文章目录

展开

启动 gitlab 和 jenkins 存在的问题

1)gitlab拉代码地址
2)Jenkins如何拉gitlab代码
3)Jenkins公钥如何永久保存
4)Jenkins拉下来代码之后,需要将代码打到docker镜像中,jenkins这台容器如何执行docker命令
5)Jenkins中,如何登录harbor(永久登录harbor)

环境准备

主机 IP 角色
docker01 10.0.0.101 gitlab、jenkins
harbor 10.0.0.99 harbor 私有镜像仓库
docker02 10.0.0.102 web

使用 docker 部署 gitlab

gitlab基本操作:tp

# 启动gitlab
[root@docker01 ~]# docker run --detach \
--hostname gitlab.wodeyumengouwo.com \
--restart always \
--publish 443:443 --publish 80:80 --publish 222:22 \
--name gitlab \
--volume /data/gitlab/config:/etc/gitlab \
--volume /data/gitlab/logs:/var/log/gitlab \
--volume /data/gitlab/data:/var/opt/gitlab \
--shm-size 256m \
gitlab/gitlab-ce:latest

# 优化配置文件
[root@docker01 ~]# vim /data/gitlab/config/gitlab.rb 
## 可省略(--hostname指定了)
external_url 'http://gitlab.wodeyumengouwo.com'
## 解决它给的克隆代码地址不对的问题
gitlab_rails['gitlab_shell_ssh_port'] = '222'
### 关闭普罗米修斯
prometheus['enable'] = false
prometheus['monitor_kubernetes'] = false
prometheus_monitoring['enable'] = false
### 告警关闭
alertmanager['enable'] = false
### 关闭前端node功能
node_exporter['enable'] = false
### 关闭redis功能
redis_exporter['enable'] = false
### 关闭postgre功能
postgres_exporter['enable'] = false
### 图形展示
grafana['enable'] = false

# 重新加载配置文件
[root@docker01 ~]# docker exec -it gitlab /bin/bash
root@gitlab:/# gitlab-ctl reconfigure

#查看登陆密码
[root@docker01 ~]# docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
Password: NzcKwZ1Ec+/4k+5k1BSbC/W+M+DcG7PQg8IYi96TIfE=

# 访问

image-20230914194927824

新建仓库查看克隆地址

image-20230914195401255

使用docker部署jenkins

## 运行
## --user指定启动jenkins的用户为root 这个选项是jenkins才有的
[root@docker01 jenkins]# docker run \
--name jenkins \
-p 8080:8080 \
-p 50000:50000 \
--user=root \
--privileged=true \
--restart always \
-v /root/.ssh:/root/.ssh \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /data/jenkins:/var/jenkins_home \
-v /root/.docker:/root/.docker \
-v /etc/docker:/etc/docker \
-d jenkins/jenkins:2.422
## --user指定启动jenkins的用户为root 这个选项是jenkins才有的
## --privileged=true 是允许docker in docker 容器里使用docker命令
## -v /var/run/docker.sock:/var/run/docker.sock 把sock文件存放的目录映射到容器里 执行docker命令通过socket文件找到服务端(docker in docker)
## -v /root/.docker:/root/.docker 是harbor登陆验证保存文件
## -v /root/.ssh:/root/.ssh 密钥存放目录也映射到容器里 共用密钥对 因为宿主机的密钥已经放到gitlab了 Jenkins删除容器 秘钥也不会变

## 查看密码
[root@docker01 ~]# docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
988b9967d2b04771bf2d4006372dfa1f

image-20230914200226819

image-20230914200313407

免密

## 生成密钥
[root@docker01 ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:6ZgoL77uk+OKjffl7MgAPezl6kOLSsWJIeRyGNeA+qI root@docker01
The key's randomart image is:
+---[RSA 2048]----+
|.ooo             |
|++  .            |
|=o.              |
|+++ .    .       |
|.o++.   S        |
|.o++ . +         |
|.=+oo + .        |
|EoO* =           |
|*OXB=.+          |
+----[SHA256]-----+

## 查看公钥
[root@docker01 ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHyXKx/BcMXVRHTWUkaccmykcIsSavKmJ91EGGhc2CDeoUsOhK/HUprOhEaYlDM6SgvwKqhMGEFrl07AHccJ4wCn87CFMO6pr/ATSFojrtrCyq6YMsaVCBqd/WgPnvSU+g03tChSZJDkgghxJ6lVO8z1Sy6wVTara0H5W0bXSIR7mLzijyO5iidulEjmkHZi6mVL6zRkYL6m/l5Y42nkundHRjiGfs0eCB2akHg+qeXYkmVpTP90QHygglQCnnkHnvoUfiYBPCDz8YYDr8n5c0AxrP44GsXxomTA0cZ1IQ9eUeI7DmiOCXZviuXCLuEz2/gSR3fZjpt+8Qi07UrNVF root@

## 进入jenkins容器与宿主机免密
[root@docker01 ~]# docker exec -it jenkins /bin/bash
root@58dd2f46b08c:/# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.101

## 测试连接
root@58dd2f46b08c:/# ssh 10.0.0.101
Last login: Thu Sep 14 19:12:10 2023 from 10.0.0.1
[root@docker01 ~]# 

配置gitlab公钥

image-20230914201934959

上传代码到gitlab

## 安装git
[root@docker01 ~]# yum install -y git

## 拉取代码
[root@docker01 ~]# git clone ssh://git@gitlab.wodeyumengouwo.com:222/root/web.git
Cloning into 'web'...
remote: Enumerating objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 3
Receiving objects: 100% (3/3), done.
[root@docker01 ~]# ll
total 8
-rw-------. 1 root root 1512 Apr 11 16:23 anaconda-ks.cfg
-rw-r--r--  1 root root  195 Apr 12 09:11 ip.sh
drwxr-xr-x  3 root root   35 Sep 14 20:24 web
[root@docker01 ~]# cd web

## 全局设置
[root@docker01 web]#  git config --global user.email "you@example.com"
[root@docker01 web]#   git config --global user.name "Your Name"

## 上传代码
[root@docker01 web]# git add .
[root@docker01 web]# git commit -m 'v1'
[root@docker01 web]# git push --all
[root@docker01 web]# git tag -a 'v1' -m '黄色'
[root@docker01 web]# git push --tag

配置jenkins

## 删除插件目录
[root@docker01 web]# cd /data/jenkins/
[root@docker01 jenkins]# rm -fr plugins/

## 上传插件包解压到/data/jenkins

# 重启jenkins

新建项目

image-20230914204117804

image-20230914204241962

image-20230914204320261

image-20230914204426007

image-20230914204453127

image-20230914204512050

image-20230914204611615

cd $WORKSPACE
cat > Dockerfile << EOF
FROM nginx:alpine 
COPY index.html  main.js  style.css /usr/share/nginx/html/ 
EOF
docker build -t web:$tag .
docker tag web:$tag 10.0.0.99/wordpress/web:${GIT_COMMIT}
docker push 10.0.0.99/wordpress/web:${GIT_COMMIT}
ssh 10.0.0.102 "docker rm -f web"
ssh 10.0.0.102 "docker run --name web -p 80:80 -d 10.0.0.99/wordpress/web:${GIT_COMMIT}"

101 102登陆harbor

## 修改docker配置文件
[root@docker01 freestyle-web]# cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://wonf909n.mirror.aliyuncs.com"],
  "insecure-registries": ["http://10.0.0.99"]
}
## 重启docker
[root@docker01 freestyle-web]# systemctl restart docker
## 登陆harbor
[root@docker02 ~]# docker login 10.0.0.99

## jenkins与102免密
root@b3f1ea0607a9:/# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.102

image-20230914212356795

image-20230914212455073