jenkins+git+docker实验环境的搭建

持续集成（c/i）的实验环境

git/harbor服务器    ip 192.168.200.132

docker服务器          ip 192.168.200.149

Jenkins服务器　　ip  192.168.200.150

工具与版本要求

centos 　　7.5_x86

maven　　3.5

tomcat　　8

jdk　　　　1.8

jenkins　　2.6

docker -ce　　18.09.0

查看实验环境

[root@harbor ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core) 
[root@harbor ~]# uname -r
3.10.0-862.el7.x86_64

开始部署harbor

[root@harbor ~]# ls
anaconda-ks.cfg docker-compose harbor-offline-installer-v1.5.0.tgz

#创建ca证书

[root@harbor ~]# mkdir -p /data/ssl
[root@harbor ~]# cd /data/ssl/
[root@harbor ssl]# which openssl
/usr/bin/openssl
[root@harbor ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
.......................................................................................................................................++
...................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com
Email Address []:

[root@harbor ssl]# 

#生成证书请求

[root@harbor ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr
Generating a 4096 bit RSA private key
...................................................++
.........................................++
writing new private key to 'www.yunjisuan.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@harbor ssl]#

#生成主机注册表的证书

[root@harbor ssl]# openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.com
Getting CA Private Key
[root@harbor ssl]#

#查看生成的证书

[root@harbor ssl]# ls
ca.crt ca.key ca.srl www.yunjisuan.com.crt www.yunjisuan.com.csr www.yunjisuan.com.key

#信任自签发的证书

[root@harbor ssl]# cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/
[root@harbor ssl]# update-ca-trust enable
[root@harbor ssl]# update-ca-trust extract

#关闭selinux

[root@harbor ssl]# setenforce 0

#查看selinux的状态

[root@harbor ssl]# sestatus

#安装docker

[root@harbor ssl]# yum -y install yum-utils device-mapper-persistent-data 1vm2 wget

[root@harbor yum.repos.d]# wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

[root@harbor yum.repos.d]# yum -y install docker-ce

[root@harbor yum.repos.d]# systemctl start docker
[root@harbor yum.repos.d]# vim /etc/docker/daemon.json

[root@harbor yum.repos.d]# cat /etc/docker/daemon.json
{
"registry-mirrors":[ "https://registry.docker-cn.com" ]
}

[root@harbor yum.repos.d]# systemctl daemon-reload
[root@harbor yum.repos.d]# systemctl restart docker

[root@harbor yum.repos.d]# docker version
Client:
Version: 18.09.0
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:48:22 2018
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 18.09.0
API version: 1.39 (minimum version 1.12)
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:19:08 2018
OS/Arch: linux/amd64
Experimental: false

#搭建harbor，先复制证书

[root@harbor ssl]# cd /data/ssl/
[root@harbor ssl]# mkdir -p /etc/ssl/harbor
[root@harbor ssl]# cp /data/ssl/www.yunjisuan.com.key /etc/ssl/harbor/
[root@harbor ssl]# cp /data/ssl/www.yunjisuan.com.crt /etc/ssl/harbor/

#harbor的现在地址

[root@harbor install]# wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz

#安装harbor

[root@harbor install]# cd ~
[root@harbor ~]# tar xf harbor-offline-installer-v1.5.0.tgz -C /data/install/
[root@harbor ~]# cd /data/install/harbor/

[root@harbor harbor]# cp harbor.cfg{,.bak}

[root@harbor harbor]# cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p'
7 hostname = www.yunjisuan.com
11 ui_url_protocol = https
23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt
24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key
68 harbor_admin_password = Harbor12345
[root@harbor harbor]#

#安装docker-compose命令

[root@harbor harbor]# cd ~
[root@harbor ~]# chmod +x docker-compose
[root@harbor ~]# mv docker-compose /usr/bin/
[root@harbor ~]# which docker-compose
/usr/bin/docker-compose

#启动harbor

[root@harbor ~]# cd /data/install/harbor/
[root@harbor harbor]# ./install.sh --with-clair

给其他服务器下发信任证书

[root@harbor ~]# scp /data/ssl/www.yunjisuan.com.crt 192.168.200.149:/etc/pki/ca-trust/source/anchors/
The authenticity of host '192.168.200.149 (192.168.200.149)' can't be established.
ECDSA key fingerprint is SHA256:gm/RhqGrfDo5Rgcr/LmBAaqPv6tmni7cRpXjGEWZQpg.
ECDSA key fingerprint is MD5:ae:f6:0b:6e:80:96:67:cf:bd:e8:f5:b5:c4:e0:da:11.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.200.149' (ECDSA) to the list of known hosts.
root@192.168.200.149's password: 
www.yunjisuan.com.crt                                                         100% 1931     5.9KB/s   00:00    
[root@harbor ~]# scp /data/ssl/www.yunjisuan.com.crt 192.168.200.150:/etc/pki/ca-trust/source/anchors/
The authenticity of host '192.168.200.150 (192.168.200.150)' can't be established.
ECDSA key fingerprint is SHA256:gm/RhqGrfDo5Rgcr/LmBAaqPv6tmni7cRpXjGEWZQpg.
ECDSA key fingerprint is MD5:ae:f6:0b:6e:80:96:67:cf:bd:e8:f5:b5:c4:e0:da:11.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.200.150' (ECDSA) to the list of known hosts.
root@192.168.200.150's password: 
www.yunjisuan.com.crt                                                         100% 1931    19.5KB/s   00:00    
[root@harbor ~]# 

让另两个服务器立即生效并且映射域名，重启docker

[root@docker ~]# update-ca-trust enable
[root@docker ~]# update-ca-trust extract
[root@docker ~]# echo "192.168.200.132 www.yunjisuan.com" >> /etc/hosts
[root@docker ~]# systemctl restart docker

[root@jenkins ~]# update-ca-trust enable
[root@jenkins ~]# update-ca-trust extract
[root@jenkins ~]# echo "192.168.200.132 www.yunjisuan.com" >> /etc/hosts
[root@jenkins ~]# systemctl restart docker

 部署git在harbor上和Jenkins上

[root@harbor harbor]# yum -y install git
[root@harbor harbor]# useradd git
[root@harbor harbor]# echo "123123" | passwd --stdin git
Changing password for user git.
passwd: all authentication tokens updated successfully.