基于 Jenkins+Docker+Git 的CI流程初探

来源：cnblogs　　作者：ThreeCode　　时间：2019/3/22 8:49:37　　对本文有异议

在如今的互联网时代，随着软件开发复杂度的不断提高，软件开发和发布管理也越来越重要。目前已经形成一套标准的流程，最重要的组成部分就是持续集成（Continuous Integration，CI）及持续部署、交付（CD）。在此，我们来以一个案例初步了解 CI 流程。那么什么是 CI 呢？简单来讲，CI 就是将传统的代码合并、构建、部署、测试都集成在一起，不断地执行这个过程，并对结果进行反馈。

CI 流程设计图：

工作流程：

1. 开发人员提交代码到Git版本仓库；
2. Jenkins人工/定时触发项目构建；
3. Jenkins拉取代码、代码编码、打包镜像、推送到镜像仓库；
4. Jenkins在Docker主机创建容器并发布

主机环境规划：

docker-jenkins： 10.0.0.98

docker-git-harbor：10.0.0.99

1. 部署Git代码版本仓库

安装：

[root@docker-git-harbor ~]# yum install git -y

配置git用户：

[root@docker-git-harbor ~]# useradd git
[root@docker-git-harbor ~]# passwd git

创建库：

[git@docker-git-harbor ~]$ mkdir tomcat-java-demo.git
[git@docker-git-harbor ~]$ cd tomcat-java-demo.git/
[git@docker-git-harbor tomcat-java-demo.git]$ git --bare init
Initialized empty Git repository in /home/git/tomcat-java-demo.git/
[git@docker-git-harbor tomcat-java-demo.git]$ ls
branches  config  description  HEAD  hooks  info  objects  refs
[git@docker-git-harbor tomcat-java-demo.git]$

另一台docker-jenkins访问该仓库：

[root@docker-jenkins ~]# git clone git@10.0.0.99:/home/git/tomcat-java-demo.git
Cloning into 'solo'...
The authenticity of host '10.0.0.99 (10.0.0.99)' can't be established.
ECDSA key fingerprint is SHA256:XNWQhGsAsqd84k/6OYV3xl1+mPGjtASsxeV1YVLZVas.
ECDSA key fingerprint is MD5:b4:bd:16:2b:de:e7:7c:fd:c5:dd:91:75:20:ff:3e:0a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.99' (ECDSA) to the list of known hosts.
git@10.0.0.99's password: 
warning: You appear to have cloned an empty repository.
[root@docker-jenkins ~]# ls
anaconda-ks.cfg  tomcat-java-demo.git
[root@docker-jenkins ~]# ls tomcat-java-demo.git
[root@docker-jenkins ~]#

模拟生产项目，拉取github上的一个demo，并上传至本地git库

[root@docker-jenkins ~]# mv tomcat-java-demo tomcat-java-demo.bak
[root@docker-jenkins ~]# git clone https://github.com/dingkai163/tomcat-java-demo.git
[root@docker-jenkins tomcat-java-demo]# cat .git/config 
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = git@10.0.0.99:/home/git/tomcat-java-demo.git  # 修改为本地的git库地址
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[root@docker-jenkins tomcat-java-demo]# git add .
[root@docker-jenkins tomcat-java-demo]# git status
# On branch master
nothing to commit, working directory clean
[root@docker-jenkins tomcat-java-demo]# git commit -m "all"
# On branch master
nothing to commit, working directory clean
[root@docker-jenkins tomcat-java-demo]# git push origin master
git@10.0.0.99's password: 
Counting objects: 229, done.
Compressing objects: 100% (185/185), done.
Writing objects: 100% (229/229), 4.52 MiB | 0 bytes/s, done.
Total 229 (delta 25), reused 229 (delta 25)
To git@10.0.0.99:/home/git/tomcat-java-demo.git
 * [new branch]      master -> master
[root@docker-jenkins tomcat-java-demo]#

2. jenkins环境部署

部署jdk环境及maven

[root@docker-jenkins ~]# mkdir tools
[root@docker-jenkins ~]# cd tools
[root@docker-jenkins tools]# rz -y
[root@docker-jenkins tools]# tar zxvf jdk-8u45-linux-x64.tar.gz
[root@docker-jenkins tools]# mv jdk1.8.0_45 /usr/local/jdk
[root@docker-jenkins tools]# vim /etc/profile
JAVA_HOME=/usr/local/jdk  
PATH=$PATH:$JAVA_HOME/bin  CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar  
export JAVA_HOME PATH CLASSPATH
[root@docker-jenkins tools]# source /etc/profile
[root@docker-jenkins tools]# java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
 
[root@docker-jenkins tools]# tar zxf apache-maven-3.5.0-bin.tar.gz 
[root@docker-jenkins tools]# mv apache-maven-3.5.0 /usr/local/maven

在10.0.0.98主机安装Jenkins，下载Tomcat二进制包将war包到webapps下即可：

[root@docker-jenkins tools]# wget http://mirrors.jenkins.io/war-stable/latest/jenkins.war
[root@docker-jenkins tools]# wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v8.5.38/bin/apache-tomcat-8.5.38.tar.gz
[root@docker-jenkins tools]# tar zxf apache-tomcat-8.5.38.tar.gz 
[root@docker-jenkins tools]# ls
apache-tomcat-8.5.38  apache-tomcat-8.5.38.tar.gz  jdk-8u45-linux-x64.tar.gz  jenkins.war
[root@docker-jenkins tools]# mv apache-tomcat-8.5.38 /usr/local/tomcat-jenkins
[root@docker-jenkins tools]# ls /usr/local/tomcat-jenkins/webapps/
docs  examples  host-manager  manager  ROOT
[root@docker-jenkins tools]# rm -rf /usr/local/tomcat-jenkins/webapps/*
[root@docker-jenkins tools]# mv jenkins.war /usr/local/tomcat-jenkins/webapps/ROOT.war
[root@docker-jenkins tools]# ll /usr/local/tomcat-jenkins/webapps/
total 75520
-rw-r--r--. 1 root root 77330344 Mar 15 00:55 ROOT.war
[root@docker-jenkins tools]# cd /usr/local/tomcat-jenkins/bin/
[root@docker-jenkins bin]# ./startup.sh 
Using CATALINA_BASE:   /usr/local/tomcat-jenkins
Using CATALINA_HOME:   /usr/local/tomcat-jenkins
Using CATALINA_TMPDIR: /usr/local/tomcat-jenkins/temp
Using JRE_HOME:        /usr/local/jdk1.8
Using CLASSPATH:       /usr/local/tomcat-jenkins/bin/bootstrap.jar:/usr/local/tomcat-jenkins/bin/tomcat-juli.jar
Tomcat started.
[root@docker-jenkins bin]#

启动后，浏览器访问http://10.0.0.98:8080/，按提示输入密码，登录即可。

3. 部署私有镜像仓库

企业级harbor镜像仓库部署：

https://www.cnblogs.com/kaye/p/10524391.html

构建Tomcat基础镜像，并推送到harbor镜像库：

[root@docker-git-harbor ~]# cd tomcat
[root@docker-git-harbor tomcat]# cat Dockerfile-tomcat
FROM centos:7
MAINTAINER www.cnblogs.com/kaye/
 
ENV VERSION=8.5.38
 
RUN yum install java-1.8.0-openjdk wget curl unzip iproute net-tools -y &&     yum clean all && \ 
    rm -rf /var/cache/yum/*
RUN wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v${VERSION}/bin/apachetomcat-${VERSION}.tar.gz &&     tar zxf apache-tomcat-${VERSION}.tar.gz &&     mv apache-tomcat-${VERSION} /usr/local/tomcat &&     rm -rf apache-tomcat-${VERSION}.tar.gz /usr/local/tomcat/webapps/* &&     mkdir /usr/local/tomcat/webapps/test &&     echo "ok" > /usr/local/tomcat/webapps/test/status.html &&     sed -i '1a JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"' /usr/local/tomcat/bin/catalina.sh &&     ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 
ENV PATH $PATH:/usr/local/tomcat/bin
 
EXPOSE 8080
CMD ["catalina.sh", "run"]
[root@docker-git-harbor tomcat]# docker build -t tomcat:v1 -f Dockerfile-tomcat .
[root@docker-git-harbor tomcat]# docker tag tomcat:v1 reg.dingkai.com/library/tomcat:v1
[root@docker-git-harbor tomcat]# docker login reg.dingkai.com
[root@docker-git-harbor tomcat]# docker push reg.dingkai.com/library/tomcat:v1

4. Jenkins安装必要插件

由于jenkins是离线安装，所有在此需要配置一下插件下载地址：系统管理-->插件管理-->Advanced

修改下方地址，将https修改为http 再点Submit

Submit后点击Available，Check now此时我们可以看到很多可获得插件

首先搜索并安装Pipeline插件
pipeline 是一套运行于jenkins上的工作流框架，将原本独立运行于单个或者多个节点的任务连接起来，实现单个任务难以完成的复杂流程编排与
可视化。

再安装SCM to job 插件，同上步骤（搜索，安装）。

5. 项目创建

创建jobs

选择流水线类型

到这里我们就开始配置Pipeline script，点击Pipeline语法，来自动生成我们需要的配置。

如下图，我们Git方式，配置Git仓库地址，再添加认证相关。

这里我们使用的是秘钥认证方式，需要将jenkins上生成的公钥发送到git服务器上，然后将jenkins上的生成的私钥内容粘贴到下图Key中，这样jenkins就可以免交互的拉取git仓库中的代码了。

[root@docker-jenkins bin]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1vD8XM3lDYFmrxgAbwPTLwb0fl+oEx8cFgtykpg4ODI root@docker-jenkins
The key's randomart image is:
+---[RSA 2048]----+
|   . o==o.o ...  |
|E o o +=++ .+o . |
| o . . .*o o+.. .|
|       oo*oo o.=o|
|       .S.*o+.o =|
|       . ..B.+   |
|          o =    |
|           .     |
|                 |
+----[SHA256]-----+
[root@docker-jenkins bin]# cd
[root@docker-jenkins ~]# 
[root@docker-jenkins ~]# 
[root@docker-jenkins ~]# ls .ssh/
id_rsa  id_rsa.pub  known_hosts
[root@docker-jenkins ~]# ssh-copy-id git@10.0.0.99
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
git@10.0.0.99's password: 
 
Number of key(s) added: 1
 
Now try logging into the machine, with:   "ssh 'git@10.0.0.99'"
and check to make sure that only the key(s) you wanted were added.
 
[root@docker-jenkins ~]#

配置完成后，我们就可以生成Pipeline脚本了。点击下方Generate Pipeline Script，然后复制方框内的内容。

编写我们所需要的Pipeline脚本如下，将其粘贴到script的拉取代码模块中，并修改分支master为${branch}，其他模块内容自行编写。

node { 
   // 拉取代码
   stage('Git Checkout') { 
       checkout([$class: 'GitSCM', branches: [[name: '${branch}']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'c42214eb-db1e-49fb-83c9-f78d1f4310a2', url: 'git@10.0.0.99:/home/git/tomcat-java-demo.git']]])
   }
   // 代码编译
   stage('Maven Build') {
        sh '''
        export JAVA_HOME=/usr/local/jdk
        /usr/local/maven/bin/mvn clean package -Dmaven.test.skip=true
        '''
   }
   // 项目打包到镜像并推送到镜像仓库
   stage('Build and Push Image') {
sh '''
REPOSITORY=reg.dingkai.com/library/tomcat-java-demo:${branch}
cat > Dockerfile << EOF
FROM reg.dingkai.com/library/tomcat:v1 
MAINTAINER kai
RUN rm -rf /usr/local/tomcat/webapps/*
ADD target/*.war /usr/local/tomcat/webapps/ROOT.war
EOF
docker build -t $REPOSITORY .
docker login reg.dingkai.com -u admin -p 123456
docker push $REPOSITORY
'''
   }
   // 部署到Docker主机
   stage('Deploy to Docker') {
        sh '''
        REPOSITORY=reg.dingkai.com/library/tomcat-java-demo:${branch}
        docker rm -f tomcat-java-demo |true
        docker pull $REPOSITORY
        docker container run -d --name tomcat-java-demo -p 88:8080 $REPOSITORY
        '''
   }
}