Jenkins+Docker+Git实现自动化CI/CD

在如今的互联网时代，随着软件开发复杂度的不断提高，软件开发和发布管理也越来越重要。目前已经形成一套标准的流程，最重要的组成部分就是持续集成（Continuous Integration，CI）及持续部署、交付（CD）。在此，我们来以一个案例初步了解 CI 流程。那么什么是 CI 呢？简单来讲，CI 就是将传统的代码合并、构建、部署、测试都集成在一起，不断地执行这个过程，并对结果进行反馈。

CI 流程设计图：

工作流程：

开发人员提交代码到Git版本仓库；
Jenkins人工/定时触发项目构建；
Jenkins拉取代码、代码编码、打包镜像、推送到镜像仓库；
Jenkins在Docker主机创建容器并发布

主机环境规划：

docker-jenkins： 10.0.0.98
docker-git-harbor：10.0.0.99

01 部署Git代码版本仓库

安装：

[root@docker-git-harbor ~]# yum install git -y

配置git用户：

[root@docker-git-harbor ~]# useradd git
[root@docker-git-harbor ~]# passwd git

创建库：

[git@docker-git-harbor ~]$ mkdir tomcat-java-demo.git
[git@docker-git-harbor ~]$ cd tomcat-java-demo.git/
[git@docker-git-harbor tomcat-java-demo.git]$ git --bare init
Initialized empty Git repository in /home/git/tomcat-java-demo.git/
[git@docker-git-harbor tomcat-java-demo.git]$ ls
branches config description HEAD hooks info objects refs
[git@docker-git-harbor tomcat-java-demo.git]$

另一台docker-jenkins访问该仓库：

[root@docker-jenkins ~]# git clone git@10.0.0.99:/home/git/tomcat-java-demo.git
Cloning into 'solo'...
The authenticity of host '10.0.0.99 (10.0.0.99)' can't beestablished.
ECDSA key fingerprintis SHA256:XNWQhGsAsqd84k/6OYV3xl1+mPGjtASsxeV1YVLZVas.
ECDSA keyfingerprint is MD5:b4:bd:16:2b:de:e7:7c:fd:c5:dd:91:75:20:ff:3e:0a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.99' (ECDSA) to the list of known hosts.
git@10.0.0.99'spassword:
warning: You appear to have cloned an empty repository.
[root@docker-jenkins ~]# ls
anaconda-ks.cfg tomcat-java-demo.git
[root@docker-jenkins ~]# ls tomcat-java-demo.git
[root@docker-jenkins ~]#

模拟生产项目，拉取github上的一个demo，并上传至本地git库

[root@docker-jenkins ~]# mv tomcat-java-demo tomcat-java-demo.bak
[root@docker-jenkins ~]# git clone https://github.com/dingkai163/tomcat-java-demo.git
[root@docker-jenkins tomcat-java-demo]# cat .git/config
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = git@10.0.0.99:/home/git/tomcat-java-demo.git # 修改为本地的git库地址
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
[root@docker-jenkins tomcat-java-demo]# git add .
[root@docker-jenkins tomcat-java-demo]# git status
# On branch master
nothing to commit, working directory clean
[root@docker-jenkins tomcat-java-demo]# git commit -m "all"
# On branch master
nothingto commit, working directory clean
[root@docker-jenkins tomcat-java-demo]# git push origin master
git@10.0.0.99'spassword:
Counting objects: 229, done.
Compressing objects: 100% (185/185), done.
Writing objects: 100% (229/229), 4.52 MiB | 0 bytes/s, done.
Total 229 (delta 25), reused 229 (delta 25)
To git@10.0.0.99:/home/git/tomcat-java-demo.git
* [new branch] master -> master
[root@docker-jenkins tomcat-java-demo]#

02 jenkins环境部署

部署jdk环境及maven

[root@docker-jenkins ~]# mkdir tools
[root@docker-jenkins ~]# cd tools
[root@docker-jenkins tools]# rz -y
[root@docker-jenkins tools]# tar zxvf jdk-8u45-linux-x64.tar.gz
[root@docker-jenkins tools]# mv jdk1.8.0_45 /usr/local/jdk
[root@docker-jenkins tools]# vim /etc/profile
JAVA_HOME=/usr/local/jdk
PATH=$PATH:$JAVA_HOME/bin CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export JAVA_HOME PATH CLASSPATH
[root@docker-jenkins tools]# source /etc/profile
[root@docker-jenkins tools]# java -version
java version "1.8.0_45"
Java(TM)SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM)64-Bit Server VM (build 25.45-b02, mixed mode)
[root@docker-jenkins tools]# tar zxf apache-maven-3.5.0-bin.tar.gz
[root@docker-jenkins tools]# mv apache-maven-3.5.0 /usr/local/maven

在10.0.0.98主机安装Jenkins，下载Tomcat二进制包将war包到webapps下即可：

[root@docker-jenkins tools]# wget http://mirrors.jenkins.io/war-stable/latest/jenkins.war
[root@docker-jenkins tools]# wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v8.5.38/bin/apache-tomcat-8.5.38.tar.gz
[root@docker-jenkins tools]# tar zxf apache-tomcat-8.5.38.tar.gz
[root@docker-jenkins tools]# ls
apache-tomcat-8.5.38 apache-tomcat-8.5.38.tar.gz jdk-8u45-linux-x64.tar.gz jenkins.war
[root@docker-jenkins tools]# mv apache-tomcat-8.5.38 /usr/local/tomcat-jenkins
[root@docker-jenkins tools]# ls /usr/local/tomcat-jenkins/webapps/
docs examples host-manager manager ROOT
[root@docker-jenkins tools]# rm -rf /usr/local/tomcat-jenkins/webapps/*
[root@docker-jenkins tools]# mv jenkins.war /usr/local/tomcat-jenkins/webapps/ROOT.war
[root@docker-jenkins tools]# ll /usr/local/tomcat-jenkins/webapps/
total 75520
-rw-r--r--. 1 root root 77330344 Mar 15 00:55 ROOT.war
[root@docker-jenkins tools]# cd /usr/local/tomcat-jenkins/bin/
[root@docker-jenkins bin]# ./startup.sh
Using CATALINA_BASE: /usr/local/tomcat-jenkins
UsingCATALINA_HOME: /usr/local/tomcat-jenkins
Using CATALINA_TMPDIR: /usr/local/tomcat-jenkins/temp
Using JRE_HOME: /usr/local/jdk1.8
Using CLASSPATH: /usr/local/tomcat-jenkins/bin/bootstrap.jar:/usr/local/tomcat-jenkins/bin/tomcat-juli.jar
Tomcat started.
[root@docker-jenkins bin]#

启动后，浏览器访问http://10.0.0.98:8080/，按提示输入密码，登录即可。

03 部署私有镜像仓库

企业级harbor镜像仓库部署：

https://www.cnblogs.com/kaye/p/10524391.html

构建Tomcat基础镜像，并推送到harbor镜像库：

[root@docker-git-harbor ~]# cd tomcat
[root@docker-git-harbor tomcat]# cat Dockerfile-tomcat
FROM centos:7
MAINTAINER www.cnblogs.com/kaye/
ENV VERSION=8.5.38
RUN yum install java-1.8.0-openjdkwget curl unzip iproute net-tools -y && \
yum clean all && \
rm -rf /var/cache/yum/*
RUN wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v${VERSION}/bin/apachetomcat-${VERSION}.tar.gz && \
tar zxf apache-tomcat-${VERSION}.tar.gz && \
mv apache-tomcat-${VERSION} /usr/local/tomcat && \
rm -rf apache-tomcat-${VERSION}.tar.gz /usr/local/tomcat/webapps/* && \
mkdir /usr/local/tomcat/webapps/test && \
echo "ok" > /usr/local/tomcat/webapps/test/status.html && \
sed -i '1a JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"' /usr/local/tomcat/bin/catalina.sh && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ENV PATH $PATH:/usr/local/tomcat/bin
EXPOSE 8080
CMD ["catalina.sh", "run"]
[root@docker-git-harbor tomcat]# docker build -t tomcat:v1 -f Dockerfile-tomcat .
[root@docker-git-harbor tomcat]# docker tag tomcat:v1 reg.dingkai.com/library/tomcat:v1
[root@docker-git-harbor tomcat]# docker login reg.dingkai.com
[root@docker-git-harbor tomcat]# docker push reg.dingkai.com/library/tomcat:v1

04 Jenkins安装必要插件

由于jenkins是离线安装，所有在此需要配置一下插件下载地址：系统管理-->插件管理-->Advanced

修改下方地址，将https修改为http 再点Submit

Submit后点击Available，Check now此时我们可以看到很多可获得插件

首先搜索并安装Pipeline插件
pipeline 是一套运行于jenkins上的工作流框架，将原本独立运行于单个或者多个节点的任务连接起来，实现单个任务难以完成的复杂流程编排与可视化。

再安装SCM to job 插件，同上步骤（搜索，安装）。

05 项目创建

创建jobs

选择流水线类型

到这里我们就开始配置Pipeline script，点击Pipeline语法，来自动生成我们需要的配置。

如下图，我们Git方式，配置Git仓库地址，再添加认证相关。

这里我们使用的是秘钥认证方式，需要将jenkins上生成的公钥发送到git服务器上，然后将jenkins上的生成的私钥内容粘贴到下图Key中，这样jenkins就可以免交互的拉取git仓库中的代码了。

[root@docker-jenkins bin]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which tosavethe key (/root/.ssh/id_rsa):
Enterpassphrase (empty for no passphrase):
Enter same passphrase again:
Your identification hasbeen saved in /root/.ssh/id_rsa.
Your public keyhas been saved in /root/.ssh/id_rsa.pub.
The keyfingerprint is:
SHA256:1vD8XM3lDYFmrxgAbwPTLwb0fl+oEx8cFgtykpg4ODI root@
docker-jenkins
The key's randomart image is:
+---[RSA 2048]----+
| . o==o.o ... |
|E o o +=++ .+o . |
| o . . .*o o+.. .|
| oo*oo o.=o|
| .S.*o+.o =|
| . ..B.+ |
| o = |
| . |
| |
+----[SHA256]-----+
[root@docker-jenkins bin]# cd
[root@docker-jenkins ~]#
[root@docker-jenkins ~]#
[root@docker-jenkins ~]# ls .ssh/
id_rsa id_rsa.pub known_hosts
[root@docker-jenkins ~]# ssh-copy-id git@10.0.0.99
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
git@10.0.0.99'spassword:
Number of key(s)added: 1
Now trylogging into the machine, with: "ssh 'git@10.0.0.99'"
andcheck to make sure that onlythe key(s)you wanted were added.
[root@docker-jenkins ~]#

配置完成后，我们就可以生成Pipeline脚本了。点击下方Generate Pipeline Script，然后复制方框内的内容。

编写我们所需要的Pipeline脚本如下，将其粘贴到script的拉取代码模块中，并修改分支master为${branch}，其他模块内容自行编写。

node {
// 拉取代码 stage('Git Checkout') {
checkout([$class: 'GitSCM', branches: [[name: '${branch}']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'c42214eb-db1e-49fb-83c9-f78d1f4310a2', url: 'git@10.0.0.99:/home/git/tomcat-java-demo.git']]])
} // 代码编译 stage('Maven Build') {
sh '''
export JAVA_HOME=/usr/local/jdk
/usr/local/maven/bin/mvn clean package -Dmaven.test.skip=true ''' } // 项目打包到镜像并推送到镜像仓库
/usr/local/maven/bin/mvn clean package -Dmaven.test.skip=true ''' } // 项目打包到镜像并推送到镜像仓库 stage('Build and Push Image') {sh '''REPOSITORY=reg.dingkai.com/library/tomcat-java-demo:${branch}
cat > Dockerfile << EOFFROM reg.dingkai.com/library/tomcat:v1
MAINTAINER kaiRUN rm -rf /usr/local/tomcat/webapps/*ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
EOF
EOF
docker build -t $REPOSITORY .
docker login reg.dingkai.com -u admin -p 123456
docker push $REPOSITORY'''
}
// 部署到Docker主机
'''
}
// 部署到Docker主机
stage('Deploy to Docker') {
sh '''
REPOSITORY=reg.dingkai.com/library/tomcat-java-demo:${branch}
docker rm -f tomcat-java-demo |true
docker pull $REPOSITORY
docker container run -d --name tomcat-java-demo -p 88:8080 $REPOSITORY
'''
}
}