本文主要说明 通过gitlab的配置,完成对简单django项目的自动部署
- 途中包括gitlab服务,其中包括了container registry 服务
- gitlab-runner,服务执行 gitlab-ci.yml中配置的任务
- 最终部署目标服务器
注意:
- 使用私有container registry,需要注意对应的配置 daemon.json 中添加
- 在gitlab-ci.yml 中配置了 docker 的executor,docker in docker,所以需要配置如下
services:
- name: docker:19.03.12-dind
command: ["--insecure-registry=192.168.247.191:5005"]
安装gitlab-ce
docker 安装
卸载老版本
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
安装 yum-utils 和 设置repo
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
注意repo替换为阿里
安装docker
sudo yum install -y docker-ce docker-ce-cli containerd.io
docker 加速
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://7clusxie.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
Docker compose 安装
sudo curl -L "https://get.daocloud.io/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version
gitlab-ce 安装
创建gitlab目录,在目录下创建docker-compose.yml,填写一下内容
version: '3.5'
services:
gitlab:
image: 'gitlab/gitlab-ce:latest'
container_name: gitlab
restart: always
hostname: '192.168.247.191'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://192.168.247.191:8929'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
gitlab_rails['time_zone'] = 'Asia/Shanghai'
ports:
- '8929:8929'
- '2224:22'
- '5005:5005'
volumes:
- '$GITLAB_HOME/config:/etc/gitlab'
- '$GITLAB_HOME/logs:/var/log/gitlab'
- '$GITLAB_HOME/data:/var/opt/gitlab'
$GITLAB_HOME 之后修改配置,主要在这个目录操作
docker-compose up -d 启动服务
安装 gitlab-runner
创建gitlab-runner目录,在目录下创建docker-compose.yml,填写一下内容
version: '3.5'
services:
gitlab-runner:
image: gitlab/gitlab-runner:latest
restart: always
volumes:
- '$GITLAB_HOME/config/gitlab-runner:/etc/gitlab-runner'
- '/var/run/docker.sock:/var/run/docker.sock'
docker-compose up -d 启动服务
注册runner
下面以注册一个指定runner为例,runner只服务于当前项目
docker exec -it gitlab-runner_name gitlab-runner register -n \
--url http://192.168.247.191:8929/ \
--registration-token kysM1xT_j3schppMffpv \
--executor docker \
--description "dj_todo-02" \
--docker-privileged \
--docker-image "docker/compose:1.29.2" \
--docker-pull-policy if-not-present
在GITLAB_HOME的对应目录下生成类似下面的config.yml文件
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "test"
url = "http://192.168.247.174:8929/"
token = "WZKc8dmkY1RrNHjtWrc9"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "docker/compose:1.29.2"
privileged = true # 自己配置的镜像地址生效
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
pull_policy = ["if-not-present"]
免密通道
ssh-keygen -t rsa # 生成公私秘钥
ssh-copy-id -i id_rsa.pub root@192.168.15.155 #cp 公钥到目标服务器
ssh root@192.168.247.155 测试
如下,CI变量区,配置流水线中使用到的敏感信息,例如ssh私钥
编写.gitlab-ci.yml
image:
name: docker/compose:1.29.2
entrypoint: [""]
services:
- name: docker:19.03.12-dind
command: ["--insecure-registry=192.168.247.191:5005"]
stages:
- build
- deploy
variables:
DOCKER_HOST: tcp://docker:2375
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
CI_REGISTRY: "192.168.247.191:5005"
CI_REGISTRY_USER: 'root'
CI_CI_REGISTRY_GROUP: 'test'
PROJECT_NAME: 'django_todo'
IMAGE_NAME: "$CI_REGISTRY/$CI_CI_REGISTRY_GROUP/$PROJECT_NAME"
REMOTE_SERVER: 192.168.247.214
before_script:
- apk add --no-cache openssh-client coreutils bash
- echo "$PASSWORD" | docker login --username $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
# 镜像构建和推送阶段
build:
stage: build
script:
- docker pull $IMAGE_NAME:latest || true
#- docker pull $IMAGE:nginx || true
- docker build --tag $PROJECT_NAME:latest .
- docker tag $PROJECT_NAME:latest $IMAGE_NAME:latest
- docker push $IMAGE_NAME:latest
# 配置ssh和远程部署
deploy:
stage: deploy
script:
- mkdir -p ~/.ssh
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
- cat ~/.ssh/id_rsa
- chmod 700 ~/.ssh/id_rsa
- eval "$(ssh-agent -s)"
- ssh-add ~/.ssh/id_rsa
- ssh-keyscan -p 22222 -H $REMOTE_SERVER >> ~/.ssh/known_hosts
- ssh -p 22222 root@$REMOTE_SERVER "docker stop $PROJECT_NAME;docker system prune -a -f;echo '$PASSWORD' | docker login --username root --password-stdin $CI_REGISTRY;docker pull $IMAGE_NAME:latest; docker run --name $PROJECT_NAME -d -p 8000:8000 $IMAGE_NAME:latest"
#only:
#- feature-test
主要分为两个阶段
- 构建阶段,主要是使用dockerfile,构建镜像,push
- 使用私钥,配置免密通道,部署
相关代码获取: 链接:pan.baidu.com/s/17Pz2Kf6Y… 提取码:t4v6
总结
主要通过gitlab + 自带gitlab container registry + gitlab-runner 实现简单的ci功能
