资料下载地址
链接:https://pan.baidu.com/s/12dQ-B82t5mVBwklKYI9ByA?pwd=ue0u
提取码:ue0u
DevOps 是 Development(开发)和 Operations(运维)的组合,是 ⼀种⽅法论,是⼀组过程、⽅法与系统的统称,⽤于促进应⽤开发、应2 ⽤运维和质量保障(QA)部⻔之间的沟通、协作与整合,以期打破传 统开发和运营之间的壁垒和鸿沟 CI/CD 的主要概念是持续集成、持续交付和持续部署。 CI/CD 是解决集成新代码可能给开发和运营团队带来的问题(⼜名“集 成地狱”)的解决⽅案。
开发机-》gitlab->jenkins->生产服务器 80 8080
27.129 130
systemctl stop firewalld
systemctl stop firewalld.service
systemctl disable firewalld.service
firewall-cmd --zone=public --remove-port=80/tcp --permanent
# 修改时区
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#
hwclock -w
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum makecache fast
sudo yum -y install docker-ce
sudo service docker start
docker version
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://fskvstob.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
生产 安装jdk
yum -y install java-1.8.0-openjdk-devel.x86_64
sudo cat >> /etc/profile <<-'EOF'
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
EOF
source /etc/profile
echo $JAVA_HOME
docker服务器操作
rm -rf /etc/gitlab
rm -rf /var/log/gitlab
rm -rf /var/opt/gitlab
docker rm -f gitlab
mkdir -p /etc/gitlab
mkdir -p /var/log/gitlab
mkdir -p /var/opt/gitlab
chmod -R 755 /etc/gitlab
chmod -R 755 /var/log/gitlab
chmod -R 755 /var/opt/gitlab
docker run --name gitlab \
--hostname gitlab.example.com \
--restart=always \
-v /etc/gitlab:/etc/gitlab \
-v /var/log/gitlab:/var/log/gitlab \
-v /var/opt/gitlab:/var/opt/gitlab \
-p 80:80 \
-d gitlab/gitlab-ce
查看gitlab 初始化账号密码
docker logs -f gitlab
但是你会发现gitlab日志一直在持续输出,不方便查看。
sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
⽤户头像->Preferences->Password修改初始密码
cd /usr/local
wget --no-check-certificate https://manongbiji.oss-cn-beijing.aliyuncs.com/ittailkshow/devops/download/jdk-8u341-linux-x64.tar.gz
wget --no-check-certificate https://manongbiji.oss-cn-beijing.aliyuncs.com/ittailkshow/devops/download/apache-maven-3.8.6-bin.tar.gz
tar zxvf jdk-8u341-linux-x64.tar.gz
tar zxvf apache-maven-3.8.6-bin.tar.gz
mv jdk1.8.0_341 jdk
mv apache-maven-3.8.6 maven
rm -f jdk-8u341-linux-x64.tar.gz
rm -f apache-maven-3.8.6-bin.tar.gz
cd /usr/local/maven/conf
# 使用别人配置好的maven
rm -f settings.xml
wget --no-check-certificate https://manongbiji.oss-cn-beijing.aliyuncs.com/ittailkshow/devops/download/settings.xml
rm -rf /var/jenkins/
docker rm -f jenkins
mkdir -p /var/jenkins/
chmod -R 777 /var/jenkins/
docker run --name jenkins \
--restart=always \
-v /var/jenkins/:/var/jenkins_home/ \
-v /usr/local/jdk:/usr/local/jdk \
-v /usr/local/maven:/usr/local/maven \
-p 8080:8080 \
-e JENKINS_UC=https://mirrors.cloud.tencent.com/jenkins/ \
-e JENKINS_UC_DOWNLOAD=https://mirrors.cloud.tencent.com/jenkins/ \
-d jenkins/jenkins:2.395
docker logs -f jenkins
docker exec -it jenkins bash
⾸⻚点击Manage Jenkins _>管理插件
添加Git Parameter与Publish Over SSH 两款插件即可
首先将代码提交到gitlab(此步骤忽略)
sh /usr/local/maven/bin/mvn package
之前并没有配置⽬标服务器,点击主界⾯“系统配置”找到Public Over SSH,新增⼀个SSH Server
Name:Target-130
Hostname:192.168.27.130
Username:root
Remote Directory:/usr/local
Password: 123456
SSH Server:
name:Target-130
Source files:target/*.jar
Exec command
pkill java
nohup java -jar /usr/local/target/myproject.jar & sleep 1 (一秒钟推出)
一定记得点击高级,exec in pty
Dockerfile⽂件
FROM openjdk:8-slim
WORKDIR /usr/local
COPY myproject.jar .
CMD java -jar myproject.jar
回到Jenkins,找到构建后操作,删除Exec command所有内容
add transfer set:增加一个传输项
Source files:docker/*
Exec command
echo 0
点击运行发现生产服务器多了两个文件夹docker 和 target,现在将两个目录合并在一起
Remove prefix:target
Remove prefix:docker
docker build -t it/myproject:1.0 /usr/local/
docker rm -f myproject
docker run -d -p 80:80--name=myproject it/myproject:1.0
需要pkill 掉之前的java进程
开发机-》gitlab->jenkins->Harbor->生产服务器
cat > /etc/sysctl.conf <<-'EOF'
net.ipv4.ip_forward=1
vm.max_map_count=655360
EOF
sysctl -p
systemctl stop firewalld
⾃动部署安装Docker-Compose
不好下本地安装吧 sudo curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
service docker restart
下载离线harbor安装包
下载链接:https://github.com/goharbor/harbor/releases
cd /usr/local
太大了,离线装吧 wget --no-check-certificate https://github.com/goharbor/harbor/releases/download/v1.10.14/harbor-offline-installer-v1.10.14.tgz
wget https://ghproxy.com/https://github.com/goharbor/harbor/releases/download/v2.5.3/harbor-offline-installer-v2.5.3.tgz
tar xzvf harbor-offline-installer-v2.5.3.tgz
修改Habor核⼼配置⽂件harbor.yml
hostname:192.168.27.132
注释掉https.*
默认密码:Harbor12345
安装Harbor
./install
Harbor由⼗多个容器组合构成,必须使⽤docker-compose才可以款速安装
卸载Harbor
docker-compose down
⽤户名:admin
密码:Harbor12345
Harbor新建镜像仓库
项⽬名称:public
访问级别:公开
在132Harbor服务器,修改daemon.json,增加harbor私有仓库地址,insecure-registries
cat > /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://fskvstob.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.27.132:80"]
}
EOF
systemctl daemon-reload
systemctl restart docker
生产服务器也同时添加上面的,进行测试
docker images
docker tag b7909ddfe5d1 192.168.27.132:80/public/myproject:1.0 必须包含版本号(public仓库名称 myproject:1.0自定义)
docker login -u admin -p Harbor12345 192.168.27.132:80
docker push 192.168.27.132:80/public/myproject:1.0
开发机-》gitlab->jenkins->Harbor->生产服务器
确保Harbor节点上登记了insecure-registries
cat > /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://fskvstob.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.27.132:80"]
}
EOF
systemctl daemon-reload
systemctl restart docker
在系统设置中新增SSH Server:
name:Harbor-132
hostname:192.168.27.132
username:root
password:123456
remote directory:/usr/local
向Harbor传输Jar⽂件 向Harbor节点传输Dockerfile,并构建、推送容器
docker build -t 192.168.27.132:80/public/myproject:1.0 /usr/local/
docker login -u admin -p Harbor12345 192.168.27.132:80
docker push 192.168.27.132:80/public/myproject:1.0
docker rm -f myproject
docker run -d -p 80:80 --name=myproject 192.168.27.132:80/public/myproject:1.0
此处注意,生产节点也必须添加
cat > /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://fskvstob.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.27.132:80"]
}
EOF
systemctl daemon-reload
systemctl restart docker
解决固定版本号问题
名称:tag
描述:发布的版本号
默认值:orgin/main
原本的package前新增Shell,现⾏checkout指定的版本,$tag引⽤选择的版本号
git checkout $tag
Harbor仓库Exec command,将所有1.0改为$tag进⾏引⽤
点击repository->tag,进行打标签
开始构建
Pipeline流⽔线提供了脚本化,按阶段步骤处理
配置过程
参照之前选择参数化构建
pipeline {
agent any
stages {
stage('Pull SourceCode'){
steps{
这里取流水线代码生成checkout
}
}
}
}
stage('Maven Build') {
steps {
这里取流水线代码生成 shell
}
}
stage('Publish Harbor Image') {
steps {
这里取流水线代码生成 sendbuild ssh
}
}
stage('Run Container') {
steps {
这里取流水线代码生成 sendbuild ssh
}
}
完整脚本
pipeline {
agent any
stages {
stage('Pull SourceCode'){
steps{
checkout scmGit(branches: [[name: '$tag']], extensions: [], userRemoteConfigs: [[credentialsId: '5431ccf7-c145-454a-902a-86c9f0a31b22', url: 'http://192.168.27.129/root/cicd.git']])
}
}
stage('Maven Build') {
steps {
sh '/usr/local/maven/bin/mvn package'
}
}
stage('Publish Harbor Image') {
steps {
sshPublisher(publishers: [sshPublisherDesc(configName: 'Target-132', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: '', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: 'target', sourceFiles: 'target/*.jar'), sshTransfer(cleanRemote: false, excludes: '', execCommand: '''docker build -t 192.168.27.132:80/public/myproject:$tag /usr/local/
docker login -u admin -p Harbor12345 192.168.27.132:80
docker push 192.168.27.132:80/public/myproject:$tag''', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: 'docker', sourceFiles: 'docker/*')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
}
}
stage('Run Container') {
steps {
sshPublisher(publishers: [sshPublisherDesc(configName: 'Target-130', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: '''docker rm -f myproject
docker run -d -p 80:80 --name=myproject 192.168.27.132:80/public/myproject:$tag''', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: '')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
}
}
}
}
Repository URL: http://192.168.27.129/root/cicd.git
在源码根路径下新增Jenkinsfile,内容与直接使⽤Script完全相同,然
后上传⾄master分⽀即可。
Jenkins Pipeline会先从Gitlab下载Jekinsfile,在读取脚本执⾏
开发机-》gitlab->jenkins->Harbor->k9s->生产服务器
随着系统可部署组件的数量增⻓,把它们都管理起来会变得越来越困难。需要⼀个更好的⽅式来部署和
管理这些组件,并⽀持基础设施的全球性伸缩,⾕歌可能是第⼀个意识到这⼀点的公司。⾕歌等全球少
数⼏个公司运⾏着成千上万的服务器,⽽且在如此海量规模下,不得不处理部署管理的问题。这推动着
他们找出解决⽅案使成千上万组件的管理变得有效且成本低廉。
Kubernetes是⼀个软件系统,它允许你在其上很容易地部署和管理容器化的应⽤。它依赖于Linux容器的
特性来运⾏异构应⽤,⽽⽆须知道这些应⽤的内部详情,也不需要⼿动将这些应⽤部署到每台机器。因
为这些应⽤运⾏在容器⾥,它们不会影响运⾏在同⼀台服务器上的其他应⽤,当你是为完全不同的组织
机构运⾏应⽤时,这就很关键了。这对于云供应商来说是⾄关重要的,因为它们在追求⾼硬件可⽤率的
同时也必须保障所承载应⽤的完全隔离。
tar xf k8s-2022-04-24.tar
cd k8s-2022-04-24
bash install.sh
选择第一个
安装成功,⽣成各种⽤户名密码