环境准备:

主机名 IP 角色
harbor 10.0.0.100 镜像仓库
docekr01 10.0.0.101 web
docker02 10.0.0.102 gitlab、jenkins

三台机都要安装docker服务

Gitlab部署

1.拉取gitlab镜像

[root@docker02 ~]# docker run \
 -itd  \
 -p 9080:9080 \
 -p 9022:22 \
 -v /home/gitlab/etc:/etc/gitlab  \
 -v /home/gitlab/log:/var/log/gitlab \
 -v /home/gitlab/opt:/var/opt/gitlab \
 -v /home/gitlab/.ssh:/.ssh \
 --restart always \
 --privileged=true \
 --name gitlab \
 --shm-size 256m \
 gitlab/gitlab-ce

解释:一般80和22端口早就被占用了,

这里之所以映射容器内部9080而不是80,因为启动后仓库的http克隆地址gitlab会认为是80,从而给你错误的仓库地址,如下图,并没有端口号,实际是请求不通的

image-20230912171034230

2.修改配置文件

[root@docker02 ~]# vim /home/gitlab/etc/gitlab.rb

添加下面三条,external_url的端口号要和上面容器内映射的端口号相同

external_url 'http://10.0.0.102:9080'
gitlab_rails['gitlab_shell_ssh_port'] = 9022
gitlab_rails['gitlab_ssh_host'] = '10.0.0.102'

image-20230912171447122

#优化  //可以添加至gitlab.rb文件里面,减少运行一些不必要的服务
prometheus['monitor_kubernetes'] = false
prometheus_monitoring['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
grafana['enable'] = false

保存退出,重新加载配置文件然后重启

[root@docker02 ~]# docker exec -it gitlab gitlab-ctl reconfigure

3.查看账号初始密码

[root@docker02 ~]# docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password

4 浏览器访问gitlab地址:192.168.5.128:9080

不出意外的话,出现以下界面

image-20230912171719237

出现502报错时,不排查其他情况下,一般都是内存过小导致,即使内存足够的情况下,启动也比较慢,耐心等待即可

image-20230912171926516

成功访问,输入用户密码登录即可,默认root用户

注意:初始密码有效期24小时,建议修改密码

5.汉化

image-20230912172104704

image-20230912172147084

保存刷新,就发现汉化已经OK

image-20230912172219751

gitlab创建项目

项目仓库创建

image-20230912173822250

image-20230912173833231

image-20230912174043716

image-20230912174247136

根据提示创建本地仓库即可

#进入gitlab容器
[root@docker02 ~]# docker exec -it gitlab /bin/bash
root@81bf4adc3581:/# ls
RELEASE  bin   dev  home  lib32  libx32   media  opt   root  sbin  sys  usr
assets   boot  etc  lib   lib64  linuxrc  mnt    proc  run   srv   tmp  var

#准备一个本地仓库和代码
root@81bf4adc3581:~# mkdir code
#移动到仓库
root@81bf4adc3581:~# cd code/
#初始化仓库
root@81bf4adc3581:~/code# git init . 
#全局设置   //邮箱根据情况填写,这里示例就默认
root@81bf4adc3581:~/code# git config --global user.name "Administrator"
root@81bf4adc3581:~/code# git config --global user.email "admin@example.com"
#添加远程仓库url  //使用ssh地址
root@81bf4adc3581:~/code# git remote add origin ssh://git@10.0.0.102:9022/root/docker-test.git
#创建代码文件 //自由创建即可
root@81bf4adc3581:~/code# ll
total 12
drwxr-xr-x 3 root root  67 Sep 13 09:17 ./
drwx------ 1 root root  69 Sep 12 10:14 ../
drwxr-xr-x 8 root root 166 Sep 12 10:51 .git/
-rw-r--r-- 1 root root 368 Sep 13 09:12 index.html
-rw-r--r-- 1 root root 227 Sep 13 09:12 src.js
-rw-r--r-- 1 root root 964 Sep 13 09:12 style.css
#添加至本地仓库
root@81bf4adc3581:~/code# git add .
#添加至暂存区
root@81bf4adc3581:~/code# git commit -m "add html"
#标签
root@81bf4adc3581:~/code# git tag -a 'v1.0' -m 'v1.0'
#添加至远程仓库
root@81bf4adc3581:~/code# git push --set-upstream origin --all

image-20230912184619637

SSH配置

进入gitlab容器,生成ssh密钥 , //可以使用宿主机生成的ssh密钥,如果使用宿主机密钥,那么映射文件需要更改

#生成密钥
root@81bf4adc3581:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:AAR/vRJwBgEwLvq+UT97XMKS88rT9rJmhmvsd27xTI8 root@81bf4adc3581
The key's randomart image is:
+---[RSA 3072]----+
|o.o+*oo          |
|.. . = .         |
|..  . + .        |
|o    . o .       |
|.   . .oS        |
| . . .+.o o .    |
|  o  .oB o = o   |
| . . .=o% o E .  |
|  o. o*@.Bo      |
+----[SHA256]-----+
#查看公钥
root@81bf4adc3581:~# cat .ssh/id_rsa.pub 
#把公钥复制到gitlab中

image-20230912185047320

添加ssh密钥后,重新推送

root@81bf4adc3581:~/code# git push --set-upstream origin --all
Enumerating objects: 3, done.
Counting objects: 100% (3/3), done.
Writing objects: 100% (3/3), 222 bytes | 222.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
To ssh://10.0.0.102:9022/root/docker-test.git
 * [new branch]      master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.

image-20230913173846530

Jenkins部署

1、拉取镜像

[root@docker02 ~]# docker run \
--name jenkins \
-p 8008 :8080 \
-p 50000:50000 \
--user=root \
--privileged=true \
-v /home/jenkins/.ssh:/root/.ssh \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /data/jenkins:/var/jenkins_home \
-v /root/.docker/config.json:/root/.docker/config.json \
-d jenkins/jenkins:2.422

启动容器,启动成功会返回该容器 id

浏览器打开本地 8008 端口,正常情况下会出现解锁jenkins页面

image-20230912173416601

根据提示获取密码即可

docker exec -it jenkins cat /var/jenkins_home/secrets/initialAdminPassword

输入控制台返回的密码进入配置页面,这里选择安装推荐的插件,可能会有安装失败的插件,跳过安装更换下载源后再下载

image-20230912201347852

2、构建任务

image-20230912190905569

image-20230912202610919

image-20230912203341510

3、ssh配置

进入jenkins容器,生成ssh密钥 //可以使用宿主机生成的ssh密钥,如果使用宿主机密钥,那么映射文件需要更改

[root@docker02 ~]# docker exec -it jenkins /bin/bash
jenkins@8b5a2c5170bb:/$ ls 
bin   dev  home  lib32  libx32  mnt  proc  run   srv  tmp  var
boot  etc  lib   lib64  media   opt  root  sbin  sys  usr
jenkins@8b5a2c5170bb:/$ cd
jenkins@8b5a2c5170bb:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:AAR/vRJwBgEwLvq+UT97XMKS88rT9rJmhmvsd27xTI8 root@81bf4adc3581
The key's randomart image is:
+---[RSA 3072]----+
|o.o+*oo          |
|.. . = .         |
|..  . + .        |
|o    . o .       |
|.   . .oS        |
| . . .+.o o .    |
|  o  .oB o = o   |
| . . .=o% o E .  |
|  o. o*@.Bo      |
+----[SHA256]-----+
#查看公钥
jenkins@8b5a2c5170bb:~$ cat .ssh/id_rsa.pub 
#把公钥复制到gitlab中

即使添加了公钥为什么还是报错呢??

#进入jenkins容器执行报错成给出的命令
git ls-remote -h -- ssh://git@10.0.0.102:9022/root/docker-test.git

image-20230913161744885

image-20230913164423454

输入交互式之后,网页出现输入URL,发现报错消除了

image-20230913164556492

image-20230913173923931

image-20230913185528416

cd $WORKSPACE
cat > Dockerfile << EOF
FROM nginx:alpine 
COPY index.html  src.js  style.css /usr/share/nginx/html/ 
EOF
docker build -t web:v1 .
docker save web:v1 > /tmp/web.tgz
scp -o StrictHostKeyChecking=no /tmp/web.tgz root@172.16.1.101:/tmp/
ssh -o StrictHostKeyChecking=no 172.16.1.101 docker load < /tmp/web.tgz
ssh -o StrictHostKeyChecking=no 172.16.1.101 docker run -d -p 81:80 --name web web:v1

记得把jenkins密钥推送到存放镜像服务器的主机上,否则在构建的时候会报ssh验证失败

image-20230913183820023

image-20230913184026028

#构建成功后,浏览器访问

image-20230913184049702

结合Harbor部署构建

启动jenkins容器

建议直接停掉前面启动jenkins容器,不然内存压力会很大,因为数据都是映射到本地目录;所以不用担心数据丢失情况

[root@docker02 ~]# docker run \
--name jenkins \
-p 8008 :8080 \
-p 50000:50000 \
--user=root \
--privileged=true \
-v /home/jenkins/.ssh:/root/.ssh \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /data/jenkins:/var/jenkins_home \
-v /root/.docker/config.json:/root/.docker/config.json \
-d jenkins/jenkins:2.422

修改Build Steps 执行shell命令

cd $WORKSPACE
cat > Dockerfile << EOF
FROM nginx:alpine 
COPY index.html  src.js  style.css /usr/share/nginx/html/ 
EOF
# 构建docker镜像
docker build -t 10.0.0.100/web/web:${GIT_COMMIT} .
# 推送web镜像至harbor仓库
docker push 10.0.0.100/web/web:${GIT_COMMIT}
# 连接web服务器
ssh  -o StrictHostKeyChecking=no 172.16.1.101 'docker rm -f web'
ssh -o StrictHostKeyChecking=no 172.16.1.101 docker run -d -p 81:80 --name web 10.0.0.100/web/web:${GIT_COMMIT}

image-20230913191219917

image-20230913191259951

构建成功

#浏览器访问harbor

image-20230913191329597

image-20230913191355929