1、创建docker-compose.yml
version: '3.5'
services:
gitlab:
image: gitlab/gitlab-ce:latest
hostname: xxx.xxx.xxx
restart: unless-stopped
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['gitlab_shell_ssh_port'] = 22
ports:
- "8000:80"
- "8822:22"
volumes:
- ./config/gitlab:/etc/gitlab
- ./data/gitlab:/var/opt/gitlab
- ./logs:/var/log/gitlab
networks:
- gitlab
gitlab-runner:
image: gitlab/gitlab-runner:alpine
restart: unless-stopped
depends_on:
- gitlab
privileged: true
volumes:
- ./config/gitlab-runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
- /bin/docker:/bin/docker
networks:
- gitlab
networks:
gitlab:
解决:docker命令找不到问题。
在编写gitlab-runner的docker-compose.yml时候加上 挂载宿主机docker命令
# 开启授权访问
privileged: true
volumes:
# 映射宿主机的docker命令给Gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
- /bin/docker:/bin/docker注:宿主机文件/var/run/docker.sock权限666
解决 ERROR:Docker Got permission denied while trying to connect to the Docker daemon socket at unix://
chmod 666 /var/run/docker.sock
把当前用户加入docker组
sudo usermod -aG docker $USER
修改docker服务配置/usr/lib/systemd/system/docker.service
#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375
2、注册runner到Gitlab
docker exec -it gitlab-runner gitlab-runner register
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
http://xxx.xxx.xxx
Please enter the gitlab-ci token for this runner:
xxxxxxxxxxxxxxxx
Please enter the gitlab-ci description for this runner:
[1233412312]:xxxxxxxxx
Please enter the gitlab-ci tags for this runner (comma separated):
xxxxxxxxx
Whether to run untagged builds [true/false]:
[false]: true
Whether to lock the Runner to current project [true/false]:
[true]: true
Registering runner... succeeded runner=Fx1jQzBW
Please enter the executor: docker-ssh+machine, kubernetes, docker-ssh, shell, virtualbox, docker+machine, docker, parallels, ssh:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
3、配置项目Gitlab变量
4、进入Gitlab-runner容器,生成远程部署服务器免密登录私钥和公钥。
5、在第三步中新增变量SSH_PRIVATE_KEY,它的值是第四步中生成的私钥。(~/.ssh/id_rsa)
4、配置项目.gitlab-ci.yml文件
# This file is a template, and might need editing before it works on your project.
# Official docker image.
stages:
- build_image
- push_image
- deploy
before_script:
# Setup SSH deploy keys
- eval $(ssh-agent -s)
- ssh-add <(echo "$SSH_PRIVATE_KEY")
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
- docker info
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
build_image:
stage: build_image
script:
- docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
push_image:
stage: push_image
script:
- docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
- docker rmi "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
deploy_image:
stage: deploy
script:
- ssh USER@IP "/home/XXX/项目名-deploy.sh"
5、配置项目Dockerfile
FROM maven:3-jdk-8-alpine
WORKDIR /usr/src/app
COPY . /usr/src/app
RUN mvn package
ENV PORT 5000
EXPOSE $PORT
CMD [ "sh", "-c", "mvn -Dserver.port=${PORT} spring-boot:run" ]
6、配置远程部署服务器当前用户的部署脚本(deploy.sh)
#! /bin/bash
TAG=私仓镜像(不含tag)
IMAGE=私仓镜像:latest
PORTS=宿主机端口:容器端口
UUID=$(uuidgen |sed 's/-//g')
UUID="DEV-$UUID"
echo "=======================Generate UUID = ${UUID}"
echo "=======================Docker logining..."
docker login -u 用户名 -p 密码 私仓
echo "=======================Docker old tag $TAG:$UUID"
docker tag $IMAGE $TAG:$UUID || true
echo "=======================Docker old push $TAG:$UUID"
docker push $TAG:$UUID || true
echo "=======================Docker old delete $TAG:$UUID"
docker rmi $TAG:$UUID || true
echo "======================Docker replace new image..."
docker stop 服务容器 || true
docker rm 服务容器 || true
docker rmi $IMAGE || true
docker pull $IMAGE
docker run -d -p $PORTS --restart=always --name 服务容器 $IMAGE
先备份旧版镜像,然后再更新新版镜像。
旧版镜像命名规则=镜像名+:前缀(DEV-)+UUID
新版镜像命名规则=镜像名+:latest
7、配置远程部署服务器docker私仓地址
vim /etc/docker/daemon.json
{
"insecure-registries":["私仓地址"]
}
# 重启daemon程序
systemctl daemon-reload
# 重启docker服务
systemctl restart docker