持续集成与持续交付
一.git工具使用
1.git
Git特点:
• 速度
• 简单的设计
• 对非线性开发模式的强力支持(允许成千上万个并行开发的分支)
• 完全分布式
• 有能力高效管理类似 Linux 内核一样的超大规模项目(速度和数据量)
• 自诞生于 2005 年以来,Git 日臻成熟完善,在高度易用的同时,仍然保留着初期设定的
目标。 它的速度飞快,极其适合管理大项目,有着令人难以置信的非线性分支管理系统。
• Git必看秘籍:https://git-scm.com/book/zh/v2
Git:
- 有三种状态:已提交(committed)、已修改(modified) 和 已暂存(staged)。
- 已修改表示修改了文件,但还没保存到数据库中。
- 已暂存表示对一个已修改文件的当前版本做了标记,使之包含在下次提交的快照中。
- 已提交表示数据已经安全地保存在本地数据库中。
这会让我们的 Git 项目拥有三个阶段:工作区、暂存区以及 Git 目录。
2.git命令使用
在demo目录下初始化git,床及那文件
[root@server1 demo]# git init
Initialized empty Git repository in /root/demo/.git/
[root@server1 demo]# echo westos > readme.md
[root@server1 demo]# ls
readme.md
add命令
[root@server1 demo]# git add readme.md
[root@server1 demo]# git status -s
A readme.md
commit
[root@server1 demo]# git commit -m "first"
[master (root-commit) 3c80a44] first
1 file changed, 1 insertion(+)
create mode 100644 readme.md
查看日志
[root@server1 demo]# git log
commit 3c80a44bb18a84acfc7f0e8fead666729b9debb8
Author: westos <root@westos.org>
Date: Tue Aug 10 21:52:37 2021 -0400
first
删除readme.md
[root@server1 demo]# rm -f readme.md
[root@server1 demo]# git status -s
MD readme.md
[root@server1 demo]# git status
# On branch master
# Changes to be committed:
# (use "git reset HEAD <file>..." to unstage)
#
# modified: readme.md
#
# Changes not staged for commit:
# (use "git add/rm <file>..." to update what will be committed)
# (use "git checkout -- <file>..." to discard changes in working directory)
#
# deleted: readme.md
#
恢复删除文件
[root@server1 demo]# git checkout -- readme.md
[root@server1 demo]# cat readme.md
westos
westos
指定版本回溯
[root@server1 demo]# git reflog
3c80a44 HEAD@{0}: commit (initial): first
[root@server1 demo]# gir reset --hard 3c80a44
-bash: gir: command not found
[root@server1 demo]# git reset --hard 3c80a44
HEAD is now at 3c80a44 first
[root@server1 demo]# git reflog
3c80a44 HEAD@{0}: commit (initial): first
3.上传gitee(网络仓库)
ssh认证,将公钥加入gitee
[root@server1 demo]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:qMRCX0yIBMCS5Bfc+IHxEvkmdMIVBVi4VOr0zLYIAqk root@server1
The key's randomart image is:
+---[RSA 2048]----+
|*=+=%B=. |
|+o.%** |
|+.+=*.+ |
|o.+=== . |
|E...*=. S |
|. .oo.. |
| ... |
| |
| |
+----[SHA256]-----+
[root@server1 demo]# cat ../.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjnkEQvYlIqDqFN4VyWc0ms+DTf6vzv4S+ZEQnJwjM0HPMHp9+yMV71aq142tfBT+ZH1C8qESqD4ePZDHEZQJwpmJfw4YXSzLuATZqJr2WrhKXR7avgIbshmVQQ1T+/b3uPiGsg2h7h1C6LMFWWTPhKwyOhpQtEXzatxmFBkodVkbI4wtDynmDuxtLsSGvzjL5zdUPNJ7Sb6VyHqjbURYaYX7vx1RncNb69YX8M8jvF9i5j0R4kdw4J01BIVRCuipN0MhvjEFwO5VPexdSkR7VknnkuJN0znWIzT5LS5l5oDV5cra1OQrJvG6JgKO+NP0DNfB41klNvTRTIRbGO+cx root@server1
创建git项目
[root@server1 demo]# git init
Initialized empty Git repository in /root/demo/.git/
[root@server1 demo]# ls -a
. .. .git
[root@server1 demo]# echo westos > readme.md
[root@server1 demo]# git add readme.md
[root@server1 demo]# git commit -m "first commit"
[master (root-commit) a0461bc] first commit
1 file changed, 1 insertion(+)
create mode 100644 readme.md
配置name email。指定连接gitee仓库 demo-zy
[root@server1 demo]# git config --global user.name "xinxin1125"
[root@server1 demo]# git config --global user.email "953476863@qq.com"
[root@server1 demo]# git remote add origin git@gitee.com:xinxin1125/demo-zy.git
push demo内容到gitee
[root@server1 demo]# git push -u origin master
The authenticity of host 'gitee.com (180.97.125.228)' can't be established.
ECDSA key fingerprint is SHA256:FQGC9Kn/eye1W8icdBgrQp+KkGYoFgbVr17bmjey0Wc.
ECDSA key fingerprint is MD5:27:e5:d3:f7:2a:9e:eb:6c:93:cd:1f:c1:47:a3:54:b1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitee.com,180.97.125.228' (ECDSA) to the list of known hosts.
Counting objects: 3, done.
Writing objects: 100% (3/3), 215 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: Powered by GITEE.COM [GNK-6.0]
To git@gitee.com:xinxin1125/demo-zy.git
* [new branch] master -> master
Branch master set up to track remote branch master from origin.
[root@server1 demo]# echo westos >> readme.md
[root@server1 demo]# git add readme.md
[root@server1 demo]# git commit -m "second commit"
[master 7017257] second commit
1 file changed, 1 insertion(+)
[root@server1 demo]# git log
commit 7017257934c454ca0a637b341491304ca978f95a
Author: xinxin1125 <953476863@qq.com>
Date: Tue Aug 10 22:31:28 2021 -0400
second commit
commit a0461bc210fe77b1f34d068fbff0dfcb98219a7e
Author: xinxin1125 <953476863@qq.com>
Date: Tue Aug 10 22:23:47 2021 -0400
first commit
查看gitee内容
4.gitlab代码仓库
创建虚拟机server1,内存4G
准备gitlab安装包
安装gitlab,修改配置文件
vim /etc/gitlab/gitlab.rb
重载服务
gitlab-ctl reconfigure
等待自动配置服务
搭建成功后,测试访问 http://172.25.0.1 用户:root 第一次登录需要强制修改密码
新建项目
添加密钥
连接gitlab
[root@server1 ~]# cd demo
[root@server1 demo]# echo westos > readme.md
[root@server1 demo]# git add readme.md
[root@server1 demo]# git commit -m "first"
[master 27bc961] first
1 file changed, 2 deletions(-)
[root@server1 demo]# git config --global user.name "Administrator"
[root@server1 demo]# git config --global user.email "admin@example.com"
[root@server1 demo]# git remote add origin git@172.25.3.1:root/demo-zy.git
fatal: remote origin already exists.
[root@server1 demo]# git remote rm origin
[root@server1 demo]# git remote add origin git@172.25.3.1:root/demo-zy.git
[root@server1 demo]# git push -u origin master
The authenticity of host '172.25.3.1 (172.25.3.1)' can't be established.
ECDSA key fingerprint is SHA256:Qwz6cDDE7GvLYqOWEwNiW4Wf8PBLrLVAYYuHmU8d9Ds.
ECDSA key fingerprint is MD5:f7:84:ee:41:4e:97:1b:f3:28:d7:f5:63:71:d0:6b:06.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.3.1' (ECDSA) to the list of known hosts.
Counting objects: 10, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (4/4), done.
Writing objects: 100% (10/10), 791 bytes | 0 bytes/s, done.
Total 10 (delta 0), reused 0 (delta 0)
To git@172.25.3.1:root/demo-zy.git
* [new branch] master -> master
Branch master set up to track remote branch master from origin.
[root@server1 demo]# echo westos >> readme.md
[root@server1 demo]# git add readme.md
[root@server1 demo]# git commit -m "second"
[master f1ff37e] second
1 file changed, 1 insertion(+)
[root@server1 demo]# git push -u origin master
Counting objects: 5, done.
Writing objects: 100% (3/3), 247 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@172.25.3.1:root/demo-zy.git
27bc961..f1ff37e master -> master
Branch master set up to track remote branch master from origin.
[root@server1 demo]#
查看gitlab项目
二.jenkins持续集成
1.jenkins简介
- Jenkins是开源CI&CD软件领导者, 提供超过1000个插件来支持构建、部署、自动化, 满足任何项目的需要。
- Jenkins用Java语言编写,可在Tomcat等流行的servlet容器中运行,也可独立运
行。 - CI(Continuous integration持续集成)持续集成强调开发人员提交了新代码之后,立刻进行构建、(单元)测试。
- CD(Continuous Delivery持续交付) 是在持续集成的基础上,将集成后的代码部署到更贴近真实运行环境(类生产环境)中
2.jenkins安装
yum install -y jdk-8u171-linux-x64.rpm j
yum install -y daemonize-debuginfo-1.7.7-1.el7.x86_64.rpm jenkins-2.302-1.1.noarch.rpm
启动jenkins
systemctl start jenkins
访问: http://172.25.0.2:8080 使用初始密码登录:cat /var/lib/jenkins/secrets/initialAdminPassword
修改登陆密码
更新插件源
获取update-center.crt认证文件
mkdir /var/lib/jenkins/update-center-rootCAs
wget https://cdn.jsdelivr.net/gh/lework/jenkins-update-center/rootCA/update-center.crt -O /var/lib/jenkins/update-center-rootCAs/update-center.crt
chown jenkins.jenkins -R /var/lib/jenkins/update-center-rootCAs
测试插件源网速
[root@server2 jenkins]# curl -sSL https://cdn.jsdelivr.net/gh/lework/jenkins-update-center/speed-test.sh | bash
Jenkins mirror update center speed test
[Mirror Site]
ustc : https://mirrors.ustc.edu.cn/jenkins/
bit : https://mirrors.bit.edu.cn/jenkins/
tsinghua : https://mirrors.tuna.tsinghua.edu.cn/jenkins/
tencent : https://mirrors.cloud.tencent.com/jenkins/
aliyun : https://mirrors.aliyun.com/jenkins/
huawei : https://mirrors.huaweicloud.com/jenkins/
[Test]
Test File : updates/current/plugin-versions.json
Site Name IPv4 address File Size Download Time Download Speed
ustc 202.141.160.110 11M 2.2s 5.00MB/s
bit 114.247.56.117 11M 2.6s 4.20MB/s
tsinghua 101.6.15.130 11M 1.0s 10.5MB/s
tencent 117.34.50.120 11M 2.0s 5.38MB/s
aliyun 117.34.47.238 11M 2.2s 4.92MB/s
huawei 124.70.125.96 11M 2.3s 4.81MB/s
插件源更改为清华源:
vim /var/lib/jenkins/hudson.model.UpdateCenter.xml
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
</site>
执行命令
cd /var/lib/jenkins/updates
sed -i.bak 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json
sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json
也可以在网页更新插件
测试插件源
安装中文插件
安装流水线插件
安装gitlab插件
3.导入git项目
创建新任务
选择git,添加git仓库地址(前提:需要在jenkins主机上安装git软件,提供git服务)
安装git后,显示无法连接仓库
server2创建密钥
公钥添加到gitlab
创建credentials,使用ssh 私钥
构建触发器,轮寻scm,* * * * * 一分钟自动更新一次
构建执行shell语句 ls -l
保存,完成任务创建,控制台输出内容,证明任务创建成功,git仓库内容获取成功,ls -l获取到工作空间内容
jenkins构建历史,每一次更新都会刷新新的次数
4.gitlab自动触发jenkins
构建触发器,点击下方高级选项,可以获取到网址和token,提供自动触发依据
gitlab网络配置,外发请求允许webhooks请求
设置gitlab webhooks,输入之前获取的网址和token,触发来源推送事件,验证方式ssl
配置成功,更新git项目,创建index.html文件,测试推送触发jenkins
自动触发成功,index.html已经可以查看到
5.docker项目导入及镜像生成
Jenkins自动构建docker镜像,并上传至仓库
server2安装docker
yum install -y docker-ce
Installed:
docker-ce.x86_64 3:19.03.15-3.el7
Dependency Installed:
audit-libs-python.x86_64 0:2.8.4-4.el7 checkpolicy.x86_64 0:2.5-8.el7
container-selinux.noarch 2:2.77-1.el7 containerd.io.x86_64 0:1.4.4-3.1.el7
docker-ce-cli.x86_64 1:19.03.15-3.el7 libcgroup.x86_64 0:0.41-20.el7
libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-29.el7
python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-4.el7
Complete!
[root@server2 demo-zy]# systemctl enable --now docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
导入registry仓库镜像,创建registry容器,开放5000:5000端口映射
[root@server2 ~]# docker load -i registry2.tar
d9ff549177a9: Loading layer 4.671MB/4.671MB
f641ef7a37ad: Loading layer 1.587MB/1.587MB
d5974ddb5a45: Loading layer 20.08MB/20.08MB
5bbc5831d696: Loading layer 3.584kB/3.584kB
73d61bf022fd: Loading layer 2.048kB/2.048kB
Loaded image: registry:2
[root@server2 ~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2
a82e874fbef684e8be9f20e2a469016412d8ef600245756961928e6f5c11ec95
修改docker.sock权限,不然jenkins无法直接执行docker命令,修改套接字权限/var/run/docker.sock为777
[root@server2 ~]# ll /var/run/docker.sock
srw-rw---- 1 root docker 0 Aug 11 03:51 /var/run/docker.sock
[root@server2 ~]# chmod 777 /var/run/docker.sock
jenkins安装docker插件
demo-zy任务内构建添加docker build and publish
tag指定 ${BUILD_NUMBER},自增设置版本号
导入myapp镜像
[root@server2 ~]# docker load -i myapp.tar
d39d92664027: Loading layer 4.232MB/4.232MB
8460a579ab63: Loading layer 11.61MB/11.61MB
c1dc81a64903: Loading layer 3.584kB/3.584kB
68695a6cfd7d: Loading layer 4.608kB/4.608kB
05a9e65e2d53: Loading layer 16.38kB/16.38kB
a0d2c4392b06: Loading layer 7.68kB/7.68kB
Loaded image: ikubernetes/myapp:v1
Loaded image: ikubernetes/myapp:v2
[root@server2 ~]# docker tag ikubernetes/myapp:v1 myapp:v1
[root@server2 ~]# docker tag ikubernetes/myapp:v2 myapp:v2
修改git项目内容,添加Dockerfile文件,同步上传至gitlab,触发jenkins,以myapp为基础创建demo-zy镜像并上传至镜像仓库
vim Dockerfile
查看事件,镜像上传成功
6.docker项目导入及镜像生成(harbor仓库)
之前使用普通镜像仓库,无需认证,现在使用harbor仓库
docker模块修改,repo name改为 library/demo-zy,url为 https://reg.westos.org,添加harbor认证
harbor认证创建
创建新任务docker,在demo-zy稳定构建后,执行docker,部署myapp容器,基础镜像为demo-zy
测试,docker任务触发,myapp部署成功
7.远端部署
安装ssh插件
创建全局凭证server1 root auth 用户名root 密码 westos
配置内添加ssh,使用server1凭证
修改docker人物构建,删除原来构建的shell模块,添加ssh shell ,ssh site 为root@172.25.3..1:22
测试
构建事件内容
在sevrer1可以访问到部署内容,证明远端部署成功
8.代理部署
安装agent插件
创建agent-1节点
配置节点信息
节点列表,注意将master管理节点设置为0,才能自动在管理节点部署,实验完成后要恢复过来,避免影响使用
docker任务构建设置为执行shell,当本机无法部署自动部署至agent节点
执行测试
server1内可以查看到myapp容器,说明代理部署成功
9.ansible自动化部署
添加ansible交付任务:
- Jenkins服务器提前部署好到目标主机的ssh免密,并安装ansible软件包。
- 由于是以jenkins用户调用ansible命令,所以需要设置jenkins用户到目标主机的免密。
需要ansible环境,server2安装ansible
yum install -y ansible
配置server4/5 免密登陆
server4/5创建devops用户
useradd devops
server4/5 授予devops用户权限及NOPASSWD
新建playbook代码仓库(server1)
[root@server1 ~]# cd playbook/
[root@server1 playbook]# ls
ansible.cfg httpd.conf.j2 inventory playbook.yaml README.md
ansible子配置文件
[root@server1 playbook]# cat ansible.cfg
[defaults]
command_warnings=False
remote_user=devops
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
选项配置内容,server4 8080端口 server5 80端口
[root@server1 playbook]# cat inventory/prod
server4 http_port=8080
[root@server1 playbook]# cat inventory/test
server5 http_port=80
自动化部署http脚本
[root@server1 playbook]# cat playbook.yaml
---
- hosts: all
tasks:
- name: install apache
yum:
name: httpd
state: present
- name: configure apache
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify: restart apache
- name: start apache
service:
name: httpd
enabled: yes
state: started
handlers:
- name: restart apache
service:
name: httpd
state: restarted
创建playbook任务,添加参数化构建过程
构建执行shell语句
创建任务,选择执行
ansible部署
查看8080端口,ansible部署成功
扫一扫
1547
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
