持续集成与持续交付（2）

1.Jenkins & docker

需要下载的插件

[root@server2 ~]# docker pull registry
[root@server2 ~]# docker run -d --name registry -v /opt/registry:/var/lib/registry -p 5000:5000 registry
[root@server2 ~]# chmod 777 /var/run/docker.sock 

新建一个docker的自由风格项目


手动触发

ssh & docker

开启一个server3，安装docker

[root@server3 ~]# vim /etc/docker/daemon.json
{
	"insecure-registries": ["172.25.4.2:5000"]
}
[root@server3 ~]# systemctl reload docker

安装插件

添加凭证



ssh配置

docker项目配置

docker ps -a | grep webserver && docker rm -f webserver
sleep 1
docker rmi 172.25.4.2:5000/webserver:latest
sleep 1
docker run -d --name webserver -p 80:80 172.25.4.2:5000/webserver:latest 

[root@server1 demo]# cat index.html
www.redhat.org
www.redhat.org
www.redhat.org
www.redhat.org
[root@server1 demo]# git commit -a -m "v3"
[root@server1 demo]# git push -u origin master 

手动触发

成功

访问

2.jenkins & Ansible

[root@server2 ~]# vim /etc/yum.repos.d/ansible.repo 
[ansible]
name=ansible 2.8
baseurl=http://172.25.4.250/ansible
gpgcheck=0
[root@server2 ~]# yum install ansible  -y

[root@server1 ~]# git clone git@172.25.4.1:root/playbook.git

[root@server2 ~]# vim /etc/passwd
jenkins行最后把false改为bash
[root@server2 ~]# su - jenkins
-bash-4.2$ ssh-keygen
-bash-4.2$ ssh-copy-id devops@172.25.4.3

[root@server3 ~]# useradd devops
[root@server3 ~]# passwd devops 
[root@server3 ~]# visudo

[root@server1 playbook]# vim ansible.cfg
[defaults]
command_warnings=False
remote_user=devops

[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False

[root@server1 playbook]# vim playbook.yml 
---
- hosts: all
  tasks:
  - name: install apache
    yum:
      name: httpd
      state: present
  - name: config apache
    template:
      src: httpd.conf.j2
      dest: /etc/httpd/conf/httpd.conf
    notify: restart apache
  - name: enable apache
    service: 
      name: httpd
      state: started
      enabled: yes
  - name: create index.html
    lineinfile:
      path: /var/www/html/index.html
      create: yes
      line: "{{ ansible_hostname }}"
  handlers:
  - name: restart apache
    service:
      name: httpd
      state: restarted  

[root@server3 ~]# yum install httpd -y
[root@server3 conf]# scp httpd.conf server1:/root/playbook/

[root@server1 playbook]# mv httpd.conf httpd.conf.j2
[root@server1 playbook]# vim httpd.conf.j2 
Listen {{ http_port }}
[root@server1 playbook]# mkdir inventry
[root@server1 playbook]# cd inventry/
[root@server1 inventry]# vim prod
[prod]
172.25.4.3 http_port=80
[root@server1 inventry]# vim test 
[test]
172.25.4.1 http_port=8000
[root@server1 inventry]# cd ..
[root@server1 playbook]# git add .
[root@server1 playbook]# git status -s
[root@server1 playbook]# git commit -m "add playbook"
[root@server1 playbook]# git push -u origin master

新建一个自由风格的ansible项目

配置

[root@server2 ~]# su - jenkins 
-bash-4.2$ ssh-copy-id devops@172.25.4.1

[root@server1 playbook]# useradd devops
[root@server1 playbook]# passwd devops 
[root@server1 playbook]# visudo

测试

正式部署

3.jenkins & harbor

首先部署harbor仓库

[root@server3 ~]# ls
docker-compose-Linux-x86_64-1.27.0  harbor-offline-installer-v1.10.1.tgz
[root@server3 ~]# mv docker-compose-Linux-x86_64-1.27.0 /usr/local/bin/docker-compose
[root@server3 ~]# chmod +x /usr/local/bin/docker-compose
[root@server3 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz 
[root@server3 ~]# cd harbor/
[root@server3 harbor]# vim harbor.yml

创建证书

[root@server3 harbor]# mkdir /data
[root@server3 harbor]# cd /data/
[root@server3 data]# mkdir certs
[root@server3 data]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -x509 -days 365 -out certs/westos.org.crt

安装

[root@server3 data]# cd certs/
[root@server3 certs]# ls
westos.org.crt  westos.org.key
[root@server3 harbor]# systemctl disable --now httpd.service 
[root@server3 harbor]# ./install.sh 

server2建立证书目录

[root@server2 ~]# docker rm -f registry 
[root@server2 ~]# cd /etc/docker/
[root@server2 docker]# mkdir certs.d
[root@server2 docker]# cd certs.d/
[root@server2 certs.d]# mkdir reg.westos.org

server3证书传给server2

[root@server3 certs]# scp westos.org.crt server2:/etc/docker/certs.d/reg.westos.org/ca.crt

server2登录仓库

[root@server2 docker]# vim /etc/hosts
172.25.4.3  server3 reg.westos.org
[root@server2 docker]# docker login reg.westos.org
[root@server2 docker]# cd
[root@server2 ~]# cd .docker/
[root@server2 .docker]# cat config.json

[root@server3 harbor]# cd /etc/docker/
[root@server3 docker]# ls
daemon.json  key.json
[root@server3 docker]# mkdir certs.d
[root@server3 docker]# cd certs.d/
[root@server3 certs.d]# mkdir reg.westos.org
[root@server3 certs.d]# cd reg.westos.org/
[root@server3 reg.westos.org]# cp /data/certs/westos.org.crt ca.crt
[root@server3 ~]# vim /etc/docker/daemon.json 
{
	"registry-mirrors": ["https://reg.westos.org"]
}
[root@server3 ~]# systemctl reload docker.service 

测试，需要关闭docker项目

部署,打开docker项目

手动触发

[root@server3 ~]# docker images | grep webserver
[root@server3 ~]# docker inspect webserver
[root@server3 ~]# curl 172.17.0.2