前面我们介绍的都是Jenkins中各个常用的功能,今天我们通过集成Docker来实现一个基于SpringCloud技术栈的微服务持续集成过程。其流程如下:
大致流程说明:
(1)开发人员每天把代码提交到Gitlab代码仓库。
(2)Jenkins从Gitlab中拉取项目源码,编译打包成jar包,然后构建Docker镜像,并将镜像上传到Harbor镜像仓库中。
(3)Jenkins发送SSH远程命令,让生产部署服务器到Harbor私有仓库拉取镜像到本地,然后创建并启动容器。
(4)容器启动成功之后,用户就可以使用服务了。
1. 环境准备
- 服务列表
服务器名称 | IP地址 | 软件 |
代码托管服务器 | 192.168.1.19 | Gitlab |
持续集成服务器 | 192.168.1.20 | Jenkins、Maven、Docker、SonarQube、MySQL |
Docker仓库服务器 | 192.168.1.17 | Docker、Harbor |
生成部署服务器 | 192.168.1.21 | Docker |
- 微服务工程
项目地址:https://gitee.com/anbang713/mini-mall
项目文档:《MiniMall项目文档目录》(地址:http://anbang713.gitee.io/blog/2020/05/24/Mini-Mall/MiniMal%E9%A1%B9%E7%9B%AE%E6%96%87%E6%A1%A3%E7%9B%AE%E5%BD%95.html)
- Docker环境
Docker安装可参考:《Docker:Docker入门,这里没有废话》
Harhor安装可参考:《Docker:Harbor镜像仓库安装及使用》
2. 开始集成
2.1 项目代码上传到Gitlab
2.2 从Gitlab拉取项目源码
(1)在项目根目录创建Jenkinsfile文件,内容如下:
def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"
node {
stage('拉取代码') {
checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
}
}
(2)添加Jenkins流水线项目配置,如下:
2.3 提交到SonarQube代码审查
(1)创建项目,并添加两个参数project_name
和branch
(2)每个项目的根目录下添加sonar-project.properties
# must be unique in a given SonarQube instance
sonar.projectKey=mall-registry-server
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=mall-registry-server
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.
sonar.java.binaries=.
sonar.exclusions=**/test/**,**/target/**
sonar.java.source=1.8
sonar.java.target=1.8
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
(3)修改Jenkinsfile构建脚本
def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"
node {
stage('拉取代码') {
checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
}
stage('代码审查') {
def scannerHome = tool 'SonarQube-Scanner'
withSonarQubeEnv('SonarQube7.4') {
sh """
cd ${product_name}${scannerHome}/bin/sonar-scanner
"""
}
}
}
2.4 使用Dockerfile编译、生成镜像
利用dockerfile-maven-plugin
插件构建Docker镜像。
(1)在每个微服务项目的pom.xml文件加入dockerfile-maven-plugin
插件。
org.springframework.boot
spring-boot-maven-plugin
com.spotify
dockerfile-maven-plugin
1.4.10
${project.artifactId}
target/${project.build.finalName}.jar
(2)在每个微服务项目的根目录建立Dockerfile文件。
#FROM java:8
FROM openjdk:8-jdk-alpine
ARG JAR_FILE
COPY ${JAR_FILE} app.jar
EXPOSE 9010
ENTRYPOINT ["java","-jar","/app.jar"]
(3)修改Jenkinsfile构建脚本。
def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"
//构建版本的名称
def tag = "1.0-SNAPSHOT"
node {
stage('拉取代码') {
checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
}
stage('代码审查') {
def scannerHome = tool 'SonarQube-Scanner'
withSonarQubeEnv('SonarQube7.4') {
sh """
cd ${product_name}${scannerHome}/bin/sonar-scanner
"""
}
}
stage('编译,构建镜像') {
// 定义镜像名称
def imageName = "${project_name}:${tag}"
// 编译,构建本地镜像
sh "mvn -f ${project_name} clean package dockerfile:build"
}
}
2.5 上传到Harbor镜像仓库
(1)修改Jenkinsfile构建脚本。
def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"
def harbor_url = "192.168.1.17:85"
def harbor_auth = "287f6891-04dd-4861-861f-51ca64ba2de3"
def harbor_project_name = "mini-mall"
//构建版本的名称
def tag = "1.0-SNAPSHOT"
node {
stage('拉取代码') {
checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
}
stage('代码审查') {
def scannerHome = tool 'SonarQube-Scanner'
withSonarQubeEnv('SonarQube7.4') {
sh """
cd ${product_name}${scannerHome}/bin/sonar-scanner
"""
}
}
stage('编译,构建镜像') {
// 定义镜像名称
def imageName = "${project_name}:${tag}"
// 编译,构建本地镜像
sh "mvn -f ${project_name} clean package dockerfile:build"
// 给镜像打标签
sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"
// 登录harbor,并上传镜像
withCredentials([usernamePassword(credentialsId: "${harbor_auth}",passwordVariable: 'password', usernameVariable: 'username')]) {
//登录
sh "docker login -u ${username} -p ${password} ${harbor_url}"
//上传镜像
sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"
}
// 删除本地镜像
sh "docker rmi -f ${imageName}"
sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"
}
}
(2)使用凭证管理的Harbor私服账号和密码。
2.6 拉取镜像和发布应用
注意:192.168.1.21服务器已经安装Docker并启动。
(1)安装Publish Over SSH
插件。
(2)配置远程部署服务器。
- 将192.168.1.17服务器的公钥拷贝到192.168.1.21服务器
ssh-copy-id 192.168.1.21
- 系统配置->添加远程服务器
(3)修改Jenkinsfile构建脚本。
- 添加一个port参数
- Jenkinsfile文件
def git_auth = "8a039ab1-9d39-49a2-888b-03dbe9ee60e1"
def git_url = "http://192.168.1.19:82/mini-mall-group/mini-mall.git"
def harbor_url = "192.168.1.17:85"
def harbor_auth = "287f6891-04dd-4861-861f-51ca64ba2de3"
def harbor_project_name = "mini-mall"
//构建版本的名称
def tag = "latest"
node {
stage('拉取代码') {
checkout([$class: 'GitSCM', branches: [[name: "*/${branch}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_url}"]]])
}
stage('代码审查') {
def scannerHome = tool 'SonarQube-Scanner'
withSonarQubeEnv('SonarQube7.4') {
sh """
cd ${product_name}${scannerHome}/bin/sonar-scanner
"""
}
}
stage('编译,构建镜像') {
// 定义镜像名称
def imageName = "${project_name}:${tag}"
// 编译,构建本地镜像
sh "mvn -f ${project_name} clean package dockerfile:build"
// 给镜像打标签
sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"
// 登录harbor,并上传镜像
withCredentials([usernamePassword(credentialsId: "${harbor_auth}",passwordVariable: 'password', usernameVariable: 'username')]) {
//登录
sh "docker login -u ${username} -p ${password} ${harbor_url}"
//上传镜像
sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"
}
// 删除本地镜像
sh "docker rmi -f ${imageName}"
sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"
// 远程调用
sshPublisher(publishers: [sshPublisherDesc(configName: 'master_ssh_server', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: "/opt/jenkins_shell/deploy.sh $harbor_url $harbor_project_name $project_name $tag $port", execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: '')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
}
}
(4)编写depoly.sh部署脚本
#! /bin/sh
#接收外部参数
harbor_url=$1
harbor_project_name=$2
project_name=$3
tag=$4
port=$5
imageName=$harbor_url/$harbor_project_name/$project_name:$tag
echo "$imageName"
#查询容器是否存在,存在则删除
containerId=`docker ps -a | grep -w ${project_name}:${tag} | awk '{print $1}'`
if [ "$containerId" != "" ] ; then
#停掉容器
docker stop $containerId
#删除容器
docker rm $containerId
echo "成功删除容器"
fi
#查询镜像是否存在,存在则删除
imageId=`docker images | grep -w $project_name | awk '{print $3}'`
if [ "$imageId" != "" ] ; then
#删除镜像
docker rmi -f $imageId
echo "成功删除镜像"
fi
# 登录Harbor私服
docker login -u admin -p Harbor12345 $harbor_url
# 下载镜像
docker pull $imageName
# 启动容器
docker run -di -p $port:$port $imageName
echo "容器启动成功"
上传deploy.sh文件到192.168.1.21服务器的/opt/jenkins_shell
目录下,且文件至少有执行权限!
chmod +x deploy.sh
3. 开始构建
(1)开始构建
(2)构建结果
(3)浏览器访问mall-registry-server服务