文章目录
- 一、jenkins结合ansible完成自动交付
- 1. 在jenkins服务器上安装ansible,部署免密
- 2. gitlab仓库新建项目playbook
- 3. server1上克隆项目 编辑相关部署文件
- 4. server3上安装httpd
- 5. 在jenkins中新建项目
- 6. server1上做相关配置并上传到远程gitlab仓库
- 7. 参数化构建测试
- 二、搭建harbor仓库,结合jenkins完成从harbor仓库拉取镜像启动容器
- 1. 搭建harbor仓库
- 2. 上传镜像至harbor仓库
- 3. 更改test项目配置,从harbor仓库中自动拉取镜像
- 4. 更改默认拉取镜像路径并作测试
一、jenkins结合ansible完成自动交付
完成一个参数化构建过程,利用ansible自动部署工具,与jenkins匹配,最终完成参数化构建过程
1. 在jenkins服务器上安装ansible,部署免密
[root@server2 ~]# cd /etc/yum.repos.d/
[root@server2 yum.repos.d]# ls
docker-ce.repo redhat.repo westos.repo
[root@server2 yum.repos.d]# vim ansible.repo
[root@server2 yum.repos.d]# cat ansible.repo
[ansible]
name=ansible 2.8
baseurl=http://192.168.0.100/ansible
gpgcheck=0
[root@server2 yum.repos.d]# yum repolist
[root@server2 yum.repos.d]# yum install -y ansible
部署好jenkins用户到目标主机的ssh免密
[root@server3 ~]# docker rm -f webserver
webserver
[root@server3 ~]# useradd devops
[root@server3 ~]# passwd devops
Changing password for user devops.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@server3 ~]# su - devops
[devops@server3 ~]$ logout
[root@server3 ~]# visudo
允许其他用户免密连接
[root@server2 yum.repos.d]# id jenkins
uid=998(jenkins) gid=996(jenkins) groups=996(jenkins),995(docker)
[root@server2 yum.repos.d]# su - jenkins
-bash-4.2$ ssh-keygen
-bash-4.2$ ssh-copy-id devops@192.168.0.3
2. gitlab仓库新建项目playbook
3. server1上克隆项目 编辑相关部署文件
在server1上克隆项目到本地仓库 编辑ansible相关部署文件
[root@server1 ~]# git clone git@192.168.0.1:root/playbook.git
[root@server1 ~]# cd playbook/
[root@server1 playbook]# ls
README.md
[root@server1 playbook]# vim ansible.cfg
[defaults]
command_warnings=False
remote_user=devops
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
[root@server1 playbook]# vim playbook.yml
---
- hosts: all
tasks:
- name: install apache
yum:
name: httpd
state: present
- name: config apache
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify: restart apache
- name: enable apache
service:
name: httpd
state: started
enabled: yes
- name: create index.html
lineinfile:
path: /var/www/html/index.html
create: yes
line: "{{ ansible_hostname }}"
handlers:
- name: restart apache
service:
name: httpd
state: restarted
4. server3上安装httpd
server3上安装httpd,并将/etc/httpd/conf/httpd.conf文件复制到server1的playbook目录下
[root@server3 ~]# yum install -y httpd
[root@server3 ~]# cd /etc/httpd/conf
[root@server3 conf]# ls
httpd.conf magic
[root@server3 conf]# ls
httpd.conf magic
[root@server3 conf]# scp httpd.conf server1:/root/playbook
[root@server1 playbook]# ls
ansible.cfg httpd.conf playbook.yml README.md
[root@server1 playbook]# mv httpd.conf httpd.conf.j2
[root@server1 playbook]# ls
ansible.cfg httpd.conf.j2 playbook.yml README.md
[root@server1 playbook]# vim httpd.conf.j2
[root@server1 playbook]# mkdir inventry
[root@server1 playbook]# cd inventry/
[root@server1 inventry]# ls
5. 在jenkins中新建项目
在jenkins中新建项目,设置手动参数式触发,prod为生产环境主机,test为测试主机
切到项目的工作区然后选择inventory下的对象主机推送ansible任务
6. server1上做相关配置并上传到远程gitlab仓库
server1为test主机(测试环境),做相关配置并上传到远程gitlab仓库
[root@server1 playbook]# cd inventry/
[root@server1 inventry]# ls
prod test
[root@server1 inventry]# vim prod
[root@server1 inventry]# cat prod
[prod]
192.168.0.3 http_port=80
[root@server1 inventry]# vim test
[root@server1 inventry]# cat test
[test]
192.168.0.1 http_port=8080
[root@server1 inventry]# pwd
/root/playbook/inventry
[root@server1 inventry]# useradd devops
[root@server1 inventry]# passwd devops
#做jenkins服务器上的jenkins与server1 的devops普通用户的免密
[root@server2 yum.repos.d]# su - jenkins
-bash-4.2$ ssh-copy-id devops@192.168.0.1
-bash-4.2$ ssh devops@192.168.0.1
[devops@server1 ~]$ logout
[root@server1 inventry]# visudo
将所有更改提交并上传到远程gitlab仓库
[root@server1 inventry]# cd ..
[root@server1 playbook]# ls
ansible.cfg httpd.conf.j2 inventry playbook.yml README.md
[root@server1 playbook]# git add .
[root@server1 playbook]# git status -s
[root@server1 playbook]# git commit -m "add playbook"
[root@server1 playbook]# git push -u origin master
7. 参数化构建测试
选择test主机进行部署测试,查看部署是否成功
[root@server1 playbook]# curl localhost:8000
server1
[root@server1 playbook]# netstat -antlp| grep :8000
tcp6 0 0 :::8000 :::* LISTEN 519/httpd
tcp6 0 0 ::1:40804 ::1:8000 TIME_WAIT -
测试通过
二、搭建harbor仓库,结合jenkins完成从harbor仓库拉取镜像启动容器
1. 搭建harbor仓库
[root@server3 ~]# ls
docker-compose-Linux-x86_64-1.27.0 harbor-offline-installer-v1.10.1.tgz
[root@server3 ~]# mv docker-compose-Linux-x86_64-1.27.0 /usr/local/bin/docker-compose
[root@server3 ~]# chmod +x /usr/local/bin/docker-compose ##赋予二进制程序可执行权限
[root@server3 ~]# docker-compose
[root@server3 ~]# ls
harbor-offline-installer-v1.10.1.tgz
[root@server3 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz
[root@server3 ~]# ls
harbor harbor-offline-installer-v1.10.1.tgz
[root@server3 ~]# cd harbor/
[root@server3 harbor]# ls
common.sh harbor.v1.10.1.tar.gz harbor.yml install.sh LICENSE prepare
[root@server3 harbor]# vim harbor.yml
[root@server3 harbor]# mkdir /data
[root@server3 harbor]# cd /data/
[root@server3 data]# ls
[root@server3 data]# mkdir certs
[root@server3 data]# ls
certs
[root@server3 data]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt
[root@server3 data]# cd certs/
[root@server3 certs]# ls
westos.org.crt westos.org.key
[root@server3 certs]# pwd
/data/certs
关闭apache再安装harbor,防止80端口冲突
[root@server3 ~]# cd harbor/
[root@server3 harbor]# ls
common.sh harbor.v1.10.1.tar.gz harbor.yml install.sh LICENSE prepare
[root@server3 harbor]# systemctl disable --now httpd
[root@server3 harbor]# ./install.sh
[root@server3 harbor]# docker-compose ps
2. 上传镜像至harbor仓库
[root@server3 ~]# cd /data/
[root@server3 data]# cd certs/
[root@server3 certs]# ls
westos.org.crt westos.org.key
[root@server3 certs]# scp westos.org.crt server2:/etc/docker/certs.d/reg.westos.org/ca.crt ##复制证书到server2相关目录中
[root@server2 ~]# vim /etc/hosts ##添加harbor仓库的解析
[root@server2 ~]# cd /etc/docker/
[root@server2 docker]# ls
key.json
[root@server2 docker]# mkdir certs.d
[root@server2 docker]# cd certs.d/
[root@server2 certs.d]# ls
[root@server2 certs.d]# mkdir reg.westos.org
[root@server2 certs.d]# cd reg.westos.org/
[root@server2 reg.westos.org]# ls
[root@server2 reg.westos.org]# ls
ca.crt
需要登陆harbor仓库之后才能上传镜像
[root@server2 reg.westos.org]# cd
[root@server2 ~]# docker login reg.westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server2 ~]# cd .docker/ ##登陆一次之后用户信息将会被保存在相关目录下,之后不需要再次登陆
[root@server2 .docker]# ls
config.json
[root@server2 .docker]# cat config.json
[root@server2 ~]# docker tag nginx:latest reg.westos.org/library/nginx:latest
[root@server2 .docker]# docker push reg.westos.org/library/nginx:latest
成功上传镜像到harbor仓库
[root@server3 harbor]# vim /etc/hosts
[root@server3 harbor]# cd /etc/docker/
[root@server3 docker]# ls
daemon.json key.json
[root@server3 docker]# mkdir certs.d
[root@server3 docker]# cd certs.d/
[root@server3 certs.d]# mkdir reg.westos.org
[root@server3 certs.d]# cd reg.westos.org/
[root@server3 reg.westos.org]# cp /data/certs/westos.org.crt ca.crt
[root@server3 reg.westos.org]# ls
ca.crt
[root@server3 reg.westos.org]# docker pull reg.westos.org/library/nginx:latest
[root@server3 ~]# docker run -d --name nginx -p 8080:80 reg.westos.org/library/nginx
3. 更改test项目配置,从harbor仓库中自动拉取镜像
禁用docker项目
测试test项目,看能否自动将构建好的镜像上传到harbor仓库
harbor仓库中已经上传了jenkins根据gitlab的dockerfile所构建的镜像,测试成功。
4. 更改默认拉取镜像路径并作测试
配置server3(habor仓库)的相关参数,更改其默认拉取镜像的路径并作测试
[root@server3 ~]# cd /etc/docker/
[root@server3 docker]# ls
certs.d daemon.json key.json
[root@server3 docker]# vim daemon.json
{
"registry-mirrors": ["https://reg.westos.org"]
}
[root@server3 docker]# systemctl reload docker
[root@server3 docker]# docker info
[root@server3 docker]# docker images | grep webserver
[root@server3 docker]# docker rmi 192.168.0.2:5000/webserver:latest
[root@server3 docker]# docker images | grep webserver
webserver latest d54972bae236 10 hours ago 133MB
[root@server3 docker]# docker ps | grep webserver
0b440cf59543 webserver:latest "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp webserver
[root@server3 docker]# docker inspect webserver
[root@server3 docker]# curl 172.17.0.2
www.redhat.org
www.redhat.org
www.redhat.org
www.redhat.org
harbor私有仓库
默认镜像仓库已被更改
更改docker项目配置,使之能够从harbor仓库拉取镜像并启动容器
测试是否在目的环境启动相关容器
手动触发,立即构建
镜像自动拉取成功,容器启动成功
成功看到测试页内容