
RkkIAvO1tXy3EWSu29FnBnCQrMqINXdpCREt6qIbhaVD9yvXHWjSZE9u30vPJxFc
i7RWnaSmNRSZz2/SQ+RU90UCgYBJufGTzSSNCZ1h6qif9bI1wh9rlzPFAcCBO+XH
RNwtBvaDvAJyjrbyTIO6UU3mQ9RAEhQWmSdSPsea3ziuuFm19zfsmCl7ormPW0vs
pyEp2K9bDWiy5oRe9cIzh5h9Hq+xQ/bW7Wv2Nq6Fxz+9NhNsQetWSZdLzumys7tG
Z1nb+QKBgCIgZ0bPnRl8Tv3KwCqYn5OAK0jnxwRU5LPkHKSr/3zLIPIALHHCSpgL
zep1WzlWb/FEsdb3xHD/n+MqHcGxLzly+OA3NAqr675aQC/qSQtqEPPL6LTawuOz
EkZzROrU03xGPRl0nJ1ikoqYfw9+pAm9fiH28BWWdWSOG4cBmIXU
-----END RSA PRIVATE KEY-----
(8)把Jenkins密钥传到其他主机上
在上面的gitlab生成ssh密钥已经生成过了,所以这里直接传就行
[root@jenkins ~]# ssh-copy-id root@192.168.100.202
[root@jenkins ~]# ssh-copy-id root@192.168.100.203
[root@jenkins ~]# ssh-copy-id root@192.168.100.204
[root@jenkins ~]# ssh-copy-id root@192.168.100.205
[root@jenkins ~]# ssh-copy-id root@192.168.100.206
(3)搭建Harbor仓库,上传镜像
******(1)先做基础配置
[root@Centos7 ~]# hostnamectl set-hostname harbor
[root@Centos7 ~]# su
[root@harbor ~]# systemctl stop firewalld
[root@harbor ~]# setenforce 0
setenforce: SELinux is disabled
[root@harbor ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙
/dev/sr0 已经挂载到 /mnt 上
******(2)安装docker
[root@harbor ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 #安装依赖
。。。。。。
完毕!
[root@harbor ~]# ll
总用量 8
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 1 22:48 docker
[root@harbor ~]# vim /etc/yum.repos.d/centos.repo
[aaa]
name=aaa
baseurl=file:///mnt
enabled=1
gpgcheck=0
[docker]
name=docker
baseurl=file:///root/docker
enabled=1
gpgcheck=0
#保存退出
[root@harbor ~]# yum -y install docker-ce
。。。。。。
#保存退出
[root@harbor ~]# mkdir -p /etc/docker/
[root@harbor ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.100.206"]
}
#保存退出
******(3)安装Harbor,这里只搭建http协议的harbor
[root@harbor ~]# ll
总用量 614824
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 1 22:48 docker
-rw-r--r-- 1 root root 629571428 8月 1 22:52 harbor-offline-installer-v2.3.1.tgz #上传安装包
[root@harbor ~]# tar xf harbor-offline-installer-v2.3.1.tgz -C /usr/local/
[root@harbor ~]# cd /usr/bin
[root@harbor bin]# rz
z waiting to receive.**B0100000023be50
[root@harbor bin]# chmod a+x docker-compose
[root@harbor bin]# ll | grep docker-compose
-rwxr-xr-x 1 root root 11748168 7月 28 18:54 docker-compose
[root@harbor bin]# cd
[root@harbor ~]# vim /usr/local/harbor/harbor.yml.tmpl
1 # Configuration file of Harbor
2
3 # The IP address or hostname to access admin UI and registry service.
4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
5 hostname: 192.168.100.206
6
7 # http related config
8 http:
9 # port for http, default is 80. If https enabled, this port will redirect to https port
10 port: 80
11
12 # https related config
13 #https:
14 # https port for harbor, default is 443
15 #port: 443
16 # The path of cert and key files for nginx
17 #certificate: /your/certificate/path
18 #private_key: /your/private/key/path
19
。。。。。。
#保存退出
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# systemctl start docker #启动docker
[root@harbor harbor]# sh install.sh #安装harbor,第一次使用脚本安装后续可使用“docker-compose up -d”命令启动 Harbor,使用“docker-compose stop”命令关闭 Harbor
[root@harbor harbor]# echo $?
0
[root@harbor harbor]# ps aux | grep docker-compose #成功开启
root 16980 0.0 0.0 112676 988 pts/0 R+ 23:00 0:00 grep --color=auto docker-compose
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.3.1 719fd825651e 13 days ago 81MB
goharbor/chartmuseum-photon v2.3.1 3aba4510af16 13 days ago 178MB
goharbor/redis-photon v2.3.1 4a0d49a4ece0 13 days ago 191MB
goharbor/trivy-adapter-photon v2.3.1 a285847f857a 13 days ago 164MB
goharbor/notary-server-photon v2.3.1 87a2dbfd122e 13 days ago 110MB
goharbor/notary-signer-photon v2.3.1 7e29ff33ec85 13 days ago 107MB
goharbor/harbor-registryctl v2.3.1 91e798004920 13 days ago 132MB
goharbor/registry-photon v2.3.1 972ce19b1882 13 days ago 81.2MB
goharbor/nginx-photon v2.3.1 3b3ede1db494 13 days ago 44.3MB
goharbor/harbor-log v2.3.1 40a54594fe22 13 days ago 194MB
goharbor/harbor-jobservice v2.3.1 d6e174ae0a00 13 days ago 171MB
goharbor/harbor-core v2.3.1 f05acc3947d6 13 days ago 158MB
goharbor/harbor-portal v2.3.1 4a15c5622fda 13 days ago 57.6MB
goharbor/harbor-db v2.3.1 b16a9c81ef03 13 days ago 263MB
goharbor/prepare v2.3.1 4ce629d59c20 13 days ago 288MB
[root@harbor harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5bf08af481aa goharbor/harbor-jobservice:v2.3.1 "/harbor/entrypoint.…" 34 seconds ago Up 30 seconds (healthy) harbor-jobservice
d38b62be5d2b goharbor/nginx-photon:v2.3.1 "nginx -g 'daemon of…" 34 seconds ago Up 30 seconds (healthy) 0.0.0.0:80->8080/tcp nginx
3d223a63d976 goharbor/harbor-core:v2.3.1 "/harbor/entrypoint.…" 37 seconds ago Up 33 seconds (healthy) harbor-core
964e5805fb81 goharbor/harbor-portal:v2.3.1 "nginx -g 'daemon of…" 39 seconds ago Up 36 seconds (healthy) harbor-portal
41038ff6f31e goharbor/harbor-db:v2.3.1 "/docker-entrypoint.…" 39 seconds ago Up 36 seconds (healthy) harbor-db
6b3503d1367e goharbor/redis-photon:v2.3.1 "redis-server /etc/r…" 39 seconds ago Up 36 seconds (healthy) redis
c059529f89f3 goharbor/harbor-registryctl:v2.3.1 "/home/harbor/start.…" 39 seconds ago Up 36 seconds (healthy) registryctl
55a65d22d7b3 goharbor/registry-photon:v2.3.1 "/home/harbor/entryp…" 39 seconds ago Up 36 seconds (healthy) registry
73f8185a516a goharbor/harbor-log:v2.3.1 "/bin/sh -c /usr/loc…" 41 seconds ago Up 39 seconds (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@harbor harbor]# cd
(4)使用浏览器访问harbor
记住这个项目
******(5)上传镜像,修改tag推送到镜像仓库
[root@harbor ~]# ll
总用量 2320516
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 1 22:48 docker
-rw-r--r-- 1 root root 629571428 8月 1 22:52 harbor-offline-installer-v2.3.1.tgz
-rw-r--r-- 1 root root 453615616 8月 1 23:04 mysql_5.7.tar.gz
-rw-r--r-- 1 root root 137441280 8月 1 23:04 nginx
-rw-r--r-- 1 root root 1155569664 8月 1 23:05 php_5.6
[root@harbor ~]# docker load -i nginx
[root@harbor ~]# docker load -i php_5.6
[root@harbor ~]# docker load -i mysql_5.7.tar.gz
[root@harbor ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 8cf625070931 10 days ago 448MB
goharbor/harbor-exporter v2.3.1 719fd825651e 13 days ago 81MB
goharbor/chartmuseum-photon v2.3.1 3aba4510af16 13 days ago 178MB
goharbor/redis-photon v2.3.1 4a0d49a4ece0 13 days ago 191MB
goharbor/trivy-adapter-photon v2.3.1 a285847f857a 13 days ago 164MB
goharbor/notary-server-photon v2.3.1 87a2dbfd122e 13 days ago 110MB
goharbor/notary-signer-photon v2.3.1 7e29ff33ec85 13 days ago 107MB
goharbor/harbor-registryctl v2.3.1 91e798004920 13 days ago 132MB
goharbor/registry-photon v2.3.1 972ce19b1882 13 days ago 81.2MB
goharbor/nginx-photon v2.3.1 3b3ede1db494 13 days ago 44.3MB
goharbor/harbor-log v2.3.1 40a54594fe22 13 days ago 194MB
goharbor/harbor-jobservice v2.3.1 d6e174ae0a00 13 days ago 171MB
goharbor/harbor-core v2.3.1 f05acc3947d6 13 days ago 158MB
goharbor/harbor-portal v2.3.1 4a15c5622fda 13 days ago 57.6MB
goharbor/harbor-db v2.3.1 b16a9c81ef03 13 days ago 263MB
goharbor/prepare v2.3.1 4ce629d59c20 13 days ago 288MB
nginx latest 4cdc5dd7eaad 3 weeks ago 133MB
cytopia/php-fpm-5.6 latest 2943ebf1ef81 3 years ago 1.1GB
[root@harbor ~]# docker tag mysql:5.7 192.168.100.206/library/mysql:5.7
[root@harbor ~]# docker tag nginx:latest 192.168.100.206/library/nginx:latest
[root@harbor ~]# docker tag cytopia/php-fpm-5.6:latest 192.168.100.206/library/php:latest
[root@harbor ~]# docker login -u admin -p Harbor12345 192.168.100.206
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@harbor ~]# docker push 192.168.100.206/library/mysql:5.7
[root@harbor ~]# docker push 192.168.100.206/library/nginx:latest
[root@harbor ~]# docker push 192.168.100.206/library/php:latest
在浏览器查看
至此Harbor仓库搭建完成,镜像上传完成
(4)在测试环境、生产环境上安装Docker,从harbor镜像仓库拉取镜像
******(1)先做基础配置,两台主机配置相同
[root@Centos7 ~]# hostnamectl set-hostname test
[root@Centos7 ~]# su
[root@test ~]# systemctl stop firewalld
[root@test ~]# setenforce 0
setenforce: SELinux is disabled
[root@test ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙
/dev/sr0 已经挂载到 /mnt 上
[root@Centos7 ~]# hostnamectl set-hostname true
[root@Centos7 ~]# su
[root@true ~]# systemctl stop firewalld
[root@true ~]# setenforce 0
setenforce: SELinux is disabled
[root@true ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙
/dev/sr0 已经挂载到 /mnt 上
******(2)安装Docker,上传docker-compose
[root@test ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@test ~]# vim /etc/yum.repos.d/centos.repo
[aaa]
name=aaa
baseurl=file:///mnt
enabled=1
gpgcheck=0
[docker]
name=docker
baseurl=file:///root/docker
enabled=1
gpgcheck=0
#保存退出
[root@test ~]# ll
总用量 8
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 2 00:05 docker
[root@test ~]# yum -y install docker-ce
[root@test ~]# cd /usr/bin/
[root@test bin]# rz
z waiting to receive.**B0100000023be50
[root@test bin]# ll | grep docker-compose
-rw-r--r-- 1 root root 11748168 7月 28 18:54 docker-compose
[root@test bin]# chmod a+x docker-compose
[root@test bin]# cd
[root@test ~]# mkdir /etc/docker
[root@test ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.100.206"]
}
#保存退出
[root@test ~]# systemctl start docker
[root@test ~]# docker login -u admin -p Harbor12345 192.168.100.206
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@test ~]# docker pull 192.168.100.206/library/nginx:latest
[root@test ~]# docker pull 192.168.100.206/library/php:latest
[root@test ~]# docker pull 192.168.100.206/library/mysql:5.7
[root@test ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.206/library/mysql 5.7 8cf625070931 10 days ago 448MB
192.168.100.206/library/nginx latest 4cdc5dd7eaad 3 weeks ago 133MB
192.168.100.206/library/php latest 2943ebf1ef81 3 years ago 1.1GB
[root@true ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@true ~]# vim /etc/yum.repos.d/centos.repo
[aaa]
name=aaa
baseurl=file:///mnt
enabled=1
gpgcheck=0
[docker]
name=docker
baseurl=file:///root/docker
enabled=1
gpgcheck=0
#保存退出
[root@true ~]# ll
总用量 8
-rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg
drwxr-xr-x 3 root root 4096 8月 2 00:06 docker
[root@true ~]# yum -y install docker-ce
[root@true ~]# cd /usr/bin/
[root@true bin]# rz
z waiting to receive.**B0100000023be50
[root@true bin]# ll | grep docker-compose
-rw-r--r-- 1 root root 11748168 7月 28 18:54 docker-compose
[root@true bin]# chmod a+x docker-compose
[root@true bin]# cd
[root@true ~]# mkdir /etc/docker
[root@true ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.100.206"]
}
#保存退出
[root@true ~]# systemctl start docker
[root@true ~]# docker login -u admin -p Harbor12345 192.168.100.206
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@true ~]# docker pull 192.168.100.206/library/nginx:latest
[root@true ~]# docker pull 192.168.100.206/library/php:latest
[root@true ~]# docker pull 192.168.100.206/library/mysql:5.7
[root@true ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.206/library/mysql 5.7 8cf625070931 10 days ago 448MB
192.168.100.206/library/nginx latest 4cdc5dd7eaad 3 weeks ago 133MB
192.168.100.206/library/php latest 2943ebf1ef81 3 years ago 1.1GB
(5)使用jenkins登录gitlab复制仓库,然后把compose-lnmp传到仓库
[root@jenkins ~]# git config --global user.name "Administrator"
[root@jenkins ~]# git config --global user.email "admin@example.com"
[root@jenkins ~]# git clone git@192.168.100.202:root/lnmp.git
正克隆到 'lnmp'...
warning: 您似乎克隆了一个空版本库。
[root@jenkins ~]# cd lnmp/
[root@jenkins lnmp]# yum -y install tree
[root@jenkins lnmp]# tree #上传lnmp目录
.
└── lnmp
├── conf
│ └── default.conf
├── docker-compose.yml
└── html
├── dbtest.php
├── index.html
└── test.php
3 directories, 5 files
[root@jenkins lnmp]# git add .
[root@jenkins lnmp]# git commit -m "add lnmp"
[master(根提交) ed73f9c] add lnmp
5 files changed, 74 insertions(+)
create mode 100644 lnmp/conf/default.conf
create mode 100644 lnmp/docker-compose.yml
create mode 100644 lnmp/html/dbtest.php
create mode 100644 lnmp/html/index.html
create mode 100644 lnmp/html/test.php
[root@jenkins lnmp]# git push origin master
Counting objects: 10, done.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (10/10), 1.30 KiB | 0 bytes/s, done.
Total 10 (delta 0), reused 0 (delta 0)
To git@192.168.100.202:root/lnmp.git
* [new branch] master -> master
在浏览器验证
(6)在Jenkins创建并配置流水线项目
-先在测试环境进行项目部署
点击这里去生产流水线语法
#语法(把刚才生成的git拉取数据的语句复制过来):
pipeline {
agent any
stages {
stage("gitlab") {
steps {
git credentialsId: '948ac17c-2c14-4a8d-9120-95eb8c2b86aa', url: 'git@192.168.100.202:root/lnmp.git'
}
}
}
}
在保存后可以先进行测试
测试成功!
[root@jenkins ~]# cd /var/lib/jenkins/workspace/
[root@jenkins workspace]# ll
总用量 0
drwxr-xr-x 4 root root 30 8月 1 16:45 docker-compose-lnmp
drwxr-xr-x 2 root root 6 8月 1 16:45 docker-compose-lnmp@tmp
[root@jenkins workspace]# cd docker-compose-lnmp
[root@jenkins docker-compose-lnmp]# pwd #数据被拉取到了这个目录
/var/lib/jenkins/workspace/docker-compose-lnmp
[root@jenkins docker-compose-lnmp]# ll
总用量 0
drwxr-xr-x 4 root root 56 8月 1 16:45 lnmp #成功拉取compose的数据
现在再来继续生成
#最终测试环境的流水线语法:
pipeline {
agent any
stages {
stage("gitlab") {
steps {
git credentialsId: '948ac17c-2c14-4a8d-9120-95eb8c2b86aa', url: 'git@192.168.100.202:root/lnmp.git'
}
}
stage("cd") {
steps {
sh label: '', script: 'scp /root/aaa.sh root@192.168.100.205:/root/'
}
}
stage("bash sh") {
steps {
sh label: '', script: 'bash /root/lnmp.sh'
}
}
}
}
现在去编写脚本
[root@jenkins docker-compose-lnmp]# cd #要记得回到root下,因为语法是执行root下的脚本
[root@jenkins ~]# vim aaa.sh #其实这里也可以去写拉取镜像,这样的话测试环境和生产环境就不需要提前拉镜像了
#!/bin/bash
cd /root/lnmp
docker-compose up -d
#保存退出
[root@jenkins ~]# vim lnmp.sh
#!/bin/bash
scp -r /var/lib/jenkins/workspace/docker-compose-lnmp/lnmp root@192.168.100.204:/root/
ssh root@192.168.100.204 sh /root/aaa.sh
#保存退出
编写好脚本之后,在浏览器中点击构建
现在访问192.168.100.204测试页面
成功部署!!!!
-现在在生产环境进行部署
[root@jenkins ~]# cat aaa.sh #aaa.sh无需变化
#!/bin/bash
cd /root/lnmp
docker-compose up -d
[root@jenkins ~]# vim lnmp.sh #修改lnmp.sh的远程主机
#!/bin/bash
scp -r /var/lib/jenkins/workspace/docker-compose-lnmp/lnmp root@192.168.100.205:/root/
ssh root@192.168.100.205 sh /root/aaa.sh
同样流水线也修改远程主机
进行测试
测试
成功向生产环境部署!!!!
三、docker-compose目录内容
[root@jenkins lnmp]# tree
.
└── lnmp
├── conf
│ └── default.conf
├── docker-compose.yml
└── html
├── dbtest.php
├── index.html
└── test.php
3 directories, 5 files
[root@jenkins lnmp]# cd lnmp/
[root@jenkins lnmp]# vim docker-compose.yml
version: "3"
services:
nginx:
image: 192.168.100.206/library/nginx:latest
ports:
- "80:80/tcp"
volumes:
- /root/lnmp/conf/default.conf:/etc/nginx/conf.d/default.conf
- /root/lnmp/html/:/usr/share/nginx/html
depends_on:
- php
php:
image: 192.168.100.206/library/php:latest
volumes:
- /root/lnmp/html/:/var/www/html/
depends_on:
- mysql
mysql:
image: 192.168.100.206/library/mysql:5.7
environment:
- MYSQL_ROOT_PASSWORD=123456
#保存退出
[root@jenkins lnmp]# cd conf/
[root@jenkins conf]# ll
总用量 4
-rw-r--r-- 1 root root 957 8月 1 16:13 default.conf
[root@jenkins conf]# vim default.conf
server {
listen 80;
listen [::]:80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.php index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
#pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root html;
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
#保存退出
[root@jenkins conf]# cd ..
[root@jenkins lnmp]# ll
总用量 4
drwxr-xr-x 2 root root 26 8月 1 16:19 conf
-rw-r--r-- 1 root root 507 8月 1 16:17 docker-compose.yml
drwxr-xr-x 2 root root 58 8月 1 16:13 html
[root@jenkins lnmp]# cd html/
[root@jenkins html]# ll
总用量 12
-rw-r--r-- 1 root root 102 8月 1 16:13 dbtest.php
-rw-r--r-- 1 root root 30 8月 1 16:13 index.html
-rw-r--r-- 1 root root 19 8月 1 16:13 test.php
[root@jenkins html]# cat dbtest.php
<?php
$conn=mysql_connect("mysql","root","123456");
if ($conn) echo "it's ok!!!!!";
mysql_close();
?>
#这里直接写mysql密码,是因为上传的镜像的mysql密码默认就是这个,也可以自己去赋权用户登录
[root@jenkins html]# cat index.html
welcome !!!!!!!!!!!!!!!!!!!!!
[root@jenkins html]# cat test.php
<?php phpinfo()?>
原文链接:https://blog.csdn.net/rzy1248873545/article/details/122061637
相关推荐
- 2022-12-28 QT Creator+OpenCV实现图像灰度化的示例代码_C 语言
- 2022-06-29 C语言实例讲解四大循环语句的使用_C 语言
- 2022-12-26 Python中获取图片的大小问题_python
- 2022-05-27 一起来学习C语言的程序环境与预处理_C 语言
- 2022-09-06 Python中闭包与lambda的作用域解析_python
- 2022-05-24 C/C++中的static关键字详解_C 语言
- 2022-07-30 Python excel合并居中值相同的单元格实例代码_python
- 2022-02-18 微信小程序----------父组件调用子组件的方法
- 最近更新
-
- window11 系统安装 yarn
- 超详细win安装深度学习环境2025年最新版(
- Linux 中运行的top命令 怎么退出?
- MySQL 中decimal 的用法? 存储小
- get 、set 、toString 方法的使
- @Resource和 @Autowired注解
- Java基础操作-- 运算符,流程控制 Flo
- 1. Int 和Integer 的区别,Jav
- spring @retryable不生效的一种
- Spring Security之认证信息的处理
- Spring Security之认证过滤器
- Spring Security概述快速入门
- Spring Security之配置体系
- 【SpringBoot】SpringCache
- Spring Security之基于方法配置权
- redisson分布式锁中waittime的设
- maven:解决release错误:Artif
- restTemplate使用总结
- Spring Security之安全异常处理
- MybatisPlus优雅实现加密?
- Spring ioc容器与Bean的生命周期。
- 【探索SpringCloud】服务发现-Nac
- Spring Security之基于HttpR
- Redis 底层数据结构-简单动态字符串(SD
- arthas操作spring被代理目标对象命令
- Spring中的单例模式应用详解
- 聊聊消息队列,发送消息的4种方式
- bootspring第三方资源配置管理
- GIT同步修改后的远程分支