Docker-kubernetes-持续集成与持续交付
Git简介
- Git简介
Git是一个开源的分布式版本控制系统,可以有效、高速的处理从很小到非常大的项目版本管理。 Git 是 Linus Torvalds 为了帮助管理 Linux 内核开发而开发的一个开放源码的版本控制软件
Git也是目前最流行的分布式版本控制系统,它和其他版本控制系统的主要差别在于Git只关心文件数据的整体是否发生变化,而大多数版本其他系统只关心文件内容的具体差异,这类系统(CVS,Subversion,Perforce,Bazaar 等等)每次记录有哪些文件作了更新,以及都更新了哪些行的什么内容。
-
版本控制系统简介
本地版本控制系统
集中化的版本控制系统
分布式版本控制系统
-
Git特点:
? 速度
? 简单的设计
? 对非线性开发模式的强力支持(允许成千上万个并行开发的分支)
? 完全分布式
? 有能力高效管理类似 Linux 内核一样的超大规模项目(速度和数据量 -
Git状态
Git 有三种状态:已提交(committed)、已修改(modified) 和 已暂存(staged)。
? 已修改表示修改了文件,但还没保存到数据库中。
? 已暂存表示对一个已修改文件的当前版本做了标记,使之包含在下次提交的快 照中。
? 已提交表示数据已经安全地保存在本地数据库中。
这会让我们的 Git 项目拥有三个阶段:工作区、暂存区以及 Git 目录。
git工具使用
安装git
[root@server1 ~]# yum install -y git
配置用户名和邮箱
[root@server1 demo]# git config --global user.email "chen.com"
[root@server1 demo]# git config --global user.name "chen"
[root@server1 demo]# git config --global user.name
chen
[root@server1 demo]# git config --global user.email
chen.com
获取Git配置信息
[root@server1 demo]# git config --list
user.email=chen.com
user.name=chen
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
创建工作目录
[root@server1 ~]# mkdir demo
[root@server1 ~]# cd demo/
[root@server1 demo]# ls -a
. ..
初始化git
[root@server1 demo]# git init
Initialized empty Git repository in /root/demo/.git/
[root@server1 demo]# ls -a
. .. .git readme.md
[root@server1 demo]# cd .git/
[root@server1 .git]# ls
branches config description HEAD hooks info objects refs
创建测试文件 README.md 查看状态
[root@server1 demo]# touch README.md
[root@server1 demo]# ls
README.md
[root@server1 demo]# git status
# On branch master
#
# Initial commit
#
# Untracked files:
# (use "git add <file>..." to include in what will be committed)
#
# README.md
nothing added to commit but untracked files present (use "git add" to track)
添加工作区文件到暂存区
[root@server1 demo]# git status -s
?? README.md
[root@server1 demo]# git add README.md
[root@server1 demo]# git status -s
A README.md
提交暂存区的文件
[root@server1 demo]# git commit -m "add README.md"
[master (root-commit) 5b85da5] add README.md
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 README.md
[root@server1 demo]# git status -s
修改工作区的文件,查看状态,M为红色且靠右
[root@server1 demo]# echo hello >> README.md
[root@server1 demo]# git status -s
M README.md
提交到暂存区后再次查看,M为绿色且靠做
[root@server1 demo]# git add README.md
[root@server1 demo]# git status -s
M README.md
全部提交
[root@server1 demo]# git commit -m "update README.md"
[master 3fff37a] update README.md
1 file changed, 1 insertion(+)
[root@server1 demo]# git status -s
撤销
[root@server1 demo]# cat README.md
hello
[root@server1 demo]# echo westos >> README.md
[root@server1 demo]# git status
# On branch master
# Changes not staged for commit:
# (use "git add <file>..." to update what will be committed)
# (use "git checkout -- <file>..." to discard changes in working directory)
#
# modified: README.md
#
no changes added to commit (use "git add" and/or "git commit -a")
[root@server1 demo]# git status -s
M README.md
[root@server1 demo]# git checkout -- README.md
[root@server1 demo]# cat README.md
hello
删除 README.md
[root@server1 demo]# rm -f README.md
[root@server1 demo]# git status -s
D README.md
[root@server1 demo]# git status
# On branch master
# Changes not staged for commit:
# (use "git add/rm <file>..." to update what will be committed)
# (use "git checkout -- <file>..." to discard changes in working directory)
#
# deleted: README.md
#
no changes added to commit (use "git add" and/or "git commit -a")
恢复README.md
[root@server1 demo]# git reset
Unstaged changes after reset:
D README.md
[root@server1 demo]# git checkout -- README.md
[root@server1 demo]# ls
README.md
[root@server1 demo]# cat README.md
hello
版本回溯
[root@server1 demo]# git reflog
458f92a HEAD@{0}: commit: delete README.md
3fff37a HEAD@{1}: commit: update README.md
5b85da5 HEAD@{2}: commit (initial): add README.md
[root@server1 demo]# ls
[root@server1 demo]# git reset --hard 3fff37a
HEAD is now at 3fff37a update README.md
[root@server1 demo]# ls
README.md
[root@server1 demo]# cat README.md
hello
[root@server1 demo]# git reset --hard 5b85da5
HEAD is now at 5b85da5 add README.md
[root@server1 demo]# ls
README.md
[root@server1 demo]# cat README.md
github远程仓库搭建
登陆github后新建仓库
选择ssh
生成密钥并把公钥复制到github的sshkey
[root@server1 demo]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:EjUJYuuI88agft/bsvkQkeCUOkWbuUFMvD9e9b1NeEg root@server1
The key's randomart image is:
+---[RSA 2048]----+
| B*o.o. |
| .+B=.o. |
| +*oo |
| . = .o.. . E |
|+ . o.o.S . ...o |
|.= +.. .o.o|
|. + ..o oo|
|.. . .o+ ..|
| .. .. ==o |
+----[SHA256]-----+
[root@server1 demo]# ls
README.md
[root@server1 demo]# cd /home/
[root@server1 home]# ls
[root@server1 home]# cd /root/.ssh/
[root@server1 .ssh]# ls
id_rsa id_rsa.pub
[root@server1 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3dUhX58vDw/MBWKx72rOr26PFq2aTMsG81tO7qkX1T6fTjmfYuDkm+bX+c3WjDWstcJ3dYEUhMWNHsonphhHBtOXGxrg7SOrXAZIC44hF4JpiSu8Wz06nnmV8ApQU+BdCfcPG/6s6s7YxGn9SSRUVCruDpr/tR6fUaI+LRrLKlMSY3bSbW86DMLP114LhIzljXyWLfpugj65+GiNScIK4xEUT0EiA2IitD0i4nHJzdjEhoNKy/zHVaP+faBWaDMwexmuiiBuCP89R9OAnsmybvtpzt6aD/dfmdiwhWUwqCkezFYEXTf5G2t07ZK2otpkoQzAX22x2wFgxzHq47Di3 root@server1
添加远程仓库
[root@server1 demo]# git remote -v
[root@server1 demo]# git remote add origin git@github.com:C1304663149/demo.git
[root@server1 demo]# git remote -v
origin git@github.com:C1304663149/demo.git (fetch)
origin git@github.com:C1304663149/demo.git (push)
上传
[root@server1 demo]# git push -u origin main
The authenticity of host 'github.com (13.250.177.223)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
RSA key fingerprint is MD5:16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,13.250.177.223' (RSA) to the list of known hosts.
Counting objects: 3, done.
Writing objects: 100% (3/3), 201 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@github.com:C1304663149/demo.git
* [new branch] main -> main
Branch main set up to track remote branch main from origin.
再次进入demo可以看见 README.md
gitlab代码仓库
虚拟机server1,内存不小于4G
可以在国内镜像站下载el7的最新的gitlab安装包
https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/
下载gitlab的依赖
[root@server1 ~]# yum install -y curl policycoreutils-python openssh-server perl
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Package curl-7.29.0-51.el7.x86_64 already installed and latest version
Package policycoreutils-python-2.5-29.el7.x86_64 already installed and latest version
Package openssh-server-7.4p1-16.el7.x86_64 already installed and latest version
Package 4:perl-5.16.3-293.el7.x86_64 already installed and latest version
Nothing to do
安装gitlab安装包
[root@server1 ~]# rpm -ivh gitlab-ce-14.1.2-ce.0.el7.x86_64.rpm
warning: gitlab-ce-14.1.2-ce.0.el7.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID f27eab47: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:gitlab-ce-14.1.2-ce.0.el7 ################################# [100%]
It looks like GitLab has not been configured yet; skipping the upgrade script.
*. *.
*** ***
***** *****
.****** *******
******** ********
,,,,,,,,,***********,,,,,,,,,
,,,,,,,,,,,*********,,,,,,,,,,,
.,,,,,,,,,,,*******,,,,,,,,,,,,
,,,,,,,,,*****,,,,,,,,,.
,,,,,,,****,,,,,,
.,,,***,,,,
,*,.
_______ __ __ __
/ ____(_) /_/ / ____ _/ /_
/ / __/ / __/ / / __ `/ __ \
/ /_/ / / /_/ /___/ /_/ / /_/ /
\____/_/\__/_____/\__,_/_.___/
Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:
sudo gitlab-ctl reconfigure
For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
Help us improve the installation experience, let us know how we did with a 1 minute survey:
https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=14-1
编辑配置文件
[root@server1 ~]# cd /etc/
[root@server1 etc]# cd gitlab/
[root@server1 gitlab]# ls
gitlab.rb
[root@server1 gitlab]# vim gitlab.rb
32 external_url 'http://172.25.12.1'
重载服务(时间很久)
[root@server1 gitlab]# gitlab-ctl reconfigure
gitlab Reconfigured!
重载完成后网页访问http://172.25.12.1
找到root密码
[root@server1 gitlab]# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: swrwpvrda1oqqFVvplKEw7uIfA09XoEQrcjY4SY4xUc=
# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
[root@server1 gitlab]#
输入账号秘密
登陆成功
修改语言
修改秘密最少8位
输入新密码重新登陆
添加公钥
创建项目
复制克隆链接
卸载之前的git重新安装
[root@server1 ~]# yum remove -y git
[root@server1 ~]# yum install -y git
将demo克隆到server1上
[root@server1 ~]# git clone git@172.25.12.1:root/demo.git
Cloning into 'demo'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.
[root@server1 ~]# ls
anaconda-ks.cfg demo gitlab-ce-14.1.2-ce.0.el7.x86_64.rpm
[root@server1 ~]# cd demo/
[root@server1 demo]# ls
README.md
[root@server1 demo]# cat README.md
# demo
查看远程信息
[root@server1 demo]# git remote -v
origin git@172.25.12.1:root/demo.git (fetch)
origin git@172.25.12.1:root/demo.git (push)
jenkins持续集成
jenkins简介
? Jenkins是开源CI&CD软件领导者, 提供超过1000个插件来支持构建、部署、
自动化, 满足任何项目的需要。
? Jenkins用Java语言编写,可在Tomcat等流行的servlet容器中运行,也可独立运
行。
? CI(Continuous integration持续集成)持续集成强调开发人员提交了新代码之后,立刻进行构建、(单元)测试。
? CD(Continuous Delivery持续交付) 是在持续集成的基础上,将集成后的代码部
署到更贴近真实运行环境(类生产环境)中 。
jenkins安装
准备server2 内存2G就可以
jenkins可以在镜像站下载
国内镜像站: https://mirrors.tuna.tsinghua.edu.cn/jenkins/redhat/
[root@server2 ~]# ls
anaconda-ks.cfg jdk-8u171-linux-x64.rpm
daemonize-1.7.7-1.el7.x86_64.rpm jenkins-2.306-1.1.noarch.rpm
[root@server2 ~]#
先安装jdk再安装daemonize最后安装jenkins
[root@server2 ~]# rpm -ivh jdk-8u171-linux-x64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:jdk1.8-2000:1.8.0_171-fcs ################################# [100%]
Unpacking JAR files...
tools.jar...
plugin.jar...
javaws.jar...
deploy.jar...
rt.jar...
jsse.jar...
charsets.jar...
localedata.jar...
[root@server2 ~]# rpm -ivh daemonize-1.7.7-1.el7.x86_64.rpm
warning: daemonize-1.7.7-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:daemonize-1.7.7-1.el7 ################################# [100%]
[root@server2 ~]# rm -fr daemonize-debuginfo-1.7.7-1.el7.x86_64.rpm
[root@server2 ~]# rpm -ivh jenkins-2.306-1.1.noarch.rpm
warning: jenkins-2.306-1.1.noarch.rpm: Header V4 RSA/SHA512 Signature, key ID 45f2c3d5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:jenkins-2.306-1.1 ################################# [100%]
启动jenkins并查看信息
[root@server2 ~]# systemctl start jenkins
[root@server2 ~]# systemctl status jenkins
● jenkins.service - LSB: Jenkins Automation Server
Loaded: loaded (/etc/rc.d/init.d/jenkins; bad; vendor preset: disabled)
Active: active (running) since Thu 2021-08-12 19:36:57 +08; 8s ago
Docs: man:systemd-sysv-generator(8)
Process: 25204 ExecStart=/etc/rc.d/init.d/jenkins start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/jenkins.service
└─25208 /etc/alternatives/java -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenk...
Aug 12 19:36:57 server2 systemd[1]: Starting LSB: Jenkins Automation Server...
Aug 12 19:36:57 server2 jenkins[25204]: Starting Jenkins [ OK ]
Aug 12 19:36:57 server2 systemd[1]: Started LSB: Jenkins Automation Server.
[root@server2 ~]# netstat -antlp | grep :8080
tcp6 0 0 :::8080 :::* LISTEN 25208/java
输入172.25.12.2:8080进入jenkins
找到初始化密钥 并输入登陆
[root@server2 ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
a4ea612e12e94a6aa8f0ab2bdf84b762
点右边的自己选择安装之后为了快速进入 什么都不安装点下一步
点Skip and continue as admin
Save and Finish
开始使用jenins
进入配置
修改密码和时区保存之后重新输入账号密码再次登陆
jenkins插件
更新插件源
创建目录
[root@server2 ~]# mkdir /var/lib/jenkins/update-center-rootCAs
[root@server2 ~]# cd /var/lib/jenkins/update-center-rootCAs/
下载ca证书
[root@server2 update-center-rootCAs]# ls
[root@server2 update-center-rootCAs]# wget https://cdn.jsdelivr.net/gh/lework/jenkins-update-center/rootCA/update-center.crt -O /var/lib/jenkins/update-center-rootCAs/update-center.crt
--2021-08-13 14:51:38-- https://cdn.jsdelivr.net/gh/lework/jenkins-update-center/rootCA/update-center.crt
Resolving cdn.jsdelivr.net (cdn.jsdelivr.net)... 117.156.18.146, 2409:8c7a:a01:60::15
Connecting to cdn.jsdelivr.net (cdn.jsdelivr.net)|117.156.18.146|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1212 (1.2K) [application/x-x509-ca-cert]
Saving to: ‘/var/lib/jenkins/update-center-rootCAs/update-center.crt’
100%[=======================================================>] 1,212 --.-K/s in 0s
2021-08-13 14:51:39 (79.7 MB/s) - ‘/var/lib/jenkins/update-center-rootCAs/update-center.crt’ saved [1212/1212]
[root@server2 update-center-rootCAs]# ls
update-center.crt
授权
[root@server2 update-center-rootCAs]# chown jenkins.jenkins -R /var/lib/jenkins/update-center-rootCAs
更新插件地址
点击Manage Plugins进入插件管理
点击Advanced
找到插件地址
我们现在要把这个地址改成我们速度最快的地址
首先查看哪个镜像站的速度快
[root@server2 update-center-rootCAs]# curl -sSL https://cdn.jsdelivr.net/gh/lework/jenkins-update-center/speed-test.sh | bash
Jenkins mirror update center speed test
[Mirror Site]
ustc : https://mirrors.ustc.edu.cn/jenkins/
bit : https://mirrors.bit.edu.cn/jenkins/
tsinghua : https://mirrors.tuna.tsinghua.edu.cn/jenkins/
tencent : https://mirrors.cloud.tencent.com/jenkins/
aliyun : https://mirrors.aliyun.com/jenkins/
huawei : https://mirrors.huaweicloud.com/jenkins/
[Test]
Test File : updates/current/plugin-versions.json
Site Name IPv4 address File Size Download Time Download Speed
ustc 202.141.176.110 11M 6.9s 1.59MB/s
bit 114.247.56.117 11M 7.3s 1.49MB/s
tsinghua 101.6.15.130 11M 5.1s 2.15MB/s
tencent 117.157.23.198 11M 8.0s 1.37MB/s
aliyun 111.19.176.223 11M 4.7s 2.33MB/s
huawei 124.70.126.99 11M 5.1s 2.15MB/s
然后把下面的url中的网站名称改成最快的,之后替换掉官方的插件地址
https://cdn.jsdelivr.net/gh/lework/jenkins-update-center/updates/huawei/update-center.json
点击submit之后查看一下插件源文件
[root@server2 ~]# cd /var/lib/jenkins/
[root@server2 jenkins]# ls
config.xml jobs secret.key.not-so-secret
hudson.model.UpdateCenter.xml logs secrets
identity.key.enc nodeMonitors.xml update-center-rootCAs
jenkins.install.InstallUtil.lastExecVersion nodes updates
jenkins.install.UpgradeWizard.state plugins updates-center-rootCAs
jenkins.model.JenkinsLocationConfiguration.xml queue.xml.bak userContent
jenkins.telemetry.Correlator.xml secret.key users
[root@server2 jenkins]# cat hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>https://cdn.jsdelivr.net/gh/lework/jenkins-update-center/updates/huawei/update-center.json</url>
</site>
确认之后点击check now
在Available可以看到可以下载的插件
安装插件
安装一个中文插件
install安装
成功
刷新之后显示中文
再安装pipeline流水线插件
jenkins项目创建
连接gitlab并自动触发
- 连接gitlab
安装git
[root@server2 jenkins]# yum install -y git
安装gitlab插件
创建一个任务
选择一个自由风格的项目点击确定
在源码管理一栏添加私有git url
发现报错,git仓库无法和Jenkins进行SSH免密连接
生成ssh密钥
[root@server2 jenkins]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UVYsaGsV7gDX+OL5qTc3MPk6zUogLoSvRei8bepjrqg root@server2
The key's randomart image is:
+---[RSA 2048]----+
| . .+++. |
| o+++ . |
| .o+.. |
| o ++. |
| o o .oSo.. |
| o + . .o.+ |
| o + . ..B |
|. o=.. .* * |
|E=*+. .oo* . |
+----[SHA256]-----+
[root@server2 jenkins]#
[root@server2 jenkins]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCTnG+hM+zG46E9/FZetgsVjiRktwek2W7sbzFQrFwmUYvYrhUqc2zW6a3RVVDX38X4ew9zyda3eCVrD12pl3jPcaw3jw5yH9hzNpwG8tTIZMFSbb8P/ZCLm79T6rNmY7zMQTan5GLPccBuSsZtZmulXGV5oxjXQ96t97ZgP1v5t9JJqbmnMPF9728al/rWimTe2j3l3ICcBkQnC72y9X4DPOaauq6pbtfHN9L74BJsGrv+eKHKPSrG/sPeb1uafjHZq895RrvF9YFpPRjbzXqF0NJlLBpqC6fmmyYY0hJHmR9QzDXGy1MKMBjn112vDImpxvJPLe0KO3dkzk3n6p1J root@server2
[root@server2 jenkins]# cat /root/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAk5xvoTPsxuOhPfxWXrYLFY4kZLcHpNlu7G8xUKxcJlGL2K4V
KnNs1umt0VVQ19/F+HsPc8nWt3glaw9dqZd4z3GsN48Och/YczacBvLUyGTBUm2/
D/2Qi5u/U+qzZmO8zEE2p+Riz3HAbkrGbWZrpVxleaMY10Perfe2YD9b+bfSSam5
pzDxfe9vGpf61opk3to95dyAnAZEJwu9svV+AzzmmrquqW7XxzfS++ASbBq7/nih
yj0qxv7D3m9bmn4x2avPeUa7xfWBaT0Y2816hdDSZSwaagun5psmGNISR5kfUMw1
xstTCjAY59ddrwyJqcbyTy3tCjt3ZM5N5+qdSQIDAQABAoIBAE+uRW/+aJUgMV0V
hsYPfMJA/ZJEXuL04HTOvQ8wS3n/0P7BUfmdXyZP9B0o8b/mMqakPz4guUBGoeQ9
4jB27KcGVJGVLpYabKwc0XLKyGP4R4coaNfH56wFAe3ZpsfhlPupREiy90fFvruK
r7xEal1UGA7mJLWnFGBSdGdWLF8KsqBpWjrkKWJ0yOHxJQ38kUKH99uSV8uNQnqG
Z2h2YEkIp385+OVvZpndBk+98+ST2LlqeNF5AU/BhQkAfDQhmwXHkq8HeMWuucht
iEzv9XTrgmL7l01HRKvjAwge5f62Tkgfyru6Em49pmtGZgllGSkVe9/zDay9kHoF
0dxMutECgYEAw6Vf1RBpHWyW9L9J60Y0kualoZ/aaDGvg9fnKZf9soCOPCjFSRez
0JwACX6VXMkef9V0Y1kQhSEiM+ak8wLoWCGmoaK4OgSHUNOO8a5qQFErLAIJpvOV
UUDNPDALpIJr5m4j5GvcVsqhzyyuh2wXTclRR5LBkeAdhaEpdl5J4JUCgYEAwSWh
ki4GRM4yyeSsE0ohiS2x4/Ayvh0l//CZ2AqDmlYqLdYTwnHaM69TxqWwvpsbV4L9
5zc0konX+7hyfEypYzEo1EMolZ5D9IPEn7PO1+aeLC8BD3yFrgwMhBBm3WacJ8Sw
91w+pimZpPA/Ixk3vw5MFHo/WUqzUpUMBpg72OUCgYEAoT2eKX8I4pMoJjWwuhJ2
KculHfsciVrJiCNcBE+bao3Aq5v+XCsIqximfyyv9HRcioZlEavJja6s/ZFMyGrR
CjFRn0z3//jTfK2e1VglgTRkHDTht5JwsTJy8vO15LMIMjT7p7mtMmp1yMTOYhWX
byhHsHEmzw6hxgv4m/FBebECgYBnkAnmG4947ScGYfpyDVmV+E5d7bkHfxGU/ik/
UcPmyTSshxDpParF88hzxvvR99DdR3tkspEZ0ZdhfTDFvUVFzmIaDjiAoO/G97BC
AWNzGFDPWBS1fQsgm41KcpD1PcOU/z30JB3jcoLTkY4I/8iIRN4+TJ4S/p7QNOLR
1magkQKBgQCqnJJfnfqo/fP+xTNHBty0EYFABnQEAotjdU+ifSQwHvddg9hyoDY0
b+AjE+T2VZEyJlG8UN4D/s2D+MP5cU+RczgrRtrkrEyYFGsnh9fEiPNf+XlPn9jQ
MAZF94nOVlyOBbISU3VjGYqE6HCInQrhRcyokMGQetWqKwfrStwPtg==
-----END RSA PRIVATE KEY-----
[root@server2 jenkins]#
将公钥添加到gitlab
在jenkins添加密钥
类型选择ssh
添加描述和username 将密钥复制到key
报错消失
更改分支
构建触发器,测试轮询为每分钟
设置shell
点击保存,构建成功
查看控制器输出
在server1 push一个index.html
[root@server1 ~]# cd demo/
[root@server1 demo]# ls
README.md
[root@server1 demo]# vim index.html
[root@server1 demo]# cat index.html
westos
[root@server1 demo]# git add index.html
[root@server1 demo]# git commit -m "add index.html"
[main dbb3143] add index.html
1 file changed, 1 insertion(+)
create mode 100644 index.html
[root@server1 demo]# git log
commit dbb314363d15f649023bf284370b86d697386b11
Author: chen <chen.com>
Date: Fri Aug 13 16:49:06 2021 +0800
add index.html
commit 109cd4efadacaf2763d2e510423ead4bfc7e4275
Author: Administrator <admin@example.com>
Date: Thu Aug 12 10:14:31 2021 +0000
Initial commit
[root@server1 demo]# git push -u origin main
Counting objects: 4, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 271 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@172.25.12.1:root/demo.git
109cd4e..dbb3143 main -> main
Branch main set up to track remote branch main from origin.
查看gitlab
查看jenkins 出现一个最新的#5
查看控制器输出
- gitlab自动触发jenkins
为了实验的实时性关闭轮询
构建一个webhook的触发器 url http://172.25.12.2:8080/project/demo
在下面点击高级生成一个token
设置admin的网络
在网络的外发请求里面选择允许Webhook和服务对本地网络的请求
保存之后在gitlab的demo设置里面找到webhooks 添加刚才构建触发器的url和token
添加成功
查看jenkins的构建历史 
测试: 在server1更改index.html的内容
[root@server1 demo]# vim index.html
[root@server1 demo]# cat index.html
westos
westos
westos
westos
[root@server1 demo]# git commit -m -a "add index.html"
error: pathspec 'add index.html' did not match any file(s) known to git.
[root@server1 demo]# git commit -a -m "add index.html"
[main ec6b725] add index.html
1 file changed, 3 insertions(+)
[root@server1 demo]# git push -u origin main
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 276 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@172.25.12.1:root/demo.git
dbb3143..ec6b725 main -> main
Branch main set up to track remote branch main from origin.
查看控制台输出 index.html更新时间
查看server2的index.html
[root@server2 demo]# ls
index.html README.md
[root@server2 demo]# cat index.html
westos
westos
westos
westos
自动构建镜像,并上传至harbor仓库
docker部署
https://blog.csdn.net/weixin_56892849/article/details/118928674
harbor搭建
https://blog.csdn.net/weixin_56892849/article/details/118941730
这次用172.25.12.10作为harbor仓库
为每个主机添加解析
[root@reg ~]# vim /etc/hosts
[root@reg ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.12.250 foundation12.ilt.example.com
172.25.12.1 server1
172.25.12.2 server2
172.25.12.3 server3
172.25.12.4 server4
172.25.12.5 server5
172.25.12.6 server6
172.25.12.7 server7
172.25.12.8 server8
172.25.12.10 reg.westos.org
[root@reg ~]# scp /etc/docker/daemon.json server2:/etc/docker/
[root@reg ~]# scp -r /etc/docker/certs.d/ server2:/etc/docker/
[root@server2 ~]# systemctl restart docker.service
server2拉一个myapp并且更换标签
[root@server2 ~]# ls
anaconda-ks.cfg jdk-8u171-linux-x64.rpm myapp.tar
daemonize-1.7.7-1.el7.x86_64.rpm jenkins-2.306-1.1.noarch.rpm
[root@server2 ~]# docker load -i myapp.tar
d39d92664027: Loading layer [==================================================>] 4.232MB/4.232MB
8460a579ab63: Loading layer [==================================================>] 11.61MB/11.61MB
c1dc81a64903: Loading layer [==================================================>] 3.584kB/3.584kB
68695a6cfd7d: Loading layer [==================================================>] 4.608kB/4.608kB
05a9e65e2d53: Loading layer [==================================================>] 16.38kB/16.38kB
a0d2c4392b06: Loading layer [==================================================>] 7.68kB/7.68kB
Loaded image: ikubernetes/myapp:v1
Loaded image: ikubernetes/myapp:v2
[root@server2 ~]# docker tag ikubernetes/myapp:v1 myapp:v1
[root@server2 ~]# docker tag ikubernetes/myapp:v2 myapp:v2
[root@server2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ikubernetes/myapp v1 d4a5e0eaa84f 3 years ago 15.5MB
myapp v1 d4a5e0eaa84f 3 years ago 15.5MB
ikubernetes/myapp v2 54202d3f0f35 3 years ago 15.5MB
myapp v2 54202d3f0f35 3 years ago 15.5MB
[root@server2 ~]# docker rmi ikubernetes/myapp:v1 ikubernetes/myapp:v2
Untagged: ikubernetes/myapp:v1
Untagged: ikubernetes/myapp:v2
[root@server2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
myapp v1 d4a5e0eaa84f 3 years ago 15.5MB
myapp v2 54202d3f0f35 3 years ago 15.5MB
部署好之后server1上面写一个资源清单并push
[root@server1 ~]# cd demo/
[root@server1 demo]# ls
index.html README.md
[root@server1 demo]# vim Dockerfile
[root@server1 demo]# cat Dockerfile
FROM myapp:v1
[root@server1 demo]# git add Dockerfile
[root@server1 demo]# git commit -m "add Dockerfile"
[main e692acb] add Dockerfile
1 file changed, 1 insertion(+)
create mode 100644 Dockerfile
[root@server1 demo]# git push -u origin main
Counting objects: 4, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 314 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@172.25.12.1:root/demo.git
ec6b725..e692acb main -> main
Branch main set up to track remote branch main from origin.
[root@server1 demo]#
确认一下
[root@server2 ~]# cd /var/lib/jenkins/workspace/demo
[root@server2 demo]# ls
Dockerfile index.html README.md
下载一个插件
删除shell
选择构建步骤
更改demo的构建
添加连接仓库的钥匙
点高级 关闭force pull
保存
修改套接字文件权限
[root@server2 demo]# ll /var/run/docker.sock
srw-rw---- 1 root docker 0 Aug 13 20:14 /var/run/docker.sock
[root@server2 demo]# chmod 777 /var/run/docker.sock
[root@server2 demo]# ll /var/run/docker.sock
srwxrwxrwx 1 root docker 0 Aug 13 20:14 /var/run/docker.sock
手动构建
成功运行
查看harbor仓库
拉取harbor仓库镜像
创建一个docker项目拉取运行镜像,自由风格
更改配置 设置触发器
sell构建 保存
在server1上更新更改标签v1为v2
[root@server1 demo]# vim Dockerfile
[root@server1 demo]# cat Dockerfile
FROM myapp:v2
[root@server1 demo]# git commit -a -m "update Dockerfile"
[main 6018bc5] update Dockerfile
1 file changed, 1 insertion(+), 1 deletion(-)
[root@server1 demo]# git push -u origin main
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 315 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@172.25.12.1:root/demo.git
e692acb..6018bc5 main -> main
Branch main set up to track remote branch main from origin.
手动构建demo
查看demo控制器 成功上传myapp:v2
查看docker控制器 成功运行
核对一下docker控制器输出容器id 成功运行
[root@server2 demo]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
67e26f6aef34 reg.westos.org/library/demo:latest "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp myapp
[root@server2 demo]# curl localhost
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
SSH方式进行jenkins操作
开一个虚拟机server3 部署docker
31 scp server2:/etc/hosts /etc/
32 ls
33 cd /etc/host
34 cat /etc/hosts
35 scp server2:/etc/yum.repos.d/docker.repo /etc/yum.repos.d/
36 yum install -y docker-ce
37 systemctl enable docker.service --now
38 scp server2:/etc/sysctl.d/docker.conf /etc/sysctl.d/
39 scp server2:/etc/docker/daemon.json /etc/docker/
40 sysctl --system
41 systemctl restart docker.service
42 docker info
43 scp -r server2:/etc/docker/certs.d/ /etc/docker/
添加ssh插件
在docker配置里面 添加 ssh sites
凭证
添加构建步骤 ssh
删除之前的shell
把之前的shell命令复制到ssh构建里面
添加之后手动构建docker
查看docker控制器输出 成功
查看容器是否运行
[root@server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b84e54195400 demo:latest "nginx -g 'daemon of…" 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp myapp
[root@server3 ~]# curl localhost
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
jenkins节点管理–添加agent节点
将server3配置成jenkins的agent端(也可以再开一个虚拟机当agent端)
[root@server3 ~]# ls
anaconda-ks.cfg jdk-8u171-linux-x64.rpm
[root@server3 ~]# rpm -ivh jdk-8u171-linux-x64.rpm
[root@server3 ~]# yum install -y git
安装agent插件
节点管理----新建节点
点击确认之后更改agent端配置
保存
添加成功
为了实验效果 把master关闭
构建docker
查看控制器输出
容器id一致
[root@server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e612161aca79 demo:latest "nginx -g 'daemon of…" 8 minutes ago Up 8 minutes 0.0.0.0:80->80/tcp myapp
测试完毕 打开master 删除agent
jenkins用户管理
选管理用户
新创建用户chen
系统配置-全局安全配置
授权策略是 所有用户有全部权限
安装role插件
安装完插件选择role-based strategy
此时登陆chen发现没有权限
选择 manage and assign roles
管理角色
添加一个全局角色和一个组角色并分配权限 保存
分配角色
给chen添加users和demo的角色 保存
再次登陆chen发现有了读的权限,管理权限没有了
用admin再添加一个demo开头的项目
再次登陆chen 点开demo
项目发现有管理权限
jenkins结合ansible prod节点部署httpd服务
server2安装ansible
[root@server2 yum.repos.d]# yum install -y ansible
gitlab创建一个playbook项目
克隆到server1 上
[root@server1 ~]# git clone git@172.25.12.1:root/playbook.git
Cloning into 'playbook'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.
编辑playbook
[root@server1 ~]# cd playbook/
[root@server1 playbook]# ls
README.md
[root@server1 playbook]# vim playbook.yaml
[root@server1 playbook]# ls
playbook.yaml README.md
[root@server1 playbook]# cat playbook.yaml
---
- hosts: all
tasks:
- name: install apache
yum:
name: httpd
state: present
- name: configure apache
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify: restart apache
- name: start apache
service:
name: httpd
enabled: yes
state: started
handlers:
- name: restart apache
service:
name: httpd
state: restarted
编辑ansible.cfg配置文件
[root@server1 playbook]# vim ansible.cfg
[root@server1 playbook]# cat ansible.cfg
[defaults]
command_warnings=False
remote_user=devops
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
创建inventory目录,test用于测试,pord用于生产部署
[root@server1 playbook]# mkdir inventory
[root@server1 playbook]# cd inventory/
[root@server1 inventory]# vim prod
[root@server1 inventory]# cat prod
server4 http_port=80
[root@server1 inventory]# vim test
[root@server1 inventory]# cat test
server3 http_port=8080
修改apache配置文件为jinja2模板,使用变量
[root@server1 playbook]# mv httpd.conf httpd.conf.j2
[root@server1 playbook]# ls
ansible.cfg httpd.conf.j2 inventory playbook.yaml README.md
[root@server1 playbook]# vim httpd.conf.j2
42 Listen {{ http_port }}
push所有文件到gitlab
[root@server1 playbook]# git add .
[root@server1 playbook]# git status -s
A ansible.cfg
A httpd.conf.j2
A inventory/prod
A inventory/test
A playbook.yaml
[root@server1 playbook]# git commit -m "v1"
[main 44f3568] v1
5 files changed, 389 insertions(+)
create mode 100644 ansible.cfg
create mode 100644 httpd.conf.j2
create mode 100644 inventory/prod
create mode 100644 inventory/test
create mode 100644 playbook.yaml
[root@server1 playbook]# git push -u origin main
Counting objects: 9, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (8/8), 5.22 KiB | 0 bytes/s, done.
Total 8 (delta 0), reused 0 (delta 0)
To git@172.25.12.1:root/playbook.git
d56434f..44f3568 main -> main
Branch main set up to track remote branch main from origin.
jenkins创建ansible项目
自由风格
先用shell测试一下
构建
ansible项目gitlab与jenkins连接成功
创建用户,修改密码,sudo授权,server3/4都要做 而且两节点的用户id相同
[root@server3 ~]# useradd devops
[root@server3 ~]# id devops
uid=1000(devops) gid=1000(devops) groups=1000(devops)
[root@server3 ~]# echo westos | passwd --stdin devops
Changing password for user devops.
passwd: all authentication tokens updated successfully.
[root@server3 ~]# visudo
101 devops ALL=(ALL) NOPASSWD:ALL
server2 切换用户到jenkins 使用bash
[root@server2 ansible]# usermod -s /bin/bash jenkins
[root@server2 ansible]# su - jenkins
-bash-4.2$ ls
com.cloudbees.hudson.plugins.folder.config.AbstractFolderConfiguration.xml
com.dabsquared.gitlabjenkins.connection.GitLabConnectionConfig.xml
com.dabsquared.gitlabjenkins.GitLabPushTrigger.xml
config.xml
credentials.xml
fingerprints
hudson.model.UpdateCenter.xml
hudson.plugins.git.GitSCM.xml
hudson.plugins.git.GitTool.xml
hudson.tasks.Mailer.xml
hudson.tasks.Shell.xml
hudson.triggers.SCMTrigger.xml
identity.key.enc
io.jenkins.plugins.junit.storage.JunitTestResultStorageConfiguration.xml
jenkins.fingerprints.GlobalFingerprintConfiguration.xml
jenkins.install.InstallUtil.lastExecVersion
jenkins.install.UpgradeWizard.state
jenkins.model.ArtifactManagerConfiguration.xml
jenkins.model.GlobalBuildDiscarderConfiguration.xml
jenkins.model.JenkinsLocationConfiguration.xml
jenkins.security.apitoken.ApiTokenPropertyConfiguration.xml
jenkins.security.QueueItemAuthenticatorConfiguration.xml
jenkins.security.ResourceDomainConfiguration.xml
jenkins.security.UpdateSiteWarningsConfiguration.xml
jenkins.tasks.filters.EnvVarsFilterGlobalConfiguration.xml
jenkins.telemetry.Correlator.xml
jobs
logs
nodeMonitors.xml
nodes
org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml
org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml
org.jenkins.plugins.lockableresources.LockableResourcesManager.xml
org.jvnet.hudson.plugins.SSHBuildWrapper.xml
plugins
queue.xml
queue.xml.bak
secret.key
secret.key.not-so-secret
secrets
update-center-rootCAs
updates
updates-center-rootCAs
userContent
users
workflow-libs
workspace
-bash-4.2$
-bash-4.2$ cd workspace/
-bash-4.2$ ls
ansible ansible@tmp demo demo@tmp docker
-bash-4.2$ cd ansible
-bash-4.2$ ls
ansible.cfg httpd.conf.j2 inventory playbook.yaml README.md
给server3/4上的devops用户做免密认证
-bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/jenkins/.ssh/id_rsa.
Your public key has been saved in /var/lib/jenkins/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:AUsvMijcpj+UZe1IZbYAGxHZ2r1TKNOYToNw5+dwRyU jenkins@server2
The key's randomart image is:
+---[RSA 2048]----+
| =*.o+ E.. |
|...+o+*+... |
|..++O+Bo= |
| .oo=&oB + |
| . oo.O.S |
| o . + |
| o . |
| . |
| |
+----[SHA256]-----+
-bash-4.2$
-bash-4.2$ ssh-copy-id devops@server3
-bash-4.2$ ssh-copy-id devops@server4
jenkins配置ansible项目
ansible配置 参数化构建过程选择选项参数
修改shell
先构建test测试
构建成功
server3查看端口8080
[root@server3 ~]# netstat -antlp | grep :8080
tcp6 0 0 :::8080 :::* LISTEN 20647/httpd
构建prod
查看一下端口80
[root@server4 ~]# netstat -antlp | grep :80
tcp 0 0 172.25.12.4:49204 172.25.12.250:80 TIME_WAIT -
tcp 0 0 172.25.12.4:49200 172.25.12.250:80 TIME_WAIT -
tcp 0 0 172.25.12.4:49206 172.25.12.250:80 TIME_WAIT -
tcp 0 0 172.25.12.4:49196 172.25.12.250:80 TIME_WAIT -
tcp 0 0 172.25.12.4:49198 172.25.12.250:80 TIME_WAIT -
tcp 0 0 172.25.12.4:49202 172.25.12.250:80 TIME_WAIT -
tcp 0 0 172.25.12.4:49194 172.25.12.250:80 TIME_WAIT -
tcp 0 0 172.25.12.4:49192 172.25.12.250:80 TIME_WAIT -
tcp6 0 0 :::80 :::* LISTEN 14505/httpd
prod节点成功部署httpd
[root@server1 inventory]# cat test
server3 http_port=8080
[root@server1 inventory]# cat prod
server4 http_port=80
jenkins结合k8s
方法一:
ssh方式连接k8s master节点,然后执行kubectl命令即可。
方法二:
使用插件的方式管理k8s。
