基于Docker容器DevOps应用方案 企业业务代码发布系统
企业业务代码发布方式
传统方式
- 以物理机或虚拟机为颗粒度部署
- 部署环境比较复杂,需要有先进的自动化运维手段
- 出现问题后重新部署成本大,一般采用集群方式部署
- 部署后以静态方式展现
容器化方式
- 以容器为颗粒度部署
- 部署方式简单,启动速度快
- 一次构建可到处运行
- 出现故障后,可随时恢复
- 可同时部署多套环境(测试、预发布、生产环境等)
企业业务代码发布逻辑图
企业业务代码发布工具及流程图
工具
| 序号 | 工具 | 工具用途 |
|---|---|---|
| 1 | git | 用于提交业务代码或克隆业务代码仓库 |
| 2 | gitlab | 用于存储业务代码 |
| 3 | jenkins | 用于利用插件完成业务代码编译、构建、推送至Harbor容器镜像仓库及项目部署 |
| 4 | tomcat | 用于运行JAVA业务代码 |
| 5 | maven | 用于编译业务代码 |
| 6 | harbor | 用于存储业务代码构建的容器镜像存储 |
| 7 | docker | 用于构建容器镜像,部署项目 |
流程图
本次部署Java代码包
企业业务代码发布系统环境部署
主机规划
| 序号 | 主机名 | 主机IP | 主机功能 | 软件 |
|---|---|---|---|---|
| 1 | dev | 192.168.91.150 | 开发者 项目代码 solo | git |
| 2 | gitlab-server | 192.168.91.151 | 代码仓库 | gitlab-ce |
| 3 | jenkins-server | 192.168.91.152 | 编译代码、打包镜像、项目发布 | jenkins、docker、git |
| 4 | harbor-server | 192.168.91.153 | 存储容器镜像 | harbor、docker |
| 5 | web-server | 192.168.91.154 | 运行容器,项目上线 | docke |
gitlab-server、jenkins-server 2GB内存
# 准备上面5个节点,并在每个节点上进行下面的操作
# 配置每个节点的host /etc/hosts
192.168.91.150 dev
192.168.91.151 gitlab-server
192.168.91.152 jenkins-server
192.168.91.153 harobr-server
192.168.91.154 web-server
# 节点时间同步
# 这个命令会弹出一个vi编辑页面,添加 0 */1 * * * ntpdate time1.aliyun.com
crontab -e
# 查看添加后计划任务
crontab -l
0 */1 * * * ntpdate time1.aliyun.com
# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
firewall-cmd --state
not running
# 使用非交互式修改selinux配置文件
sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# 重启节点
reboot
# 重启后验证selinux是否关闭
sestatus
SELinux status: disabled
主机中工具安装
dev主机
# git 用于下载项目及上传代码至代码仓库
yum -y install git
gitlab-server主机
清华大学开源软件镜像站,搜索"gitlab-ce",点击进去,选择"yum",选择"e17"
# 创建文件 /etc/yum.repos.d/gitlab.repo
[gitlab]
name=gitlab-ce
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7
enabled=1
gpgcheck=0
# gitlab-ce安装
yum -y install gitlab-ce
# gitlab-ce配置
# 修改 /etc/gitlab/gitlab.rb 32行的配置如下
external_url 'http://192.168.91.151'
# 启动gitlab-ce
gitlab-ctl reconfigure
gitlab-ctl status
# 重置密码
gitlab-rake "gitlab:password:reset[root]"
Enter password:
Confirm password:
Password successfully updated for user with username root.
jenkins-server主机
jdk和maven安装
这里安装的是Jenkins 2.414.2,使用jdk11,必须下载jdk11的最新版本,还需要下载jdk8用于jdk8项目的编译。需要配置两个maven一个用于编译jdk8项目,一个用于编译jdk11项目,如果还有其他版本的jdk项目,按照相同的操作同时配置好jdk和maven即可
# JDK安装
# 下载JDK8,如果有的话直接拷贝过来即可
wget https://download.java.net/openjdk/jdk8u43/ri/openjdk-8u43-linux-x64.tar.gz
tar xf openjdk-8u43-linux-x64.tar.gz
mv java-se-8u43-ri /usr/local/jdk8
rm -f openjdk-8u43-linux-x64.tar.gz
# 下载JDK11,如果有的话直接拷贝过来即可
wget https://download.java.net/java/GA/jdk11/9/GPL/openjdk-11.0.2_linux-x64_bin.tar.gz
tar xf openjdk-11.0.2_linux-x64_bin.tar.gz
mv jdk-11.0.2 /usr/local/jdk11
rm -f openjdk-11.0.2_linux-x64_bin.tar.gz
# 配置java环境变量
echo 'export JAVA_HOME=/usr/local/jdk11' >> /etc/profile
echo 'export PATH=$PATH:${JAVA_HOME}/bin' >> /etc/profile
source /etc/profile
# 设置/usr/bin/java软连接,安装jenkins时需要
ln -s /usr/local/jdk11/bin/java /usr/bin/java
java -version
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment 18.9 (build 11.0.2+9)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)
# maven安装
# 安装两个一个用于jdk8项目,一个用于jdk11项目
# openjdk8使用maven3.8,否则可能会出现一些证书不能使用的情况,jdk8可以使用maven的最新版本
wget https://dlcdn.apache.org/maven/maven-3/3.8.8/binaries/apache-maven-3.8.8-bin.tar.gz
tar xf apache-maven-3.8.8-bin.tar.gz
mv apache-maven-3.8.8 /usr/local/mvn_jdk8
rm -f apache-maven-3.8.8-bin.tar.gz
wget https://dlcdn.apache.org/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-bin.tar.gz
tar xf apache-maven-3.9.4-bin.tar.gz
mv apache-maven-3.9.4 /usr/local/mvn_jdk11
rm -f apache-maven-3.9.4-bin.tar.gz
# 给不同的mvn配置不同的jdk
sed '30 aJAVA_HOME=/usr/local/jdk8' -i /usr/local/mvn_jdk8/bin/mvn
sed '30 aJAVA_HOME=/usr/local/jdk11' -i /usr/local/mvn_jdk11/bin/mvn
# 验证两个mvn是否配置正确
/usr/local/mvn_jdk8/bin/mvn -v
Apache Maven 3.8.8 (4c87b05d9aedce574290d1acc98575ed5eb6cd39)
Maven home: /usr/local/mvn_jdk8
Java version: 1.8.0_43, vendor: Oracle Corporation, runtime: /usr/local/jdk8/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "3.10.0-1160.71.1.el7.x86_64", arch: "amd64", family: "unix"
/usr/local/mvn_jdk11/bin/mvn -v
Apache Maven 3.9.4 (dfbb324ad4a7c8fb0bf182e6d91b0ae20e3d2dd9)
Maven home: /usr/local/mvn_jdk11
Java version: 11.0.2, vendor: Oracle Corporation, runtime: /usr/local/jdk11
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "3.10.0-1160.71.1.el7.x86_64", arch: "amd64", family: "unix"
# 配置maven环境变量
echo 'export MAVEN_HOME=/usr/local/mvn_jdk11' >> /etc/profile
echo 'export PATH=$PATH:${MAVEN_HOME}/bin' >> /etc/profile
source /etc/profile
mvn -version
Apache Maven 3.9.4 (dfbb324ad4a7c8fb0bf182e6d91b0ae20e3d2dd9)
Maven home: /usr/local/mvn_jdk11
Java version: 11.0.2, vendor: Oracle Corporation, runtime: /usr/local/jdk11
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "3.10.0-1160.71.1.el7.x86_64", arch: "amd64", family: "unix"
maven配置修改
# 创建maven repository目录
mkdir /opt/mvn_jdk8 /opt/mvn_jdk11
# 给这些目录赋予其他用户权限
chmod 777 /opt/mvn_*
/usr/local/mvn_jdk8/conf/settings.xml配置文件修改为下面的内容
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">
<localRepository>/opt/mvn_jdk8</localRepository>
<mirrors>
<mirror>
<id>aliyunmaven</id>
<mirrorOf>*</mirrorOf>
<name>阿里云公共仓库</name>
<url>https://maven.aliyun.com/repository/public</url>
</mirror>
</mirrors>
</settings>
/usr/local/mvn_jdk11/conf/settings.xml配置文件修改为下面的内容
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">
<localRepository>/opt/mvn_jdk11</localRepository>
<mirrors>
<mirror>
<id>aliyunmaven</id>
<mirrorOf>*</mirrorOf>
<name>阿里云公共仓库</name>
<url>https://maven.aliyun.com/repository/public</url>
</mirror>
</mirrors>
</settings>
jenkins安装
访问 www.jenkins.io/download/ 页面,点击 Red Hat/Fedora/Alma/Rocky/CentOS ,进入 pkg.jenkins.io/redhat-stab… 页面,这里有安装步骤
wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
yum -y install fontconfig
yum -y install jenkins
systemctl enable jenkins && systemctl start jenkins
# jenkins安装完成之后,可能需要做下面这些修改
# /etc/sudoes 修改这个文件,给jenkins用户添加免密
echo "jenkins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# /etc/passwd 查看这个文件jenkins所在行,最后一个单词可能是false(导致不能切换用户),需要修改为bash
cat /etc/passwd | grep jenkins
jenkins:x:997:995:Jenkins Automation Server:/var/lib/jenkins:/bin/false
# 切换用户后,可能不能显示用户
su jenkins
# 若不显示用户,则执行下面的操作
cp /etc/skel/.bash* ~/
# 退出,重新登录即可显示用户
exit
su jenkins
exit
# 做出上述修改之后,回到root用户,重启jenkins
systemctl restart jenkins
根据提示解锁Jenkins
安装推荐的插件,可能会有部分插件安装失败,点击"重试"。如果所有的插件都安装失败,如果报"unable to find valid certification path to requeste"这个错误,需要把openjdk换成对应大版本的最新版本,或者使用jdk而不是openjdk
创建第一个管理员用户
git安装
yum -y install git
docker安装
# docker安装
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://zwyx2n3v.mirror.aliyuncs.com"]
}
EOF
systemctl enable docker && systemctl start docker
docker version
harbor-server主机
# docker安装
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://zwyx2n3v.mirror.aliyuncs.com"]
}
EOF
systemctl enable docker && systemctl start docker
docker version
# docker-compose安装
wget https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-linux-x86_64
mv docker-compose-linux-x86_64 /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
docker-compose version
# harbor部署
wget https://github.com/goharbor/harbor/releases/download/v2.9.0/harbor-offline-installer-v2.9.0.tgz
tar xf harbor-offline-installer-v2.9.0.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml
# 修改配置文件,修改hostname: 192.168.91.153,并将https相关配置注掉
vim harbor.yml
./prepare
./install.sh
web-server主机
# docker安装
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://zwyx2n3v.mirror.aliyuncs.com"]
}
EOF
systemctl enable docker && systemctl start docker
docker version
工具集成配置
配置docker主机使用harbor
# jenkins-server 和 web-server
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://zwyx2n3v.mirror.aliyuncs.com"],
"insecure-registries": ["http://192.168.91.153"]
}
EOF
systemctl restart docker
# 输入用户名和密码登陆harbor
docker login 192.168.91.153
# harbor-server
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://zwyx2n3v.mirror.aliyuncs.com"],
"insecure-registries": ["http://192.168.91.153"]
}
EOF
docker-compose down
systemctl restart docker
docker-compose up -d
配置jenkins使用docker
# jenkins-server
# 验证系统中是否有jenkins用户
grep jenkins /etc/passwd
jenkins:x:997:995:Jenkins Automation Server:/var/lib/jenkins:/bin/bash
# 验证系统中是否有docker用户及用户组
grep docker /etc/group
docker:x:993:
# 添加jenkins用户到docker用户组
usermod -G docker jenkins
grep docker /etc/group
docker:x:993:jenkins
# 重启jenkins服务
systemctl restart jenkins
密钥配置
dev主机至gitlab-ce
# dev
# dev主机生成密钥对
ssh-keygen
cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCijXXzcjTEkvb6JWWc7ufDGaG7J7g5xabj2H0YDsW5O+gPWOYb325rYtUC78CZ1c1dvC7sng5F6tUowEwe5xWsJBsC239CkRhNqRnY8Y7C4+lEYqbvh1VhDELOaSqIqnLd3e6POWk2KvWKdnwFwinaILV5R+AayZtVlLJ3yjSEXeZbnwwLOeEX9p/6Yhn3KvkHlRxS7SAD2cIwrtuoCMuj9o5FbO49bXnhlAO/7rvJX9cc/KEGVEQgdgHAxenB85CK2twQLMk7za+ZNPmEqI+oy095aY+h0wnnesPxfPjGI4UpM+r9HPt7WKhw60zg/KEKvl47KVf7ZyDlO7iaQDbZ root@dev
将上面生成的公钥添加到 gitlab 中
jenkins-server主机至gitlab-ce
# jenkins-server
su jenkins
# jenkins-server主机生成密钥对
ssh-keygen
cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8M+vxsz0ZyK2Agr8hqfaHfEnulBIOXNtfoVtZizKb++iaQewBV6sK4ygb3RWbru5ZMJLCIY08ZBAPdjEObb/+QnC2999+s8sJKKdJ2K74YaUl8y35eDHQosCAxATNU1fVfC5IVsO49uiJvw1lJKAtfueDFBcSQA9Y9oA767TqbQ0wOQmB4sCYurhSJtDivRG21vjTlVYI5relLT6g4iL1UyTXzVZwICKH5G/oz2q7CjMEXzNbJKiblngtBubmolv2sJ/VzST67T8gQ1QeRmEvO4klEachGhDmYtNAqaD1fBzmMstGlJA2yuqK3idR8pxwAL0UniDM/acQv5n2mo5X jenkins@jenkins-server
将上面生成的公钥添加到 gitlab 中
配置jenkins-sever主机的私钥到凭据列表
# jenkins-server
cat ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvDPr8bM9GcitgIK/Ian2h3xJ7pQSDlzbX6FbWYsym/vomkHs
AVerCuMoG90Vm67uWTCSwiGNPGQQD3YxDm2//kJwtvfffrPLCSinSdiu+GGlJfMt
+Xgx0KLAgMQEzVNX1XwuSFbDuPboib8NZSSgLX7ngxQXEkAPWPaAO+u06m0NMDkJ
geLAmLq4UibQ4r0Rttb405VWCOa3pS0+oOIi9VMk181WcCAih+Rv6M9quwozBF8z
WySom5Z4LQbm5qJb9rCf1c0k+u0/IENUHkZhLzuJJRGnIRoQ5mLTQKmg9Xwc5jLL
RpSQNsrqit4nUfKccAC9FJ4gzP2nEL+Z9pqOVwIDAQABAoIBAGQ7JsJvme/cb4LM
nyw3j4Myj1FPbJpXm8G/dp4mwwpNy+AzkZRZc092EQtd4D8sl+XKN67KHaT3CZKi
eJfdnW21RsA7HL0m1dAH5agvjWfc4Q5oB6kf+S/LLcimHISZiWK6IxAFnXEplkie
Bm1CZ0gzmOq3TV473bCcf0jqTEy4Y0pAq7J3PUl9xm3EdfVwFKj2YzGSVUwqbmxH
hworRoKuaTdFKYphFFu+Eg71eS3WJUIKW0RYyb9mw7ho3c1KX9sML+8T3QeQ4PMN
d2NKnL/uDxm/VcpkCbY3suEIX7L24fg3PKd6tf/IZJo3y+HN5YlBejCVY1lde7PD
okrqFXkCgYEA5gJKbVTaNybmOmUuX++QY1MRHm+baf+GlejQ8dCDyw86AGKD8AJD
0tTWdOKTsqya15IDmsUlQ4RHXzAoGWLjz97HEy3jwlsY2Oko/elc+BdgkGKxhuJy
78WuPVblph1iXcEPZJBDOMAVaxA3Zchct2yEZ6mHW2fp/34LewUARrUCgYEA0XhC
5lmP74ee5+KE+1NQ/KCzfk/lxlkESI9c8XLqeTaD9ue7tiFip24XaDFIlxelFwNu
k2Urs90IHqJXnBIjIC741bxtlWJQoRGVUf+W0K0K9FwkeDfVOgjDISIm9mHZASfm
5EDlLpOzJ8gwo39voJ4C3oQ2jW0cAho1RpGTPFsCgYAG+iLP1jcYXTG2q8MQXe//
U1G9np0URhALFBjifPTCgB++Sz69VRRBnPs0aHsafGnmCCPb2gcbWTPhC1DsFDfc
4mEfj9DM4H6MdeYsbZvIWs0vFA9WjB/4bgKvEae9tj55oZWZ81ZWrlz39nH3wHAv
kDcj/dyBRVGv0l7+yFQN0QKBgHUBuFzzqnMiTqE45w98esCjA6CLAM7K6pmde01j
45XR3eUNjM0v2Outk2WgIexESPOR9zJeUQsnbGGwTT/g4b4YfublWlEXmfJe4Ant
u1DVWEknLzf3+CNywYzAhwMZpR4AK/lURrC90FVofcLWbIRLv06Mi+x0BjEmcpv4
tUYBAoGBAMZSicyu/qHJbqQwUvaAhzOsS8wLNagpxclXIpsDDsmmC81I5IUMaztu
yl9iNs8ylw5tbWFyGWfGYnd0MnST2Zm93Y5bPyna3WtwN7ndEO7BoemPB3Ax8QYL
2IpNZ9aw6/0INwlikhg/o8E9+xUbB7PB6FdFTbcEqXEa7U7l054D
-----END RSA PRIVATE KEY-----
输入key值,点击"Create"
jenkins插件安装
maven integration 安装,用于编译JAVA项目
和上面的操作类似,安装下面的插件
- git parameter 用于基于git版本提交进行参数构建项目
- gitlab 用于jenkins-server拉取项目
- Generic Webhook Trigger 用于项目自动化构建
- ssh 用于jenkins-server对web-server实施项目部署
- JDK Parameter 在构建项目时用于指定JDK
jenkins全局工具配置
JDK 安装
Git配置
默认就有这个配置
Maven安装
修改配置之后,需要点击下面的"保存"或"应用"按钮
jenkins系统配置
主要配置jenkins-server通过ssh协议连接web-server
添加jenkins-server访问web-server凭据
填写远程主机的用户名和密码,ID随便填一个与其它凭证不一样的ID即可,然后点击"Create"按钮创建
配置ssh协议连接主机
填写ssh连接的相关信息,然后点击"保存"按钮
企业业务代码项目发布
项目代码
项目代码上传到gitlab
先在gitlab上创建demo项目
# dev
mkdir demo
cd demo
mkdir -p src/main/java/com/demo
cat > src/main/java/com/demo/DemoApplication.java << EOF
package com.demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@SpringBootApplication
@RestController
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@GetMapping("/hello")
public String hello() {
return "hello world";
}
}
EOF
创建pom.xml文件,内容如下
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.16</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.demo</groupId>
<artifactId>demo</artifactId>
<version>1.0.0</version>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
git config --global user.name "Administrator"
git config --global user.email "admin@example.com"
git init
git remote add origin git@192.168.91.151:root/demo.git
git add .
git commit -m "Initial commit"
git push --set-upstream origin master
# 创建jdk8分支
git branch jdk8
git checkout jdk8
git push origin jdk8
# 创建jdk11分支
git branch jdk11
git checkout jdk11
git push origin jdk11
# jdk8分支修改
git checkout jdk8
sed -i 's/hello world/hello world jdk8/g' src/main/java/com/demo/DemoApplication.java
git add .
git commit -m "jdk8"
git push origin jdk8
# jdk11分支修改
git checkout jdk11
sed -i 's/hello world/hello world jdk11/g' src/main/java/com/demo/DemoApplication.java
sed -i 's/1.0.0/2.0.0/g' pom.xml
sed -i 's/1.8/11/g' pom.xml
git add .
git commit -m "jdk11"
git push origin jdk11
构建项目运行基础应用容器镜像
# harbor-server
mkdir demodir
cd demodir
# 下载jdk8,如果有的话直接拷贝过来即可
wget https://download.java.net/openjdk/jdk8u43/ri/openjdk-8u43-linux-x64.tar.gz
tar xf openjdk-8u43-linux-x64.tar.gz
mv java-se-8u43-ri jdk8
rm -f openjdk-8u43-linux-x64.tar.gz
# 下载JDK11,如果有的话直接拷贝过来即可
wget https://download.java.net/java/GA/jdk11/9/GPL/openjdk-11.0.2_linux-x64_bin.tar.gz
tar xf openjdk-11.0.2_linux-x64_bin.tar.gz
mv jdk-11.0.2 jdk11
rm -f openjdk-11.0.2_linux-x64_bin.tar.gz
# Dockerfile
FROM centos:centos7
ARG JDK_DIR
ENV JAVA_HOME=/usr/local/jdk
ADD $JDK_DIR /usr/local/jdk
RUN echo 'export JAVA_HOME=/usr/local/jdk' >> /etc/profile
RUN echo 'export PATH=${JAVA_HOME}/bin:$PATH' >> /etc/profile
RUN source /etc/profile
# 使用docker build构建容器镜像
docker build --build-arg JDK_DIR=jdk8 -t 192.168.91.153/library/jdk:jdk8 .
docker build --build-arg JDK_DIR=jdk11 -t 192.168.91.153/library/jdk:jdk11 .
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.91.153/library/jdk jdk11 55db4d7aa427 28 seconds ago 514MB
192.168.91.153/library/jdk jdk8 4d77ba5f91c3 55 seconds ago 477MB
docker run -it --rm 192.168.91.153/library/jdk:jdk8 bash
# 在容器中执行,看看是否是对应的java版本
source /etc/profile;java -version
docker login 192.168.91.153
docker push 192.168.91.153/library/jdk:jdk8
docker push 192.168.91.153/library/jdk:jdk11
项目构建及发布
项目构建及发布步骤
- jenkins获取项目代码
- jenkins对项目代码编译,由maven完成
- jenkins使用docker对编译完成的项目代码进行打包,打包成容器应用镜像
- jenkins把打包的容器应用镜像上传到harbor
- jenkins通过ssh插件完成对web-server进行运行容器应用镜像的操作
创建项目任务
"构建一个maven项目",构建的项目依赖的jdk版本不能小于jenkins依赖的jdk版本,否则会报java版本偏低的错误,可以通过修改jenkins配置以及项目的pom文件来绕过这个错误,但是比较麻烦。可以通过"构建一个自由风格的软件项目"或"流水线",来构建任何jdk版本的maven项目
构建一个maven项目
可能会出现上面的错误,有三种解决方案
-
配置jenkins-server到gitlab-server免密ssh
-
修改 /etc/ssh/ssh_config 配置文件
-
按照提示,在jenkins-server执行
# jenkins-server su jenkins # 按照提示输入yes git ls-remote -h git@192.168.91.151:root/demo.git HEAD The authenticity of host '192.168.91.151 (192.168.91.151)' can't be established. ECDSA key fingerprint is SHA256:fFK1C9qzpNWRtBAq1dZHIEGT1fMtDD3gAQ2gWAslYTw. ECDSA key fingerprint is MD5:ed:76:a9:08:3f:0a:a5:9a:3a:ea:f3:81:26:25:95:9d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.91.151' (ECDSA) to the list of known hosts.
VERSION=`echo $Tag | awk 'BEGIN{FS="/"} {print $2}'`
REPOSITORY=192.168.91.153/library/demo:${VERSION}
# 构建镜像
cat > Dockerfile << EOF
FROM 192.168.91.153/library/jdk:$VERSION
ENV JAVA_OPTS="-Xms256m -Xmx512m"
RUN mkdir -p /opt/demo
WORKDIR /opt/demo
COPY target/*.jar /opt/demo/demo.jar
CMD /usr/local/jdk/bin/java $JAVA_OPTS -jar demo.jar
EOF
docker build -t $REPOSITORY .
# 上传镜像
docker login 192.168.91.153 -u admin -p Harbor12345
docker push $REPOSITORY
docker logout 192.168.91.153
VERSION=`echo $Tag | awk 'BEGIN{FS="/"} {print $2}'`
REPOSITORY=192.168.91.153/library/demo:${VERSION}
# 部署
docker rm -f demo |true
docker image rm $REPOSITORY |true
docker container run -d --name demo -p 8080:8080 $REPOSITORY
# web-server
# 可以看到刚刚jenkins部署成功的demo服务
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4600f2568634 192.168.91.153/library/demo:jdk11 "/bin/sh -c '/usr/lo…" 32 seconds ago Up 31 seconds 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp demo
curl 192.168.91.154:8080/hello
hello world jdk11
构建一个自由风格的软件项目
构建的时候选择不同的分支,可以同时支持jdk8和jdk11
VERSION=`echo $Tag | awk 'BEGIN{FS="/"} {print $2}'`
# -Dmaven.wagon.http.ssl.insecure -Dmaven.wagon.http.ssl.allowall 使用openjdk8时可能需要这两个选项
/usr/local/mvn_$VERSION/bin/mvn clean package -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.test.skip=true
REPOSITORY=192.168.91.153/library/demo2:${VERSION}
# 构建镜像
cat > Dockerfile << EOF
FROM 192.168.91.153/library/jdk:$VERSION
ENV JAVA_OPTS="-Xms256m -Xmx512m"
RUN mkdir -p /opt/demo
WORKDIR /opt/demo
COPY target/*.jar /opt/demo/demo.jar
CMD /usr/local/jdk/bin/java $JAVA_OPTS -jar demo.jar
EOF
docker build -t $REPOSITORY .
# 上传镜像
docker login 192.168.91.153 -u admin -p Harbor12345
docker push $REPOSITORY
docker logout 192.168.91.153
VERSION=`echo $Tag | awk 'BEGIN{FS="/"} {print $2}'`
REPOSITORY=192.168.91.153/library/demo2:${VERSION}
# 部署
docker rm -f demo2$VERSION |true
docker image rm $REPOSITORY |true
PORT=9080
if [ "${VERSION}" = "jdk11" ]; then
PORT=9081
fi
docker container run -d --name demo2$VERSION -p $PORT:8080 $REPOSITORY
构建两次,一个是jdk8,一个是jdk11
# web-server
# 可以看到刚刚jenkins部署成功的demo2服务
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
93a1a4b7b0d6 192.168.91.153/library/demo2:jdk8 "/bin/sh -c '/usr/lo…" 6 minutes ago Up 6 minutes 0.0.0.0:9080->8080/tcp, :::9080->8080/tcp demo2jdk8
41910bea7a94 192.168.91.153/library/demo2:jdk11 "/bin/sh -c '/usr/lo…" 7 minutes ago Up 7 minutes 0.0.0.0:9081->8080/tcp, :::9081->8080/tcp demo2jdk11
curl 192.168.91.154:9080/hello
hello world jdk8
curl 192.168.91.154:9081/hello
hello world jdk11
