gitlab+Jenkins容器化

容器安装

harbor 80
jenkins 8080
gitlab 9090

Jenkins容器化

1.下载镜像

2.运行镜像

3.如何jenkins里运行jenkins

# 创建用户
useradd  -u 1000 jenkins -M -s /sbin/nologin
运行容器
docker run -itd \
--name="jenkins" \
--privileged=true \
--user root \
-p 8080:8080 \
-p 50000:50000 \
-v /data/jenkins:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /root/.ssh:/root/.ssh \
jenkins/jenkins

安装插件

# 解压压缩包没有就网页安装
tar xf jenkins_plugins.tar.gz plugins
cd plugins/
mv ./* /data/jenkins/plugins/
chown -R jenkins:jenkins /data/jenkins/plugins/*
docker restart jenkins 

gitlab容器化

1.下载镜像

docker run --detach \
  --publish 9090:80 --publish 2222:22 \
  --name gitlab \
  --restart always \
  --volume /data/gitlab/config:/etc/gitlab \
  --volume /data/gitlab/logs:/var/log/gitlab \
  --volume /data/gitlab/data:/var/opt/gitlab \
  gitlab/gitlab-ce:latest

部署命令+三个坑

三个坑
1.开启gitlab不知道密码

docker exec -it gitlab /bin/bash
gitlab-rails console
user = User.where(username: 'root').first
user.password = 'admin-123'
user.save!
exit

2.添加了公钥,克隆代码还是需要密码,需要=修改配置文件

#1. 启动后修改配置文件
cd /data/gitlab/config
# 先备份文件
cp gitlab.rb /opt/
vim gitlab.rb
:/external_url
external_url 'http://10.0.0.11'
:/gitlab_rails
gitlab_rails['gitlab_shell_ssh_port'] = 2222

docker exec -it gitlab /bin/bash
gitlab-ctl reconfigure

#2. 启动时加参数
version: '3.6'
services:
  gitlab:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://10.0.0.11'
        gitlab_rails['gitlab_shell_ssh_port'] = 2222
        prometheus['enable'] = false
        alertmanager['enable'] = false
        node_exporter['enable'] = false
        grafana['enable'] = false
        redis_exporter['enable'] = false
        postgres_exporter['enable'] = false
        pgbouncer_exporter['enable'] = false
        gitlab_exporter['enable'] = false
    ports:
      - '9090:80'
      - '2222:22'
    volumes:
      - '/data/gitlab/config:/etc/gitlab'
      - '/data/gitlab/logs:/var/log/gitlab'
      - '/data/gitlab/data:/var/opt/gitlab'

3.优化不需要的启动服务,需要需要修改配置文件

docker exec -it gitlab /bin/bash
gitlab-ctl status

cd /data/gitlab/config
vim gitlab.rb
external_url 'http://10.0.0.11'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
prometheus['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
grafana['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
pgbouncer_exporter['enable'] = false
gitlab_exporter['enable'] = false

docker exec -it gitlab /bin/bash
gitlab-ctl reconfigure

4.公钥key写谁的?

docker run -itd \
--name="jenkins" \
--privileged=true \
--user root \
--restart always \
-p 8080:8080 \
-p 50000:50000 \
-v /data/jenkins:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /root/.ssh:/root/.ssh \
jenkins/jenkins

# jenkins-compose
version: '3'
services:
  jenkins:
    image: 'jenkins/jenkins:latest'
    restart: always
    privileged: true
    user: root   
    ports:
      - '8080:8080'
      - '50000:50000'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
      - '/usr/bin/docker:/usr/bin/docker'
      - '/root/.ssh:/root/.ssh'
      - '/data/jenkins:/var/jenkins_home'

最终版本

version: '3'
services:
  jenkins:
    image: 'jenkins/jenkins:latest'
    restart: always
    privileged: true
    user: root   
    ports:
      - '8080:8080'
      - '50000:50000'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
      - '/usr/bin/docker:/usr/bin/docker'
      - '/root/.ssh:/root/.ssh'
      - '/data/jenkins:/var/jenkins_home'
      - '/root/.docker/:/root/.docker'
      - '/etc/docker/daemon.json:/etc/docker/daemon.json'
  gitlab:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://10.0.0.11'
        gitlab_rails['gitlab_shell_ssh_port'] = 2222
        prometheus['enable'] = false
        alertmanager['enable'] = false
        node_exporter['enable'] = false
        grafana['enable'] = false
        redis_exporter['enable'] = false
        postgres_exporter['enable'] = false
        pgbouncer_exporter['enable'] = false
        gitlab_exporter['enable'] = false
    ports:
      - '9090:80'
      - '2222:22'
    volumes:
      - '/data/gitlab/config:/etc/gitlab'
      - '/data/gitlab/logs:/var/log/gitlab'
      - '/data/gitlab/data:/var/opt/gitlab'
      
      
      
docker exec -it gitlab /bin/bash
gitlab-rails console
user = User.where(username: 'root').first
user.password = 'admin-123'
user.save!
exit

容器运用

jenkins搭配gitlab操作

1.拉去代码

git clone ssh://git@10.0.0.11:2222/root/demo.git

2.打包代码

docker exec -it jenkins /bin/bash
cd /var/jenkins_home/workspace/项目名

tar zcvf code.tar.gz *

3.编写dockerfile

cat > Dockerfile << EOF
FROM nginx:latest
ADD code.tar.gz /usr/share/nginx/html/
EOF

4.构建镜像

docker build -t /linux6/nginx:v1 .

5.推送镜像

docker push 10.0.0.11/linux6/nginx:v1

宿主机11:

docker run -itd -p 9999:80 nginx:v1 -d

5.推送到harbor

安装harbor

# docker11操作
第一步:安装docker和docker-compose
yum install -y docker-compose
docker-compose version

第二步:下载 harbor-offline-installer-v1.9.0-rc1.tgz
 
cat > /etc/docker/daemon.json << 'EOF'
{
    "registry-mirrors": ["http://hub-mirror.c.163.com"],
    "insecure-registries": ["http://10.0.0.11"]
}
EOF
tar zxf harbor-offline-installer-v1.9.0-rc1.tgz -C /opt/
cd /opt/harbor
vim harbor.yml 
-------
5:hostname: 10.0.0.11
27:harbor_admin_password: 123 
-------

# 启动命令
./install.sh 


vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd://  $DOCKER_NETWORK_OPTIONS

# docker11
[root@docker-11 ~]# systemctl daemon-reload 
[root@docker-11 ~]# cd /opt/harbor/
[root@docker-11 harbor]# docker-compose stop
systemctl restart docker
docker login 10.0.0.11

 $DOCKER_NETWORK_OPTIONS

# 测试
[root@docker-11 harbor]# docker tag nginx:v1 10.0.0.11/linux6/nginx:v1
[root@docker-11 harbor]# docker push 10.0.0.11/linux6/nginx:v1

root@docker-12[11:41:13]:~
> docker pull 10.0.0.11/linux6/nginx:v1
docker run --name app -it -p 80:80 -d 10.0.0.11/linux6/nginx:v1

6.远程拉取镜像

特别注意:jenkins的*/master分区因为美国~歧视问题改成了*/main

# 首先得配ssh
[root@docker-11 harbor]# ssh-copy-id 10.0.0.12
# jenkins上操作
ssh 10.0.0.12 docker pull 10.0.0.11/linux6/nginx:v1

7.远程停止旧容器并删除

ssh 10.0.0.12 docker stop app
ssh 10.0.0.12 docker rm app

8.远程启动新容器

# 启动命令
docker run --name app -it -p 80:80 -d 10.0.0.11/linux6/nginx:v1

简单的deploy_en脚本

# 1.打包代码
code_tar(){
  tar zcvf code.tar.gz *
}

# 2.编写dockerfile
docker_file(){
cat > Dockerfile << EOF
FROM nginx:latest
ADD code.tar.gz /usr/share/nginx/html/
EOF
}

# 3.构建镜像
docker_build(){
  docker build -t 10.0.0.11/linux6/nginx:$git_version .
}

# 4.推送镜像
docker_push(){
  docker push 10.0.0.11/linux6/nginx:$git_version
}

# 5.远程拉取镜像
docker_pull(){
  ssh 10.0.0.12 docker pull 10.0.0.11/linux6/nginx:$git_version
}

# 6.停止容器
docker_stop(){
  ssh 10.0.0.12 docker stop app
}

# 7.删除容器
docker_rm(){
  ssh 10.0.0.12 docker rm app
}

# 9.启动新的容器
docker_run(){
  ssh 10.0.0.12 docker run --name app -it -p 80:80 -d 10.0.0.11/linux6/nginx:$git_version
}

# 发布逻辑
if [ "$deploy_env" == "deploy" ]
then
  code_tar
  docker_file
  docker_build
  docker_push
  docker_pull
  docker_stop
  docker_rm
  docker_run
else
  docker_stop
  docker_rm
  docker_run
fi


###  !!!!!容器要连接harbor 不然会推送失败
root@docker-11[00:03:44]:~
> docker exec -it 8f0cfb884db8 /bin/bash
root@8f0cfb884db8:/# docker login 10.0.0.11

###


chmod +x /root/deploy_env.sh 
[jenkins---ID]
docker cp /root/deploy_env.sh 8f0cfb884db8:/root/

pipeline脚本

pipeline {
    agent any
    parameters {
        gitParameter name: 'git_version', 
                     branchFilter: 'origin/(.*)',
                     type: 'PT_TAG',
                     defaultValue: 'v1.0',
                     description: '发布新版本'
        choice(name: 'base_image', choices: ['nginx:1.17','nginx:1.18'],description: '请选择基础镜像版本')
        choice(name: 'deploy_env', choices: ['deploy','rollback'],description: 'deploy: 发布版本\nrollback: 回滚版本')               
    }
    stages {
        stage('拉取代码'){
            steps {
                  checkout([$class: 'GitSCM', 
                                     branches: [[name: '${git_version}']], 
				                     doGenerateSubmoduleConfigurations: false, 
                                     extensions: [[$class: 'RelativeTargetDirectory', relativeTargetDir: 'game']],				  
				                     submoduleCfg: [], 
				                     userRemoteConfigs: [[credentialsId: 'e66c4757-c002-4f21-9102-dfd342d9d667', 
				                     url: 'ssh://git@10.0.0.11:2222/root/game.git']]])
            }
        }
        stage("编译镜像"){
            steps{
                writeFile file: "Dockerfile", text: """FROM 10.0.0.11:8888/base_image/${params.base_image}\nADD game /usr/share/nginx/html/"""
            } 
        }
		stage('上传镜像'){
            steps {
                sh "docker build -t 10.0.0.11:8888/linux5/game:${params.git_version} . && docker push 10.0.0.11:8888/linux5/game:${params.git_version}"
            }
        }
		stage('部署容器'){
            steps {
                sh 'ssh 10.0.0.7 "docker pull 10.0.0.11:8888/linux5/game:${git_version} && docker stop game && docker rm game && docker run --name game -p 80:80 -d 10.0.0.11:8888/linux5/game:${git_version} && docker ps"'
            }
        }
        stage("清理构建镜像"){
            steps{
                sh "docker rmi 10.0.0.11:8888/linux5/game:${params.git_version}"
            }
        }
	}
}