部署zk集群
Zookeeper是Dubbo微服务集群的注册中心
它的高可用机制和k8s的etcd集群一致
由java编写,所以需要jdk环境
| 主机名 | 角色 | ip |
|---|---|---|
| hdss7-11.host.com | k8s代理节点1,zk1 | 10.4.7.11 |
| hdss7-12.host.com | k8s代理节点2,zk2 | 10.4.7.12 |
| hdss7-21.host.com | k8s运算节点1,zk3 | 10.4.7.21 |
| hdss7-22.host.com | k8s运算节点2,jenkins | 10.4.7.21 |
| hdss7-200.host.com | k8s运算节点(docker仓库) | 10.4.7.21 |
部署zookeeper
安装jdk1.8(3台zk角色主机)
jdk下载地址
https://www.oracle.com/java/technologies/javase-jdk16-downloads.html
[root@hdss7-11 ~]# cd /opt/
[root@hdss7-11 opt]# mkdir src
[root@hdss7-11 opt]# cd src/
[root@hdss7-11 src]# rz -E
rz waiting to receive.
[root@hdss7-11 src]# ll
总用量 141540
-rw-r--r--. 1 root root 144935989 7月 3 01:42 jdk-8u291-linux-x64.tar.gz
[root@hdss7-11 src]# mkdir /usr/java
[root@hdss7-11 src]# tar xf jdk-8u291-linux-x64.tar.gz -C /usr/java/
[root@hdss7-11 src]# ln -s /usr/java/jdk1.8.0_291/ /usr/java/jdk
[root@hdss7-11 src]# ll /usr/java/
总用量 0
lrwxrwxrwx. 1 root root 23 8月 31 19:21 jdk -> /usr/java/jdk1.8.0_291/
drwxr-xr-x. 8 10143 10143 273 4月 8 03:26 jdk1.8.0_291
[root@hdss7-11 src]# vim /etc/profile
[root@hdss7-11 src]# tail -5 /etc/profile
unset -f pathmunge
export JAVA_HOME=/usr/java/jdk
export PATH=$JAVA_HOME/bin:$JAVA_HOME/bin:$PATH
export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar
[root@hdss7-11 src]#
[root@hdss7-11 src]# source /etc/profile
[root@hdss7-11 src]# java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
[root@hdss7-11 src]#
然后在12上和21上都同样部署下
[root@hdss7-12 ~]# cd /opt/
[root@hdss7-12 opt]# ll
total 12
lrwxrwxrwx. 1 root root 18 Aug 29 12:12 etcd -> /opt/etcd-v3.1.20/
drwxr-xr-x. 4 etcd etcd 4096 Aug 29 12:13 etcd-v3.1.20
drwxr-xr-x. 2 root root 4096 Oct 31 2018 rh
drwxr-xr-x. 2 root root 4096 Aug 29 12:11 src
[root@hdss7-12 opt]# cd src/
[root@hdss7-12 src]# ll
total 9620
-rw-r--r--. 1 root root 9850227 May 25 22:31 etcd-v3.1.20-linux-amd64.tar.gz
[root@hdss7-12 src]# mkdir /usr/java
[root@hdss7-12 src]# tar xf jdk-8u291-linux-x64.tar.gz -C /usr/java/
[root@hdss7-12 src]# ln -s /usr/java/jdk1.8.0_291/ /usr/java/jdk
[root@hdss7-12 src]# ll /usr/java
total 4
lrwxrwxrwx. 1 root root 23 Aug 31 19:28 jdk -> /usr/java/jdk1.8.0_291/
drwxr-xr-x. 8 10143 10143 4096 Apr 8 03:26 jdk1.8.0_291
[root@hdss7-12 src]# vi /etc/profile
[root@hdss7-12 src]# source /etc/profile
[root@hdss7-12 src]# java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
[root@hdss7-12 src]# scp jdk-8u291-linux-x64.tar.gz 10.4.7.21:/opt/src
The authenticity of host '10.4.7.21 (10.4.7.21)' can't be established.
ECDSA key fingerprint is SHA256:YgFtoZE7xde9aM75T9GEitcoTWIlZ0YcZup8ZNyikMI.
ECDSA key fingerprint is MD5:36:b2:82:4b:05:02:b5:be:15:a2:9b:a6:ac:c8:46:50.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.4.7.21' (ECDSA) to the list of known hosts.
root@10.4.7.21's password:
jdk-8u291-linux-x64.tar.gz 100% 138MB 128.5MB/s 00:01
[root@hdss7-12 src]#
[root@hdss7-21 ~]# cd /opt/src/
[root@hdss7-21 src]# ll
total 593876
-rw-r--r--. 1 root root 9850227 May 25 22:31 etcd-v3.1.20-linux-amd64.tar.gz
-rw-r--r-- 1 root root 9565743 Jan 29 2019 flannel-v0.11.0-linux-amd64.tar.gz
-rw-r--r-- 1 root root 144935989 Aug 31 19:30 jdk-8u291-linux-x64.tar.gz
-rw-r--r--. 1 root root 443770238 Jun 1 20:56 kubernetes-server-linux-amd64-v1.15.2.tar.gz
[root@hdss7-21 src]# mkdir /usr/java
[root@hdss7-21 src]# tar xf jdk-8u291-linux-x64.tar.gz -C /usr/java
[root@hdss7-21 src]# ln -s /usr/java/jdk1.8.0_291/ /usr/java/jdk
[root@hdss7-21 src]# vi /etc/profile
[root@hdss7-21 src]# source /etc/profile
[root@hdss7-21 src]# java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
[root@hdss7-21 src]#
然后下载zookeeper进行部署
下载地址
https://archive.apache.org/dist/zookeeper/
[root@hdss7-11 src]# rz -E
rz waiting to receive.
[root@hdss7-11 src]# ll
总用量 178336
-rw-r--r--. 1 root root 144935989 7月 3 01:42 jdk-8u291-linux-x64.tar.gz
-rw-r--r--. 1 root root 37676320 7月 6 22:29 zookeeper-3.4.14.tar.gz
[root@hdss7-11 src]# tar xf zookeeper-3.4.14.tar.gz -C /opt
[root@hdss7-11 src]# scp zookeeper-3.4.14.tar.gz 10.4.7.12:/opt/src
zookeeper-3.4.14.tar.gz 100% 36MB 120.2MB/s 00:00
[root@hdss7-11 src]# scp zookeeper-3.4.14.tar.gz 10.4.7.21:/opt/src
zookeeper-3.4.14.tar.gz 100% 36MB 113.1MB/s 00:00
[root@hdss7-11 src]# ^C
[root@hdss7-11 src]# cd ..
[root@hdss7-11 opt]# ln -s /opt/zookeeper-3.4.14/ /opt/zookeeper
[root@hdss7-11 opt]# ^C
[root@hdss7-11 opt]# mkdir -pv /opt/zookeeper/data /data/zookeeper/logs
mkdir: 已创建目录 "/opt/zookeeper/data"
mkdir: 已创建目录 "/data"
mkdir: 已创建目录 "/data/zookeeper"
mkdir: 已创建目录 "/data/zookeeper/logs"
[root@hdss7-11 opt]# ^C
[root@hdss7-11 opt]# vi /opt/zookeeper/conf/zoo.cfg
[root@hdss7-11 opt]# cat /opt/zookeeper/conf/zoo.cfg
tickTime=2000
initLimit=10
syncLimit=5
dataDir=/data/zookeeper/data
dataLogDir=/data/zookeeper/logs
clientPort=2181
server.1=zk1.od.com:2888:3888
server.2=zk2.od.com:2888:3888
server.3=zk3.od.com:2888:3888
[root@hdss7-11 opt]# ll
总用量 4
drwxr-xr-x. 2 root root 6 10月 31 2018 rh
drwxr-xr-x. 2 root root 71 8月 31 19:39 src
lrwxrwxrwx. 1 root root 22 8月 31 19:42 zookeeper -> /opt/zookeeper-3.4.14/
drwxr-xr-x. 15 2002 2002 4096 8月 31 19:44 zookeeper-3.4.14
[root@hdss7-11 opt]# scp /opt/zookeeper/conf/zoo.cfg 10.4.7.12:/opt/zookeeper/conf/
zoo.cfg 100% 206 210.3KB/s 00:00
[root@hdss7-11 opt]# scp /opt/zookeeper/conf/zoo.cfg 10.4.7.21:/opt/zookeeper/conf/
zoo.cfg 100% 206 95.7KB/s 00:00
[root@hdss7-11 opt]# ^C
更改下dns的配置
[root@hdss7-11 opt]# vim /var/named/od.com.zone
[root@hdss7-11 opt]# cat /var/named/od.com.zone
$ORIGIN od.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
2021052306 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.od.com.
$TTL 60 ; 1 minute
dns A 10.4.7.11
harbor A 10.4.7.200
k8s-yaml A 10.4.7.200
traefik A 10.4.7.10
dashboard A 10.4.7.10
zk1 A 10.4.7.11
zk2 A 10.4.7.12
zk3 A 10.4.7.21
[root@hdss7-11 opt]# systemctl restart named
[root@hdss7-11 opt]# dig -t A zk1.od.com @10.4.7.11 +short
10.4.7.11
[root@hdss7-11 opt]#
[root@hdss7-11 opt]# mkdir /data/zookeeper/data/
[root@hdss7-11 opt]# vi /data/zookeeper/data/myid
[root@hdss7-11 opt]# cat /data/zookeeper/data/myid
1
另外两个也更改下
[root@hdss7-12 opt]# cat /data/zookeeper/data/myid
2
[root@hdss7-21 opt]# cat /data/zookeeper/data/myid
3
然后启动三个节点的zookeeper
[root@hdss7-11 data]# /opt/zookeeper/bin/zkServer.sh start
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED
[root@hdss7-11 data]# ^C
[root@hdss7-11 data]# ps aux |grep zoo
root 26361 1.6 1.4 4302472 57392 pts/2 Sl 20:05 0:00 /usr/java/jdk/bin/java -Dzookeeper.log.dir=. -Dzookeeper.root.logger=INFO,CONSOLE -cp /opt/zookeeper/bin/../zookeeper-server/target/classes:/opt/zookeeper/bin/../build/classes:/opt/zookeeper/bin/../zookeeper-server/target/lib/*.jar:/opt/zookeeper/bin/../build/lib/*.jar:/opt/zookeeper/bin/../lib/slf4j-log4j12-1.7.25.jar:/opt/zookeeper/bin/../lib/slf4j-api-1.7.25.jar:/opt/zookeeper/bin/../lib/netty-3.10.6.Final.jar:/opt/zookeeper/bin/../lib/log4j-1.2.17.jar:/opt/zookeeper/bin/../lib/jline-0.9.94.jar:/opt/zookeeper/bin/../lib/audience-annotations-0.5.0.jar:/opt/zookeeper/bin/../zookeeper-3.4.14.jar:/opt/zookeeper/bin/../zookeeper-server/src/main/resources/lib/*.jar:/opt/zookeeper/bin/../conf::/usr/java/jdk/lib:/usr/java/jdk/lib/tools.jar -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.local.only=false org.apache.zookeeper.server.quorum.QuorumPeerMain /opt/zookeeper/bin/../conf/zoo.cfg
root 26521 0.0 0.0 112724 988 pts/2 S+ 20:06 0:00 grep --color=auto zoo
[root@hdss7-11 data]#
可以看先那个是主
[root@hdss7-11 bin]# /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: follower
[root@hdss7-12 data]# /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: leader ##主
[root@hdss7-21 data]# /opt/zookeeper/bin/zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /opt/zookeeper/bin/../conf/zoo.cfg
Mode: follower
安装部署jenkins准备工作
准备镜像
官方地址::
https://www.jenkins.io/download/
[root@hdss7-200 ~]# docker pull jenkins/jenkins:2.190.3
2.190.3: Pulling from jenkins/jenkins
9a0b0ce99936: Pull complete
db3b6004c61a: Pull complete
f8f075920295: Pull complete
6ef14aff1139: Downloading 1.202MB
962785d3b7f9: Download complete
631589572f9b: Download complete
c55a0c6f4c7b: Download complete
4e96cf3bdc20: Download complete
e0b44ce6ec69: Download complete
d961082c76f4: Download complete
5a229d171c71: Download complete
64514e4513d4: Download complete
6797bb506402: Download complete
b8d0a307156c: Download complete
b17b306b4a0a: Download complete
e47bd954be8f: Download complete
b2d9d6b1cd91: Download complete
fa537a81cda1: Download complete
2.190.3: Pulling from jenkins/jenkins
9a0b0ce99936: Pull complete
db3b6004c61a: Pull complete
f8f075920295: Pull complete
6ef14aff1139: Pull complete
962785d3b7f9: Pull complete
631589572f9b: Pull complete
c55a0c6f4c7b: Pull complete
4e96cf3bdc20: Pull complete
e0b44ce6ec69: Pull complete
d961082c76f4: Pull complete
5a229d171c71: Pull complete
64514e4513d4: Pull complete
6797bb506402: Pull complete
b8d0a307156c: Pull complete
b17b306b4a0a: Pull complete
e47bd954be8f: Pull complete
b2d9d6b1cd91: Pull complete
fa537a81cda1: Pull complete
Digest: sha256:64576b8bd0a7f5c8ca275f4926224c29e7aa3f3167923644ec1243cd23d611f3
Status: Downloaded newer image for jenkins/jenkins:2.190.3
docker.io/jenkins/jenkins:2.190.3
[root@hdss7-200 ~]# docker pull jenkins/jenkins:2.190.3
^C
[root@hdss7-200 ~]# docker images |grep 2.19
jenkins/jenkins 2.190.3 22b8b9a84dbe 21 months ago 568MB
goharbor/harbor-registryctl v1.8.3 9dc783842a19 23 months ago 97.2MB
goharbor/registry-photon v2.7.1-patch-2819-v1.8.3 a05e085842f5 23 months ago 82.3MB
[root@hdss7-200 ~]# docker tag 22b8b9a84dbe harbor.od.com/public/jenkins:v2.190.3
[root@hdss7-200 ~]# docker push !$
docker push harbor.od.com/public/jenkins:v2.190.3
The push refers to repository [harbor.od.com/public/jenkins]
e0485b038afa: Pushed
2950fdd45d03: Pushed
cfc53f61da25: Pushed
29c489ae7aae: Pushed
473b7de94ea9: Pushed
6ce697717948: Pushed
0fb3a3c5199f: Pushed
23257f20fce5: Pushed
b48320151ebb: Pushed
911119b5424d: Pushed
5051dc7ca502: Pushed
a8902d6047fe: Pushed
99557920a7c5: Pushed
7e3c900343d0: Pushed
b8f8aeff56a8: Pushed
687890749166: Pushed
2f77733e9824: Pushed
97041f29baff: Pushed
v2.190.3: digest: sha256:64576b8bd0a7f5c8ca275f4926224c29e7aa3f3167923644ec1243cd23d611f3 size: 4087
[root@hdss7-200 ~]# cd /data/
[root@hdss7-200 data]# ls
docker harbor k8s-yaml
[root@hdss7-200 data]# mkdir dockerfile
[root@hdss7-200 data]# cd docker
[root@hdss7-200 docker]# cd ..
[root@hdss7-200 data]# cd dockerfile/
[root@hdss7-200 dockerfile]# mkdir jenkins
[root@hdss7-200 dockerfile]# cd jenkins/
[root@hdss7-200 jenkins]# cd
[root@hdss7-200 ~]# ssh-keygen -t rsa -b 2048 -C "609436769@qq.com" -N "" -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1MznnFVz/aF2lyVopnlOp6joeRJluadMqK5+/gm1I+4 609436769@qq.com
The key's randomart image is:
+---[RSA 2048]----+
| . .+|
| + + .o=|
| ..+=. o.=|
| .+ o+o=.oo|
| .+S. ==o. .|
| .o.o o o |
| o.o= + |
| .ooo+= |
| .o*Eo=o |
+----[SHA256]-----+
[root@hdss7-200 ~]# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMOW5lRkfksDEUTA0B3Q+2G1M/fwiXuFxLerhGrgC5eoT0IKlT+H3HsmiAFACYzFTM86Y8Ana5tARzhPK+1eHA6JMrv0r2r2QK17NDLoQS7nVRQCmS5cnJOl5uCyA1LEm/YhjLZ6VMmWAPsJCFeM8VkDHxPRT6K6zuipt4WZSD/Q0iZRfO+1PrrHuHbolTWhqfIR19kaZszI2bnZAEt0A7Jasvm/hFLmq2EPCZWvcPCQGao8oEi1M0torE5+crnJ3vTcEAEXonMjqjGsQN/8mRYXayWSwVdd40RivP9zmNgzc2PoRbzQNu94SggnELKCIphRdGQbOrOMJCY0Z7cBGb 609436769@qq.com
[root@hdss7-200 ~]#
然后在浏览器上进行授权
https://gitee.com/profile/sshkeys
自定义Dockerfile
在运维主机HDSS7-200.host.com 上编辑自定义dockerfile
官方的Jenkins镜像时不能直接使用的,我们要去给它做一定的额配置
先做一下ssh秘钥—生成ssh秘钥对:
ssh-keygen -t rsa -b 2048 -C “609436769@qq.com” -N “” -f /root/.ssh/id_rsa
两种方法生成一个是ssh另一个是http
为什么要生成秘钥呢,因为Jenkins会用到,我们需要把公钥拷贝给老师。把私钥封装到Jenkins的docker镜像里面,老师会把公钥加到gitee仓库里面,在setting里面,把公钥贴到Add key里面就能拉到代码了
[root@hdss7-200 ~]# cat .ssh/id_rsa.pub ##查看的时候会发现有自己的邮箱信息了
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzH+SnKdeUKgYDtZmyCItzaDVSa5k3j19Yn9Q7Spe4m4bWz4srjHqUyOOTNHuKcWnMiegmye1EM+PQ3qa99ZshuEj9jmuwpDjlXMqumTk0l5Goe5tI8KOz2IEa6TkV3+YUDkmpdQweIuIa5l+KEPz9l3fWfHAY9yzlgPItFWHqfjCUbLzuWYCEi0ykWXW0cl+v5h/jYDu+lFpIp/eBC07ysnPeu5pSPr6SKDgfrW+rM8l8gZr6K6Gbg3nZGk+63LDrrLqSvgHCYRVtoIK3Ec6BaaDQ7zm7JoXiCkh5HSpCCcw+C/G3h196YbNzW1CmjFToqYPLA7F9R6Wzc3fahVWP 609436769@qq.com
在运维主机hdss7-200上进行操作
先编写一个新的dockerfile
/data/dockerfile/Dockerfile
FROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&
echo ‘Asia/Shanghai’ >/etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&
/get-docker.sh
这里Dockerfile里我们主要做了以下几件事
设置容器用户root
设置容器时区
将ssh私钥加入(使用get拉代码时要用到,配对的公钥应配置在gitlab中)
加入了登录自建harbor仓库的config文件
修改了ssh客户端的配置
安装一个docker的客户端
[root@hdss7-200 ~]# mkdir -pv /date/dockerfile
[root@hdss7-200 ~]# cd /date/dockerfile
[root@hdss7-200 dockerfile]# mkdir jenkins
[root@hdss7-200 dockerfile]# cd jenkins/
[root@hdss7-200 ~]# cd -
/data/dockerfile/jenkins
[root@hdss7-200 jenkins]# vim Dockerfile
[root@hdss7-200 jenkins]# vi Dockerfile
下面的地址可能后面会出错,最好还是用这个地址的内容吧:https://blog.csdn.net/Laiyunpeng666/article/details/120030302
[root@hdss7-200 jenkins]# curl -fsSL get.docker.com -o get-docker.sh
[root@hdss7-200 jenkins]# ll
total 24
-rw-r--r-- 1 root root 738 Aug 31 21:43 Dockerfile
-rw-r--r-- 1 root root 18617 Aug 31 21:43 get-docker.sh
[root@hdss7-200 jenkins]# chmod u+x get-docker.sh
[root@hdss7-200 jenkins]# cp /root/.ssh/id_rsa ./
[root@hdss7-200 jenkins]# cp /root/.docker/config.json ./
[root@hdss7-200 jenkins]# ll
total 32
-rw------- 1 root root 81 Aug 31 21:44 config.json
-rw-r--r-- 1 root root 738 Aug 31 21:43 Dockerfile
-rwxr--r-- 1 root root 18617 Aug 31 21:43 get-docker.sh
-rw------- 1 root root 1679 Aug 31 21:44 id_rsa
[root@hdss7-200 jenkins]# vi Dockerfile
[root@hdss7-200 jenkins]# cat Dockerfile
FROM harbor.od.com/public/jenkins:v2.190.3
#定义启动jenkins的用户
USER root
#修改时区 改成东八区
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
echo 'Asia/Shanghai' >/etc/timezone
#加载用户密钥,dubbo服务拉取代码使用的ssh
ADD id_rsa /root/.ssh/id_rsa
#加载宿主机的docker配置文件,登录远程仓库的认证信息加载到容器里面。
ADD config.json /root/.docker/config.json
#在jenkins容器内安装docker 客户端,jenkins要执行docker build,docker引擎用的是宿主机的docker引擎
ADD get-docker.sh /get-docker.sh
#跳过 ssh时候输入 yes 步骤,并执行安装docker
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&\
/get-docker.sh
[root@hdss7-200 jenkins]#
创建一个私有仓库
创建镜像
[root@hdss7-200 jenkins]# chmod +x get-docker.sh
[root@hdss7-200 jenkins]# ll
total 28
-rw------- 1 root root 81 Aug 31 21:44 config.json
-rw-r--r-- 1 root root 344 Aug 31 23:57 Dockerfile
-rwxr-xr-x 1 root root 13857 Sep 1 00:08 get-docker.sh
-rw------- 1 root root 1679 Aug 31 21:44 id_rsa
[root@hdss7-200 jenkins]# docker build . -t jenkins:v2.190.3
Sending build context to Docker daemon 20.48kB
Step 1/7 : FROM harbor.od.com/public/jenkins:v2.190.3
---> 22b8b9a84dbe
Step 2/7 : USER root
---> Using cache
---> a0335d37db97
Step 3/7 : RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo 'Asia/Shanghai' >/etc/timezone
---> Running in 3ba35b19d8ad
Removing intermediate container 3ba35b19d8ad
---> 08d9eaad22e5
Step 4/7 : ADD id_rsa /root/.ssh/id_rsa
---> a417ecdcf05f
Step 5/7 : ADD config.json /root/.docker/config.json
---> 1b59c87a23d7
Step 6/7 : ADD get-docker.sh /get-docker.sh
---> da0616a6df0d
Step 7/7 : RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config && /get-docker.sh
---> Running in 7efca71bd6fd
# Executing docker install script, commit: 3d8fe77c2c46c5b7571f94b42793905e5b3e42e4
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
debconf: delaying package configuration, since apt-utils is not installed
+ sh -c curl -fsSL "https://download.docker.com/linux/debian/gpg" | apt-key add -qq - >/dev/null
Warning: apt-key output should not be parsed (stdout is not a terminal)
+ sh -c echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" > /etc/apt/sources.list.d/docker.list
+ sh -c apt-get update -qq >/dev/null
+ [ -n ]
+ sh -c apt-get install -y -qq --no-install-recommends docker-ce >/dev/null
debconf: delaying package configuration, since apt-utils is not installed
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:
sudo usermod -aG docker your-user
Remember that you will have to log out and back in for this to take effect!
WARNING: Adding a user to the "docker" group will grant the ability to run
containers which can be used to obtain root privileges on the
docker host.
Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
for more information.
Removing intermediate container 7efca71bd6fd
---> 1bd70ab50568
Successfully built 1bd70ab50568
Successfully tagged jenkins:v2.190.3
[root@hdss7-200 jenkins]# ll
total 28
-rw------- 1 root root 81 Aug 31 21:44 config.json
-rw-r--r-- 1 root root 344 Aug 31 23:57 Dockerfile
-rwxr-xr-x 1 root root 13857 Sep 1 00:08 get-docker.sh
-rw------- 1 root root 1679 Aug 31 21:44 id_rsa
[root@hdss7-200 jenkins]# cat Dockerfile
FROM harbor.od.com/public/jenkins:v2.190.3
USER root
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
echo 'Asia/Shanghai' >/etc/timezone
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json
ADD get-docker.sh /get-docker.sh
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config && \
/get-docker.sh
[root@hdss7-200 jenkins]#
[root@hdss7-200 harbor]# docker tag 1bd70ab50568 harbor.od.com/infra/jenkins:v2.190.3
[root@hdss7-200 harbor]# docker push harbor.od.com/infra/jenkins:v2.190.3
The push refers to repository [harbor.od.com/infra/jenkins]
5aca2c3fce72: Pushed
a1e08d6c4712: Pushed
9efcd55aa349: Pushed
b238ad6d1ea3: Pushed
77cf820700b3: Pushed
e0485b038afa: Mounted from public/jenkins
2950fdd45d03: Mounted from public/jenkins
cfc53f61da25: Mounted from public/jenkins
29c489ae7aae: Mounted from public/jenkins
473b7de94ea9: Mounted from public/jenkins
6ce697717948: Mounted from public/jenkins
0fb3a3c5199f: Mounted from public/jenkins
23257f20fce5: Mounted from public/jenkins
b48320151ebb: Mounted from public/jenkins
911119b5424d: Mounted from public/jenkins
5051dc7ca502: Mounted from public/jenkins
a8902d6047fe: Mounted from public/jenkins
99557920a7c5: Mounted from public/jenkins
7e3c900343d0: Mounted from public/jenkins
b8f8aeff56a8: Mounted from public/jenkins
687890749166: Mounted from public/jenkins
2f77733e9824: Mounted from public/jenkins
97041f29baff: Mounted from public/jenkins
v2.190.3: digest: sha256:3cf756bb93a81fe6c51c6464e16bbed815e45cc353037a9f73f4dd00d7a577fd size: 5130
[root@hdss7-200 harbor]#
制作Jenkins的Docker镜像
-设置了容器启动时使用的用户为root
·设置容器内的时区为UTC+8
·加入了ssh私钥(拉取git代码的两种方式:基于http和基于ssh)
·加入登录harbor的config文件
·修改了ssh客户端的配置
-安装了一个docker客户端
·配置共享存储NFS
·交付Jenkins到K8S集群配置CI流水线
[root@hdss7-200 harbor]# docker run --rm harbor.od.com/infra/jenkins:v2.190.3 ssh -i /root/.ssh/id_rsa -T git@gitee.com
Warning: Permanently added 'gitee.com,154.213.2.253' (ECDSA) to the list of known hosts.
Hi yelinxiaosheng! You've successfully authenticated, but GITEE.COM does not provide shell access.
[root@hdss7-200 harbor]#
创建命名空间
[root@hdss7-21 data]# kubectl create ns infra
namespace/infra created
[root@hdss7-21 data]# kubectl create secret docker-registry harbor --docker-server=harbor.od.com --docker-username=admin --docker-password=Harbor12345 -n infra
secret/harbor created
[root@hdss7-21 data]#
准备共享存储,在200上
首先在21和22和200上安装nfs和依赖组件
yum -y install nfs-utils
yum -y install gssproxy.x86_64
yum -y install libcollection.x86_64
yum -y install libnfsidmap
yum -y install libtirpc
yum -y install quota-nls.noarch
yum -y install keyutils
yum -y install libevent
yum -y install libpath_utils
yum -y install libverto-libevent
yum -y install rpcbind
yum -y install libbasicobjects
yum -y install libini_config
yum -y install libref_array
yum -y install quota
yum -y install tcp_wrappers
[root@hdss7-200 harbor]# vi /etc/exports
[root@hdss7-200 harbor]# cat /etc/exports
/data/nfs-volume 10.4.7.0/24(rw,no_root_squash)
[root@hdss7-200 harbor]# mkdir /data/nfs-volume
[root@hdss7-200 harbor]# systemctl start nfs
[root@hdss7-200 harbor]# systemctl enable nfs
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
[root@hdss7-200 harbor]#
这里挂载了宿主机的docker.sock,使容器内的docker客户端可以直接与宿主机的docker引擎进行通信
在使用私有仓库的时候,资源清单中,一定要声明:
[root@hdss7-200 harbor]# cd /data/k8s-yaml/
[root@hdss7-200 k8s-yaml]# mkdir jenkins
[root@hdss7-200 k8s-yaml]# cd jenkins/
[root@hdss7-200 jenkins]# ll
total 0
[root@hdss7-200 jenkins]# vi dp.yaml
[root@hdss7-200 jenkins]# vi dp.yaml
[root@hdss7-200 jenkins]# vi svc.yaml
[root@hdss7-200 jenkins]# vi ingress.yaml
[root@hdss7-200 jenkins]# cat dp.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
labels:
app: jenkins
name: jenkins
spec:
volumes:
- name: data
nfs:
server: hdss7-200
path: /data/nfs-volume/jenkins_home
- name: docker
hostPath:
path: /run/docker.sock
type: ''
containers:
- name: jenkins
image: harbor.od.com/infra/jenkins:v2.190.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
protocol: TCP
env:
- name: JAVA_OPTS
value: -Xmx512m -Xms512m
volumeMounts:
- name: data
mountPath: /var/jenkins_home
- name: docker
mountPath: /run/docker.sock
imagePullSecrets:
- name: harbor
securityContext:
runAsUser: 0
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600
[root@hdss7-200 jenkins]# ll
total 12
-rw-r--r-- 1 root root 1165 Sep 1 01:25 dp.yaml
-rw-r--r-- 1 root root 245 Sep 1 01:26 ingress.yaml
-rw-r--r-- 1 root root 171 Sep 1 01:25 svc.yaml
[root@hdss7-200 jenkins]# cat ingress.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
spec:
rules:
- host: jenkins.od.com
http:
paths:
- path: /
backend:
serviceName: jenkins
servicePort: 80
[root@hdss7-200 jenkins]# cat svc.yaml
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: jenkins
[root@hdss7-200 jenkins]#
[root@hdss7-200 jenkins]# mkdir /data/nfs-volume/jenkins_home
创建出pod
[root@hdss7-21 ~]# file /run/docker.sock
/run/docker.sock: socket
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/dp.yaml
deployment.extensions/jenkins created
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/svc.yaml
service/jenkins created
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/jenkins/ingress.yaml
ingress.extensions/jenkins created
[root@hdss7-21 ~]# kubectl get all -n infra
NAME READY STATUS RESTARTS AGE
pod/jenkins-54b8469cf9-7v28q 1/1 Running 0 48s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/jenkins ClusterIP 192.168.110.33 <none> 80/TCP 42s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/jenkins 1/1 1 1 48s
NAME DESIRED CURRENT READY AGE
replicaset.apps/jenkins-54b8469cf9 1 1 1 48s
这个时候可以去看jenkins在21上起来后在200上挂载的位置是什么样的
需要解析下域名就能在浏览器访问了
[root@hdss7-11 bin]# vi /var/named/od.com.zone
[root@hdss7-11 bin]# cat /var/named/od.com.zone
$ORIGIN od.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
2021052307 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.od.com.
$TTL 60 ; 1 minute
dns A 10.4.7.11
harbor A 10.4.7.200
k8s-yaml A 10.4.7.200
traefik A 10.4.7.10
dashboard A 10.4.7.10
zk1 A 10.4.7.11
zk2 A 10.4.7.12
zk3 A 10.4.7.21
jenkins A 10.4.7.10
[root@hdss7-11 bin]# systemctl restart named
[root@hdss7-11 bin]# dig -t A jenkins.od.com @10.4.7.11 +short
10.4.7.10
[root@hdss7-11 bin]#
在浏览器输入Jenkins.od.com
这个时候去找下密码就能登录了
[root@hdss7-200 jenkins_home]# cat secrets/initialAdminPassword
4e8ee5d59fff4484b2d5c781a04df20d
[root@hdss7-200 jenkins_home]#
点击下面那个x掉
点击开始使用jenkins
点击Manage
然后选择这个进行选项调整
把下面的打上勾–允许匿名用户访问
把下面那个给勾掉-----取消阻止跨域请求
然后保存save
第二件事—选下面的plugins
然后搜blue
勾上—并且选择安装部署并重启Jenkins
点下面的重启,等待Jenkins重启-----重启后需要输入密码和账户
admin
然后点Jenkins
看到有下面的Bluid Queue 说明插件下载成功了
下面两个图是误导选项,不要管它哦
上面是选择并安装最适合的插件
选择默认安装插件
2513
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
