1.jenkins部署
环境
| ip | 服务 | 节点role |
|---|---|---|
| 192.168.0.150 | gitlab | manager |
| 192.168.0.150 | jenkins | manager |
| 192.168.0.152 | nexus docker私库 | worker |
拉取基础镜像
docker pull jenkinsci/blueocean
自定义Dockerfile
FROM jenkinsci/blueocean:latest
ADD apache-maven-3.5.4-bin.tar.gz /usr/maven
生成自定义镜像
docker build -t jenkinsci/blueocean:v1 .
创建docker-compose.yml
version: "3"
services:
jenkins:
image: jenkinsci/blueocean:v1
ports:
- 8088:8080
networks:
- ldap_overlay
- deploy_overlay
volumes:
- "/root/docker/jenkins/data:/var/jenkins_home"
- "/var/run/docker.sock:/var/run/docker.sock"
- "/etc/localtime:/etc/localtime:ro"
- "./settings.xml:/usr/maven/apache-maven-3.5.4/conf/settings.xml"
deploy:
placement:
constraints: [node.hostname==node150]
restart_policy:
condition: any
delay: 5s
max_attempts: 3
networks:
ldap_overlay:
external: true
deploy_overlay:
external: true
启动服务前还有三点需要注意
- jenkins容器内需要使用docker client来访问宿主机docker daemon,需要将在宿主机进行socket文件授权
chmod 666 /var/run/docker.sock - 挂载的数据目录必须加入到jenkins用户用户组
chown -R jenkins.jenkins data - 垢面构建应用镜像时需要使用maven私有仓库进行打包编译,这里需要将配置好的settings.xml映射到jenkins容器中的maven中
cat settings.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!--
| This is the configuration file for Maven. It can be specified at two levels:
|
| 1. User Level. This settings.xml file provides configuration for a single user,
| and is normally provided in ${user.home}/.m2/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -s /path/to/user/settings.xml
|
| 2. Global Level. This settings.xml file provides configuration for all Maven
| users on a machine (assuming they're all using the same Maven
| installation). It's normally provided in
| ${maven.conf}/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -gs /path/to/global/settings.xml
|
| The sections in this sample file are intended to give you a running start at
| getting the most out of your Maven installation. Where appropriate, the default
| values (values used when the setting is not specified) are provided.
|
|-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<!-- localRepository
| The path to the local repository maven will use to store artifacts.
|
| Default: ${user.home}/.m2/repository
<localRepository>/path/to/local/repo</localRepository>
-->
<localRepository>/var/jenkins_home/repository</localRepository>
<!-- interactiveMode
| This will determine whether maven prompts you when it needs input. If set to false,
| maven will use a sensible default value, perhaps based on some other setting, for
| the parameter in question.
|
| Default: true
<interactiveMode>true</interactiveMode>
-->
<!-- offline
| Determines whether maven should attempt to connect to the network when executing a build.
| This will have an effect on artifact downloads, artifact deployment, and others.
|
| Default: false
<offline>false</offline>
-->
<!-- pluginGroups
| This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e.
| when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers
| "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list.
|-->
<pluginGroups>
<!-- pluginGroup
| Specifies a further group identifier to use for plugin lookup.
<pluginGroup>com.your.plugins</pluginGroup>
-->
</pluginGroups>
<!-- proxies
| This is a list of proxies which can be used on this machine to connect to the network.
| Unless otherwise specified (by system property or command-line switch), the first proxy
| specification in this list marked as active will be used.
|-->
<proxies>
<!-- proxy
| Specification for one proxy, to be used in connecting to the network.
|
<proxy>
<id>optional</id>
<active>true</active>
<protocol>http</protocol>
<username>proxyuser</username>
<password>proxypass</password>
<host>proxy.host.net</host>
<port>80</port>
<nonProxyHosts>local.net|some.host.com</nonProxyHosts>
</proxy>
-->
</proxies>
<!-- servers
| This is a list of authentication profiles, keyed by the server-id used within the system.
| Authentication profiles can be used whenever maven must make a connection to a remote server.
|-->
<servers>
<!-- server
| Specifies the authentication information to use when connecting to a particular server, identified by
| a unique name within the system (referred to by the 'id' attribute below).
|
| NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
| used together.
|
<server>
<id>deploymentRepo</id>
<username>repouser</username>
<password>repopwd</password>
</server>
-->
<server>
<id>maven-public</id>
<username>waka2020</username>
<password>!QAZ1qaz</password>
</server>
<server>
<id>maven-releases</id>
<username>waka2020</username>
<password>!QAZ1qaz</password>
</server>
<server>
<id>maven-snapshots</id>
<username>waka2020</username>
<password>!QAZ1qaz</password>
</server>
<!-- Another sample, using keys to authenticate.
<server>
<id>siteServer</id>
<privateKey>/path/to/private/key</privateKey>
<passphrase>optional; leave empty if not used.</passphrase>
</server>
-->
</servers>
<!-- mirrors
| This is a list of mirrors to be used in downloading artifacts from remote repositories.
|
| It works like this: a POM may declare a repository to use in resolving certain artifacts.
| However, this repository may have problems with heavy traffic at times, so people have mirrored
| it to several places.
|
| That repository definition will have a unique id, so we can create a mirror reference for that
| repository, to be used as an alternate download site. The mirror site will be the preferred
| server for that repository.
|-->
<mirrors>
<!-- mirror
| Specifies a repository mirror site to use instead of a given repository. The repository that
| this mirror serves has an ID that matches the mirrorOf element of this mirror. IDs are used
| for inheritance and direct lookup purposes, and must be unique across the set of mirrors.
|
<mirror>
<id>mirrorId</id>
<mirrorOf>repositoryId</mirrorOf>
<name>Human Readable Name for this Mirror.</name>
<url>http://my.repository.com/repo/path</url>
</mirror>
-->
<mirror>
<id>maven-public</id>
<mirrorOf>*</mirrorOf>
<name>maven-public</name>
<url>http://192.168.0.152:8081/repository/maven-public/</url>
</mirror>
</mirrors>
<!-- profiles
| This is a list of profiles which can be activated in a variety of ways, and which can modify
| the build process. Profiles provided in the settings.xml are intended to provide local machine-
| specific paths and repository locations which allow the build to work in the local environment.
|
| For example, if you have an integration testing plugin - like cactus - that needs to know where
| your Tomcat instance is installed, you can provide a variable here such that the variable is
| dereferenced during the build process to configure the cactus plugin.
|
| As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles
| section of this document (settings.xml) - will be discussed later. Another way essentially
| relies on the detection of a system property, either matching a particular value for the property,
| or merely testing its existence. Profiles can also be activated by JDK version prefix, where a
| value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'.
| Finally, the list of active profiles can be specified directly from the command line.
|
| NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact
| repositories, plugin repositories, and free-form properties to be used as configuration
| variables for plugins in the POM.
|
|-->
<profiles>
<!-- profile
| Specifies a set of introductions to the build process, to be activated using one or more of the
| mechanisms described above. For inheritance purposes, and to activate profiles via <activatedProfiles/>
| or the command line, profiles have to have an ID that is unique.
|
| An encouraged best practice for profile identification is to use a consistent naming convention
| for profiles, such as 'env-dev', 'env-test', 'env-production', 'user-jdcasey', 'user-brett', etc.
| This will make it more intuitive to understand what the set of introduced profiles is attempting
| to accomplish, particularly when you only have a list of profile id's for debug.
|
| This profile example uses the JDK version to trigger activation, and provides a JDK-specific repo.
<profile>
<id>jdk-1.4</id>
<activation>
<jdk>1.4</jdk>
</activation>
<repositories>
<repository>
<id>jdk14</id>
<name>Repository for JDK 1.4 builds</name>
<url>http://www.myhost.com/maven/jdk14</url>
<layout>default</layout>
<snapshotPolicy>always</snapshotPolicy>
</repository>
</repositories>
</profile>
-->
<!--
| Here is another profile, activated by the system property 'target-env' with a value of 'dev',
| which provides a specific path to the Tomcat instance. To use this, your plugin configuration
| might hypothetically look like:
|
| ...
| <plugin>
| <groupId>org.myco.myplugins</groupId>
| <artifactId>myplugin</artifactId>
|
| <configuration>
| <tomcatLocation>${tomcatPath}</tomcatLocation>
| </configuration>
| </plugin>
| ...
|
| NOTE: If you just wanted to inject this configuration whenever someone set 'target-env' to
| anything, you could just leave off the <value/> inside the activation-property.
|
<profile>
<id>env-dev</id>
<activation>
<property>
<name>target-env</name>
<value>dev</value>
</property>
</activation>
<properties>
<tomcatPath>/path/to/tomcat/instance</tomcatPath>
</properties>
</profile>
-->
</profiles>
<!-- activeProfiles
| List of profiles that are active for all builds.
|
<activeProfiles>
<activeProfile>alwaysActiveProfile</activeProfile>
<activeProfile>anotherAlwaysActiveProfile</activeProfile>
</activeProfiles>
-->
</settings>
服务启动
dokcer stack deploy -c docker-compose.yml 150
2.Jenkins配置
配置Gitlab Api Token、配置jenkins连接项目的凭据、配置jenkins连接docker私有仓库的凭据
Git Api Token的作用是可以让第三方平台自动拉取代码分支
项目凭据是拉取代码的授权认证
docker私有仓库凭据是拉取自定义镜像的授权认证
2.1.凭据配置
Gitlab Api Token配置
获取gitlab token
凭据配置
将上面获取的token填入确认即可,同时还需要设置
项目凭据和docker私有库凭据配置
对应的账号密码
docker私有仓库还需要在系统设置里设置
凭据查看
2.2.maven/jdk路径配置
jdk镜像中默认安装的openjdk
2.3.创建构建用的pipeline工程
自定义jdk基础镜像
cat Dockerfile
FROM centos:7
MAINTAINER linuxwt <tengwanginit@gmail.com>
######更换163源######
RUN yum -y install wget \
gcc \
&& wget http://mirrors.163.com/.help/CentOS7-Base-163.repo \
&& mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak \
&& mv -f CentOS7-Base-163.repo /etc/yum.repos.d/CentOS-Base.repo \
&& yum makecache
######配置jdk#####
WORKDIR /usr
RUN mkdir /usr/local/java
ADD jdk-8u192-linux-x64.tar.gz /usr/local/java
RUN ln -s /usr/local/java/jdk1.8.0_192 /usr/local/java/jdk
ENV JAVA_HOME /usr/local/java/jdk
ENV JRE_HOME ${JAVA_HOME}/jre
ENV CLASSPATH .:${JAVA_HOME}/lib:${JRE_HOME}/lib
ENV PATH ${JAVA_HOME}/bin:$PATH
docker build -t soa-maven-jdk:v1 .
上传镜像到docker私库
docker tag soa-maven-jdk:v1 192.168.0.152/soa-maven-jdk:v1
docker push 192.168.0.152/soa-maven-jdk:v1
该镜像将用于工程镜像的基础镜像
创建工程provider的pipeline
源代码结构
cat Jenkinsfile
node {
stage('Prepare') {
sh "rm -Rf *"
def mvnHome = tool 'maven'
env.PATH = "${mvnHome}/bin:${env.PATH}"
registry_url = "192.168.0.152:8082"
checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [],
userRemoteConfigs: [[credentialsId: '44ae1c08-e857-4dc6-9ae5-5b65fc12209f', url: "http://192.168.0.150:8000/waka2020/provider.git"]]])
pom = readMavenPom file: "pom.xml"
img_name = "${pom.groupId}-${pom.artifactId}"
img_tag = "${pom.version}"
img = "${img_name}:${img_tag}"
registry_img = "${registry_url}/${img}"
}
stage('Build Code') {
sh "mvn clean install"
}
stage('Build Image And Push') {
docker.withRegistry("http://${registry_url}",'01385c55-7871-4868-a03a-889c4dc403ec') {
def customimage = docker.build("${img}")
customimage.push()
}
}
stage('Delete Image') {
sh "docker rmi ${registry_img}"
sh "docker rmi ${img}"
}
}
镜像构建文件
cat Dockerfile
FROM 192.168.0.152:8082/soa-maven-jdk:v1
ADD target/*jar /tmp/
WORKDIR /tmp
CMD java -jar $(ls *.jar)
jenkins配置provider工程的pipeline
新建流水线
上图中的token是用来配置webhook的,作用是通过该token来监控gitlab的代码是否有更新,需要去gitlab做如下配置
创建consumer工程的pipeline
源代码结构
cat Jenkinsfile
pipeline {
agent any
tools {
maven 'maven'
}
stages {
stage('Build') {
steps {
sh 'mvn clean install'
}
}
stage('Push') {
agent any
environment {
GROUP = readMavenPom().getGroupId()
ARTIFACT = readMavenPom().getArtifactId()
VERSION = readMavenPom().getVersion()
}
steps {
script {
docker.withRegistry("http://192.168.0.152:8082",'01385c55-7871-4868-a03a-889c4dc403ec') {
def customimage = docker.build("${GROUP}-${ARTIFACT}:${VERSION}")
customimage.push()
}
}
sh "docker rmi ${GROUP}-${ARTIFACT}:${VERSION}"
sh "docker rmi 192.168.0.152:8082/${GROUP}-${ARTIFACT}:${VERSION}"
}
}
}
}
镜像构建文件
cat Dockerfile
FROM 192.168.0.152:8082/soa-maven-jdk:v1
ADD target/*jar /tmp/
WORKDIR /tmp
CMD java -jar $(ls *.jar)
jenkins配置consumer工程的pipeline
同前面的provider配置,只是gitlab仓库换成consumer的
2.4.配置工程发布
jenkins配置工程provider-service
创建一个自由风格的任务
Build
#!/bin/bash
mv /var/jenkins_home/jobs/provider/workspace/target/*jar /var/jenkins_home/jobs/provider-service/workspace
jarfile=$(ls -l *.jar | awk '{print $9}')
tagstr=${jarfile%.*}
tag=${tagstr#*-}
cat <<EOF> docker-compose.yml
version: "3.4"
services:
provider:
image: 192.168.0.152:8082/com.teng-provider:$tag
networks:
- service_overlay
- monitor_overlay
- database_overlay
- elk_overlay
ports:
- 8083:8083
volumes:
- "/etc/localtime:/etc/localtime:ro"
deploy:
placement:
constraints: [node.hostname==node150]
restart_policy:
condition: any
delay: 5s
max_attempts: 3
networks:
service_overlay:
external: true
monitor_overlay:
external: true
database_overlay:
external: true
elk_overlay:
external: true
EOF
rm -f *.jar
jenkins配置工程consumer-service
Build
#!/bin/bash
cp /var/jenkins_home/jobs/consumer/workspace/target/*jar ./
jarfile=$(ls -l *.jar | awk '{print $9}')
tagstr=${jarfile%.*}
tag=${tagstr#*-}
cat <<EOF> docker-compose.yml
version: "3.4"
services:
consumer:
image: 192.168.0.152:8082/com.teng-consumer:$tag
networks:
- service_overlay
- monitor_overlay
- database_overlay
- elk_overlay
ports:
- 8084:8084
volumes:
- "/etc/localtime:/etc/localtime:ro"
deploy:
placement:
constraints: [node.hostname==node150]
restart_policy:
condition: any
delay: 5s
max_attempts: 3
networks:
service_overlay:
external: true
monitor_overlay:
external: true
database_overlay:
external: true
elk_overlay:
external: true
EOF
rm -f *.jar
同时执行命令行
3.测试
jenkins上点击工程provider与consumer开始构建
服务器查看
