三台机器搭建gitlab+jenkins+docker cicd
1、机器信息代码仓库cicd gitlab+jenkins:
- 本地环境(cicd.code.com)
- 远程服务器1(阿里云): 39.108.116.154远程服务器
2(腾讯云): 106.54.32.932、配置ssh免密gitlab + jenkins
-
- 生成ssh秘钥
-
- 私钥配置在jenkins的ssh中, 公钥放到远程机器1, 2的authorized_keys
远程机器:
- 1.aliyun
- 生成ssh秘钥
- 2.txyun 生成ssh秘钥
3、jenkins搭建
1.下载jenkins.jar 2.java -jar jenkins.war –httpPort=9876
下载Git插件 下载Gitlab插件, Gitlab API插件 下载Girhub插件 下载go插件 下载publish over ssh插件
其中配置项目时需要注意的是:
4、运行jenkins
java -jar jenkins.war –httpPort=9876
5、配置阿里云安全规则,自定义开放端口(8080, 9090)
6、gitlab配置sudo vim /etc/gitlab/gitlab.rb
-
- external_url ‘http://192.168.0.112:9988’
-
- grafana[‘http_port’] = ‘9977’
-
- sudo gitlab-ctl reconfigure
若有报错,直接通过sudo gitlab-ctl tail查看, 一般是端口冲突; 也可以sudo gitlab-ctl status,查看是否pid变化,就知道是进程在重启,查看对应的进程日志就可以
7、配置gtlab webhooks(generic-webhook-trigger)
http://用户ID:token@ip:port//generic-webhook-trigger/invoke http://root:118da37ac5d0cff391b0ad6a447bbf63fa@cicd.code.com:9876/generic-webhook-trigger/invoke
- 403问题:是网络设置不对。需开启本地局域网访问,去掉跨域限制
- 401问题:权限认证错误。去用户中心生成token。点击头像–>设置
遇到一个坑是用户ID,一开始用了上面的账号名称,是错误的, 应该去用户列表,查看账号对应的用户ID
8、总结
1、下载安装gitlab
- 修改配置,请看步骤6
- 安装插件
- git
- gitlab、gitlab api
- docker
- github
- ssh
- Generic Webhook Trigger
2、下载jenkins.jar包,命令行参数启动
3、配置服务器
- 阿里云服务器和安装gitlab,jenkins的机器ssh配置,实现ssh免密访问
- 阿里云服务器配置安全组规则,配置出入端口
4、配置gitlab
- 创建代码仓库
- 配置ssh
- 生成Gitlab API Token
- 配置webhooks(jenkins的project配置时,generic-webhook-trigger的url)
5、配置jenkins
- 配置用户信息。
- 生成API TOKEN,用户gitlab的webhooks访问凭据
- 配置邮箱
- 添加凭据
- Jenkins –>凭据–>系统全局–>凭据
- 选择gitlab api token,填写对应的gitlab 用户access token(在gitlab的setting的Access Token生成)
-
配置全局安全策略
- 授权策略,勾选Logged-in users can do anything
- 网络设置。开启本地局域网访问
-
配置系统(Configure System)
- jenkins url, 邮箱信息
- 提供/project端点给gitlab连接访问,用户webhook。这里填写的是全局的,最好是在每个项目的gitlab连接认证配置,防止泄露信息
- Publish over SSH配置。配置jenkins的私钥。远程服务器(执行应用)的ssh信息
- 创建项目project。
9、触发cicd例子
go web服务
```go
import (
"fmt"
"log"
"net/http"
)
func main() {
http.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) {
log.Println(r.RemoteAddr)
_, _ = w.Write([]byte("hello test test test\n"))
return
})
log.Println("start server, port", GetInstance().Port)
log.Fatal(http.ListenAndServe(":"+fmt.Sprint(GetInstance().Port), nil).Error())
}
```
简单的shell脚本(触发ci时shell调用)
#!/bin/sh
ProcessName=test-gitlab
ps -ef|grep -w "${ProcessName}"|grep -v grep|awk '{print $2}'|xargs kill -9
nohup ./test-gitlab &
echo "start process....."
阿里云查看服务
[liangjf@git test-gitlab]$ netstat -luntp | grep test-gitlab
tcp6 0 0 :::9090 :::* LISTEN 12574/./test-gitlab
本地请求跑在阿里云的web服务
➜ ~ curl http://xx.108.xxx.154:9090/test
hello test test test
提交代码,触发gitlab webhook,jenkins触发一次任务(拉取代码,编译打包,分发可执行文件,执行脚本等步骤)
[cicd-auto] $ /bin/sh -xe /tmp/jenkins13043175210750895666.sh
+ export GO111MODULE=on
+ export GOPROXY=https://goproxy.cn,direct
+ export ENV=local
+ go version
go version go1.13.10 linux/amd64
+ echo /home/liangjf/.jenkins/workspace/cicd-auto/
/home/liangjf/.jenkins/workspace/cicd-auto/
+ cd /home/liangjf/.jenkins/workspace/cicd-auto/
+ CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build
SSH: Connecting from host [blue]
SSH: Connecting with configuration [aliyun] ...
SSH: Creating session: username [liangjf], hostname [39.108.116.154], port [22]
SSH: Connecting session ...
SSH: Connected
SSH: Opening SFTP channel ...
SSH: SFTP channel open
SSH: Connecting SFTP channel ...
SSH: Connected
SSH: cd [/home/liangjf/bin]
SSH: OK
SSH: cd [/home/liangjf/bin]
SSH: OK
SSH: cd [go/test-gitlab]
SSH: OK
SSH: put [conf.yml]
SSH: OK
SSH: put [test-gitlab]
SSH: OK
SSH: Opening exec channel ...
SSH: EXEC: channel open
SSH: EXEC: STDOUT/STDERR from command [cd /home/liangjf/bin/go/test-gitlab && chmod +x test-gitlab && nohup ./domain.sh &] ...
SSH: EXEC: connected
start process.....
SSH: EXEC: completed after 200 ms
SSH: Disconnecting configuration [aliyun] ...
SSH: Transferred 2 file(s)
Finished: SUCCESS