gitlab-runner

GitLab Runner是一个开源项目，用于运行您的作业并将结果发送回GitLab。它与GitLab CI一起使用，GitLab CI是GitLab随附的开源持续集成服务，用于协调作业。

1.从远程clone项目到本地
接着在本地创建新的gitlab项目
然后删除项目的.git，上传项目即可
2.docker搭建gitlab-runner

$mkdir -p docker/gitlab/runner && cd docker/gitlab/runner
$docker run -d --rm --name gitlab-runner gitlab/gitlab-runner:v10.5.0
 $docker cp gitlab-runner:/etc/gitlab-runner && mv gitlab-runner config
 $docker stop gitlab-runner
 $docker run -d --name gitlab-runner --restart=always -v /home/ydt/docker/gitlab/runner/config/:/etc/gitlab-runner -v /home/ydt/docker/gitlab/runner/scripts/:/home/gitlab-runner/scripts -v /var/run/docker.sock:/var/run/docker.sock gitlab/gitlab-runner:v10.5.4

映射目录说明：

• scripts脚本目录映射：添加一些脚本供运行runner时使用，可以根据需要自行定义
• config配置文件映射：便于修改config.toml文件，对不同注册的runner做一些配置修改
• docker.sock：Docker守护进程默认监听的Unix域套接字，容器中的进程可以通过它与Docker守护进程进行通信
  3.集成gitlab CI/CD流水线
  (1)注册runner到gitlab服务器
  maven：用于java程序打包、跑单元测试、代码审核（sonarqube）

$ docker exec -it gitlab-runner gitlab-runner register
Running in system-mode.                            
                                                   
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
http://192.168.10.171/
Please enter the gitlab-ci token for this runner:
AikhZrKTwQqY-2TQyWEA
Please enter the gitlab-ci description for this runner:
[cfb1f6f983f3]: maven-java
Please enter the gitlab-ci tags for this runner (comma separated):
maven
Registering runner... succeeded                     runner=maGJhGKD
Please enter the executor: kubernetes, docker, virtualbox, docker+machine, ssh, docker-ssh+machine, docker-ssh, parallels, shell:
docker
Please enter the default Docker image (e.g. ruby:2.1):
镜像名
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

docker：用于构建服务镜像、推送镜像到远程仓库

$ docker exec -it gitlab-runner gitlab-runner register
Running in system-mode.                            
                                                   
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
http://192.168.10.171/
Please enter the gitlab-ci token for this runner:
AikhZrKTwQqY-2TQyWEA
Please enter the gitlab-ci description for this runner:
[cfb1f6f983f3]: docker-run
Please enter the gitlab-ci tags for this runner (comma separated):
docker
Registering runner... succeeded                     runner=maGJhGKD
Please enter the executor: parallels, virtualbox, docker+machine, kubernetes, docker-ssh, shell, ssh, docker-ssh+machine, docker:
docker
Please enter the default Docker image (e.g. ruby:2.1):
镜像名
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

ssh：用于登录、部署服务到远程docker主机

$ docker exec -it gitlab-runner gitlab-runner register
Running in system-mode.                            
                                                   
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
http://192.168.10.171 /
Please enter the gitlab-ci token for this runner:
AikhZrKTwQqY-2TQyWEA
Please enter the gitlab-ci description for this runner:
[cfb1f6f983f3]: ssh-localhost
Please enter the gitlab-ci tags for this runner (comma separated):
ssh
Registering runner... succeeded                     runner=maGJhGKD
Please enter the executor: ssh, docker+machine, docker-ssh+machine, kubernetes, parallels, shell, virtualbox, docker, docker-ssh:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

4.注册结果如下图

5.注册完config.toml配置如下

concurrent = 1
check_interval = 0

[[runners]]
  name = "just for test"
  url = "http://192.168.10.171/"
  token = "d8af9b38c095ed6a041c21ab5ecd1e"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "registry.cn-beijing.aliyuncs.com/qianjia2018/qianjia_prod"
    privileged = false
    disable_cache = false
    volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
    shm_size = 0
  [runners.cache]

[[runners]]
  name = "maven;docker-run;shell-200;shell-prod"
  url = "http://192.168.10.171/"
  token = "00253c847518c7de419dcb06a7b173"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "registry.cn-beijing.aliyuncs.com/qianjia2018/qianjia_prod:maven3-jdk8"
    privileged = false
    disable_cache = false
    volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
    shm_size = 0
  [runners.cache]

[[runners]]
  name = "docker"
  url = "http://192.168.10.171/"
  token = "6380a613ab80d78cee40e120f0f175"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "registry.cn-beijing.aliyuncs.com/qianjia2018/qianjia_prod"
    privileged = false
    disable_cache = false
    volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
    shm_size = 0
  [runners.cache]

[[runners]]
  name = "docker"
  url = "http://192.168.10.171/"
  token = "032c2ad094645654242e10fa6bd028"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "registry.cn-beijing.aliyuncs.com/qianjia2018/qianjia_prod:docker"
    privileged = false
    disable_cache = false

6.config-toml配置简介

7.[[runners]]部分

8.[runners.docker]部分

9.使用gitlab-runner部署项目
(1).上传项目到gitlab（使用一个特殊方法）
在gitlab上新建一个eureka项目，拉去github上的eureka项目到本地，然后推送到gitlab上

 $ git clone http://192.168.10.171/root/eureka.git
 $ git clone https://github.com/github-ydt/eureka_server.git
 $ mv eureka_server/* eureka
 $ mv eureka_server/.* eureka
 $ cd eureka_server/
 $ git add .
 $ git commit -m "上传eureka项目"
 $ git push

(2).上传.gitlab-ci.yml文件到项目/目录，配置如下:

stages:
  - test
  - build
  - deploy
cache:
  paths:
    - .m2/
    
variables:
  MAVEN_OPTS: "-Dmaven.repo.local=.m2"
  MAVEN_IMAGE:镜像名
  CONTAINER_NAME: eureka-ydt
  PROD_REPO: registry.cn-beijing.aliyuncs.com/ydt/all
  
build image:
  image: $MAVEN_IMAGE
  stage: test
  script:
    - mvn  package docker:build -q -Dmaven.test.skip=false
  tags:
    - maven
  only:
    - master

push image prod:
  stage: build
  before_script:
    - docker login --username=$USERNAME --password=$PASSWORD registry.cn-beijing.aliyuncs.com
  script:
    - docker tag $DEV_REPO:$CONTAINER_NAME  $PROD_REPO:$CONTAINER_NAME
    - docker push $PROD_REPO:$CONTAINER_NAME
  tags:
    - docker
  only:
    - master
  when: on_success
      
ssh run on remote machine prod:
  stage: deploy
  script:
    - bash ~/scripts/ssh-deploy.sh $CONTAINER_NAME 1025 1025 $PROD_REPO:$CONTAINER_NAME ydt 192.168.10.171
  tags:
    - ssh
  only:
    - master
  when: on_success

注意：
10.ssh-deploy.sh此脚本在容器内部的/home/gitlab-runner/scripts目录下，内容如下：

#!/bin/bash      
ssh -p 2022  $5@$6 <<EOF
cd;bash ~/docker/gitlab/runner/run.sh $1 $2 $3 $4                                                                                                                                                                            
EOF

11.run.sh此脚本在远程部署主机~/docker/gitlab/runner/目录下，内容如下：

#!/bin/bash
conName=$1
eonPort=$2
conPort=$3
images=$4
count=`docker ps -a  |grep "$conName"|wc -l `
if [ $count -eq 0 ];then
	echo "$conName container  is not exit"
else 
	id=$(docker ps -a |grep "$conName" |awk '{print $1}')
for i in $id 
do  
	docker stop $i
	docker rm $i
done						     
fi
docker rmi $images
docker run --restart=always -d --name $conName -p $eonPort:$conPort $images

12.ssh登录远程主机，需要配置ssh公钥，配置过程如下：

ydt@KobeBryant:~$ docker exec -it gitlab-runner bash
root@6af0ce3a3254:/# su gitlab-runner
gitlab-runner@6af0ce3a3254:/$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/gitlab-runner/.ssh/id_rsa): 
Created directory '/home/gitlab-runner/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/gitlab-runner/.ssh/id_rsa.
Your public key has been saved in /home/gitlab-runner/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:0ZzqZODcTcUhmHBC+lE71BmBz0UTOAh3Gck+xl4QIcg gitlab-runner@6af0ce3a3254
The key's randomart image is:
+---[RSA 2048]----+
|     o=+*BO&*o   |
|     .E*=*X+o.   |
|    . o +==+     |
|     + + *B .    |
|      + So.o     |
|       +  .      |
|        .        |
|                 |
|                 |
+----[SHA256]-----+
gitlab-runner@6af0ce3a3254:/$ ssh-copy-id -i ~/.ssh/id_rsa.pub -p24 cyf@192.168.10.24
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/gitlab-runner/.ssh/id_rsa.pub"
The authenticity of host '[192.168.10.24]:24 ([192.168.10.24]:24)' can't be established.
ECDSA key fingerprint is SHA256:vPilmOy8x6qiFv6zfl47vD2st2gI6sIkHXdijb2qAu0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
cyf@192.168.10.24's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p '2022' 'ydt@192.168.10.171'"
and check to make sure that only the key(s) you wanted were added.

13.运行流水线（添加.gitlab-ci.yml将会自动运行）
首次运行test阶段时遇到了一个docker守护进程的问题，问题如下：

14.修改gitlab-runner配置文件，volumes字段配置，配置如下

volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]

当所有阶段均通过即部署完毕如下图：

15.搭建gitlab-runner-docker-cleanup，自动清理缓存和映像，

docker run -d \
    -e LOW_FREE_SPACE=10G \
    -e EXPECTED_FREE_SPACE=20G \
    -e LOW_FREE_FILES_COUNT=1048576 \
    -e EXPECTED_FREE_FILES_COUNT=2097152 \
    -e DEFAULT_TTL=10m \
    -e USE_DF=1 \
    --restart always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    --name=gitlab-runner-docker-cleanup \
    quay.io/gitlab/gitlab-runner-docker-cleanup

16.各个环境变量介绍：

17.设置定时任务清理
设置每天0时0分清理一下悬挂镜像和无用存储卷，0 0 */1 * * /bin/bash /home/cyf/scripts/clean-docker.sh，简单脚本如下：

#!/bin/bash
docker image prune -f && docker volume prune -f