目前项目采用的部署方式是每个项目写一个Dockerfile,要发版时使用docker build -f Dockerfile image:tag .方式构建镜像,之后push到harbor,再到openshift上重启pod。
整个过程也很简单,毕竟Dockerfile只用写一次,但步骤稍显繁琐,而gitlab提供了gitlab-runner工具可以很方便的实现自动化部署。
下面介绍利用gitlab-runner实现自动化部署:
- 准备一台虚机,该虚机需要能连通gitlab,如果涉及到代码扫描,还需要能连上代码扫描的库;
- 虚机上安装gitlab-runner,需要先安装Git,gitlab-runner安装可以下载后安装(https://mirrors.cloud.tencent.com/gitlab-ci-multi-runner/yum/el7/gitlab-ci-multi-runner-9.5.1-1.x86_64.rpm);
- 虚机上安装sonar-scanner,需要先安装jdk,sonar-scanner下载后上传到指定目录即可(https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.5.0.2216-linux.zip);
- 虚机上安装go,设置go 环境变量,如export GOPATH="/midware/go";
- 虚机上安装openshift-client,是为了能够直接连接openshift进行部署操作(https://github.com/openshift/origin/releases/tag/v3.11.0);
- 虚机上执行gitlab-runner register,此时需要用到gitlab的URL和token,参照下图获取;此时设置的参数都可以在/etc/gitlab-runner/config.toml文件中查看即修改,所以无需担心输入错误,但要注意重要的参数是URL、Token和tag;
- 在待部署项目根目录下创建.gitlab-ci.yml文件,格式参考如下:
stages: - scan - build - deploy scan: stage: scan only: - release script: - sonar-scanner -D"sonar.projectKey=webapp" -D"sonar.sources=." -D"sonar.host.url=http://sonar.XXXX.com" -D"sonar.login=fjjfjfjsa8827843b9fsdbf000000000000007g7gd6" tags: - release build: stage: build only: - release tags: - release script: - export GOPATH=/midware/go - export GOSUMDB=off - export GOPROXY=https://goproxy.cn,direct - /usr/bin/go env - /usr/bin/go mod tidy - /usr/bin/go mod vendor - build_env=$(buildah from registry.harbor.net/baseimages/go_toolset_rhel7_ca:latest) - buildah copy $build_env . '/opt/app-root/src/webapp' - buildah config --user=root $build_env - buildah run $build_env cd /opt/app-root/src/webapp&& go build -o /opt/main ./cmd/webapp - buildah config --user=default $build_env - buildah copy $build_env /opt/main /webapp - buildah config --env TZ=Asia/Shanghai $build_env - buildah config --port 8989 $build_env - buildah config --cmd ["/appserver"] $build_env - buildah commit --format docker $build_env registry.harbor.net/webapp:release - podman push registry.harbor.net/webapp:release - echo push success! -- registry.harbor.net/webapp:release deploy: stage: deploy only: - release script: - oc login --token=ewehhhbvjewevvvvvwe3434353.1233444444444444444vfvdddddddddddddddddadfvsdsadvdvdv.fjjjjjjjjjjjjjjjjdvadfivj9v8e43332gh443333-w - oc project webapp - oc delete pod -l app=webapp - echo "rollout success" tags: - release
- 完成以上工作后,push release分支时,即可触发自动化部署流程,在gitlab端的CI/CD-Pipelines下可以看到上述定义的三个步骤(scan-build-deploy)已顺利完成。
到此利用gitlab-runner自动化部署之路已经完成。
注意事项:
- 我使用的redhat8,尚未找到合适的yum源,故将ISO镜像挂载到/rhel8,创建/etc/yum.repos.d/yum.repo,此处baseURL需要定义到BaseOS和AppStream层,否则会报“Failed to download metadata for repo”;
[redhat8-base] name=rhel8_baseos baseurl=file:///rhel8/BaseOS enabled=1 gpgcheck=0 [redhat8-app] name=rhel8_app baseurl=file:///rhel8/AppStream enabled=1 gpgcheck=0
-
sonar-scanner安装时需要注意跟jdk的匹配关系,sonar-scanner-4.5.0.2216-linux需要java11,sonar-scanner-4.3.0.2102-linux需要1.8;
-
注册完gitlab-runner后,默认会生成一个gitlab-runner账户,但该账户可能没有权限执行后续的操作,所以最好直接修改/etc/systemd/system/gitlab-runner.service中的"--user" 为"root",参照下文。
[Unit] Description=GitLab Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/bin/gitlab-ci-multi-runner [Service] StartLimitInterval=5 StartLimitBurst=10 #ExecStart=/usr/bin/gitlab-ci-multi-runner "run" "--working-directory" "/home/gitlab-runner" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--syslog" "--user" "gitlab-runner" ExecStart=/usr/bin/gitlab-ci-multi-runner "run" "--working-directory" "/home/gitlab-runner" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--syslog" "--user" "root" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target
-
执行deploy的时候第一次需要现在虚机上执行oc login openshift-url,登陆成功后,后续就可以正常使用ci文件里的oc login --token登录了;
注:
下图为sonar-scanner相关的版本需求信息,供参考。