1.1 Gitlab安装
GitLab 是企业中最常用的代码仓库之一,也是 DevOps 平台的重要工具。如果读者已经有其他代码仓库(如 Gitee、GitHub 等),可以跳过此步骤。
官方网站:https://about.gitlab.com/
安装所需最小配置
内存至少4G
https://docs.gitlab.cn/jh/install/requirements.html
官方安装文档:https://gitlab.cn/install/?version=ce
1.2 Jenkins 安装
中文网站:https://www.jenkins.io/zh/
中文网站版本低一些,下载插件可能会因为版本过低而失败。
机器要求:
-
256 MB 内存,建议大于 512 MB
-
10 GB 的硬盘空间(用于 Jenkins 和 Docker 镜像)
需要安装以下软件:
-
Java 8 ( JRE 或者 JDK 都可以)
-
Docker (导航到网站顶部的Get Docker链接以访问适合您平台的Docker下载)
注意事项:安装 Jenkins 的机器也要配置 maven 工具,maven 需要 JDK 环境。
1.2.1 安装 JDK
yum search java|grep jdk
yum install -y java-11-openjdk
1.2.2 安装 Jenkins
本文使用的是 2.462.2 版本。
官网下载war包传输到主机上进行安装 https://www.jenkins.io/download/
mkdir /usr/local/jenkins
cd /usr/local/jenkins
java -jar jenkins.war
首次启动war包会在启动用户的家目录下生成配置文件~/.jenkins ,后续的所有配置都会在此目录下。
待完全启动成功后,访问服务器的8080端口进行初始化。
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
4e67bbe261da476abdc63c5b51311646
This may also be found at: /root/.jenkins/secrets/initialAdminPassword
1.2.3 maven 安装
官方网站:https://maven.apache.org/
下载后复制到Jenkins所在服务器解压缩即可。
1.2.4 Git 安装
用于 Jenkins 在本机去远端拉取代码
yum -y install git
1.3 Jenkins +Maven +Git 自动化部署配置
1.3.1 安装需要的插件
Dash board > Manage Jenkins > Plugins
- Updates:此部分显示当前已安装插件的可用更新。
- Available plugins:列出所有可以安装的插件,包括官方插件和社区贡献的插件。
- Installed plugins:显示所有当前已安装的插件及其版本信息。用户可以在这里管理插件,包括启用、禁用或卸载插件。
- Advanced settings:提供更复杂的配置选项,允许用户进行深入的插件管理。如插件源的修改等。
1. Maven
2. Publish over SSH
1.3.2 配置全局配置
1. Maven
配置了以后,Maven 插件才能够调用 主机上的 Maven 工具进行编译打包。
2. Publish over SSH
添加一台目标服务器:
注意事项:此处写的路径是假根路径,为排除干扰可以设置为/ 。
本文使用密钥登录,若读者使用密码登录或中间有跳板机,可以点高级自行添加。
配置完成后,应用 保存。
密钥验证:
#jenkisn机器执行:
ssh-keygen -t rsa -b 2048
ssh-copy-id 192.168.17.140
1.3.3 创建并配置项目
将代码部署到AP服务器上。
1. 创建一个 maven 项目
2. 配置 git
3. 配置 pom.xml
修改 maven 的配置文件
本次是开科学跑的,所以成功,正常国内网络是不通的,需要修改maven镜像为国内镜像。若读者可以科学上网不修改也可。
修改/usr/local/maven/conf/settings.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!--
| This is the configuration file for Maven. It can be specified at two levels:
|
| 1. User Level. This settings.xml file provides configuration for a single user,
| and is normally provided in ${user.home}/.m2/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -s /path/to/user/settings.xml
|
| 2. Global Level. This settings.xml file provides configuration for all Maven
| users on a machine (assuming they're all using the same Maven
| installation). It's normally provided in
| ${maven.conf}/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -gs /path/to/global/settings.xml
|
| The sections in this sample file are intended to give you a running start at
| getting the most out of your Maven installation. Where appropriate, the default
| values (values used when the setting is not specified) are provided.
|
|-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<!-- localRepository
| The path to the local repository maven will use to store artifacts.
|
| Default: ${user.home}/.m2/repository
<localRepository>/path/to/local/repo</localRepository>
-->
<localRepository>${user.home}/.m2/repository</localRepository>
<!-- interactiveMode
| This will determine whether maven prompts you when it needs input. If set to false,
| maven will use a sensible default value, perhaps based on some other setting, for
| the parameter in question.
|
| Default: true
<interactiveMode>true</interactiveMode>
-->
<!-- offline
| Determines whether maven should attempt to connect to the network when executing a build.
| This will have an effect on artifact downloads, artifact deployment, and others.
|
| Default: false
<offline>false</offline>
-->
<!-- pluginGroups
| This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e.
| when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers
| "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list.
|-->
<pluginGroups>
<!-- pluginGroup
| Specifies a further group identifier to use for plugin lookup.
<pluginGroup>com.your.plugins</pluginGroup>
-->
<pluginGroup>org.mortbay.jetty</pluginGroup>
</pluginGroups>
<!-- proxies
| This is a list of proxies which can be used on this machine to connect to the network.
| Unless otherwise specified (by system property or command-line switch), the first proxy
| specification in this list marked as active will be used.
|-->
<proxies>
<!-- proxy
| Specification for one proxy, to be used in connecting to the network.
|
<proxy>
<id>optional</id>
<active>true</active>
<protocol>http</protocol>
<username>proxyuser</username>
<password>proxypass</password>
<host>proxy.host.net</host>
<port>80</port>
<nonProxyHosts>local.net|some.host.com</nonProxyHosts>
</proxy>
-->
</proxies>
<!-- servers
| This is a list of authentication profiles, keyed by the server-id used within the system.
| Authentication profiles can be used whenever maven must make a connection to a remote server.
|-->
<servers>
<!-- server
| Specifies the authentication information to use when connecting to a particular server, identified by
| a unique name within the system (referred to by the 'id' attribute below).
|
| NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
| used together.
|
<server>
<id>deploymentRepo</id>
<username>repouser</username>
<password>repopwd</password>
</server>
-->
<!-- Another sample, using keys to authenticate.
<server>
<id>siteServer</id>
<privateKey>/path/to/private/key</privateKey>
<passphrase>optional; leave empty if not used.</passphrase>
</server>
-->
<server>
<id>releases</id>
<username>ali</username>
<password>ali</password>
</server>
<server>
<id>Snapshots</id>
<username>ali</username>
<password>ali</password>
</server>
</servers>
<!-- mirrors
| This is a list of mirrors to be used in downloading artifacts from remote repositories.
|
| It works like this: a POM may declare a repository to use in resolving certain artifacts.
| However, this repository may have problems with heavy traffic at times, so people have mirrored
| it to several places.
|
| That repository definition will have a unique id, so we can create a mirror reference for that
| repository, to be used as an alternate download site. The mirror site will be the preferred
| server for that repository.
|-->
<mirrors>
<!-- mirror
| Specifies a repository mirror site to use instead of a given repository. The repository that
| this mirror serves has an ID that matches the mirrorOf element of this mirror. IDs are used
| for inheritance and direct lookup purposes, and must be unique across the set of mirrors.
|
<mirror>
<id>mirrorId</id>
<mirrorOf>repositoryId</mirrorOf>
<name>Human Readable Name for this Mirror.</name>
<url>http://my.repository.com/repo/path</url>
</mirror>
-->
<mirror>
<!--This sends everything else to /public -->
<id>nexus</id>
<mirrorOf>*</mirrorOf>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
</mirror>
<mirror>
<!--This is used to direct the public snapshots repo in the
profile below over to a different nexus group -->
<id>nexus-public-snapshots</id>
<mirrorOf>public-snapshots</mirrorOf>
<url>http://maven.aliyun.com/nexus/content/repositories/snapshots/</url>
</mirror>
<mirror>
<!--This is used to direct the public snapshots repo in the
profile below over to a different nexus group -->
<id>nexus-public-snapshots1</id>
<mirrorOf>public-snapshots1</mirrorOf>
<url>https://artifacts.alfresco.com/nexus/content/repositories/public/</url>
</mirror>
</mirrors>
<!-- profiles
| This is a list of profiles which can be activated in a variety of ways, and which can modify
| the build process. Profiles provided in the settings.xml are intended to provide local machine-
| specific paths and repository locations which allow the build to work in the local environment.
|
| For example, if you have an integration testing plugin - like cactus - that needs to know where
| your Tomcat instance is installed, you can provide a variable here such that the variable is
| dereferenced during the build process to configure the cactus plugin.
|
| As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles
| section of this document (settings.xml) - will be discussed later. Another way essentially
| relies on the detection of a system property, either matching a particular value for the property,
| or merely testing its existence. Profiles can also be activated by JDK version prefix, where a
| value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'.
| Finally, the list of active profiles can be specified directly from the command line.
|
| NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact
| repositories, plugin repositories, and free-form properties to be used as configuration
| variables for plugins in the POM.
|
|-->
<profiles>
<profile>
<id>development</id>
<repositories>
<repository>
<id>central</id>
<url>http://central</url>
<releases><enabled>true</enabled><updatePolicy>always</updatePolicy></releases>
<snapshots><enabled>true</enabled><updatePolicy>always</updatePolicy></snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<url>http://central</url>
<releases><enabled>true</enabled><updatePolicy>always</updatePolicy></releases>
<snapshots><enabled>true</enabled><updatePolicy>always</updatePolicy></snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
<profile>
<!--this profile will allow snapshots to be searched when activated-->
<id>public-snapshots</id>
<repositories>
<repository>
<id>public-snapshots</id>
<url>http://public-snapshots</url>
<releases><enabled>false</enabled></releases>
<snapshots><enabled>true</enabled><updatePolicy>always</updatePolicy></snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>public-snapshots</id>
<url>http://public-snapshots</url>
<releases><enabled>false</enabled></releases>
<snapshots><enabled>true</enabled><updatePolicy>always</updatePolicy></snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<activeProfiles>
<activeProfile>development</activeProfile>
<activeProfile>public-snapshots</activeProfile>
</activeProfiles>
<!-- activeProfiles
| List of profiles that are active for all builds.
|
<activeProfiles>
<activeProfile>alwaysActiveProfile</activeProfile>
<activeProfile>anotherAlwaysActiveProfile</activeProfile>
</activeProfiles>
-->
</settings>
4. 配置 Pre Steps
此处可以通过调用 Publish 插件,执行如一些清理工作,否则旧的服务没有关闭,新的服务是起不来的。
配置和 Post Steps 是一样的,填入远程服务器信息和需要执行的命令。
5. 配置 Post Steps
nohup java -jar MySimpleHttpServer-1.0-SNAPSHOT.jar >/usr/local/app/myapp.log 2>&1 &
- 传输文件的根目录是基于jenkins的假根:实际是
~.jenkins/workspace/项目名 - 可以通过 Remove Prefix 移除上几层目录
- 同时也可以使用 Remote directory 为其创建几层目录,这里的含义就是 publish 的远程目录是通过system设置的 /,就是在/下创建/usr/local/app;若system设置的是/root,那么就是在/root/下创建/root/usr/local/app。
- Exec中输入的命令或脚本都不要卡在前台,否则会触发超时机制
6. Publish 的超时机制
触发超时机制的原因:
传输的文件过大,达到exec的超时时间仍未传输完成
exec的命令卡在前台, jenkins 会认为该任务未执行完成,也会卡住
#控制台报错
SSH: Connecting from host [master-02]
SSH: Connecting with configuration [AP_1] ...
SSH: Disconnecting configuration [AP_1] ...
ERROR: Exception when publishing, exception message [Exec timed out or was interrupted after 120,001 ms]
Build step 'Send files or execute commands over SSH' changed build result to UNSTABLE
Finished: UNSTABLE
高级中的 Exec timeout(ms) 可以设置超时时间,以满足不同的项目,默认是120000ms。
1.3.4 配置邮箱实现接收构建信息
PNifMJNRsXTHYZ5x
生产环境中,发件用户和服务器地址需要公司内部的。
1.全局配置 Jenkins Location 字段
在Dashboard > Manage Jenkisn > System 中ctrl +f 搜索 Jenkins Location,填入发件邮箱的信息
2. 全局配置 Extended E-mail Notification 字段
搜索 Extended E-mail Notification
需要 Extended E-mail Notification插件,否则没有这个配置
点高级 → 添加 → jenkins → 配置发件用户
可以定义一些触发器,可以实现什么触发给某些人发邮件。
3. 全局配置 邮件通知字段
可以点击 Test configuration 进行测试,成功后保存。
4. 项目配置
实现不同触发器发短信给不同的人
点击项目配置,构建后操作中搜索 Editable Email Notification
1.4 自动化部署到 Docker 容器中
1.4.1 部署 Harbor
官方网站:https://goharbor.io/
1. 下载文件
wget https://github.com/goharbor/harbor/releases/download/v2.8.4/harbor-offline-installer-v2.8.4.tgz
tar -xvf harbor-offline-installer-v2.8.4.tgz
mv harbor /usr/local
2. 修改配置
默认提供了一个配置模板
cd /usr/local/harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
修改如下字段:
- hostname: Harbor 的访问地址,可以是域名或者 IP,本文使用 IP
hostname: 192.168.17.210
- https:域名证书的配置,若不配置域名证书,docker需要添加 insecure-registry 配置,本文不使用,将其注释掉。
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
docker 如果想使用该仓库,做如下配置:
cat /etc/docker/daemon.json
{
"insecure-registries": ["192.168.17.210:80"]
}
- 修改镜像存储位置(外挂目录),生产环境要挂载一块较大的磁盘到此目录上。
要先在部署harbor的主机上建立这个目录并赋予权限。
# The default data volume
data_volume: /data/docker-harbor
- 更改数据库的密码,使用 pwmake 256 生成复杂度高一点的确保安全性
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: EMUjL4zIPpavIH!3h3z@ncYDGADikq4DuKUw@DkyjiD7ulbIfIJHIP
3. 安装
./install.sh
安装完成后,会在当前目录生成 docker-compose.yml 文件,后期可以直接使用 docker compose 对 Harbor 服务进行管理。
4. 测试
浏览器登录 Harbor 网页,建立名为 test 的仓库,然后命令行操作:
docker login 192.168.17.210:80
docker tag busybox:latest 192.168.17.210:80/test/busybox:v1
docker push 192.168.17.210:80/test/busybox:v1
打标签时候规则:仓库系统地址/仓库名/镜像名:版本号
1.4.2 Jenkins 集成 Docker
流程:
- 调用 Git 拉取代码、 dockerfile 文件,对代码进行打包编译制作成镜像推送至 Harbor 中;
- 调用 Publish over SSH ,在 AP服务器上进行服务的更新
配置需要三台服务器:
| 编号 | IP地址 | 角色 |
|---|---|---|
| 1 | 192.168.17.130 | Jenkins 服务器 |
| 2 | 192.168.17.210 | Harbor 仓库 |
| 3 | 192.168.17.140 | AP 服务器 |
Jenkins 初始环境:
要求已完成1.3.1 插件安装、1.3.2 全局配置。
1. 创建项目
同1.3.3.1
2. 配置 git
同1.3.3.2
3. 配置 pom.xml
同1.3.3.3
4. 配置 Post Steps
目的:打包镜像 推送 Harbor
在 Post Steps 中点击 Add post--build step 添加一个 Execute shell 。
dockerfile
FROM openjdk:11
EXPOSE 8000
WORKDIR root
ADD ./*.jar /root/app.jar
ENTRYPOINT ["java" ,"-jar" , "/root/app.jar"]
5. 配置另一个 Post Steps
目的:调用 Publish over SSH ,远程到 AP 服务器执行服务更新命令。
在 Post Steps 中点击 Add post--build step 添加一个 Send files or execute commands over SSH 。
5. 配置邮箱接收构建信息
同1.3.4
评论区