基于Docker容器DevOps应用方案
环境准备
主机名 | ip地址 | 环境说明 |
---|---|---|
controller | 192.168.200.10 | gitlab |
node1 | 192.168.200.20 | tomcat、jenkins、docker |
docker | 192.168.200.30 | docker |
harbor.example.com | 192.168.200.40 | docker、harbor |
gitlab部署步骤请参考:版本控制gitlab-CSDN博客
基于tomcat部署jenkins请参考:tomcat部署jenkins
上传项目文件到gitlab
创建一个空项目
项目创建成功过后会显示一个帮助文档,可以上传一些文件到项目中
上传项目文件
将已有的仓库克隆到本地
[root@node1 ~]# git config --global user.name "root"
[root@node1 ~]#
[root@node1 ~]# git config --global user.email "123@qq.com"
[root@node1 ~]#
[root@node1 ~]# git clone http://192.168.200.20/root/mhy.git
Cloning into 'mhy'...
Username for 'http://192.168.200.20': root
Password for 'http://root@192.168.200.20':
warning: You appear to have cloned an empty repository.
[root@node1 ~]#
[root@node1 ~]# ls
anaconda-ks.cfg gitlab-ce-16.4.1-ce.0.el7.x86_64.rpm mhy policycoreutils-python-2.5-34.el7.x86_64.rpm
[root@node1 ~]#
从公共代码仓库拉取需要的代码
[root@node1 ~]# git clone https://gitee.com/forgotten/tomcat-java-demo.git
Cloning into 'tomcat-java-demo'...
remote: Enumerating objects: 558, done.
remote: Total 558 (delta 0), reused 0 (delta 0), pack-reused 558
Receiving objects: 100% (558/558), 5.08 MiB | 1.21 MiB/s, done.
Resolving deltas: 100% (217/217), done.
[root@node1 ~]#
[root@node1 ~]# ls
anaconda-ks.cfg mhy tomcat-java-demo
gitlab-ce-16.4.1-ce.0.el7.x86_64.rpm policycoreutils-python-2.5-34.el7.x86_64.rpm
[root@node1 ~]#
[root@node1 ~]# mv tomcat-java-demo/* mhy/
[root@node1 ~]#
[root@node1 ~]# ls mhy/
db deploy.yaml Dockerfile jenkinsfile LICENSE pom.xml README.md src
[root@node1 ~]#
创建一个主分支和文件,添加并提交该文件
[root@node1 ~]# cd mhy/
[root@node1 mhy]#
[root@node1 mhy]# ls
[root@node1 mhy]# git switch --create main
Switched to a new branch 'main'
[root@node1 mhy]#
[root@node1 mhy]# git add *
[root@node1 mhy]# git commit -m "first commit"
[main fda6f5c] first commit
151 files changed, 2190 insertions(+)
create mode 100644 Dockerfile
create mode 100644 LICENSE
create mode 100644 README.md
create mode 100644 db/tables_ly_tomcat.sql
create mode 100644 deploy.yaml
create mode 100644 jenkinsfile
create mode 100644 pom.xml
...
[root@node1 mhy]#
获取上传文件
[root@node1 mhy]# git push --set-upstream origin main
Username for 'http://192.168.200.20': root
Password for 'http://root@192.168.200.20':
Enumerating objects: 182, done.
Counting objects: 100% (182/182), done.
Delta compression using up to 2 threads
Compressing objects: 100% (168/168), done.
Writing objects: 100% (181/181), 1.13 MiB | 1.36 MiB/s, done.
Total 181 (delta 3), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (3/3), done.
To http://192.168.200.20/root/mhy.git
76b8f62..fda6f5c main -> main
Branch 'main' set up to track remote branch 'main' from 'origin'.
[root@node1 mhy]#
上传成功
在web端上设置免密登录
[root@controller ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgPlWhJNBxOwo+ymU4+HhDw0udwn1OjFzGybAUD3XZzFQcCftMXDWkS17aUYm6cNLX/9MqoVGhW2TBtW0gfTWb1zG7ZNEov03yTlcIkbDb9Mx+WJjFe3mYCU4b2l4eQUTeDGEe31xl9oqRYzmdNoel2i9ifG9NN+0Lt79kFXLZ3lAz/jZayfl1BDLAjquIHclbodzYnR83p0tfrLYzEGTdzOz8l0gIdEhGN0NzYtaQ+iIaTfc3k4hb8ilT1PybR7RvRSxnxr29HxdwVUnC2zrCLMRH0iNK5fvNtUa+un7bCsDEemaAdGUGcWnqWFZH2CMG4RB5YKTXGfJM6IVXuzr/27Yr2rGSxMI0Hlt7QSn2uOmqzX4m4BdL7rGmKnGpkrcAfu3ipOLs368Fk3ydTjpqztXOKVRxr6KfqPa8WyDGMea/DEHz78Os4smXco75mZFLcgeR/4J/iTfQWrkzxXrCSrqa5ylpIjuQJwWerXuk9WulQ7/82OQNSGpnLBckS/k= root@controller
[root@controller ~]#
docker部署
环境工作
关闭防火墙和selinux
[root@harbor ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@harbor ~]#
[root@harbor ~]# setenforce 0
配置docker-ce源
[root@harbor yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1919 100 1919 0 0 13805 0 --:--:-- --:--:-- --:--:-- 13905
[root@harbor yum.repos.d]#
[root@harbor yum.repos.d]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo
[root@harbor yum.repos.d]#
[root@harbor yum.repos.d]# ls
CentOS-Base.repo docker-ce.repo
[root@harbor yum.repos.d]#
安装docker-ce
[root@harbor ~]# yum -y install docker-ce
[root@harbor ~]#
设置docker服务开机自启
[root@harbor ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@harbor ~]#
[root@harbor ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-11-09 19:27:31 CST; 9s ago
Docs: https://docs.docker.com
[root@harbor ~]#
配置docker加速
docker-ce的配置文件是/etc/docker/daemon.json,此文件默认不存在,需要我们手动创建并进行配置,而docker的加速就是通过配置此文件来实现的。
docker的加速有多种方式:
- docker cn
- 中国科技大学加速器
- 阿里云加速器(需要通过阿里云开发者平台注册帐号,免费使用个人私有的加速器)
[root@harbor ~]# vi /etc/docker/daemon.json
[root@harbor ~]#
[root@harbor ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://189ptxdj.mirror.aliyuncs.com"]
}
[root@harbor ~]#
[root@harbor ~]# systemctl restart docker
[root@harbor ~]#
查看docker信息,检查docker加速是否配置成功
[root@harbor ~]# docker info
...
Registry Mirrors:
https://189ptxdj.mirror.aliyuncs.com/
Live Restore Enabled: false
[root@harbor ~]#
harbor仓库部署
从github上下载docker-compose并添加执行权限
注意:docker-compose是用来启动和停止harbor的
[root@harbor ~]# curl -SL https://github.com/docker/compose/releases/download/v2.23.0/docker-compose-linux-x86_64 -o /usr/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0
100 56.8M 100 56.8M 0 0 875k 0 0:01:06 0:01:06 --:--:-- 4608k
[root@harbor ~]#
[root@harbor ~]# chmod +x /usr/bin/docker-compose
[root@harbor ~]#
[root@harbor ~]# ll /usr/bin/docker-compose
-rwxr-xr-x. 1 root root 59628532 Nov 9 20:11 /usr/bin/docker-compose
[root@harbor ~]#
下载并解压harbor
[root@harbor ~]# cd /usr/src/
[root@harbor src]# wget https://github.com/goharbor/harbor/releases/download/v2.9.1/harbor-offline-installer-v2.9.1.tgz
...
Saving to: ‘harbor-offline-installer-v2.9.1.tgz’
harbor-offline-installer-v2. 100%[==============================================>] 759.95M 2.30MB/s in 3m 55s
2023-11-09 20:51:03 (3.24 MB/s) - ‘harbor-offline-installer-v2.9.1.tgz’ saved [796863822/796863822]
[root@harbor src]# ls
debug harbor-offline-installer-v2.9.1.tgz kernels
[root@harbor src]#
[root@harbor src]# tar xf harbor-offline-installer-v2.9.1.tgz -C /usr/local/
[root@harbor src]#
[root@harbor src]# ls /usr/local/
bin etc games harbor include lib lib64 libexec sbin share src
[root@harbor src]#
添加主机名和ip映射
[root@harbor harbor]# vi /etc/hosts
[root@harbor harbor]#
[root@harbor harbor]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.40 harbor.example.com
[root@harbor harbor]#
编辑harbor.yml配置文件,修改主机名、数据存放位置、开启跳过验证证书,创建数据存放目录。
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]#
[root@harbor harbor]# ls
common.sh harbor.v2.9.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@harbor harbor]#
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# ls
common.sh harbor.v2.9.1.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
[root@harbor harbor]#
[root@harbor harbor]# vim harbor.yml
...
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.example.com
...
# The default data volume
data_volume: /data
...
# insecure The flag to skip verifying registry certificate
insecure: true
...
[root@harbor ~]# mkdir /data
[root@harbor ~]#
执行安装脚本
[root@harbor harbor]# ls
common.sh harbor.v2.9.1.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
[root@harbor harbor]#
[root@harbor harbor]# ./install.sh
... 0.1s
✔ Container redis Started 0.1s
✔ Container harbor-core Started 0.0s
✔ Container nginx Started 0.0s
✔ Container harbor-jobservice Started 0.0s
✔ ----Harbor has been installed and started successfully.----
[root@harbor harbor]#
[root@harbor harbor]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@harbor harbor]#
访问网页
用户名:admin
密码:Harbor12345
设置harbor开机自启
[root@harbor harbor]# vi /etc/rc.local
[root@harbor harbor]#
[root@harbor harbor]# cat /etc/rc.local
#!/bin/bash
cd /usr/local/harbor && docker-compose start
...
[root@harbor harbor]#
[root@harbor harbor]# ll /etc/rc.local
lrwxrwxrwx. 1 root root 13 Mar 24 2020 /etc/rc.local -> rc.d/rc.local
[root@harbor harbor]#
[root@harbor harbor]# chmod +x /etc/rc.d/rc.local
[root@harbor harbor]#
制作tomcat镜像并上传到harbor仓库(在docker客户端操作)
上传镜像的主机同样需要做主机名和ip映射
[root@docker ~]# vi /etc/hosts
[root@docker ~]#
[root@docker ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.40 harbor.example.com
[root@docker ~]#
修改docker加速器,添加内容使其能访问harbor仓库
[root@docker ~]# vi /etc/docker/daemon.json
[root@docker ~]#
[root@docker ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["harbor.example.com"],
"registry-mirrors": ["https://189ptxdj.mirror.aliyuncs.com"]
}
[root@docker ~]#
[root@docker ~]# systemctl restart docker
[root@docker ~]#
登录harbor仓库
[root@docker ~]# docker login harbor.example.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker ~]#
制作tomcat镜像
[root@docker ~]# mkdir tomcat
[root@docker ~]# cd tomcat/
[root@docker tomcat]#
[root@docker tomcat]# vi Dockerfile
[root@docker tomcat]#
[root@docker tomcat]# cat Dockerfile
FROM centos:8
LABEL MAINTAINER='tangxin@163.com'
RUN rm -rf /etc/yum.repos.d/* && \
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo && \
yum clean all && yum makecache && \
yum -y install java-17-openjdk java-17-openjdk-devel wget && \
wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.65/bin/apache-tomcat-9.0.65.tar.gz && \
tar xf apache-tomcat-9.0.65.tar.gz -C /usr/local/ && \
ln -s /usr/local/apache-tomcat-9.0.65 /usr/local/tomcat && \
rm -rf /var/cache/*
EXPOSE 8080
WORKDIR /usr/local/tomcat/
CMD ["/usr/local/tomcat/bin/catalina.sh","run"]
[root@docker tomcat]#
[root@docker tomcat]# docker build -t tomcat:v0.1 .
... 3.5s
=> => writing image sha256:82cf948a7204badf71887bcb1524b4bb9b65ec7b344a40c3f056c234dd0bf6ad 0.0s
=> => naming to docker.io/library/tomcat:v0.1 0.0s
[root@docker tomcat]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat v0.1 82cf948a7204 11 seconds ago 568MB
[root@docker tomcat]#
将tomcat镜像跑成容器
[root@docker tomcat]# docker run -itd --name tomcat -p 8080:8080 tomcat:v0.1
e7792edc8845cd004b669046a58c6cdd8948fb7281f1bb5474f555a9ef38e105
[root@docker tomcat]#
[root@docker tomcat]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7792edc8845 82cf948a7204 "/usr/local/tomcat/b…" 5 seconds ago Up 4 seconds 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp tomcat
[root@docker tomcat]#
[root@docker tomcat]# docker exec -it 6a05406c2bdc /bin/bash
[root@6a05406c2bdc apache-tomcat-9.0.65]#
[root@6a05406c2bdc apache-tomcat-9.0.65]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 100 0.0.0.0:8080 0.0.0.0:*
LISTEN 0 1 127.0.0.1:8005 0.0.0.0:*
[root@6a05406c2bdc apache-tomcat-9.0.65]#
[root@6a05406c2bdc apache-tomcat-9.0.65]# exit
exit
[root@docker tomcat]#
访问tomcat网页
给tomcat镜像打个标签
[root@docker ~]# docker tag tomcat:v0.1 harbor.example.com/library/tomcat:v0.1
[root@docker ~]#
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat v0.1 82cf948a7204 About an hour ago 568MB
harbor.example.com/library/tomcat v0.1 82cf948a7204 About an hour ago 568MB
[root@docker ~]#
将打完标签的tomcat镜像上传到harbor仓库
[root@docker ~]# docker push harbor.example.com/library/tomcat:v0.1
The push refers to repository [harbor.example.com/library/tomcat]
5f70bf18a086: Pushed
f7b1bb2dfcfe: Pushed
74ddd0ec08fa: Pushed
v0.1: digest: sha256:2d6897ff633a656023dde92fe1773db2e9e0137111d05c8828380bb2fab258c4 size: 948
[root@docker ~]#
查看web端harbor仓库
使用自己制作的tomcat镜像上线项目(用流水线完成)
手动拉取gitlab仓库的项目
[root@controller ~]# git clone git@192.168.200.20:root/mhy.git
Cloning into 'mhy'...
remote: Enumerating objects: 181, done.
remote: Counting objects: 100% (181/181), done.
remote: Compressing objects: 100% (164/164), done.
remote: Total 181 (delta 4), reused 181 (delta 4), pack-reused 0
Receiving objects: 100% (181/181), 1.12 MiB | 7.76 MiB/s, done.
Resolving deltas: 100% (4/4), done.
[root@controller ~]#
[root@controller ~]# ls
anaconda-ks.cfg apache-tomcat-9.0.65.tar.gz jenkins.war mhy tomcat-java-demo
[root@controller ~]#
[root@controller ~]# cd mhy/
[root@controller mhy]# ls
db deploy.yaml Dockerfile jenkinsfile LICENSE pom.xml README.md src
[root@controller mhy]#
手动打包测试
[root@controller mhy]# mvn clean package
[root@controller mhy]# ls
db deploy.yaml Dockerfile jenkinsfile LICENSE pom.xml README.md src target
[root@controller mhy]#
[root@controller mhy]# cd target/
[root@controller target]# ls
classes generated-sources ly-simple-tomcat-0.0.1-SNAPSHOT ly-simple-tomcat-0.0.1-SNAPSHOT.war maven-archiver maven-status
[root@controller target]#
用制作的tomcat镜像上线项目的war包
配置主机名和ip映射(在所有主机上操作)
[root@controller ~]# vi /etc/hosts
[root@controller ~]#
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.10 controller
192.168.200.20 node1
192.168.200.30 docker
192.168.200.40 harbo
修改docker加速器,配置Jenkins主机可以从harbor仓库拉取镜像
[root@controller ~]# vi /etc/docker/daemon.json
[root@controller ~]#
[root@controller ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["harbor.example.com"]
}
[root@controller ~]#
[root@controller ~]# systemctl restart docker
[root@controller ~]#
拉取镜像
[root@controller ~]# docker pull harbor.example.com/library/tomcat:v0.1
v0.1: Pulling from library/tomcat
a1d0c7532777: Pull complete
4df5039de35e: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:5f5c35c9aad826e7cfc61a652aa6bb6b40b9b5687e85bfda8d5790e0e1415cb7
Status: Downloaded newer image for harbor.example.com/library/tomcat:v0.1
harbor.example.com/library/tomcat:v0.1
[root@controller ~]#
[root@controller ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.example.com/library/tomcat v0.1 05de40ee6250 3 hours ago 568MB
[root@controller ~]#
配置免密登录,先生成密钥,发送密钥给所有主机
[root@controller ~]# ssh-keygen -t rsa
[root@controller ~]# ssh-copy-id root@192.168.200.10
[root@controller ~]# ssh-copy-id root@192.168.200.20
[root@controller ~]# ssh-copy-id root@192.168.200.30
[root@controller ~]# ssh-copy-id root@192.168.200.40
[root@controller ~]#
创建流水线任务
pipeline {
agent any
stages {
stage("git and mvn"){
steps {
sh """
git clone git@192.168.200.20:root/mhy.git
cd mhy && mvn clean package
"""
}
}
stage("scp package"){
steps {
sh """
scp /root/.jenkins/workspace/tomcat/mhy/target/ly-simple-tomcat-0.0.1-SNAPSHOT.war root@192.168.200.30:/root/mhy.war
"""
}
}
stage("write dockfile"){
steps {
sh """
ssh root@192.168.200.30 " mkdir -p /root/tomcat/files &&
cd tomcat && mv /root/mhy.war files/ &&
echo "FROM harbor.example.com/library/tomcat:v0.1" > Dockerfile &&
echo "RUN rm -rf /usr/local/tomcat/webapps/ROOT" >> Dockerfile &&
echo "COPY files/mhy.war /usr/local/tomcat/webapps/ROOT.war" >> Dockerfile &&
echo 'CMD ["/usr/local/tomcat/bin/catalina.sh","run"]' >> Dockerfile &&
docker build -t harbor.example.com/library/tomcat:v0.2 ."
"""
}
}
stage("push images"){
steps {
sh """
ssh root@192.168.200.30 'docker login harbor.example.com -u admin -p Harbor12345' &&
ssh root@192.168.200.30 'docker push harbor.example.com/library/tomcat:v0.2'
"""
}
}
stage("pull and run"){
steps {
sh """
ssh root@192.168.200.30 'docker pull harbor.example.com/library/tomcat:v0.2' &&
ssh root@192.168.200.30 'docker run -itd --name tomcat -p 80:8080 harbor.example.com/library/tomcat:v0.2 /bin/bash' &&
ssh root@192.168.200.30 'docker exec tomcat /usr/local/tomcat/bin/catalina.sh start'
"""
}
}
}
}
点击立即构建
成功上传镜像
访问网页