搭建平台目的:
k8s中搭建jenkins master/slave架構,解決單jenkins執行效率低,資源不足等問題(jenkins master 調度任務到 slave上,並發執行任務,提升任務執行的效率)
CI/CD環境特點:
Slave彈性伸縮
基於鏡像隔離構建環境
流水線發布,易維護
一、環境准備
| 服務名 | 地址 | 版本 |
| k8s-master | 10.48.14.100 | v1.22.3 |
| k8s-node1 | 10.48.14.50 | v1.22.3 |
| k8s-node2 | 10.48.14.51 | v1.22.3 |
| gogs代碼倉庫 | 10.48.14.50:30080 | |
| harbor鏡像倉庫 | 10.48.14.50:8888 | v1.8.1 |
K8S集群搭建參考:https://www.cnblogs.com/cfzy/p/16145576.html 使用gogs作為代碼倉庫,harbor作為鏡像倉庫:搭建參考(https://www.cnblogs.com/cfzy/p/16049885.html)
二、了解發布流程
1.藍綠發布 項目邏輯上分為AB組,在項目升級時,首先把A組從負 載均衡中摘除,進行新版本的部署。 B組仍然繼續提供 服務。A組升級完成上線,B組從負載均衡中摘除。 特點: 策略簡單 升級/回滾速度快 用戶無感知,平滑過渡 缺點: 需要兩倍以上服務器資源 短時間內浪費一定資源成本
2.灰度發布 灰度發布:
只升級部分服務,即讓一部分用戶繼續用 老版本,一部分用戶開始用新版本,如果用戶對新版 本沒有什么意見,那么逐步擴大范圍,把所有用戶都 遷移到新版本上面來。 特點: 保證整體系統穩定性 用戶無感知,平滑過渡 缺點: 自動化要求高
k8s中的落地方式
3.滾動發布 滾動發布: 每次只升級一個或多個服務,升級完成 后加入生產環境,不斷執行這個過程,直到集群中 的全部舊版升級新版本。 特點: 用戶無感知,平滑過渡 缺點: 部署周期長 發布策略較復雜 不易回滾
三、在Kubernetes中部署Jenkins
3.1 部署jenkins
創建動態PVC:為Jenkins提供持久化存儲(因為之前創建了NFS作為后端存儲的PVC"managed-nfs-storage",所以直接拿來用了)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins
spec:
storageClassName: "managed-nfs-storage"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
kubectl apply -f pvc.yml
創建deploy資源運行Jenkins服務:
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
name: jenkins
labels:
name: jenkins
spec:
serviceAccountName: jenkins
containers:
- name: jenkins
image: jenkins/jenkins:lts-jdk11
ports:
- containerPort: 8080
- containerPort: 50000
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 1
memory: 1Gi
env:
- name: TZ
value: Asia/Shanghai
- name: LIMITS_MEMORY
valueFrom:
resourceFieldRef:
resource: limits.memory
divisor: 1Mi
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
securityContext:
fsGroup: 1000
volumes:
- name: jenkins-home
persistentVolumeClaim:
claimName: jenkins
kubectl apply -f deployment.yml
創建名為Jenkins的SA,並授權:
# 創建名為jenkins的ServiceAccount apiVersion: v1 kind: ServiceAccount metadata: name: jenkins --- # 創建名為jenkins的Role,授予允許管理API組的資源Pod kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: jenkins rules: - apiGroups: [""] resources: ["pods"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create","delete","get","list","patch","update","watch"] - apiGroups: [""] resources: ["pods/log"] verbs: ["get","list","watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get"] --- # 將名為jenkins的Role綁定到名為jenkins的ServiceAccount apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: jenkins roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: jenkins subjects: - kind: ServiceAccount name: jenkins
kubectl apply -f rbac.yaml
暴露Jenkins服務端口:
apiVersion: v1
kind: Service
metadata:
name: jenkins
spec:
selector:
name: jenkins
type: NodePort
ports:
-
name: http
port: 80
targetPort: 8080
protocol: TCP
nodePort: 30006
-
name: agent
port: 50000
protocol: TCP
targetPort: 50000
kubectl apply -f service.yml
為Jenkins的URL設置域名訪問:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/client_max_body_size: 100m
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
spec:
rules:
- host: jenkins.test.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins
port:
number: 80
kubectl apply -f ingress.yml
在host文件添加dns記錄
訪問jenkins:jenkins.test.com
登錄頁面,安裝推薦插件,如果安裝失敗就更換成國內源地址
3.2 配置jenkins下載插件地址,並安裝必要插件
cd $jenkins_home/ sed -i 's#https://updates.jenkins.io/update-center.json#http://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json#g' hudson.model.UpdateCenter.xml cd $jenkins_home/updates 替換插件源地址: sed -i 's#https://updates.jenkins.io/download#http://mirrors.aliyun.com/jenkins#g' default.json 替換谷歌地址: sed -i 's#http://www.google.com#http://www.baidu.com#g' default.json 安裝插件:Git/Git Parameter/Pipeline/Kubernetes/Kubernetes Continuous Deploy/Config File Provider Kubernetes Continuous Deploy: 用於將資源配置部署到Kubernetes Config File Provider:用於存儲kubectl用於連接k8s集群的kubeconfig配置文件
注意:Kubernetes Continuous Deploy插件因為版本原因,在構建過程中報錯,所以被我棄用了,用Config File Provider插件代替也可以達到目的
3.3 Jenkins在K8S中動態創建代理
3.3.1 配置Kubernetes plugin Jenkins頁面配置k8s集群信息:系統管理——系統配置——Cloud——配置集群
注意:這個是最重要的一個配置,決定整個安裝的成敗,"kubernetes地址" 用"https://kubernetes.default"或者"https://k8s集群主節點的ip+端口", 然后點擊"連接測試",連接成功會出現k8s版本號。 為什么連k8s不需要憑證:jenkins是在k8s內部搭建的,所以不需要k8s憑證,如果是在外部搭建的就需要添加k8s憑證 jenkins地址: kubectl get svc #查看jenkins的端口 jenkins通道:這個參數是Jenkins Master和Jenkins Slave之間通信必須配置的,kubectl get svc #查看ip和端口
3.3.2 構建Jenkins—slave鏡像(Dockerfile) #jenkins 官方有jenkins-slave 制作好的鏡像,可以直接 docker pull jenkins/jnlp-slave 下載到本地並上傳本地私有鏡像廠庫。
官方的鏡像好處就是不需要再單獨安裝maven,kubectl 這樣的命令了,如果項目是maven構建就可以直接使用了。
#我們要用gradle構建項目,所以需要安裝gradle,jdk等,構建鏡像所需要Dockerfile如下:(需要先下載jdk和gradle二進制文件)
構建鏡像所需文件在:https://github.com/fxkjnj/kubernetes/tree/main/jenkins-for_kubernetes/jenkins-slave
FROM centos:7 MAINTAINER liang ENV JAVA_HOME=/usr/local/java
ENV PATH=$JAVA_HOME/bin:/usr/local/gradle/bin:$PATH
RUN yum install -y maven curl git libtool-ltdl-devel && \ yum clean all && \ rm -rf /var/cache/yum/* && \ mkdir -p /usr/share/jenkins COPY jdk-11.0.9 /usr/local/java
COPY gradle6.4 /usr/local/gradle COPY slave.jar /usr/share/jenkins/slave.jar COPY jenkins-slave /usr/bin/jenkins-slave COPY settings.xml /etc/maven/settings.xml
RUN chmod +x /usr/bin/jenkins-slave COPY kubectl /usr/bin ENTRYPOINT ["jenkins-slave"]
jenkins-slave:shell腳本,用於啟動slave.jar
settings.xml: 修改maven官方源為阿里雲源
slave.jar: agent程序,接收master下發的任務
kubectl: 讓jenkins-slave可以執行kubectl命令,cp /usr/bin/kubectl ./
構建dockerfile,生成slave-agent鏡像
docker build -t jenkins-slave-jdk:11 .
上傳到harbor倉庫
docker tag jenkins-slave-jdk:11 10.48.14.50:8888/library/jenkins-slave-jdk:11
docker login -u admin 10.48.14.50:8888
docker push 10.48.14.50:8888/library/jenkins-slave-jdk:11
3.3.3 創建一個流水線任務,測試jenkins-slave功能(在k8s中動態創建代理)
創建流水線任務 "test"
編寫pipeline測試腳本(聲明式腳本)
需要注意的是,spec中定義containers名字一定要寫jnlp
pipeline {
agent {
kubernetes {
label "jenkins-slave"
yaml """
kind: Pod
metadata:
name: jenkins-slave
spec:
containers:
- name: jnlp
image: "10.48.14.50:8888/library/jenkins-slave-jdk:11"
"""
}
}
stages {
stage('測試'){
steps {
sh """
echo hello
"""
}
}
}
}
保存,然后構建任務,查看日志信息
測試完成,功能正常。
在構建的時候,k8s集群default命名空間下,會臨時啟動一個pod(jenkins-slave-dr835-dh9dz),這個pod就是jenkins動態創建的代理,
用於執行jenkins-master下發的構建任務,當jenkins構建完成后,這個pod自動銷毀
四、Jenkins在K8S中持續部署(完整流程)
4.1 持續集成和持續部署流程
持續集成CI:提交代碼——代碼構建——可部署的包——打包鏡像——推送鏡像倉庫 持續部署CD:kubectl命令行/yaml文件——創建資源——暴露應用——更新鏡像/回滾/擴容——刪除資源 jenkins在k8s中持續集成部署流程 拉取代碼:git checkout 代碼編譯:mvn clean
構建鏡像並推送遠程倉庫
部署到K8S
開發測試
用kubectl命令行持續部署 1、創建資源(deployment) kubectl create deployment tomcat --image=tomcat:v1 kubectl get pods,deploy 2、發布服務(service) kubectl expose deployment tomcat --port=80 --target-port=8080 --name=tomcat-service --type=NodePort --port 集群內部訪問的service端口,即通過clusterIP:port可以訪問到某個service --target-port 是pod的端口,從port和nodeport來的流量經過kube-proxy流入到后端pod的targetport上,最后進入容器 nodeport:外部訪問k8s集群中service的端口,如果不定義端口號會默認分配一個 containerport:是pod內部容器的端口,targetport映射到containerport(一般在deployment中設置) kubectl get service 3、升級 kubectl set image deployment tomcat 容器名稱=tomcat:v2 --record=true #查看升級狀態 kubectl rollout status deployment/tomcat 4、擴容縮容 kubectl scale deployment tomcat --replicas=10 5、回滾 kubectl rollout history deployment/tomcat #查看版本發布歷史 kubectl rollout undo deployment/tomcat #回滾到上一版本 kubectl rollout undo deployment/tomcat --to-revision=2 #回滾到指定版本 6、刪除 kubectl delete deployment/tomcat #刪除deployment資源 kubectl delete service/tomcat-service #刪除service資源
4.2 分步生成CI/CDpipeline語法
4.2.1 拉取代碼(git checkout)
添加憑證(git倉庫、harbor倉庫):系統管理——憑據配置——新增harbor、git倉庫的用戶名/密碼
用pipeline語法生成器,生成拉取代碼步驟的pipeline語法:
根據自己的代碼倉庫信息填寫,然后點擊生成流水線腳本,就有了拉取代碼的腳本語法:(credentialsID、URL等信息可以定義成變量傳輸)
checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: 'a5ec87ae-87a1-418e-aa49-53c4aedcd261', url: 'http://10.48.14.100:30080/001/java-demo.git']]])
4.2.2 代碼編譯
mvn clean package -Dmaven.test.skip=true
4.2.3 構建鏡像
制作一個tomcat鏡像,因為java服務要跑着tomcat中:下載安裝包apache-tomcat-8.5.34.tar.gz,並編寫Dockerfile
FROM centos:7
MAINTAINER liang
ENV VERSION=8.5.34
RUN yum install -y java-1.8.0-openjdk wget curl unzip iproute net-tools && \
yum clean all && \
rm -rf /var/cache/yum/*
COPY apache-tomcat-${VERSION}.tar.gz /
RUN tar -zxf apache-tomcat-${VERSION}.tar.gz && \
mv apache-tomcat-${VERSION} /usr/local/tomcat && \
rm -rf apache-tomcat-${VERSION}.tar.gz /usr/local/tomcat/webapps/* && \
mkdir /usr/local/tomcat/webapps/test && \
echo "ok" > /usr/local/tomcat/webapps/test/status.html && \
sed -i '1a JAVA_OPTS="-Djava.security.edg=file:/dev/./urandom"' /usr/local/tomcat/bin/catalina.sh && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ENV PATH $PATH:/usr/local/tomcat/bin
WORKDIR /usr/local/tomcat
EXPOSE 8080
CMD ["catalina.sh","run"]
構建鏡像,並上傳鏡像到harbor倉庫
docker build -t tomcat:v1 .
docker tag tomcat:v1 10.48.14.50:8888/library/tomcat:v1
docker login -u admin 10.48.14.50:8888
docker push 10.48.14.50:8888/library/tomcat:v1
以tomcat:v1為基礎鏡像,構建項目鏡像,並上傳到harbor倉庫
FROM 10.48.14.50:8888/library/tomcat:v1 LABEL maitainer lizhenliang RUN rm -rf /usr/local/tomcat/webapps/* ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
docker build -t 10.48.14.50:8888/dev/java-demo:v1 .
docker login -u admin 10.48.14.50:8888
docker push 10.48.14.50:8888/dev/java-demo:v1
通過credential插件生成ID號來隱藏harbor用戶名密碼,生成pipeline語法:
pipeline中構建鏡像並上傳到harbor倉庫:
#其中涉及的變量可以pipeline中定義
stage('構建鏡像'){
steps {
withCredentials([usernamePassword(credentialsId: "${docker_registry_auth}", passwordVariable: 'password', usernameVariable: 'username')]) {
sh """
echo '
FROM ${registry}/library/tomcat:v1
MAINTAINER liang
RUN rm -rf /usr/local/tomcat/webapps/*
ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
' > Dockerfile
docker build -t ${image_name} .
docker login -u ${username} -p '${password}' ${registry}
docker push ${image_name}
"""
}
}
}
4.2.4 部署服務到k8s
在k8s中為用戶admin授權,生成kubeconfig文件。或者直接復制/root/.kube/config(這是一個kubeconfig文件)
Jenkins-slave鏡像已經有kubectl命令,只需要kubeconfig就可以連接k8s集群
把生成的kubeconfig文件放到Jenkins中:需要安裝Config File Provider插件,在Mansged files中配置
Manage Jenkins -> Managed files -> Add a new Config -> Custom file(自定義文件)
將生成的kubeconfig文件內容復制進去,復制ID號,在pipeline腳本定義變量:def k8s_auth = "ID號"
用pipeline語法生成器,生成部署資源到k8s的pipeline語法:其中Target參數可以自定義
pipeline中部署資源到k8s:
stage('部署到K8S平台'){
steps {
configFileProvider([configFile(fileId: "${k8s_auth}", targetLocation: 'admin.kubeconfig')]) {
sh """
kubectl apply -f deploy.yaml -n ${Namespace} --kubeconfig=admin.kubeconfig
sleep 10
kubectl get pod -n ${Namespace} --kubeconfig=admin.kubeconfig
"""
}
}
}
4.3 編寫創建項目資源的deploy文件
項目是使用Jenkins在Kubernetes中持續部署一個無狀態的tomcat pod應用;涉及到deployment控制器 以及采用NodePort 的方式去訪問pod
deploy.yaml文件必須和項目代碼在同一個路徑下(否則kubectl無法指定yaml文件就無法創建pod),所以編寫完yaml后,上傳到項目倉庫中
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: java-demo
name: java-demo
namespace: NS
spec:
replicas: RSCOUNT
selector:
matchLabels:
name: java-demo
template:
metadata:
labels:
name: java-demo
spec:
imagePullSecrets:
- name: SECRET_NAME
containers:
- image: IMAGE_NAME
name: java-demo
---
apiVersion: v1
kind: Service
metadata:
namespace: NS
labels:
name: java-demo
name: java-demo
spec:
type: NodePort
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
name: java-demo
4.4 定義環境變量,進行參數化構建,以及一些腳本優化
4.4.1 對jenkins-slave創建pod進行優化 每次maven 打包會產生依賴的庫文件,為了加快每次編譯打包的速度,我們可以創建一個pvc或掛載目錄,用來存儲maven每次打包產生的依賴文件。 以及我們需要將 k8s 集群 node 主機上的docker 命令掛載到Pod 中,用於鏡像的打包 ,推送,修改后的jenkins-salve如下:
kubernetes {
label "jenkins-slave"
yaml """
kind: Pod
metadata:
name: jenkins-slave
spec:
containers:
- name: jnlp
image: "10.48.14.50:8888/library/jenkins-slave-jdk:11"
imagePullPolicy: Always
env:
- name: TZ
value: Asia/Shanghai
volumeMounts:
- name: docker-cmd
mountPath: /usr/bin/docker
- name: docker-sock
mountPath: /var/run/docker.sock
- name: maven-cache
mountPath: /root/.m2
- name: gradle-cache
mountPath: /root/.gradle
volumes:
- name: docker-cmd
hostPath:
path: /usr/bin/docker
- name: docker-sock
hostPath:
path: /var/run/docker.sock
- name: maven-cache
hostPath:
path: /tmp/m2
- name: gradle-cache
hostPath:
path: /tmp/gradle
"""
4.4.2 創建一個登錄harbor倉庫的secret憑證(部署項目的yaml文件要從harbor拉取鏡像需要認證) kubectl create secret docker-registry registrypullauth --docker-username=admin --docker-password=Harbor12345 --docker-server=10.48.14.50:8888
4.4.3 定義環境變量,修改項目的deploy.yaml文件,進行參數化構建
定義環境變量,在pipeline語法中引用變量: def registry = "10.48.14.50:8888" #harbor倉庫地址 def project = "dev" #harbor存放鏡像的倉庫名 def app_name = "java-demo" #項目名 def image_name = "${registry}/${project}/${app_name}:${BUILD_NUMBER}" #編譯打包成的鏡像名 def git_address = "http://10.48.14.100:30080/001/java-demo.git" // 認證 def secret_name = "registrypullauth" #harbor用戶名密碼生成的secret def docker_registry_auth = "b07ed5ba-e191-4688-9ed2-623f4753781c" #harbor用戶密碼生成的id def git_auth = "a5ec87ae-87a1-418e-aa49-53c4aedcd261" def k8s_auth = "3cd3f414-a0e2-4bc0-8808-78c64e6ad7d2" def JAVA_OPTS = "-Xms128m -Xmx256m -Dfile.encoding=UTF8 -Duser.timezone=GMT+08 -Dspring.profiles.active=test"
參數化構建過程中,交互內容:
代碼分支(prod,dev,test)
副本數(1,3,5,7)
命名空間(prod,dev,test)
修改項目的deploy.yaml文件,替換成參數變量:
sed -i 's#IMAGE_NAME#${image_name}#' deploy.yaml
sed -i 's#SECRET_NAME#${secret_name}#' deploy.yaml
sed -i 's#RSCOUNT#${ReplicaCount}#' deploy.yaml
sed -i 's#NS#${Namespace}#' deploy.yaml
指定kubeconfig,運行項目pod
kubectl apply -f deploy.yaml -n ${Namespace} --kubeconfig=admin.kubeconfig
4.5 完整的pipeline腳本
def registry = "10.48.14.50:8888"
// 項目
def project = "dev"
def app_name = "java-demo"
def image_name = "${registry}/${project}/${app_name}:${BUILD_NUMBER}"
def git_address = "http://10.48.14.100:30080/001/java-demo.git"
// 認證
def secret_name = "registrypullauth"
def docker_registry_auth = "b07ed5ba-e191-4688-9ed2-623f4753781c"
def git_auth = "a5ec87ae-87a1-418e-aa49-53c4aedcd261"
def k8s_auth = "3cd3f414-a0e2-4bc0-8808-78c64e6ad7d2"
def JAVA_OPTS = "-Xms128m -Xmx256m -Dfile.encoding=UTF8 -Duser.timezone=GMT+08 -Dspring.profiles.active=test"
pipeline {
agent {
kubernetes {
label "jenkins-slave"
yaml """
kind: Pod
metadata:
name: jenkins-slave
spec:
containers:
- name: jnlp
image: "${registry}/library/jenkins-slave-jdk:11"
imagePullPolicy: Always
env:
- name: TZ
value: Asia/Shanghai
volumeMounts:
- name: docker-cmd
mountPath: /usr/bin/docker
- name: docker-sock
mountPath: /var/run/docker.sock
- name: gradle-cache
mountPath: /root/.gradle
- name: maven-cache
mountPath: /root/.m2
volumes:
- name: docker-cmd
hostPath:
path: /usr/bin/docker
- name: docker-sock
hostPath:
path: /var/run/docker.sock
- name: gradle-cache
hostPath:
path: /tmp/gradle
- name: maven-cache
hostPath:
path: /tmp/m2
"""
}
}
parameters {
choice (choices: ['1', '3', '5', '7'], description: '副本數', name: 'ReplicaCount')
choice (choices: ['dev','test','prod','default'], description: '命名空間', name: 'Namespace')
}
stages {
stage('拉取代碼'){
steps {
checkout([$class: 'GitSCM',
branches: [[name: "${params.Branch}"]],
doGenerateSubmoduleConfigurations: false,
extensions: [], submoduleCfg: [],
userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]
])
}
}
stage('代碼編譯'){
steps {
sh """
pwd
mvn clean package -Dmaven.test.skip=true
"""
}
}
stage('構建鏡像'){
steps {
withCredentials([usernamePassword(credentialsId: "${docker_registry_auth}", passwordVariable: 'password', usernameVariable: 'username')]) {
sh """
echo '
FROM ${registry}/library/tomcat:v1
LABEL maitainer lizhenliang
RUN rm -rf /usr/local/tomcat/webapps/*
ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
' > Dockerfile
docker build -t ${image_name} .
docker login -u ${username} -p '${password}' ${registry}
docker push ${image_name}
"""
}
}
}
stage('部署到K8S平台'){
steps {
configFileProvider([configFile(fileId: "${k8s_auth}", targetLocation: 'admin.kubeconfig')]) {
sh """
pwd
ls
sed -i 's#IMAGE_NAME#${image_name}#' deploy.yaml
sed -i 's#SECRET_NAME#${secret_name}#' deploy.yaml
sed -i 's#RSCOUNT#${ReplicaCount}#' deploy.yaml
sed -i 's#NS#${Namespace}#' deploy.yaml
kubectl apply -f deploy.yaml -n ${Namespace} --kubeconfig=admin.kubeconfig
sleep 10
kubectl get pod -n ${Namespace} --kubeconfig=admin.kubeconfig
"""
}
}
}
}
}
4.6 構建項目,查詢日志
查看構建過程和日志
原文鏈接:https://www.cnblogs.com/cfzy/p/15692758.html