GitLab+Jenkins+Docker 部署 Jpress实战
一、部署Tomcat
1、部署jdk-1.8.0
[root@tomcat/usr/local]$ cat /etc/profile.d/jdk.sh
JAVA_HOME=/usr/local/jdk1.8.0_341
JAVA_BIN=$JAVA_HOME/bin
JRE_HOME=$JAVA_HOME/jre
JRE_BIN=$JRE_HOME/bin
PATH=$JAVA_BIN:$JRE_BIN:$PATH
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export JAVA_HOME JRE_HOME PATH CLASSPATH
[root@tomcat/usr/local]$ java -version
java version "1.8.0_341"
Java(TM) SE Runtime Environment (build 1.8.0_341-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.341-b10, mixed mode)
2、配置Tomcat
# 添加
[root@tomcat/usr/local/tomcat]$ vim /usr/local/tomcat/conf/tomcat-users.xml
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-status"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="admin-gui,manager-gui,manager-script,manager-status,tomcat,role1"/>
</tomcat-users>
# 修改1
[root@tomcat/usr/local/tomcat]$ vim /usr/local/tomcat/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
<CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
sameSiteCookies="strict" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="10.0.0.*" />
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
# 修改二
[root@tomcat/usr/local/tomcat]$ vim /usr/local/tomcat/webapps/manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
<CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
sameSiteCookies="strict" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="10.0.0.*" />
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
一、部署GitLab代码托管平台
1、部署GitLab
# 安装依赖
[root@gitlab~]$ yum -y install policycoreutils policycoreutils-python
[root@gitlab~]$ rpm -ivh gitlab-ce-14.4.1-ce.0.el7.x86_64.rpm
[root@gitlab~]$ vim /etc/gitlab/gitlab.rb
external_url 'http://10.0.0.17' # 修改为主机IP
[root@gitlab~]$ gitlab-ctl reconfigure # 初始化
2、部署Jenkins
# 配置Java环境
[root@jenkins~]$ yum -y install java-11-openjdk
# 基于War包部署
[root@jenkins~]$ java -jar jenkins.war
[root@jenkins~/.jenkins]$ cat hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>http://updates.jenkins.io/update-center.json</url>
</site>
</sites>
# 访问:http://10.0.0.18:8080/
2.1、部署maven
# 部署maven
[root@jenkins/usr/local/maven]$ wget https://mirrors.tuna.tsinghua.edu.cn/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
[root@jenkins/usr/local/maven]$ tar xf apache-maven-3.6.3-bin.tar.gz -C /usr/local/
[root@jenkins/usr/local/maven]$ ln -s /usr/local/apache-maven-3.6.3/ /usr/local/maven
[root@jenkins/usr/local/maven]$ echo 'PATH=/usr/local/maven/bin:$PATH' > /etc/profile.d/maven.sh
[root@jenkins/usr/local/maven]$ echo 'export MAVEN_HOME=/usr/local/maven' >> /etc/profile.d/maven.sh
[root@jenkins/usr/local/maven]$ . /etc/profile.d/maven.sh
[root@jenkins/usr/local/maven]$ mvn -v
Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
Maven home: /usr/local/maven
Java version: 1.8.0_372, vendor: Red Hat, Inc., runtime: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "3.10.0-1160.el7.x86_64", arch: "amd64", family: "unix"
#配置镜像加速
[root@jenkins/usr/local/maven]$ vim /usr/local/maven/conf/settings.xml
<mirror>
<id>nexus-aliyun</id>
<mirrorOf>*</mirrorOf>
<name>Nexus aliyun</name>
<url>http://maven.aliyun.com/nexus/content/groups/public</url>
</mirror>
[root@jenkins/home/jenkins/repo]$ vim /usr/local/maven/conf/settings.xml
# 1) 添加阿里云私服地址
<mirror>
<id>nexus-aliyun</id>
<mirrorOf>*</mirrorOf>
<name>Nexus aliyun</name>
<url>http://maven.aliyun.com/nexus/content/groups/public</url>
</mirror>
# 2)本地仓库改为:
<localRepository>/home/jenkins/repo</localRepository>
2.2、配置环境变量
2.3、配置凭证
Deploy to container
3、基于GIt Lab和Jenkins自动化部署Jpress
- 安装插件
Girlab,Generic Webhook Trigger
# 将Jenkins公钥添加到GitLab上
[root@jenkins~]$ ssh-keygen
[root@jenkins~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCm7igqHcacJPT6O2t7OgoKlIcvamcL92qjx6F09yivesIv+FL3A0iGNLGkWttxTtAH+ePlfD2Phmhm/Ji4PFGWr/PhmQ1mytopEUUe0NoNwNaDwjWVZd/tDqPM39uDBasak1+m0kgEmrHEJAKDlfdl18A3XKlplw/ZJ+kYHMaR4WesAI1F+0Em4EunWJRheB4fPEnMeObDc4Ek33j2YgDuLY0ZjjiURSbmNBG8ctfYlV+onk/Esb21la59c60fk45U6iD3EuoRFho6Gy8qWHBkTRlHVgLxIQedqvygC0zpHmxOeJalj+SrccDGDgIrXgMCCxoY5VLZ7njMvLCQ/f73 root@jenkins
4、Jenkins配置
5、基于宿主机Tomcat流水线部署Jpress(测试)
pipeline {
agent any
environment {
DEST_IP='10.0.0.19'
DEST_PATH='/usr/local/tomcat'
SRC_PATH='/root/.jenkins/workspace/Jpress/starter-tomcat/target'
}
stages {
stage('拉取代码') {
steps {
checkout scmGit(branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[url: 'http://10.0.0.17/root/jpress.git']])
}
}
stage('开始构建打包') {
steps {
sh '''echo "开始构建打包"
/usr/bin/mvn clean package
echo "建构打包结束"'''
}
}
stage('推送war至tomcat') {
steps {
sh '''ssh ${DEST_IP} ${DEST_PATH}/bin/shutdown.sh
scp ${SRC_PATH}/*.war ${DEST_IP}:${DEST_PATH}/webapps
ssh ${DEST_IP} ${DEST_PATH}/bin/startup.sh'''
}
}
}
}
- 测试访问
三、部署Docker-ce
# Jenkins和Harbor仓库都要部署Docker
# step 1: 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
yum makecache fast
yum -y install docker-ce
# Step 4: 开启Docker服务
systemctl enable --now docker.service
四、部署harbor仓库
[root@harbor~]$ wget https://github.com/goharbor/harbor/releases/download/v2.9.3/harbor-offline-installer-v2.9.3.tgz
[root@harbor~]$ tar xf harbor-offline-installer-v2.9.3-rc1.tgz -C /usr/local
[root@harbor/usr/local/harbor]$ vim harbor.yml
hostname: 10.0.0.19 # 修改为主机IP
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# 没有配置证书可以将以下注释掉
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
...
# 修改登录密码(可选)
harbor_admin_password: 123456
# 需要安装python依赖
[root@harbor/usr/local/harbor]$ yum install -y python
# 安装
[root@harbor/usr/local/harbor]$ ./install.sh
# 登录
用户名:admin
密码:123456(上面自定义)
五、基于容器部署Jpress
1、构建Dockerfile
[root@docker~/tomcat-Dockerfile]$ cat Dockerfile
FROM centos:centos7
LABEL version="tomcat-v1"
ADD apache-tomcat-8.5.72.tar.gz /usr/local/
ADD jdk-8u341-linux-x64.tar.gz /usr/local/
ADD jdk.sh /etc/profile.d/jdk.sh
ENV JAVA_HOME=/usr/local/jdk1.8.0_341
ENV JAVA_BIN=$JAVA_HOME/bin
ENV JRE_HOME=$JAVA_HOME/jre
ENV JRE_BIN=$JRE_HOME/bin
ENV PATH=$JAVA_BIN:$JRE_BIN:$PATH
ENV CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
ENV export JAVA_HOME JRE_HOME PATH CLASSPATH
VOLUME /usr/local/apache-tomcat-8.5.72/webapps
CMD /usr/local/apache-tomcat-8.5.72/bin/start-tomcat.sh
EXPOSE 8080 8009 8005
[root@docker~/tomcat-Dockerfile]$ cat jdk.sh
JAVA_HOME=/usr/local/jdk1.8.0_341
JAVA_BIN=$JAVA_HOME/bin
JRE_HOME=$JAVA_HOME/jre
JRE_BIN=$JRE_HOME/bin
PATH=$JAVA_BIN:$JRE_BIN:$PATH
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export JAVA_HOME JRE_HOME PATH CLASSPATH
[root@docker~/tomcat-Dockerfile]$ cat build.sh
docker build . -t myx/tomcat:v1 -f Dockerfile
[root@docker~/tomcat-Dockerfile]$ ls
apache-tomcat-8.5.72.tar.gz Dockerfile jdk.sh
build.sh jdk-8u341-linux-x64.tar.gz
# 启动
[root@docker/data/webapps]$ docker run -dit -p 8080:8080 -p 8009:8009 -p 8005:8005 -v /data/webapps:/usr/local/apache-tomcat-8.5.72/webapps --name Jpress myx/tomcat:v1
2、Jenkins 流水线配置文件
- 配置webhook
- 填写在这里
- 测试能看到
200即为成功
- 流水线脚本
- 注意:docker 容器和 Jenkins 之间需要做免密认证
pipeline {
agent any
environment {
DEST_IP = '10.0.0.20'
DEST_PATH = '/data'
SRC_PATH = '/root/.jenkins/workspace/Jpress/starter-tomcat/target'
}
stages {
stage('拉取代码') {
steps {
checkout([$class: 'GitSCM', branches: [[name: '*/master']], userRemoteConfigs: [[url: 'http://10.0.0.17/root/jpress.git']]])
}
}
stage('开始构建打包') {
steps {
sh 'echo "开始构建打包"'
sh '/usr/bin/mvn clean package'
sh 'echo "构建打包结束"'
}
}
stage('推送war至tomcat') {
steps {
sh "scp ${SRC_PATH}/*.war ${DEST_IP}:${DEST_PATH}/webapps"
}
}
stage('打包镜像推送至harbor仓库') {
steps {
sh "bash /root/tomcat-Dockerfile/push_harbor.sh"
}
}
}
}
[root@jenkins~/tomcat-Dockerfile]$ cat push_harbor.sh
newVersion_a=$(ssh 10.0.0.20 docker image ls 10.0.0.19/tomcat/jpress | grep -o 'v[0-9]*' | sed 's/v//' | sort -n | tail -1)
newVersion_b=$(( $(ssh 10.0.0.20 "docker image ls 10.0.0.19/tomcat/jpress | grep -o 'v[0-9]*' | sed 's/v//' | sort -n | tail -1") + 1 ))
ssh 10.0.0.20 docker tag 10.0.0.19/tomcat/jpress:v${newVersion_a} 10.0.0.19/tomcat/jpress:v${newVersion_b}
ssh 10.0.0.20 docker push 10.0.0.19/tomcat/jpress:v${newVersion_b}
# 构建出来的 *.war 包会自动解压
[root@docker/data/webapps]$ ls
docs host-manager ROOT starter-tomcat-5.0.war
examples manager starter-tomcat-5.0
# 访问:http://10.0.0.20:8080/starter-tomcat-5.0/install
- 添加一行内容,测试webhook是否会自动拉取
- 自动拉取
- 推送成功
六、镜像打包,上传到harbor仓库
1、配置命令行登录
[root@docker/data/webapps]$ vim /etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.19"]
}
[root@docker/data/webapps]$ systemctl restart docker
[root@docker/data/webapps]$ docker login 10.0.0.19 -u admin
Password: 【123456】
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
# 登陆成功
[root@docker~]$ cat .docker/config.json
{
"auths": {
"10.0.0.19": {
"auth": "YWRtaW46MTIzNDU2"
}
}
}
# 打标签
[root@docker~]$ docker tag myx/tomcat:v1 10.0.0.19/tomcat/jpress:v1
# 查看镜像
[root@docker~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.19/tomcat/jpress v1 e39f6d63184f 2 hours ago 866MB
myx/tomcat v1 e39f6d63184f 2 hours ago 866MB
# 推送镜像到harbor仓库
[root@docker~]$ docker push 10.0.0.19/tomcat/jpress:v1
The push refers to repository [10.0.0.19/tomcat/jpress]
fe32ab94910e: Pushed
cfd346540b75: Pushed
4e1e9ef95150: Pushed
174f56854903: Pushed
v1: digest: sha256:91a500983678657e83a94ca9c68a5ed7e31aec600cd0baedf99a1abcf92a7970 size: 1162
- 查看
2、拉取镜像测试是否可用
# 删除所有镜像
[root@docker~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
# 拉取
[root@docker~]$ docker pull 10.0.0.19/tomcat/jpress:v1
v1: Pulling from tomcat/jpress
2d473b07cdd5: Already exists
b66bc2edc967: Already exists
f63d893af1f9: Already exists
167ba753243c: Already exists
Digest: sha256:91a500983678657e83a94ca9c68a5ed7e31aec600cd0baedf99a1abcf92a7970
Status: Downloaded newer image for 10.0.0.19/tomcat/jpress:v1
10.0.0.19/tomcat/jpress:v1
# 查看
[root@docker~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.19/tomcat/jpress v1 e39f6d63184f 2 hours ago 866MB
# 启动容器
[root@docker~]$ docker run -dit -p 8080:8080 -p 8009:8009 -p 8005:8005 --name Jpress 10.0.0.19/tomcat/jpress:v1
7b188795996afc9c5ae925ae830352792e0e5fce32e73a7ceef2c6be1500c332
# 查看启动成功
[root@docker~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7b188795996a 10.0.0.19/tomcat/jpress:v1 "/bin/sh -c /usr/loc…" 7 seconds ago Up 1 second 0.0.0.0:8005->8005/tcp, :::8005->8005/tcp, 0.0.0.0:8009->8009/tcp, :::8009->8009/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp Jpress
# 访问:http://10.0.0.20:8080/starter-tomcat-5.0/install
- 打开一个无痕浏览器测试
七、安装数据库
[root@docker/usr/local/src]$ cat install_mysql.sh
SRC_DIR="/usr/local/src"
#MYSQL="mysql-5.7.26-linux-glibc2.12-x86_64.tar.gz"
#MYSQL="mysql-5.7.28-linux-glibc2.12-x86_64.tar.gz"
MYSQL="mysql-5.7.42-linux-glibc2.12-x86_64.tar.gz"
#MYSQL="mysql-8.0.20-linux-glibc2.12-x86_64.tar.gz"
DATA="/data/mysql"
COLOR="echo -e \E[32;1m"
END="\E[0m"
$COLOR"开始安装MySQL数据库"$END
tar xvf $MYSQL -C $SRC_DIR
ln -s `echo $MYSQL | sed -r "s#(.*[0-9]).*#\1#g"` $SRC_DIR/mysql
id mysql &> /dev/null || { useradd -s /sbin/nologin -r mysql; $COLOR"创建mysql用户"$END; }
mkdir -p $DATA
chown -R mysql.mysql $DATA
chown -R mysql.mysql $SRC_DIR/mysql/*
echo "PATH=$PATH:$SRC_DIR/mysql/bin" > /etc/profile.d/lamp.sh
source /etc/profile.d/lamp.sh
$COLOR"开始初始化数据库"$END
yum -y install libaio-devel
$SRC_DIR/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=$SRC_DIR/mysql --datadir=$DATA
cat >/etc/my.cnf<<-EDF
[mysqld]
user=mysql
basedir=$SRC_DIR/mysql
datadir=$DATA
socket=/tmp/mysql.sock
port=3306
skip_name_resolve=1
log-error=$DATA/mysql.log
pid-file=$DATA/mysql.pid
[mysql]
socket=/tmp/mysql.sock
EDF
cat >/etc/systemd/system/mysqld.service<<-EOF
[Unit]
Description=MySQL Server
After=network.target
After=syslog.target
[Install]
WantedBY=multi-user.target
[Service]
User=mysql
Group=mysql
ExecStart=$SRC_DIR/mysql/bin/mysqld --defaults-file=/etc/my.cnf
LimitNOFILE = 5000
EOF
systemctl daemon-reload
systemctl enable --now mysqld.service
systemctl is-active mysqld.service &>/dev/null || { $COLOR"MYSQL 启动失败,退出!"$END ; exit; }
$COLOR"MYSQL安装完成~~请ctrl+D重新远程连接,加载PATH变量!!!"$END
# 设置root用户登陆密码
mysql> set global validate_password_policy=0;
mysql> set global validate_password_length=6;
mysql> set password for 'root'@'localhost'=password('123456');
# 允许远程登陆
mysql> grant all on *.* to root@'%' identified by '123456';
- 发布一篇文章
- 查看
阅读建议
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果