文章目录
展开启动 gitlab 和 jenkins 存在的问题
1)gitlab拉代码地址
2)Jenkins如何拉gitlab代码
3)Jenkins公钥如何永久保存
4)Jenkins拉下来代码之后,需要将代码打到docker镜像中,jenkins这台容器如何执行docker命令
5)Jenkins中,如何登录harbor(永久登录harbor)
环境准备
主机 | IP | 角色 |
---|---|---|
docker01 | 10.0.0.101 | gitlab、jenkins |
harbor | 10.0.0.99 | harbor 私有镜像仓库 |
docker02 | 10.0.0.102 | web |
使用 docker 部署 gitlab
gitlab基本操作:tp
# 启动gitlab
[root@docker01 ~]# docker run --detach \
--hostname gitlab.wodeyumengouwo.com \
--restart always \
--publish 443:443 --publish 80:80 --publish 222:22 \
--name gitlab \
--volume /data/gitlab/config:/etc/gitlab \
--volume /data/gitlab/logs:/var/log/gitlab \
--volume /data/gitlab/data:/var/opt/gitlab \
--shm-size 256m \
gitlab/gitlab-ce:latest
# 优化配置文件
[root@docker01 ~]# vim /data/gitlab/config/gitlab.rb
## 可省略(--hostname指定了)
external_url 'http://gitlab.wodeyumengouwo.com'
## 解决它给的克隆代码地址不对的问题
gitlab_rails['gitlab_shell_ssh_port'] = '222'
### 关闭普罗米修斯
prometheus['enable'] = false
prometheus['monitor_kubernetes'] = false
prometheus_monitoring['enable'] = false
### 告警关闭
alertmanager['enable'] = false
### 关闭前端node功能
node_exporter['enable'] = false
### 关闭redis功能
redis_exporter['enable'] = false
### 关闭postgre功能
postgres_exporter['enable'] = false
### 图形展示
grafana['enable'] = false
# 重新加载配置文件
[root@docker01 ~]# docker exec -it gitlab /bin/bash
root@gitlab:/# gitlab-ctl reconfigure
#查看登陆密码
[root@docker01 ~]# docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
Password: NzcKwZ1Ec+/4k+5k1BSbC/W+M+DcG7PQg8IYi96TIfE=
# 访问
新建仓库查看克隆地址
使用docker部署jenkins
## 运行
## --user指定启动jenkins的用户为root 这个选项是jenkins才有的
[root@docker01 jenkins]# docker run \
--name jenkins \
-p 8080:8080 \
-p 50000:50000 \
--user=root \
--privileged=true \
--restart always \
-v /root/.ssh:/root/.ssh \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /data/jenkins:/var/jenkins_home \
-v /root/.docker:/root/.docker \
-v /etc/docker:/etc/docker \
-d jenkins/jenkins:2.422
## --user指定启动jenkins的用户为root 这个选项是jenkins才有的
## --privileged=true 是允许docker in docker 容器里使用docker命令
## -v /var/run/docker.sock:/var/run/docker.sock 把sock文件存放的目录映射到容器里 执行docker命令通过socket文件找到服务端(docker in docker)
## -v /root/.docker:/root/.docker 是harbor登陆验证保存文件
## -v /root/.ssh:/root/.ssh 密钥存放目录也映射到容器里 共用密钥对 因为宿主机的密钥已经放到gitlab了 Jenkins删除容器 秘钥也不会变
## 查看密码
[root@docker01 ~]# docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
988b9967d2b04771bf2d4006372dfa1f
免密
## 生成密钥
[root@docker01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:6ZgoL77uk+OKjffl7MgAPezl6kOLSsWJIeRyGNeA+qI root@docker01
The key's randomart image is:
+---[RSA 2048]----+
|.ooo |
|++ . |
|=o. |
|+++ . . |
|.o++. S |
|.o++ . + |
|.=+oo + . |
|EoO* = |
|*OXB=.+ |
+----[SHA256]-----+
## 查看公钥
[root@docker01 ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHyXKx/BcMXVRHTWUkaccmykcIsSavKmJ91EGGhc2CDeoUsOhK/HUprOhEaYlDM6SgvwKqhMGEFrl07AHccJ4wCn87CFMO6pr/ATSFojrtrCyq6YMsaVCBqd/WgPnvSU+g03tChSZJDkgghxJ6lVO8z1Sy6wVTara0H5W0bXSIR7mLzijyO5iidulEjmkHZi6mVL6zRkYL6m/l5Y42nkundHRjiGfs0eCB2akHg+qeXYkmVpTP90QHygglQCnnkHnvoUfiYBPCDz8YYDr8n5c0AxrP44GsXxomTA0cZ1IQ9eUeI7DmiOCXZviuXCLuEz2/gSR3fZjpt+8Qi07UrNVF root@
## 进入jenkins容器与宿主机免密
[root@docker01 ~]# docker exec -it jenkins /bin/bash
root@58dd2f46b08c:/# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.101
## 测试连接
root@58dd2f46b08c:/# ssh 10.0.0.101
Last login: Thu Sep 14 19:12:10 2023 from 10.0.0.1
[root@docker01 ~]#
配置gitlab公钥
## 生成密钥
[root@docker01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:6ZgoL77uk+OKjffl7MgAPezl6kOLSsWJIeRyGNeA+qI root@docker01
The key's randomart image is:
+---[RSA 2048]----+
|.ooo |
|++ . |
|=o. |
|+++ . . |
|.o++. S |
|.o++ . + |
|.=+oo + . |
|EoO* = |
|*OXB=.+ |
+----[SHA256]-----+
## 查看公钥
[root@docker01 ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHyXKx/BcMXVRHTWUkaccmykcIsSavKmJ91EGGhc2CDeoUsOhK/HUprOhEaYlDM6SgvwKqhMGEFrl07AHccJ4wCn87CFMO6pr/ATSFojrtrCyq6YMsaVCBqd/WgPnvSU+g03tChSZJDkgghxJ6lVO8z1Sy6wVTara0H5W0bXSIR7mLzijyO5iidulEjmkHZi6mVL6zRkYL6m/l5Y42nkundHRjiGfs0eCB2akHg+qeXYkmVpTP90QHygglQCnnkHnvoUfiYBPCDz8YYDr8n5c0AxrP44GsXxomTA0cZ1IQ9eUeI7DmiOCXZviuXCLuEz2/gSR3fZjpt+8Qi07UrNVF root@
## 进入jenkins容器与宿主机免密
[root@docker01 ~]# docker exec -it jenkins /bin/bash
root@58dd2f46b08c:/# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.101
## 测试连接
root@58dd2f46b08c:/# ssh 10.0.0.101
Last login: Thu Sep 14 19:12:10 2023 from 10.0.0.1
[root@docker01 ~]#
上传代码到gitlab
## 安装git
[root@docker01 ~]# yum install -y git
## 拉取代码
[root@docker01 ~]# git clone ssh://git@gitlab.wodeyumengouwo.com:222/root/web.git
Cloning into 'web'...
remote: Enumerating objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 3
Receiving objects: 100% (3/3), done.
[root@docker01 ~]# ll
total 8
-rw-------. 1 root root 1512 Apr 11 16:23 anaconda-ks.cfg
-rw-r--r-- 1 root root 195 Apr 12 09:11 ip.sh
drwxr-xr-x 3 root root 35 Sep 14 20:24 web
[root@docker01 ~]# cd web
## 全局设置
[root@docker01 web]# git config --global user.email "you@example.com"
[root@docker01 web]# git config --global user.name "Your Name"
## 上传代码
[root@docker01 web]# git add .
[root@docker01 web]# git commit -m 'v1'
[root@docker01 web]# git push --all
[root@docker01 web]# git tag -a 'v1' -m '黄色'
[root@docker01 web]# git push --tag
配置jenkins
## 删除插件目录
[root@docker01 web]# cd /data/jenkins/
[root@docker01 jenkins]# rm -fr plugins/
## 上传插件包解压到/data/jenkins
# 重启jenkins
## 安装git
[root@docker01 ~]# yum install -y git
## 拉取代码
[root@docker01 ~]# git clone ssh://git@gitlab.wodeyumengouwo.com:222/root/web.git
Cloning into 'web'...
remote: Enumerating objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 3
Receiving objects: 100% (3/3), done.
[root@docker01 ~]# ll
total 8
-rw-------. 1 root root 1512 Apr 11 16:23 anaconda-ks.cfg
-rw-r--r-- 1 root root 195 Apr 12 09:11 ip.sh
drwxr-xr-x 3 root root 35 Sep 14 20:24 web
[root@docker01 ~]# cd web
## 全局设置
[root@docker01 web]# git config --global user.email "you@example.com"
[root@docker01 web]# git config --global user.name "Your Name"
## 上传代码
[root@docker01 web]# git add .
[root@docker01 web]# git commit -m 'v1'
[root@docker01 web]# git push --all
[root@docker01 web]# git tag -a 'v1' -m '黄色'
[root@docker01 web]# git push --tag
## 删除插件目录
[root@docker01 web]# cd /data/jenkins/
[root@docker01 jenkins]# rm -fr plugins/
## 上传插件包解压到/data/jenkins
# 重启jenkins
新建项目
cd $WORKSPACE
cat > Dockerfile << EOF
FROM nginx:alpine
COPY index.html main.js style.css /usr/share/nginx/html/
EOF
docker build -t web:$tag .
docker tag web:$tag 10.0.0.99/wordpress/web:${GIT_COMMIT}
docker push 10.0.0.99/wordpress/web:${GIT_COMMIT}
ssh 10.0.0.102 "docker rm -f web"
ssh 10.0.0.102 "docker run --name web -p 80:80 -d 10.0.0.99/wordpress/web:${GIT_COMMIT}"
101 102登陆harbor
## 修改docker配置文件
[root@docker01 freestyle-web]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://wonf909n.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.99"]
}
## 重启docker
[root@docker01 freestyle-web]# systemctl restart docker
## 登陆harbor
[root@docker02 ~]# docker login 10.0.0.99
## jenkins与102免密
root@b3f1ea0607a9:/# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.102
Comments | NOTHING