前面我们介绍的都是Jenkins中各个常用的功能,今天我们通过集成Docker来实现一个基于SpringCloud技术栈的微服务持续集成过程。其流程如下:

docker拉镜像no basic auth credentials_git

大致流程说明:

(1)开发人员每天把代码提交到Gitlab代码仓库。

(2)Jenkins从Gitlab中拉取项目源码,编译打包成jar包,然后构建Docker镜像,并将镜像上传到Harbor镜像仓库中。

(3)Jenkins发送SSH远程命令,让生产部署服务器到Harbor私有仓库拉取镜像到本地,然后创建并启动容器。

(4)容器启动成功之后,用户就可以使用服务了。

1. 环境准备

  • 服务列表

服务器名称

IP地址

软件

代码托管服务器

192.168.1.19

Gitlab

持续集成服务器

192.168.1.20

Jenkins、Maven、Docker、SonarQube、MySQL

Docker仓库服务器

192.168.1.17

Docker、Harbor

生成部署服务器

192.168.1.21

Docker

  • 微服务工程

项目地址:https://gitee.com/anbang713/mini-mall

项目文档:《MiniMall项目文档目录》(地址:http://anbang713.gitee.io/blog/2020/05/24/Mini-Mall/MiniMal%E9%A1%B9%E7%9B%AE%E6%96%87%E6%A1%A3%E7%9B%AE%E5%BD%95.html)

docker拉镜像no basic auth credentials_docker_02

  • Docker环境

Docker安装可参考:《Docker:Docker入门,这里没有废话》

Harhor安装可参考:《Docker:Harbor镜像仓库安装及使用》

2. 开始集成

2.1 项目代码上传到Gitlab

docker拉镜像no basic auth credentials_docker 从harbor 拉取镜像慢_03

2.2 从Gitlab拉取项目源码

(1)在项目根目录创建Jenkinsfile文件,内容如下:

def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"

node {
    stage('拉取代码') {
        checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
    }
}

(2)添加Jenkins流水线项目配置,如下:

docker拉镜像no basic auth credentials_安卓 持续集成 docker_04

2.3 提交到SonarQube代码审查

(1)创建项目,并添加两个参数project_namebranch

docker拉镜像no basic auth credentials_git_05

(2)每个项目的根目录下添加sonar-project.properties

# must be unique in a given SonarQube instance
sonar.projectKey=mall-registry-server
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=mall-registry-server
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.
sonar.java.binaries=.
sonar.exclusions=**/test/**,**/target/**
sonar.java.source=1.8
sonar.java.target=1.8
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8

(3)修改Jenkinsfile构建脚本

def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"

node {
    stage('拉取代码') {
        checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
    }
    stage('代码审查') {
        def scannerHome = tool 'SonarQube-Scanner'
        withSonarQubeEnv('SonarQube7.4') {
            sh """
                cd ${product_name}${scannerHome}/bin/sonar-scanner
            """
        }
    }
}

2.4 使用Dockerfile编译、生成镜像

利用dockerfile-maven-plugin插件构建Docker镜像。

(1)在每个微服务项目的pom.xml文件加入dockerfile-maven-plugin插件。

org.springframework.boot
                spring-boot-maven-plugin
            
            
                com.spotify
                dockerfile-maven-plugin
                1.4.10
                
                    ${project.artifactId}
                    
                        target/${project.build.finalName}.jar

(2)在每个微服务项目的根目录建立Dockerfile文件。

#FROM java:8
FROM openjdk:8-jdk-alpine
ARG JAR_FILE
COPY ${JAR_FILE} app.jar
EXPOSE 9010
ENTRYPOINT ["java","-jar","/app.jar"]

(3)修改Jenkinsfile构建脚本。

def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"
//构建版本的名称
def tag = "1.0-SNAPSHOT"

node {
    stage('拉取代码') {
        checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
    }
    stage('代码审查') {
        def scannerHome = tool 'SonarQube-Scanner'
        withSonarQubeEnv('SonarQube7.4') {
            sh """
                cd ${product_name}${scannerHome}/bin/sonar-scanner
            """
        }
    }
    stage('编译,构建镜像') {
        // 定义镜像名称
        def imageName = "${project_name}:${tag}"
        // 编译,构建本地镜像
        sh "mvn -f ${project_name} clean package dockerfile:build"
    }
}

2.5 上传到Harbor镜像仓库

(1)修改Jenkinsfile构建脚本。

def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"
def harbor_url = "192.168.1.17:85"
def harbor_auth = "287f6891-04dd-4861-861f-51ca64ba2de3"
def harbor_project_name = "mini-mall"
//构建版本的名称
def tag = "1.0-SNAPSHOT"

node {
    stage('拉取代码') {
        checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
    }
    stage('代码审查') {
        def scannerHome = tool 'SonarQube-Scanner'
        withSonarQubeEnv('SonarQube7.4') {
            sh """
                cd ${product_name}${scannerHome}/bin/sonar-scanner
            """
        }
    }
    stage('编译,构建镜像') {
        // 定义镜像名称
        def imageName = "${project_name}:${tag}"
        // 编译,构建本地镜像
        sh "mvn -f ${project_name} clean package dockerfile:build"
        // 给镜像打标签
        sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"
        // 登录harbor,并上传镜像
        withCredentials([usernamePassword(credentialsId: "${harbor_auth}",passwordVariable: 'password', usernameVariable: 'username')]) {
        //登录
        sh "docker login -u ${username} -p ${password} ${harbor_url}"
        //上传镜像
        sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"
        }
        // 删除本地镜像
        sh "docker rmi -f ${imageName}"
        sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"
    }
}

(2)使用凭证管理的Harbor私服账号和密码。

2.6 拉取镜像和发布应用

注意:192.168.1.21服务器已经安装Docker并启动。

(1)安装Publish Over SSH插件。

docker拉镜像no basic auth credentials_Docker_06



(2)配置远程部署服务器。

  • 将192.168.1.17服务器的公钥拷贝到192.168.1.21服务器
ssh-copy-id 192.168.1.21
  • 系统配置->添加远程服务器

docker拉镜像no basic auth credentials_docker 从harbor 拉取镜像慢_07



(3)修改Jenkinsfile构建脚本。

  • 添加一个port参数

docker拉镜像no basic auth credentials_docker_08

  • Jenkinsfile文件
def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"
def harbor_url = "192.168.1.17:85"
def harbor_auth = "287f6891-04dd-4861-861f-51ca64ba2de3"
def harbor_project_name = "mini-mall"
//构建版本的名称
def tag = "latest"

node {
    stage('拉取代码') {
        checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
    }
    stage('代码审查') {
        def scannerHome = tool 'SonarQube-Scanner'
        withSonarQubeEnv('SonarQube7.4') {
            sh """
                cd ${product_name}${scannerHome}/bin/sonar-scanner
            """
        }
    }
    stage('编译,构建镜像') {
        // 定义镜像名称
        def imageName = "${project_name}:${tag}"
        // 编译,构建本地镜像
        sh "mvn -f ${project_name} clean package dockerfile:build"
        // 给镜像打标签
        sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"
        // 登录harbor,并上传镜像
        withCredentials([usernamePassword(credentialsId: "${harbor_auth}",passwordVariable: 'password', usernameVariable: 'username')]) {
      //登录
      sh "docker login -u ${username} -p ${password} ${harbor_url}"
      //上传镜像
      sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"
        }
        // 删除本地镜像
        sh "docker rmi -f ${imageName}"
        sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"

        // 远程调用
        sshPublisher(publishers: [sshPublisherDesc(configName: 'master_ssh_server', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: "/opt/jenkins_shell/deploy.sh $harbor_url $harbor_project_name $project_name $tag $port", execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: '')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
    }
}

(4)编写depoly.sh部署脚本

#! /bin/sh
#接收外部参数
harbor_url=$1
harbor_project_name=$2
project_name=$3
tag=$4
port=$5

imageName=$harbor_url/$harbor_project_name/$project_name:$tag
echo "$imageName"

#查询容器是否存在,存在则删除
containerId=`docker ps -a | grep -w ${project_name}:${tag} | awk '{print $1}'`
if [ "$containerId" !=  "" ] ; then
  #停掉容器
 docker stop $containerId
  #删除容器
 docker rm $containerId
echo "成功删除容器"
fi

#查询镜像是否存在,存在则删除
imageId=`docker images | grep -w $project_name | awk '{print $3}'`
if [ "$imageId" !=  "" ] ; then
  
  #删除镜像
 docker rmi -f $imageId
echo "成功删除镜像"
fi

# 登录Harbor私服
docker login -u admin -p Harbor12345 $harbor_url
# 下载镜像
docker pull $imageName
# 启动容器
docker run -di -p $port:$port $imageName
echo "容器启动成功"

上传deploy.sh文件到192.168.1.21服务器的/opt/jenkins_shell目录下,且文件至少有执行权限!

chmod +x deploy.sh

3. 开始构建

(1)开始构建

docker拉镜像no basic auth credentials_git_09



(2)构建结果

docker拉镜像no basic auth credentials_docker_10

(3)浏览器访问mall-registry-server服务

docker拉镜像no basic auth credentials_Docker_11