1.部署Jenkins
1.1 安裝jdk
# apt 安裝jdk11
apt install openjdk-11-jdk
# 查看
root@jenkins:~# java -version
openjdk version "11.0.11" 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.20.04)
OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing)
1.2 下載安裝包
wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/debian-stable/jenkins_2.303.2_all.deb
1.3 安裝
# 安裝依賴包
apk install daemon
# 安裝jenkins
dpkg -i jenkins_2.303.2_all.deb
1.4 配置jenkins
# dpkg 安裝jenkins后會啟動服務,先停止
systemctl stop jenkins
# 更改jenkins的配置文件
root@jenkins:~# vim /etc/default/jenkins
# 開啟自動觸發的鈎子的功能
JAVA_ARGS="-Djava.awt.headless=true -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true"
JAVA_ARGS="-Xmx4096m"
# make jenkins listen on IPv4 address
#JAVA_ARGS="-Djava.net.preferIPv4Stack=true"
PIDFILE=/var/run/$NAME/$NAME.pid
# user and group to be invoked as (default to jenkins)
JENKINS_USER=root
JENKINS_GROUP=root
# 再啟動jenkins
root@jenkins:~# systemctl start jenkins.service
1.5 使用瀏覽器訪問jenkins並配置
查看初始化密碼
root@jenkins:~# cat /var/lib/jenkins/secrets/initialAdminPassword
89806b90623d4e0ebc8141db781b5790
2.部署gitlab
2.1 下載安裝包
root@gitlab:~# wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/ubuntu/pool/focal/main/g/gitlab-ce/gitlab-ce_14.4.0-ce.0_amd64.deb
2.2 安裝
root@gitlab:~# dpkg -i gitlab-ce_14.4.0-ce.0_amd64.deb
2.3 修改配置文件並重新加載配置
# 修改配置文件
root@gitlab:~# vim /etc/gitlab/gitlab.rb
external_url 'http://192.168.2.25'
# 重新加載配置
root@gitlab:~# gitlab-ctl reconfigure
...
Running handlers:
Running handlers complete
Chef Infra Client finished, 568/1519 resources updated in 06 minutes 30 seconds
Notes:
Default admin account has been configured with following details:
Username: root
Password: You didn't opt-in to print initial root password to STDOUT.
Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.
NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
gitlab Reconfigured!
2.4 獲取root賬號的初始密碼
root@gitlab:~# grep ^Password /etc/gitlab/initial_root_password
Password: 20hTSLKLLe9mpeOq7pv+YU2mIQ0zsE9qOoWlo8h/GrA=
2.5 使用初始密碼登錄並修改root的密碼
瀏覽器使用初始密碼登錄后,可以修改密碼。
右上角'administrator' -> Edit profile -> password -> 輸入老密碼和新密碼 -> 修改后使用新密重新登錄
2.6 配置中文支持
右上角'administrator' -> Preferences -> Localization(下面) -> Language -> 選擇中文 -> Save changes -> 刷新頁面后即為中文。
2.7 配置項目和增加普通用戶配置
-
創建群組(項目)
左上角“菜單” -> 管理員 -> 新建群組 -> 輸入群組名稱,比如:yan-test -> 創建群組
-
新建用戶
左上角“菜單” -> 管理員 -> 新建用戶 -> 輸入名稱(eg:user1),用戶名(eg:user1),電子郵件(eg:user1@123.com) -> 創建用戶 -> 編輯 -> 設置密碼 -> 保存修改
-
新建項目(即群組(項目)下的服務)
左上角“菜單” -> 管理員 -> 新建項目 -> 創建空白項目 -> 輸入項目名稱(eg:app1)->項目URL 選 yan-test -> 新建項目 -> 自述文件 ->編輯 -> 文件名改為 index.html -> 內容輸入:<h1> yan-test/app1/index.html v1</h1> ->提交信息輸入:Update 2021.10.27 17:18 index.html -> commit changes
-
將新建的用戶(user1)加入到群組(yan-test)
左上角“菜單” -> 管理員 -> 最新群組 -> yan-tset -> 將用戶加入群組 ->user1 owner -> 將用戶加入群組
-
使用新建的用(user1)重新登錄並修改密碼
-
獲取項目app1的clone URL
左上角“菜單” -> 項目 -> 您的項目 -> yan-test/app -> 克隆 -> 點擊 使用http克隆 下面的復制按鈕獲取url
2.8 測試從gitlab中clone代碼
# 安裝git
root@jenkins:~# apt install git
# 測試gti clone下載
root@jenkins:~/app1# git clone http://192.168.2.25/yan-test/app1.git
正克隆到 'app1'...
Username for 'http://192.168.2.25': user1
Password for 'http://user1@192.168.2.25':
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 0
展開對象中: 100% (6/6), 455 字節 | 151.00 KiB/s, 完成.
root@jenkins:~/app1# ls
app1
root@jenkins:~/app1# cd app1/
root@jenkins:~/app1/app1# ls
index.html
root@jenkins:~/app1/app1# cat index.html
<h1>yan-test/app1/index.html v1</h1>
root@jenkins:~/app1/app1#
# 測試git 上傳提交
root@jenkins:~/app1/app1# git config --global user.email 'user1@123.com'
root@jenkins:~/app1/app1# git config --global user.name "user1"
root@jenkins:~/app1/app1# git commit -m 'update v2'
[main 1bde6f3] update v2
1 file changed, 1 insertion(+)
root@jenkins:~/app1/app1# git push
Username for 'http://192.168.2.25': user1
Password for 'http://user1@192.168.2.25':
枚舉對象中: 5, 完成.
對象計數中: 100% (5/5), 完成.
使用 4 個線程進行壓縮
壓縮對象中: 100% (2/2), 完成.
寫入對象中: 100% (3/3), 270 字節 | 270.00 KiB/s, 完成.
總共 3 (差異 0),復用 0 (差異 0)
To http://192.168.2.25/yan-test/app1.git
f4e9e94..1bde6f3 main -> main
通過web域名查看,代碼已經更新至v2版本
2.9 配置jenkins免密訪問gitlab
在jenkins server服務器上生成ssh密鑰對
root@jenkins:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:NhUY6Ss/SnoRb7OSvJ2PTPCe4aeifskeuuvWQ9YTu8k root@jenkins
The key's randomart image is:
+---[RSA 3072]----+
| .+. |
| o . |
| . . |
| . o. |
| .+S+ |
| =+O. |
| *oO+* |
| .+%BE=. |
| +OB+*X=. |
+----[SHA256]-----+
查看公鑰
root@jenkins:~# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDr+fxPl8b/0SZHhXo/5+UMixkRniJCBYqDP2AbEfzf93s8txCv50vRJ+G56pyei9b3vtgmT3ryvIjAQnqto0gP/0OXppS0MhfYVruWX7g+l+llRWiyw1oDaj14dlQDILlNNm2r8jMOyFV7YnhFv+OmM9VCsSUJw8L7yYQ6YeL6feT+YkLxnfoGvN46LbRdA7rGwO60taKCIA2PF1hNnJstWNn1CLyMNAALoqDjtfbFpbktooduz1WCZg47uSs9Pyw6oklNqMqSJO9kBaPo5lb12RC8Q1vA5pAV3X5qPylqqcaAgZ+KQnpYHxMhozG6EbykcfPL+NvUAH9uWvXRUFDLoLSfNth5509ujipds+Y3inL9ZoIZE5+frLqkKWgQn/s/NEXobT8D/adNNFkOSmfLmnAvuLpQ3VZKxh9nSd06Zz4QCUpQPpbVNHnkboYST3MS+M6MSP95wb5bEHprAfBLONnoS+ITHCnbB3xaOKKO8GvbgjpFZV8WqAaQ+L5hkLk= root@jenkins
復制公鑰到gitlab
右上角‘administrator’ -> 偏好設置 -> SSH密鑰 -> 復制密碼內容進去 ->添加密鑰
免密clone測試
# 刪除之前使用http克隆的app1
root@jenkins:~# rm -rf app1/
# 使用app的git url克隆測試
root@jenkins:~# git clone git@192.168.2.25:yan-test/app1.git
正克隆到 'app1'...
The authenticity of host '192.168.2.25 (192.168.2.25)' can't be established.
ECDSA key fingerprint is SHA256:5MpImDTozrfwVxOhNf/C/vkMYBdLwoQlr3PK5qftwA4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.2.25' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 9, done.
remote: Counting objects: 100% (9/9), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 9 (delta 0), reused 0 (delta 0), pack-reused 0
接收對象中: 100% (9/9), 完成.
root@jenkins:~#
3.實現代碼部署與回滾
- 部署流程:
jenkins傳參並調用腳本 -> 根據不同的參數從gitlab上獲取不同的代碼並編譯打包 -> 將編譯打包的代碼文件復制到項目的鏡像制作文件夾 -> 制作鏡像時加入最新的代碼包並上傳到本地harbor -> 更改項目yaml文件中的鏡像名 -> 應用yaml文件更新鏡像 - 回滾流程:
jenkins傳參並調用腳本 -> 腳本獲取‘回滾’參數 -> 使用"kubect undo ..."回滾到上一個版本的鏡像
3.1 gitlab上為項目創建分支
菜單 -> 您的項目-> 選擇'yan-test/app'項目 ->點擊 + ,新建分支 ->輸入名稱(eg:develop)
3.2 jenkins配置
3.2.1 新建一個‘自由風格’的項目
3.2.2 增加“2個構建參數” 配置(This project is parameterized)
3.2.3 增加“構建 執行shell”配置
shell腳本
root@jenkins:/data/scripts# cat yan-test-tomcat-app1.sh
#!/bin/bash
#Author: ZhangShiJie
#Date: 2018-10-24
#Version: v1
#記錄腳本開始執行時間
starttime=`date +'%Y-%m-%d %H:%M:%S'`
#變量
SHELL_DIR="/root/scripts"
SHELL_NAME="$0"
K8S_CONTROLLER1="192.168.2.10"
#K8S_CONTROLLER2="172.31.7.102"
DATE=`date +%Y-%m-%d_%H_%M_%S`
METHOD=$1
Branch=$2
if test -z $Branch;then
Branch=develop
fi
function Code_Clone(){
Git_URL="git@192.168.2.25:yan-test/app1.git"
DIR_NAME=`echo ${Git_URL} |awk -F "/" '{print $2}' | awk -F "." '{print $1}'`
DATA_DIR="/data/gitdata/yan-test/"
Git_Dir="${DATA_DIR}/${DIR_NAME}"
cd ${DATA_DIR} && echo "即將清空上一版本代碼並獲取當前分支最新代碼" && sleep 1 && rm -rf ${DIR_NAME}
echo "-------------------------------------------------------"
echo "即將開始從分支${Branch} 獲取代碼" && sleep 1
git clone -b ${Branch} ${Git_URL}
echo "分支${Branch} 克隆完成,即將進行代碼編譯!"
echo "-------------------------------------------------------" && sleep 1
#cd ${Git_Dir} && mvn clean package
#echo "代碼編譯完成,即將開始將IP地址等信息替換為測試環境"
#####################################################
sleep 1
cd ${Git_Dir}
tar czf ${DIR_NAME}.tar.gz ./*
}
#將打包好的壓縮文件拷貝到k8s 控制端服務器
function Copy_File(){
echo "壓縮文件打包完成,即將拷貝到k8s 控制端服務器${K8S_CONTROLLER1}" && sleep 1
scp ${Git_Dir}/${DIR_NAME}.tar.gz root@${K8S_CONTROLLER1}:/root/k8s-yaml/yun/backend/image
echo "壓縮文件拷貝完成,服務器${K8S_CONTROLLER1}即將開始制作Docker 鏡像!"
echo "-------------------------------------------------------" && sleep 1
}
#到控制端執行腳本制作並上傳鏡像
function Make_Image(){
echo "開始制作Docker鏡像並上傳到Harbor服務器" && sleep 1
ssh root@${K8S_CONTROLLER1} "cd /root/k8s-yaml/yun/backend/image && bash build-command.sh ${DATE}"
echo "Docker鏡像制作完成並已經上傳到harbor服務器"
echo "-------------------------------------------------------" && sleep 1
}
#到控制端更新k8s yaml文件中的鏡像版本號,從而保持yaml文件中的鏡像版本號和k8s中版本號一致
function Update_k8s_yaml(){
echo "即將更新k8s yaml文件中鏡像版本" && sleep 1
ssh root@${K8S_CONTROLLER1} \
"cd /root/k8s-yaml/yun/backend && \
sed -i -e 's#image: 192.*#image: 192.168.1.110/yun/tomcat-app1:${DATE}#g' tomcat-app1.yaml \
tomcat-app1.yaml"
echo "k8s yaml文件鏡像版本更新完成,即將開始更新容器中鏡像版本"
echo "-------------------------------------------------------" && sleep 1
}
#到控制端更新k8s中容器的版本號,有兩種更新辦法,一是指定鏡像版本更新,二是apply執行修改過的yaml文件
function Update_k8s_container(){
#第一種方法
#ssh root@${K8S_CONTROLLER1} "kubectl set image deployment/tomcat-deploy tomcat-ct=192.168.1.110/yun/tomcat-app1:${DATE} -n yan-test"
#第二種方法,推薦使用第一種
ssh root@${K8S_CONTROLLER1} "cd /root/k8s-yaml/yun/backend && kubectl apply -f tomcat-app1.yaml --record"
echo "k8s 鏡像更新完成" && sleep 1
echo "當前業務鏡像版本: harbor.magedu.net/magedu/tomcat-app1:${DATE}"
#計算腳本累計執行時間,如果不需要的話可以去掉下面四行
endtime=`date +'%Y-%m-%d %H:%M:%S'`
start_seconds=$(date --date="$starttime" +%s);
end_seconds=$(date --date="$endtime" +%s);
echo "本次業務鏡像更新總計耗時:"$((end_seconds-start_seconds))"s"
}
#基於k8s 內置版本管理回滾到上一個版本
function rollback_last_version(){
echo "即將回滾之上一個版本"
ssh root@${K8S_CONTROLLER1} "kubectl rollout undo deployment/tomcat-deploy -n yan-test"
sleep 1
echo "已執行回滾至上一個版本"
}
#使用幫助
usage(){
echo "部署使用方法為 ${SHELL_DIR}/${SHELL_NAME} deploy "
echo "回滾到上一版本使用方法為 ${SHELL_DIR}/${SHELL_NAME} rollback_last_version"
}
#主函數
main(){
case ${METHOD} in
deploy)
Code_Clone;
Copy_File;
Make_Image;
Update_k8s_yaml;
Update_k8s_container;
;;
rollback_last_version)
rollback_last_version;
;;
*)
usage;
esac;
}
main $1 $2
3.3 發布、回滾測試
3.3.1 發布測試
點擊“build with Parameters”開始構建 ->選擇參數 -> 開始構建 -> 查看“控制台輸出”
控制台輸出信息如下,如有錯誤,根據相關提示信息對腳本進行修改。
Started by user admin
Running as SYSTEM
Building in workspace /var/lib/jenkins/workspace/tomcat-app1
[tomcat-app1] $ /bin/sh -xe /tmp/jenkins3073480597549287762.sh
+ bash /data/scripts/yan-test-tomcat-app1.sh deploy main
即將清空上一版本代碼並獲取當前分支最新代碼
-------------------------------------------------------
即將開始從分支main 獲取代碼
正克隆到 'app1'...
分支main 克隆完成,即將進行代碼編譯!
-------------------------------------------------------
壓縮文件打包完成,即將拷貝到k8s 控制端服務器192.168.2.10
壓縮文件拷貝完成,服務器192.168.2.10即將開始制作Docker 鏡像!
-------------------------------------------------------
開始制作Docker鏡像並上傳到Harbor服務器
Sending build context to Docker daemon 205.9MB
Step 1/15 : FROM 192.168.1.110/base/alpine:v20211010-1704
---> 14119a10abf4
Step 2/15 : LABEL maintainer="yanql<yanqianling@faxuan.net>"
---> Using cache
---> 36b524e2e2c9
Step 3/15 : ADD jdk-8u192-linux-x64.tar.gz /usr/local/
---> Using cache
---> 182fcf2b50ec
Step 4/15 : ADD apache-tomcat-8.5.70.tar.gz /usr/local/
---> Using cache
---> 0fb49d57c606
Step 5/15 : ADD webapps.tgz /opt/
---> Using cache
---> 93bb8d40b8c6
Step 6/15 : ADD app1.tar.gz /opt/webapps/app1/
---> fba96d9ba096
Step 7/15 : COPY catalina.sh /usr/local/apache-tomcat-8.5.70/bin/catalina.sh
---> 725b7a04fbf0
Step 8/15 : COPY glibc-2.29-r0.apk /
---> d0cfbca2e287
Step 9/15 : COPY server.xml /usr/local/apache-tomcat-8.5.70/conf/
---> 13497d92ec16
Step 10/15 : COPY tomcat-users.xml /usr/local/apache-tomcat-8.5.70/conf/
---> 21d729f1895b
Step 11/15 : RUN set -x && addgroup -g 101 -S nginx && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx && chown -R nginx:nginx /opt/webapps /usr/local/apache-tomcat-8.5.70 && sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories && wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && apk add glibc-2.29-r0.apk && rm -rf /usr/local/apache-tomcat-8.5.70/webapps
---> Running in cb3f7cddbbf6
[91m+ addgroup -g 101 -S nginx
[0m[91m+ adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx
[0m[91m+ chown -R nginx:nginx /opt/webapps /usr/local/apache-tomcat-8.5.70
[0m[91m+ sed -i s/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g /etc/apk/repositories
[0m[91m+ wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
[0m[91m+ apk add glibc-2.29-r0.apk
[0mfetch https://mirrors.ustc.edu.cn/alpine/v3.14/main/x86_64/APKINDEX.tar.gz
fetch https://mirrors.ustc.edu.cn/alpine/v3.14/community/x86_64/APKINDEX.tar.gz
(1/1) Installing glibc (2.29-r0)
OK: 10 MiB in 15 packages
[91m+ rm -rf /usr/local/apache-tomcat-8.5.70/webapps
[0mRemoving intermediate container cb3f7cddbbf6
---> 55a5a0260538
Step 12/15 : ENV JAVA_HOME /usr/local/jdk1.8.0_192
---> Running in 86eb45829ee7
Removing intermediate container 86eb45829ee7
---> 6a5bbaac4dcc
Step 13/15 : ENV PATH ${PATH}:${JAVA_HOME}/bin
---> Running in 1e67c1e72a76
Removing intermediate container 1e67c1e72a76
---> fdd4cfbceb57
Step 14/15 : EXPOSE 8080
---> Running in 9e78089af6b8
Removing intermediate container 9e78089af6b8
---> 57a71fac9eb9
Step 15/15 : CMD ["/usr/local/apache-tomcat-8.5.70/bin/catalina.sh", "run"]
---> Running in b6446f282451
Removing intermediate container b6446f282451
---> 43bafa3a6989
Successfully built 43bafa3a6989
Successfully tagged 192.168.1.110/yun/tomcat-app1:2021-10-28_13_01_59
The push refers to repository [192.168.1.110/yun/tomcat-app1]
8eef12e72f9c: Preparing
12288c868853: Preparing
13eb0d1777fd: Preparing
055bbeaa30a9: Preparing
33e602b13ef0: Preparing
47e2d7a67650: Preparing
dc823d65138e: Preparing
4ba66f116ecf: Preparing
6398b414e515: Preparing
e2eb06d8af82: Preparing
4ba66f116ecf: Waiting
6398b414e515: Waiting
47e2d7a67650: Waiting
dc823d65138e: Waiting
e2eb06d8af82: Waiting
055bbeaa30a9: Layer already exists
12288c868853: Pushed
33e602b13ef0: Pushed
dc823d65138e: Layer already exists
13eb0d1777fd: Pushed
4ba66f116ecf: Layer already exists
6398b414e515: Layer already exists
47e2d7a67650: Pushed
e2eb06d8af82: Layer already exists
8eef12e72f9c: Pushed
2021-10-28_13_01_59: digest: sha256:03f3b935a746b99b3c38c2868d6448dbd5b233822b8a033eef5f6ece7ce63372 size: 2418
Docker鏡像制作完成並已經上傳到harbor服務器
-------------------------------------------------------
即將更新k8s yaml文件中鏡像版本
k8s yaml文件鏡像版本更新完成,即將開始更新容器中鏡像版本
-------------------------------------------------------
service/tomcat-svc unchanged
deployment.apps/tomcat-deploy configured
k8s 鏡像更新完成
當前業務鏡像版本: harbor.magedu.net/magedu/tomcat-app1:2021-10-28_13_01_59
本次業務鏡像更新總計耗時:42s
Finished: SUCCESS
訪問項目頁面測試
#curl '192.168.2.17:38080/app1/index.html'
<h1>yan-test/app1/index.html v1</h1>
3.3.2 更新測試
將項目apps/index.html的內容鏡像更新,比如:
在jenkins中重新“build with Parameters”,通過查看“控制台輸出”,等構建成功后,使用瀏覽器測試訪問app1/index.html
3.3.3 回滾測試
