容器自动化（五）：jenkins+git+docker构建持续化集成环境.pdf-资料库

lrxmrlirixing-11379769-16359647258974984268.pdf-第1页.png

第1页 / 共30页

lrxmrlirixing-11379769-16359647258974984268.pdf-第2页.png

第2页 / 共30页

lrxmrlirixing-11379769-16359647258974984268.pdf-第3页.png

第3页 / 共30页

lrxmrlirixing-11379769-16359647258974984268.pdf-第4页.png

第4页 / 共30页

lrxmrlirixing-11379769-16359647258974984268.pdf-第5页.png

第5页 / 共30页

lrxmrlirixing-11379769-16359647258974984268.pdf-第6页.png

第6页 / 共30页

lrxmrlirixing-11379769-16359647258974984268.pdf-第7页.png

第7页 / 共30页

lrxmrlirixing-11379769-16359647258974984268.pdf-第8页.png

第8页 / 共30页

容器自动化（五）：jenkins+git+docker构建持续化集成环境云计算专题之容器自动化 --私人课件，不公开，不出版，禁止传播想做好运维工作，人先要学会勤快；居安而思危，勤记而补拙，方可不断提高；别人资料不论你用着再如何爽那也是别人的；自己总结东西是你自身特有的一种思想与理念的展现；精髓不是看出来的，精髓是记出来的；请同学们在学习的过程中养成好的学习习惯；勤于实践，抛弃教案，勤于动手，整理文档。一，CI/CD介绍

二，发布流程设计服务器 Git/Harbor IP地址 192.168.200.201

服务器 Docker Jenkins服务器工具 CentOS Maven Tomcat JDK Jenkins Docker CE IP地址 192.168.200.202 192.168.200.203 版本 7.5_x64 3.5 8 1.8 2.6 18.03.1 1. 2. 3. 4. [root@Harbor ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) [root@Harbor ~]# uname -r 3.10.0-862.3.3.el7.x86_64 三，部署Harbor镜像仓库服务器 Git/Harbor IP地址 192.168.200.201 1. 2. 3. 4. 5. 6. 7. 8. 9. #创建ca证书 [root@Harbor ~]# mkdir -p /data/ssl [root@Harbor ~]# cd /data/ssl [root@Harbor ssl]# which openssl /usr/bin/openssl [root@Harbor ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x50 9 -days 365 -out ca.crt Generating a 4096 bit RSA private key ................................................++ .................................................................................... .................................++

10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Beijing Locality Name (eg, city) [Default City]:Beijing Organization Name (eg, company) [Default Company Ltd]:yunjisuan Organizational Unit Name (eg, section) []:yunjisuan Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com Email Address []： #生成证书请求 [root@Harbor ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisu an.com.key -out www.yunjisuan.com.csr Generating a 4096 bit RSA private key .........................................................++ .................................................................................... ..................................++ writing new private key to 'www.yunjisuan.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Beijing Locality Name (eg, city) [Default City]:Beijing Organization Name (eg, company) [Default Company Ltd]:yunjisuan Organizational Unit Name (eg, section) []:yunjisuan Common Name (eg, your name or your servers hostname) []:www.yunjisuan.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:

#生成注册表主机的证书 [root@Harbor ssl]# openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.cr t -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt Signature ok subject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.com Getting CA Private Key [root@Harbor ssl]# ll -rw-r--r-- 1 root root 2049 7月 24 20:57 ca.crt -rw-r--r-- 1 root root 3272 7月 24 20:57 ca.key -rw-r--r-- 1 root root 17 7月 24 21:00 ca.srl -rw-r--r-- 1 root root 1931 7月 24 21:00 www.yunjisuan.com.crt -rw-r--r-- 1 root root 1716 7月 24 20:58 www.yunjisuan.com.csr -rw-r--r-- 1 root root 3272 7月 24 20:58 www.yunjisuan.com.key 53. 54. 55. 56. 57. 58. 59. 60. 总用量 24 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. #信任自签发的证书 [root@Harbor ssl]# scp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/ [root@Harbor ssl]# update-ca-trust enable [root@Harbor ssl]# update-ca-trust extract #安装docker-ce社区版 [root@Harbor ssl]# sestatus SELinux status: disabled [root@Harbor ssl]# yum -y install yum-utils device-mapper-persistent-data lvm2 [root@Harbor ssl]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2424 100 2424 0 0 412 0 0:00:05 0:00:05 --:--:-- 720 [root@Harbor ssl]# yum -y install docker-ce [root@Harbor ssl]# systemctl start docker [root@Harbor ssl]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@Harbor ssl]# docker version Client: Version: 18.06.0-ce API version: 1.38 Go version: go1.10.3 Git commit: 0ffa825 Built: Wed Jul 18 19:08:18 2018 OS/Arch: linux/amd64 Experimental: false 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94.

95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124. 125. 126. 127. 128. 129. 130. 131. 132. 133. 134. Server: Engine: Version: 18.06.0-ce API version: 1.38 (minimum version 1.12) Go version: go1.10.3 Git commit: 0ffa825 Built: Wed Jul 18 19:10:42 2018 OS/Arch: linux/amd64 Experimental: false #安装harbor仓库 [root@Harbor ssl]# mkdir -p /etc/ssl/harbor [root@Harbor ssl]# cp /data/ssl/www.yunjisuan.com.key /etc/ssl/harbor/ [root@Harbor ssl]# cp /data/ssl/www.yunjisuan.com.crt /etc/ssl/harbor/ [root@Harbor install]# wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offli ne-installer-v1.5.0.tgz [root@Harbor install]# ls harbor-offline-installer-v1.5.0.tgz [root@Harbor install]# tar xf harbor-offline-installer-v1.5.0.tgz [root@Harbor install]# cd harbor [root@Harbor harbor]# cp harbor.cfg{,.bak} [root@Harbor harbor]# vim harbor.cfg [root@Harbor harbor]# cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p' 7 hostname = www.yunjisuan.com 11 ui_url_protocol = https 23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt 24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key 68 harbor_admin_password = Harbor12345 #安装命令docker-compose（需要1.21版本） [root@Harbor ~]# curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose [root@Harbor ~]# chmod +x /usr/local/bin/docker-compose [root@Harbor ~]# which docker-compose /usr/local/bin/docker-compose [root@Harbor ~]# docker-compose -version docker-compose version 1.21.2, build a133471 #启动harbor私有镜像仓库 [root@Harbor harbor]# pwd /data/install/harbor [root@Harbor harbor]# ./install.sh --with-clair

为其他服务器下发证书，并映射域名 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. #为其他服务器下发证书 [root@Harbor harbor]# scp /data/ssl/www.yunjisuan.com.crt 192.168.200.202:/etc/pki /ca-trust/source/anchors/ The authenticity of host '192.168.200.202 (192.168.200.202)' can't be established. ECDSA key fingerprint is SHA256:DbY5ZLFytaIrrM0hUUSYj12DHprd/boGy3Kim6rMrJA. ECDSA key fingerprint is MD5:59:39:e3:1a:6e:f8:66:4e:0d:de:08:80:cc:89:f4:20. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.200.202' (ECDSA) to the list of known hosts. root@192.168.200.202's password: www.yunjisuan.com.crt 100% 1931 1.6MB/s 00 :00 [root@Harbor harbor]# scp /data/ssl/www.yunjisuan.com.crt 192.168.200.203:/etc/pki /ca-trust/source/anchors/ The authenticity of host '192.168.200.203 (192.168.200.203)' can't be established. ECDSA key fingerprint is SHA256:DbY5ZLFytaIrrM0hUUSYj12DHprd/boGy3Kim6rMrJA. ECDSA key fingerprint is MD5:59:39:e3:1a:6e:f8:66:4e:0d:de:08:80:cc:89:f4:20. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.200.203' (ECDSA) to the list of known hosts. root@192.168.200.203's password: www.yunjisuan.com.crt 100% 1931 1.9MB/s 00 :00 #在Docker客户端上（192.168.200.202） [root@DockerClient ~]# update-ca-trust enable [root@DockerClient ~]# update-ca-trust extract [root@DockerClient ~]# vim /etc/hosts [root@DockerClient ~]# tail -1 /etc/hosts 192.168.200.201 www.yunjisuan.com #在jenkins服务器上（192.168.200.203） [root@JenkinsServer ~]# update-ca-trust enable [root@JenkinsServer ~]# update-ca-trust extract [root@JenkinsServer ~]# vim /etc/hosts [root@JenkinsServer ~]# tail -1 /etc/hosts 192.168.200.201 www.yunjisuan.com 四，部署Git服务器

服务器 Git/Harbor Jenkins服务器 IP地址 192.168.200.201 192.168.200.203 以下操作在Harbor/Git上（192.168.200.201） #创建git用户密码 [root@Harbor ~]# useradd git [root@Harbor ~]# passwd git #在192.168.200.201上安装git [root@Harbor ~]# yum -y install git [root@Harbor ~]# which git /usr/bin/git 1. 2. 3. 4. 5. 6. 7. 8. 9. 更改用户 git 的密码。 10. 新的密码： 11. 无效的密码：密码少于 8 个字符 12. 重新输入新的密码： 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 初始化空的 Git 版本库于 /home/git/solo.git/ 23. 24. passwd：所有的身份验证令牌已经成功更新。 [root@Harbor ~]# su - git #创建git项目目录 [git@Harbor ~]$ mkdir solo.git [git@Harbor ~]$ cd solo.git/ #初始化git目录 [git@Harbor solo.git]$ git --bare init [git@Harbor solo.git]$ ls branches config description HEAD hooks info objects refs 以下的操作在Jenkins上（192.168.200.203） #在192.168.200.203上也安装git模拟项目代码提交 [root@JenkinsServer ~]# yum -y install git 1. 2. 3. 4. 5. 6. 正克隆到 'solo'... #下载用于模拟提交的java项目代码 [root@JenkinsServer ~]# git clone https://github.com/b3log/solo.git

资料库

容器自动化（五）：jenkins+git+docker构建持续化集成环境.pdf

相关推荐

操作系统

热门标签

最新资料