Container management tool Docker (thirteen): Enterprise business code release system based on Docker container DevOps application solution
- 1. Enterprise business code release method
- 2. Logic diagram of enterprise business code release
- 3. Enterprise business code publishing tools and flow chart
- 4. Enterprise business code release system environment deployment
-
- 4.1 Host planning
- 4.2 Host preparation
- 4.3 Tool installation in the host
- 4.4 Tool Integration Configuration
- 4.5 jenkins plug-in installation
- 4.6 jenkins global tool configuration
- 4.7 jenkins system configuration
- 5. Release of enterprise business code project
1. Enterprise business code release method
1.1 Traditional way
- Deploy at the granularity of physical or virtual machines
- The deployment environment is relatively complex, requiring advanced automated operation and maintenance methods
- After a problem occurs, the cost of re-deployment is high, and cluster deployment is generally used
- Displayed statically after deployment
1.2 Containerization method
- Container-based deployment
- Simple deployment and fast startup
- Build Once Run Anywhere
- After a failure, it can be recovered at any time
- Multiple environments can be deployed at the same time (test, pre-release, production environment, etc.)
2. Logic diagram of enterprise business code release
3. Enterprise business code publishing tools and flow chart
3.1 Tools
| serial number | tool | tool use |
|---|---|---|
| 1 | git | Used to submit business code or clone business code warehouse |
| 2 | gitlab | used to store business code |
| 3 | jenkins | Used to use plug-ins to complete business code compilation, construction, push to Harbor container mirror warehouse and project deployment |
| 4 | tomcat | Used to run JAVA business code |
| 5 | maven | Used to compile business code |
| 6 | harbor | Container image storage for storing business code builds |
| 7 | docker | Used to build container images and deploy projects |
3.2 Flowchart
Deploy the Java code package this time.
4. Enterprise business code release system environment deployment
4.1 Host planning
| serial number | CPU name | host IP | host function | software |
|---|---|---|---|---|
| 1 | dev | 192.168.126.20 | Developer project code solo | git |
| 2 | gitlab-server | 192.168.126.21 | code repository | gitlab-ce |
| 3 | jenkins-server | 192.168.126.22 | Compile the code, package the image, and release the project | jenkins、docker、git |
| 4 | harbor-server | 192.168.126.23 | Store container images | harbor、docker |
| 5 | web-server | 192.168.126.24 | Run the container and launch the project | docker |
4.2 Host preparation
4.2.1 Host name configuration
# hostnamectl set-hostname xxx
Implement the configuration according to the host plan
4.2.2 Host IP address allocation
# vim /etc/sysconfig/network-scripts/ifcfg-ens33
# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none" 配置为静态IP
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="ec87533a-8151-4aa0-9d0f-1e970affcdc6"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="192.168.126.2x" 把2x替换为对应的IP地址
PREFIX="24"
GATEWAY="192.168.126.2"
DNS1="119.29.29.29"
4.2.3 Host name and IP address resolution configuration
# vim /etc/hosts
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.126.20 dev
192.168.126.21 gitlab-server
192.168.126.22 jenkins-server
192.168.126.23 harobr-server
192.168.126.24 web-server
4.2.4 Host Security Settings
关闭防火墙
# systemctl stop firewalld
# systemctl disable firewalld
查看防火墙状态
# firewall-cmd --state
关闭SELINUX后,必须重启系统才能使其修改生效。
# sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
查看selinux状态
# sestatus
4.2.5 Host time synchronization
If the time is not synchronized, the time between the hosts may be different, resulting in normal access
This time, use the timing task method to synchronize
添加定时任务
# crontab -e
查看定时任务
# crotab -l
0 */1 * * * ntpdate time1.aliyun.com
4.3 Tool installation in the host
4.3.1 dev host
git: download project and upload code to code warehouse
# yum -y install git
4.3.2 gitlab-server host
gitlab-ce
4.3.2.1 Get the YUM source of gitlab-ce
YUM source website: Tsinghua University Open Source Software Mirror Station | Tsinghua Open Source Mirror
编写yum源
# vim /etc/yum.repos.d/gitlab.repo
查看yum源
# cat /etc/yum.repos.d/gitlab.repo
[gitlab]
name=gitlab-ce
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7
enabled=1
gpgcheck=0
说明
[] 容器名称,一定要放在[ ]中
name= 容器说明,可以自己随便写
baseurl= 镜像站点
gpgcheck=0 如果是1是指RPM的数字证书生效,如果是0则不生效
enabled=1 此容器是否生效--不写或写成enable = 1都是生效,enabled=0就是不生效
4.3.2.2 gitlab-ce installation
# yum -y install gitlab-ce
4.3.2.3 gitlab-ce configuration
# vim /etc/gitlab/gitlab.rb
external_url 'http://192.168.126.21'
4.3.2.4 start gitlab-ce
重新启动gitlab-ce(更改过设置,重新启动)
# gitlab-ctl reconfigure
查看状态
# gitlab-ctl status
4.3.2.5 Accessing gitlab-ce
查看初始密码,用于登录
# cat /etc/gitlab/initial_root_password
......
Password: znS4Bqlp0cfYUKg2dHzFiNCAN0GnhtnD4ENjEtEXMVE=
visit site
4.3.3 jenkins-server host
Because the latest jenkins is no longer supporting jdk8
4.3.3.1 jdk installation
下载jdk
# yum -y install java-11-openjdk.x86_64
更改默认使用的jdk版本
[root@centos ~]# alternatives --config java
共有 3 个提供“java”的程序。
选项 命令
-----------------------------------------------
1 java-1.7.0-openjdk.x86_64 (/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.261-2.6.22.2.el7_8.x86_64/jre/bin/java)
* 2 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.362.b08-1.el7_9.x86_64/jre/bin/java)
+ 3 java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/bin/java)
按 Enter 保留当前选项[+],或者键入选项编号:3
检查版本
# java -version
java version "1.8.0_191"
Java(TM) SE Runtime Environment (build 1.8.0_191-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode)
4.3.3.2 jenkins installation
4.3.3.2.1 Installation
Official website: Jenkins
It is recommended to download the stable version
下载jenkins的yum源
# wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
导入key,如果不导入,安装jenkins可能会装不上
# rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
获取依赖的repos的yum源(建议使用阿里云镜像,官方的太慢)
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
安装jenkins
# yum -y install jenkins
4.3.3.2.2 start jenkins
启动服务
# systemctl start jenkins
4.3.3.2.3 jenkins access
获取解锁密码
# cat /var/lib/jenkins/secrets/initialAdminPassword
3363d658a1a5481bbe51a1ece1eb08ab
4.3.3.2.4 Jenkins initialization configuration
The default username is: admin
Default password location: /var/lib/jenkins/secrets/initialAdminPassword
4.3.3.3 git installation
# yum -y install git
4.3.3.4 maven installation
4.3.3.4.1 Get maven installation package
Official website: https://maven.apache.org/
# wget https://dlcdn.apache.org/maven/maven-3/3.9.1/binaries/apache-maven-3.9.1-bin.tar.gz
4.3.3.4.2 maven installation
解压并查看
# tar xf apache-maven-3.9.1-bin.tar.gz
# ls
apache-maven-3.9.1
移动文件
# mv apache-maven-3.9.1 /usr/local/mvn
编辑环境变量
# vim /etc/profile
......
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64
export MAVEN_HOME=/usr/local/mvn
export PATH=${
JAVA_HOME}/bin:${
MAVEN_HOME}/bin:$PATH
重启配置
# source /etc/profile
检查版本
# mvn -v
Maven home: /usr/local/mvn
Java version: 11.0.18, vendor: Red Hat, Inc., runtime: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64
Default locale: zh_CN, platform encoding: UTF-8
OS name: "linux", version: "3.10.0-1160.83.1.el7.x86_64", arch: "amd64", family: "unix"
4.3.3.5 docker installation
获取yum源
# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装docker
# yum -y install docker-ce
启动服务
# systemctl enable docker
# systemctl start docker
4.3.4 harbor-server host
4.3.4.1 docker installation
获取yum源
# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装docker
# yum -y install docker-ce
启动服务
# systemctl enable docker
# systemctl start docker
4.3.4.2 docker-compose installation
4.3.4.2.1 Get the docker-compose file
# wget https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64
4.3.4.2.2 docker-compose installation and testing
查看文件
# ls
docker-compose-linux-x86_64
移动位置
# mv docker-compose-linux-x86_64 /usr/bin/docker-compose
添加执行权限
# chmod +x /usr/bin/docker-compose
查看版本
# docker-compose version
Docker Compose version v2.2.3
4.3.4.3 harbor deployment
4.3.4.3.1 Harbor deployment file acquisition
4.3.4.3.2 harbor deployment
下载文件
# wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz
查看文件
# ls
harbor-offline-installer-v2.4.1.tgz
解压文件
# tar xf harbor-offline-installer-v2.4.1.tgz
查看文件
[root@harbor-server ~]# cd harbor/
[root@harbor-server harbor]# ls
common.sh harbor.v2.4.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
修改配置文件
[root@harbor-server harbor]# mv harbor.yml.tmpl harbor.yml
[root@harbor-server harbor]# vim harbor.yml
[root@harbor-server harbor]# cat harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.126.23 修改
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
#https: 注释
# https port for harbor, default is 443
# port: 443 注释
# The path of cert and key files for nginx
# certificate: /your/certificate/path 注释
# private_key: /your/private/key/path 注释
[root@harbor-server harbor]# ./prepare
[root@harbor-server harbor]# ./install.sh
[root@harbor-server harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
12605eae32bb goharbor/harbor-jobservice:v2.4.1 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice
85849b46d56d goharbor/nginx-photon:v2.4.1 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
6a18e370354f goharbor/harbor-core:v2.4.1 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core
d115229ef49d goharbor/harbor-portal:v2.4.1 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
f5436556dd32 goharbor/harbor-db:v2.4.1 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) harbor-db
7fb8c4945abe goharbor/harbor-registryctl:v2.4.1 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl
d073e5da1399 goharbor/redis-photon:v2.4.1 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) redis
7c09362c986b goharbor/registry-photon:v2.4.1 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
55d7f39909e3 goharbor/harbor-log:v2.4.1 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
4.3.5 web-server
docker installation
# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# yum -y install docker-ce
# systemctl enable docker
# systemctl start docker
4.4 Tool Integration Configuration
4.4.1 Configure the docker host to use harbor
4.4.1.1 jenkins-server
配置json访问harbor
[root@jenkins-server ~]# vim /etc/docker/daemon.json
[root@jenkins-server ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["http://192.168.126.23"]
}
重启服务
[root@jenkins-server ~]# systemctl restart docker
登录harbor
[root@jenkins-server ~]# docker login 192.168.126.23
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
4.4.1.2 harbor-server
配置json访问harbor
[root@harbor-server harbor]# vim /etc/docker/daemon.json
[root@harbor-server harbor]# cat /etc/docker/daemon.json
{
"insecure-registries": ["http://192.168.126.23"]
}
停止容器(否则重启服务时可能会导致容器不会全部启动)
[root@harbor-server harbor]# docker-compose down
重启服务
[root@harbor-server harbor]# systemctl restart docker
重启容器
[root@harbor-server harbor]# docker-compose up -d
4.4.1.3 web-server
配置json访问harbor
[root@web-server ~]# vim /etc/docker/daemon.json
[root@web-server ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["http://192.168.126.23"]
}
重启服务
[root@web-server ~]# systemctl restart docker
登录测试
[root@web-server ~]# docker login 192.168.126.23
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
4.4.2 Configure jenkins to use docker
Configure on the jenkins-server host
验证系统中是否有jenkins用户(默认jenkins用户不能使用docker命令)
[root@jenkins-server ~]# grep jenkins /etc/passwd
jenkins:x:997:995:Jenkins Automation Server:/var/lib/jenkins:/bin/false
验证系统中是否有docker用户及用户组
[root@jenkins-server ~]# grep docker /etc/group
docker:x:993:
添加jenkins用户到docker用户组
[root@jenkins-server ~]# usermod -G docker jenkins
[root@jenkins-server ~]# grep docker /etc/group
docker:x:993:jenkins
重启jenkins服务
[root@jenkins-server ~]# systemctl restart jenkins
4.4.3 Key configuration
4.4.3.1 dev host to gitlab-ce
The developer (dev host) generates a key pair, finds the public key, and puts the public key in Gitlab
4.4.3.1.1 The dev host generates a key pair
生成密钥对
[root@dev ~]# ssh-keygen
4.4.3.1.2 Add public key to gitlab-ce
查看公钥
[root@dev ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy2PdvT9qX55CLZzzaaEf06x8gl3yHGfdJSmAp9L1Fdtcbd3yz3U0lgdOwWpB8fQ/A3HoUUTWCb1iC5WJBOvqkoD8rJ2xC3HJ62zjOjmqcn2fEs09CzJj3bCfahuqPzaPkIOoH42/Y2QdImQ7xZOqqjS7aIc5T2FjDLG3bMhaYFyvx18b1qiPACuh67iniPQnL667MFZ/0QGGVnQKwxop+SezhP9QqV1bvPk94eTdkERIBiY1CNcNmVryk6PzSKY8gfW++3TGN9F+knhMXcswFOu6FzqxcA3G+hYg+Io2HJaDrsfHGZ6CP5T9QiOlIWlNxz05BOK3OFQ5BPeomA+jv root@dev
Log in to gitlab settings
4.4.3.2 jenkins-server host to gitlab-ce
Jenkins generates a key pair, finds the public key, and places the public key in Gitlab
Configure the private key into jenkins
4.4.3.2.1 Generate key pair in jenkins-server
生成密钥对
[root@jenkins-server ~]# ssh-keygen
4.4.3.2.2 Add public key to gitlab-ce
添加公钥
[root@jenkins-server ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyg3WaEm5yH9yva8Jm5wfTPwN3ROGMNPpAex8zYj+M1GesoMtE6gkiKHWydAJBiLuu/1fBx6HlgzzxghVj9oK4DmTRZQh2IZY4+zZIGBRaDBuBO1f7+SdVE/jZoLd1a+yZ3FQmy37AlXUcIKxbrDBtefvJ31faziWyZKvT4BGFJCznRU6AOxOg1pe4bWbWI+dGnMIIq7IhtK+6tY/w3OlF7xcWmrJP1oucpq33BYOrnRCL9EO5Zp2jcejDeG5UvXONG7CggT7FDhjwcCRZvX+AutDGAtgBckNXZjV9SDKWgDifCSDtDfV4Be4zb8b3hxtSMsbEY8YHxsThsmHrUkbz root@jenkins-server
Log in to gitlab settings
4.4.3.3 Configure the private key of the jenkins-sever host to the credential list
查看私钥
[root@jenkins-server ~]# cat /root/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAsoN1mhJuch/cr2vCZucH0z8Dd0ThjDT6QHsfM2I/jNRnrKDL
ROoJIih1snQCQYi7rv9Xwceh5YM88YIVY/aCuA5k0WUIdiGWOPs2SBgUWgwbgTtX
+/knVRP42aC3dWvsmdxUJst+wJV1HCCsW6wwbXn7yd9X2s4lsmSr0+ARhSQs50VO
gDsToNaXuG1m1iPnRpzCCKuyIbSvurWP8NzpRe8XFpqyT9aLnKat9wWDq50Qi/RD
uWado3How3huVL1zjRuwoIE+xQ4Y8HAkWb1/gLrQxgLYAXJDV2Y1fUgyloA4nwkg
7Q31eAXuM2/G94cbUjLGxGPGB8bE4bJh61JG8wIDAQABAoIBAEOwy6BPyuelo1Y1
g3LnujTlWRgZ23kCAb7/sPYYFEb/qAxysIGCSVJVi0PO76gQBDM4iftmCsLv/+UI
UbolGK5Ybuxj5lB9LeyPfaba0qTOoINhkFxwvvRo7V0Ar3BsKzywqoxHb9nxEoZG
8XSVl4t7zPlgonzK3MqHmAxwk9QrIB/rnjolHGN6HvfK2Cwq5WN1crspwQ+XDbRS
J5qoAtv6PJzrU6QhJl/zSMCb0MytlIhZi+V+1yY/QhAYrWJgWypEwGlAXlVC90r4
twX1W/sl63xzFF396WjM1478yqpttvID06dKTC9T3y/k8lLmRNXwqmTCIm7C/jxP
9wjXJUECgYEA4r1N4AML7JpvE7hBRkreSdIIwoppRkBwl6gt/AJj8yt2ydQ8PY4P
X3s5ZkCfPzHX2XsVUUcQpsBFcU2PyG29+qzt3XOmlGYgJG11xPQbwi95/u9VSd5u
AuaNNa2YPw2teuM0hKVAl5knfy0+YHcOCdU14gHCCWsD4uOz5Zg9jVMCgYEAyYzv
SBvCqbZ4d5agTn+ZiOkmgKVT4UVnmZPivFXnCWiIbX2fi3ok7jU1hZAs6lf6VlTU
EPV8T1LwjO9yhFmicepzSl9lJCMbMXHt20OsqN0oUQFpoTQ07pbBE2K8c1IuQUEi
B2SoLHqv7Ym9jHQqvT3DVhTiC+H2LwsgVRvvi+ECgYAxaID0xJUvnMOBr5ABykTA
H1WrVs/z8AzY71v942N2VM1Q07/AxhkRfF+YqZJKCgl4KbsOeAbn31QCiZ1AVrGk
U1SOAiqVgd+VMIkOPwdhfEkARZT3QNIGLcktnkNj0g4wjhwen4gAwO37Z5eFG8xi
ViSkuC9ZMAmrwmSsLk2TYwKBgHQh0tYXuMiVLUCq99+DQnJS9S53FKfel900Cxc9
4AvZwZJlKgLx9EmVOyukcVzuKH6KDk9fQ6tpPNXYOoHsK9+7mYanBN4XpFmPLeCD
U/9QvyQ9ziFmtYEsOD/1SmSgW6qZ3wOnigdnAeu6zA8b+GxmJCF7kuwJ3RIqNQ0V
NafBAoGAXyynoTT2zugFq8jYRubxkMk7NdnTRAnGh+mlyrGGMsNLmPvfAw+6yKph
1fVHKXHtSrgtK0CVOIcmaH3r+LfG4Mfrjlq+8qiKcepBFvO9cZLNKn11vqQtzs7m
y+ydl4xTcCPoAMDsVeamJ3fv+9nyXe5KqYtw+BJMjpP+PnNN2YQ=
-----END RSA PRIVATE KEY-----
login jenkins
4.5 jenkins plug-in installation
4.5.1 maven integration
Used to compile JAVA projects
4.5.2 git parameter
Used to build parameters based on git version submissions
4.5.3 gitlab
Used to pull items from jenkins-server
4.5.4 Generic Webhook Trigger
for project automation
4.5.5 ssh
Used for jenkins-server to implement project deployment on web-server
4.6 jenkins global tool configuration
4.6.1 JDK configuration
查看jdk
[root@jenkins-server ~]# java -version
openjdk version "11.0.18" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.18.0.10-1.el7_9) (build 11.0.18+10-LTS, mixed mode, sharing)
[root@jenkins-server ~]# echo $JAVA_HOME
/usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64
Configure jdk
4.6.2 Git configuration
查看git版本
[root@jenkins-server ~]# git version
git version 1.8.3.1
4.6.3 Maven configuration
查看版本和路径
[root@jenkins-server ~]# mvn --version
Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537)
Maven home: /usr/local/mvn
Java version: 1.8.0_191, vendor: Oracle Corporation, runtime: /usr/local/jdk/jre
Default locale: zh_CN, platform encoding: UTF-8
OS name: "linux", version: "3.10.0-1160.49.1.el7.x86_64", arch: "amd64", family: "unix"
[root@jenkins-server ~]# echo $MAVEN_HOME
/usr/local/mvn
4.7 jenkins system configuration
Mainly configure jenkins-server to connect to web-server through ssh protocol
4.7.1 Add jenkins-server access web-server credentials
4.7.2 Configure the ssh protocol to connect to the host
5. Release of enterprise business code project
5.1 Database management system deploy mariadb and create project database
安装数据库
[root@web-server ~]# yum -y install mariadb mariadb-server
开机自启动
[root@web-server ~]# systemctl enable mariadb
[root@web-server ~]# systemctl start mariadb
设置密码
[root@web-server ~]# mysqladmin -uroot password 'abc123'
登录数据库
[root@web-server ~]# mysql -uroot -pabc123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
创建数据库
MariaDB [(none)]> create database if not exists solo default charset utf8 collate utf8_general_ci;
授权访问
MariaDB [(none)]> grant all on solo.* to 'root'@'%' identified by "123456";
Query OK, 0 rows affected (0.00 sec)
授权中会不包含localhost,所以localhost需要单独授权
MariaDB [(none)]> grant all on solo.* to 'root'@'localhost' identified by "123456";
Query OK, 0 rows affected (0.00 sec)
5.2 Project Code Acquisition
# git clone --recurse-submodules https://gitee.com/dl88250/solo.git
5.3 Project code modification
[root@dev ~]# ls
solo
修改数据库连接配置信息
[root@dev ~]# vim solo/src/main/resources/local.properties
[root@dev ~]# cat solo/src/main/resources/local.properties
。。。。
#### MySQL runtime ####
runtimeDatabase=MYSQL
jdbc.username=root
jdbc.password=123456
jdbc.driver=com.mysql.cj.jdbc.Driver
jdbc.URL=jdbc:mysql://192.168.126.24:3306/solo?useUnicode=yes&characterEncoding=UTF-8&useSSL=false&serverTimezone=UTC&allowPublicKeyRetrieval=true
。。。。
5.4 Upload project code to gitlab
Create a code base in gitlab
用户名邮箱配置
# git config --global user.name "dev"
# git config --global user.email "[email protected]"
[root@dev solo]# git remote remove origin
[root@dev solo]# git remote add origin [email protected]:root/solo.git
添加当前目录下的所有文件到暂存区
[root@dev solo]# git add -A .
提交暂存区到本地仓库
[root@dev solo]# git commit -m "new"
[master 3e39b0a] new
1 file changed, 1 insertion(+), 1 deletion(-)
给当前版本设置tag为1.0.1
[root@dev solo]# git tag 1.0.0
[root@dev solo]# git push origin 1.0.0
[root@dev solo]# git push -u origin --all
5.5 Build the project to run the basic application container image
Operate on the harbor-server host
5.5.1 Create a project directory
[root@harbor-server ~]# mkdir tomcatdir
[root@harbor-server ~]# cd tomcatdir
5.5.2 Generate Dockerfile
[root@harbor-server tomcatdir]# echo "tomcat is running" >> index.html
[root@harbor-server tomcatdir]# vim Dockerfile
[root@harbor-server tomcatdir]# cat Dockerfile
FROM centos:centos7
MAINTAINER "www.edenwei.com"
ENV VERSION=8.5.87
ENV JAVA_HOME=/usr/local/jdk
ENV TOMCAT_HOME=/usr/local/tomcat
RUN yum -y install wget
RUN wget https://dlcdn.apache.org/tomcat/tomcat-8/v${
VERSION}/bin/apache-tomcat-${
VERSION}.tar.gz --no-check-certificate
RUN tar xf apache-tomcat-${
VERSION}.tar.gz
RUN mv apache-tomcat-${
VERSION} /usr/local/tomcat
RUN rm -rf apache-tomcat-${
VERSION}.tar.gz /usr/local/tomcat/webapps/*
RUN mkdir /usr/local/tomcat/webapps/ROOT
ADD ./index.html /usr/local/tomcat/webapps/ROOT/
ADD ./jdk /usr/local/jdk
RUN echo "export TOMCAT_HOME=/usr/local/tomcat" >> /etc/profile
RUN echo "export JAVA_HOME=/usr/local/jdk" >> /etc/profile
RUN echo "export PATH=${TOMCAT_HOME}/bin:${JAVA_HOME}/bin:$PATH" >> /etc/profile
RUN echo "export CLASSPATH=.:${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar" >> /etc/profile
RUN source /etc/profile
EXPOSE 8080
CMD ["/usr/local/tomcat/bin/catalina.sh","run"]
[root@harbor-server tomcatdir]# ls
Dockerfile index.html jdk
5.5.3 Build a container image using docker build
构建容器镜像
[root@harbor-server tomcatdir]# docker build -t 192.168.126.23/library/tomcat:8587 .
5.5.4 Push the container image to the harbor container image warehouse
查看镜像
[root@harbor-server tomcatdir]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.126.23/library/tomcat 8587 01c433f8562d About a minute ago 796MB
登录harbor仓库
[root@harbor-server tomcatdir]# docker login 192.168.126.23
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
推送到harbor仓库
[root@harbor-server tomcatdir]# docker push 192.168.126.23/library/tomcat:8587
5.5.5 Verify container image availability
[root@harbor-server ~]# docker run -d 192.168.126.23/library/tomcat:8587
d5443961ca65311ca0d68d53d44be997f5d6fde2d78772173ac6927112f34579
[root@harbor-server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5443961ca65 192.168.126.23/library/tomcat:8587 "/usr/local/tomcat/b…" 3 seconds ago Up 2 seconds 8080/tcp nifty_tesla
[root@harbor-server tomcatdir]# docker inspect 9f9966 | grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAMConfig": null,
"IPAddress": "172.17.0.2",
[root@harbor-server ~]# curl http://172.17.0.2:8080
tomcat is running
5.6 Project construction and release
5.6.1 Project construction and release steps
Step 1: Jenkins gets the project code
The second step: jenkins compiles the project code, completed by maven
Step 3: Jenkins uses docker to package the compiled project code and package it into a container application image
Step 4: Jenkins uploads the packaged container application image to harbor
Step 5: Jenkins completes the operation of running the container application image on the web-server through the ssh plug-in
5.6.2 Create project tasks
5.6.2.1 jenkins configuration
source address
Dockerfile:
REPOSITORY=192.168.126.23/library/solo:${
Tag}
# 构建镜像
cat > Dockerfile << EOF
FROM 192.168.126.23/library/tomcat:8587
RUN rm -rf /usr/local/tomcat/webapps/ROOT
COPY target/*.war /usr/local/tomcat/webapps/ROOT.war
CMD ["/usr/local/tomcat/bin/catalina.sh", "run"]
EOF
docker build -t $REPOSITORY .
# 上传镜像
docker login 192.168.126.23 -u admin -p Harbor12345
docker push $REPOSITORY
docker logout 192.168.126.23
shell script:
REPOSITORY=192.168.126.23/library/solo:${
Tag}
# 部署
docker rm -f blog-solo |true
docker image rm $REPOSITORY |true
docker container run -d --name blog-solo -p 80:8080 $REPOSITORY
5.6.2.2 Access the harbor warehouse
5.6.2.3 Accessing applications
