容器化代码上线

gitlab

file

file

file

环境准备

主机名 WanIP 内存 应用
db01 10.0.0.51 6G-8G docker(gitlab) 、docker(jenkins)、docker
db02 10.0.0.52 1G docker、harbor
db03 10.0.0.53 1G docker、docker(web01)
####### gitlab
# 1.创建gitlab数据目录
mkdir /data/gitlab/{config,logs,data} -p

sudo docker run --detach \
  --hostname 10.0.0.51 \
  --publish 443:443 --publish 80:80 --publish 2222:22 \
  --name gitlab \
  --restart always \
  --volume /data/gitlab/config:/etc/gitlab \
  --volume /data/gitlab/logs:/var/log/gitlab \
  --volume /data/gitlab/data:/var/opt/gitlab \
  gitlab/gitlab-ce:latest

## gitlab初始密码
docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
bK7fZ3y4CHaiF/S8Y8/l4F2rn3A57yOdeyF7qILLoFg=

## gitlab忘记root密码
root@gitlab:/# gitlab-rails console
user = User.where(id: 1).first
user.password = '这里要输入8位密码'
user.save!

# 2.docker-compose
version: '3'
services:
  web:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://10.0.0.51'
        gitlab_rails['gitlab_shell_ssh_port'] = 2222
        alertmanager['enable'] = false
        grafana['enable'] = false
        prometheus['enable'] = false
        node_exporter['enable'] = false
        redis_exporter['enable'] = false
        postgres_exporter['enable'] = false
        gitlab_exporter['enable'] = false
        pgbouncer_exporter['enable'] = false
    ports:
      - '80:80'
      - '2222:22'
    volumes:
      - '/data/gitlab/config:/etc/gitlab'
      - '/data/gitlab/logs:/var/log/gitlab'
      - '/data/gitlab/data:/var/opt/gitlab'

 ########### Jenkins
 # 1.创建Jenkins数据目录
[root@db01 ~]#mkdir /data/jenkins/data

 # 2.如果不是使用root用户启动Jenkins
 This will store the jenkins data in /your/home on the host. Ensure that /your/home is accessible by the jenkins user in container (jenkins user - uid 1000) or use -u some_other_user

 创建一个uid为1000的用户

 # 3.如果不使用root用户
 ## 无法使用root用户的秘钥对免密连接
 ## 访问不了 .docker 目录,无法保持Jenkins登录harbor状态
 ## 无法将代码,放入其它目录(传统方式会遇到)

 docker run \
 --name myjenkins \
 --user=root \
 --privileged=true \
 -p 8080:8080 -p 50000:50000 \
 -v /data/jenkins/data:/var/jenkins_home \
 -v /root/.ssh:/root/.ssh \
 -v /root/.docker:/root/.docker \
 -v /etc/docker/daemon.json:/etc/docker/daemon.json \
 -v /bin/docker:/bin/docker \
 -v /var/run/docker.sock:/var/run/docker.sock \
 -d jenkins/jenkins

version: '3'
services:
  web:
    image: 'jenkins/jenkins'
    restart: always
    user: root
    privileged: true
    ports:
      - '8080:8080'
      - '50000:50000'
    volumes:
      - /data/jenkins/data:/var/jenkins_home
      - /root/.ssh:/root/.ssh
      - /root/.docker:/root/.docker
      - /etc/docker/daemon.json:/etc/docker/daemon.json
      - /bin/docker:/bin/docker
      - /var/run/docker.sock:/var/run/docker.sock

Running Docker in Docker currently requires privileged access to function properly. This requirement may be relaxed with newer Linux kernel versions.
在 Docker 中运行 Docker 目前需要特权访问才能正常运行。较新的 Linux 内核版本可能会放宽此要求。

file

echo '编写dockerfile中...'
cat > /var/jenkins_home/workspace/Dockerfile <<EOF
FROM nginx:latest
COPY $JOB_NAME /usr/share/nginx/html
EOF

echo '构建docker镜像...'
cd /var/jenkins_home/workspace/ && \
docker build -t 10.0.0.52/jenkins/web:$GIT_COMMIT .

echo '镜像推送到harbor...'
docker push 10.0.0.52/jenkins/web:$GIT_COMMIT

echo '部署代码...'
container_count=`ssh root@172.16.1.53 "docker ps -a|grep 'web'|wc -l"`

if [ $container_count -ne 0 ];then
  ssh root@172.16.1.53 "docker stop web;docker rm web"
fi
ssh root@172.16.1.53 "docker run -it --name web -p 80:80 -d 10.0.0.52/jenkins/web:$GIT_COMMIT"

山林不向四季起誓 荣枯随缘