1 Overview
In actual production, it is too low to manually publish images to Harbor. In practice, it is generally combined with the Jenkins pipeline to automatically build and publish.
General process description:\
- Developers commit their code to the Gitlab repository every day
- Jenkins pulls the source code of the project from the Gitlab code repository, compiles and packages it into a jar package; then builds it into a Docker image and pushes the image to the Harbor private image repository
- Jenkins sends an SSH remote command to let the build deployment server pull the image from the Harbor private image repository to the local; then create the container
- Last user has access to the container
2. Jenkins scripted release mirror
- New build task
New Item -> Build a Maven Project
- Configure the code repository
- Upload the result to the server
Since Jenkins is deployed on the Windows operating system, batch scripts are used. Please use batch command or shell according to the operating system deployed by Jenkins. \
C:\jenkins\pscp.exe -r -l root -pw root %WORKSPACE%/zwt-pestilence/zwt-pestilence-web/target/zwt-pestilence-web-RELEASE.jar 192.168.10.8:/home/huangjinjin/software/springdocker
复制代码
- release mirror
cd /home/huangjinjin/software/springdocker
docker build -t zwt:v1.0 .
docker login -u admin -p Harbor123 192.168.10.8
docker tag zwt:v1.0 192.168.10.8/omg/zwt:v1.0
docker push 192.168.10.8/omg/zwt:v1.0
复制代码
- Create Dockerfile
The built jar is uploaded to the following path
/home/huangjinjin/software/springdocker
复制代码
So create a Dockerfile in this path with the following content:
FROM openjdk:8-jre-slim
MAINTAINER huangjinjin "[email protected]"
ENV PARAMS=""
ENV TZ=PRC
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
WORKDIR /servers
ADD zwt-pestilence-web-RELEASE.jar app/zwt-pestilence-web-RELEASE.jar
ENTRYPOINT ["sh","-c","java -jar $JAVA_OPTS /servers/app/zwt-pestilence-web-RELEASE.jar $PARAMS"]
复制代码
The content of the Dockerfile file is modified according to the actual project situation.
- build and verify
Execute Jenkins tasks
Log in to Harbor to check whether the image pushed to the Harbor mirror repository is successful\
3. Jenkins plug-in publishing mirror
- Install the CloudBees Docker Build and Publish plugin
Manage Jenkins -> Manage Plugins
- Add credentials
Manage Jenkins -> Manage Credentials
Create a Harbor account certificate.
- Build adds Docker Build and Publish
Click on Advanced Options to set
- Build Context: build context path
- Dockerfile Path:Dockerfile 文件的路径
根据实际情况配置,配置如下:
经过以上设置,即可进行 Jenkins 任务执行,构建镜像。\
4. 附:开启Docker 的 Remote API 访问 2375端口
- Docker 常见端口
2375:未加密的docker socket,远程root无密码访问主机2376:tls加密套接字,很可能这是您的CI服务器4243端口作为https 443端口的修改2377:群集模式套接字,适用于群集管理器,不适用于docker客户端5000:docker注册服务4789和7946:覆盖网络
- 开启配置
方法一(该方法没有验证通过)
vi /etc/default/docker
复制代码
加入下面一行
DOCKER_OPTS="-H tcp://0.0.0.0:2375"
复制代码
修改 /usr/lib/systemd/system/docker.service
配置文件
EnvironmentFile=-/etc/default/docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock $DOCKER_OPTS
复制代码
重启docker即可
systemctl daemon-reload
systemctl restart docker
复制代码
这种简单配置让 Docker Daemon 把服务暴露在 tcp 的 2375 端口上,这样就可以在网络上操作 Docker 了。Docker 本身没有身份认证的功能,只要网络上能访问到服务端口,就可以操作 Docker。
方法二
在/usr/lib/systemd/system/docker.service
,配置远程访问。
产生/usr/lib/systemd/system/docker.service
配置文件
systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
复制代码
在 [Service] 这个部分的 ExecStart,加上-H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
vi /usr/lib/systemd/system/docker.service
[Service]
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
复制代码
重启
systemctl daemon-reload
systemctl restart docker
复制代码
方法三
修改/etc/docker/daemon.json
的配置
vi /etc/docker/daemon.json
{
"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
}
复制代码
"tcp://0.0.0.0:2375":tcp socket,表示允许任何远程客户端通过 2375 端口连接 Docker Daemon。
"unix:///var/run/docker.sock":unix socket,本地客户端将通过这个来连接 Docker Daemon。
修改配置后,然后让 Docker 重新读取配置文件,并重启 Docker 服务
systemctl daemon-reload
systemctl restart docker
复制代码
在启动时,可能报如下错误
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
复制代码
It's because there is a conflict in Docker's socket configuration hosts. The solution is to edit the /usr/lib/systemd/system/docker.service
configuration file,
Change ExecStart =/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock to ExecStart=/usr/bin/dockerd ; start it again.
View the docker process
[root@slaver2 ~]# ps -ef| grep docker
root 44221 1 1 18:16 ? 00:00:06 /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
复制代码
The Docker daemon opens an HTTP Socket for remote communication.
- verify
-H is the Docker service for the connection target host
Check Docker version
docker -H tcp://192.168.10.8:2375 version
复制代码
View image package
docker -H tcp://192.168.10.8:2375 images
复制代码