容器化代码上线
gitlab
环境准备
主机名 |
WanIP |
内存 |
应用 |
db01 |
10.0.0.51 |
6G-8G |
docker(gitlab) 、docker(jenkins)、docker |
db02 |
10.0.0.52 |
1G |
docker、harbor |
db03 |
10.0.0.53 |
1G |
docker、docker(web01) |
####### gitlab
# 1.创建gitlab数据目录
mkdir /data/gitlab/{config,logs,data} -p
sudo docker run --detach \
--hostname 10.0.0.51 \
--publish 443:443 --publish 80:80 --publish 2222:22 \
--name gitlab \
--restart always \
--volume /data/gitlab/config:/etc/gitlab \
--volume /data/gitlab/logs:/var/log/gitlab \
--volume /data/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
## gitlab初始密码
docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
bK7fZ3y4CHaiF/S8Y8/l4F2rn3A57yOdeyF7qILLoFg=
## gitlab忘记root密码
root@gitlab:/# gitlab-rails console
user = User.where(id: 1).first
user.password = '这里要输入8位密码'
user.save!
# 2.docker-compose
version: '3'
services:
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
hostname: 'gitlab.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://10.0.0.51'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
alertmanager['enable'] = false
grafana['enable'] = false
prometheus['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
gitlab_exporter['enable'] = false
pgbouncer_exporter['enable'] = false
ports:
- '80:80'
- '2222:22'
volumes:
- '/data/gitlab/config:/etc/gitlab'
- '/data/gitlab/logs:/var/log/gitlab'
- '/data/gitlab/data:/var/opt/gitlab'
########### Jenkins
# 1.创建Jenkins数据目录
[root@db01 ~]#mkdir /data/jenkins/data
# 2.如果不是使用root用户启动Jenkins
This will store the jenkins data in /your/home on the host. Ensure that /your/home is accessible by the jenkins user in container (jenkins user - uid 1000) or use -u some_other_user
创建一个uid为1000的用户
# 3.如果不使用root用户
## 无法使用root用户的秘钥对免密连接
## 访问不了 .docker 目录,无法保持Jenkins登录harbor状态
## 无法将代码,放入其它目录(传统方式会遇到)
docker run \
--name myjenkins \
--user=root \
--privileged=true \
-p 8080:8080 -p 50000:50000 \
-v /data/jenkins/data:/var/jenkins_home \
-v /root/.ssh:/root/.ssh \
-v /root/.docker:/root/.docker \
-v /etc/docker/daemon.json:/etc/docker/daemon.json \
-v /bin/docker:/bin/docker \
-v /var/run/docker.sock:/var/run/docker.sock \
-d jenkins/jenkins
version: '3'
services:
web:
image: 'jenkins/jenkins'
restart: always
user: root
privileged: true
ports:
- '8080:8080'
- '50000:50000'
volumes:
- /data/jenkins/data:/var/jenkins_home
- /root/.ssh:/root/.ssh
- /root/.docker:/root/.docker
- /etc/docker/daemon.json:/etc/docker/daemon.json
- /bin/docker:/bin/docker
- /var/run/docker.sock:/var/run/docker.sock
Running Docker in Docker currently requires privileged access to function properly. This requirement may be relaxed with newer Linux kernel versions.
在 Docker 中运行 Docker 目前需要特权访问才能正常运行。较新的 Linux 内核版本可能会放宽此要求。
echo '编写dockerfile中...'
cat > /var/jenkins_home/workspace/Dockerfile <<EOF
FROM nginx:latest
COPY $JOB_NAME /usr/share/nginx/html
EOF
echo '构建docker镜像...'
cd /var/jenkins_home/workspace/ && \
docker build -t 10.0.0.52/jenkins/web:$GIT_COMMIT .
echo '镜像推送到harbor...'
docker push 10.0.0.52/jenkins/web:$GIT_COMMIT
echo '部署代码...'
container_count=`ssh root@172.16.1.53 "docker ps -a|grep 'web'|wc -l"`
if [ $container_count -ne 0 ];then
ssh root@172.16.1.53 "docker stop web;docker rm web"
fi
ssh root@172.16.1.53 "docker run -it --name web -p 80:80 -d 10.0.0.52/jenkins/web:$GIT_COMMIT"
Comments | NOTHING