1.1 机器配置

主机名称

IP地址

系统版本/内存/cpu核数/硬盘

安装软件

controlnode

172.16.1.70/24

centos7.4/4/2/60

docker、docker镜像制作

slavenode1

172.16.1.71/24

centos7.4/4/2/60

docker、harbor仓库、gitlab仓库、cadvisor

slavenode2

172.16.1.72/24

centos7.4/4/2/60

docker、jenkins、cadvisor

slavenode3

172.16.1.73/24

centos7.4/4/2/60

docker、grafana、prometheus

2.1 安装docker注意事项

1 替换国内yum源

# curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum clean all
# yum makecache

2 服务器时区和时间保持国内

# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# (echo "*/5 * * * * /usr/sbin/ntpdate ntp.aliyun.com >/dev/null 2>&1"; crontab -l) | crontab

3 selinux和firewalld关闭

# 关闭selinux
# sed -i '/SELINUX/{s/enforcing/disabled/}' /etc/selinux/config
# setenforce 0
​
# 关闭firewalld
# systemctl stop firewalld.service
# systemctl disable firewalld.service

2.2 安装docker-ce

1 安装

# yum install docker-ce -y

2 启动docker并加入开机自启动

# systemctl start docker
# systemctl enable docker

3 查看docker信息

# docker info

2.3 替换 docker 镜像仓库源

# mkdir -p /etc/docker
# tee /etc/docker/daemon.json <<-'EOF'
{
   "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
# systemctl daemon-reload
# systemctl restart docker

3.1 构建nginx镜像

1 Dockerfile

FROM centos:7
LABEL maintainer liuchang
RUN yum install -y gcc gcc-c++ make \
   openssl-devel pcre-devel gd-devel \
   iproute net-tools telnet wget curl && \
   yum clean all && \
   rm -rf /var/cache/yum/*
​
RUN groupadd -g 1200 nginx && \
   useradd -M -s /sbin/nologin -u 1200 -g nginx nginx
​
COPY nginx-1.19.1.tar.gz /
RUN tar -zxf nginx-1.19.1.tar.gz && \
   cd nginx-1.19.1 && \
   ./configure --prefix=/usr/local/nginx \
   --with-http_ssl_module \
   --with-http_stub_status_module \
   --user=nginx \
   --group=nginx && \
   make -j 4 && make install && \
   rm -rf /usr/local/nginx/html/* && \
   echo "ok" >> /usr/local/nginx/html/status.html && \
   cd / && rm -rf nginx* && \
   ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
​
ENV PATH $PATH:/usr/local/nginx/sbin
COPY nginx.conf /usr/local/nginx/conf/nginx.conf
WORKDIR /usr/local/nginx
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

2 构建

# docker build -t nginx:v1 .

3.2 构建php镜像

1 Dockerfile

FROM centos:7
LABEL maintainer liuchang
RUN yum install epel-release -y && \
yum install -y gcc gcc-c++ make gd-devel libxml2-devel \
libcurl-devel libjpeg-devel libpng-devel openssl-devel \
libmcrypt-devel libxslt-devel libtidy-devel autoconf \
iproute net-tools telnet wget curl && \
yum clean all && \
rm -rf /var/cache/yum/*

RUN groupadd -g 1200 nginx && \
useradd -M -s /sbin/nologin -u 1200 -g nginx nginx

COPY php-7.2.19.tar.gz /
RUN tar -zxf php-7.2.19.tar.gz && \
cd php-7.2.19 && \
./configure --prefix=/usr/local/php \
--with-config-file-path=/usr/local/php/etc \
--enable-fpm --enable-opcache \
--with-mysql --with-mysqli --with-pdo-mysql \
--with-openssl --with-zlib --with-curl --with-gd \
--with-jpeg-dir --with-png-dir --with-freetype-dir \
--enable-mbstring --with-mcrypt --enable-hash \
--with-fpm-user=nginx \
--with-fpm-group=nginx && \
make -j 4 && make install && \
cp -a php.ini-production /usr/local/php/etc/php.ini && \
cp -a /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf && \
cp -a /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf && \
sed -i 's/\;daemonize = yes/daemonize = no/' /usr/local/php/etc/php-fpm.conf && \
sed -i 's/127.0.0.1:9000/0.0.0.0:9000/' /usr/local/php/etc/php-fpm.d/www.conf && \
mkdir /usr/local/php/log && \
cd / && rm -rf php* && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

ENV PATH $PATH:/usr/local/php/sbin
COPY php.ini /usr/local/php/etc/
COPY php-fpm.conf /usr/local/php/etc/
COPY www.conf /usr/local/php/etc/php-fpm.d/
WORKDIR /usr/local/php
EXPOSE 9000
CMD ["php-fpm"]

2 构建

# docker build -t php:v1 .

3.3 构建tomcat镜像

1 Dockerfile

FROM centos:7
LABEL maintainer liuchang

RUN yum install wget curl unzip iproute net-tools -y && \
yum clean all && \
rm -rf /var/cache/yum/* && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

COPY jdk-8u45-linux-x64.tar.gz /
RUN tar -xzf jdk-8u45-linux-x64.tar.gz && \
mv jdk1.8.0_45 /usr/local/jdk && \
rm -rf jdk-8u45-linux-x64.tar.gz

COPY apache-tomcat-8.5.43.tar.gz /
RUN tar -zxf apache-tomcat-8.5.43.tar.gz && \
mv apache-tomcat-8.5.43 /usr/local/tomcat && \
rm -rf apache-tomcat-8.5.43.tar.gz && \
rm -rf /usr/local/tomcat/webapps/* && \
mkdir -p /usr/local/tomcat/webapps/ROOT && \
echo "ok" > /usr/local/tomcat/webapps/ROOT/status.html

ENV JAVA_HOME /usr/local/jdk
ENV CLASSPATH $JAVA_HOME/lib/tools.jar:$JAVA_HOME/jre/lib/rt.jar
ENV PATH $JAVA_HOME/bin:/usr/local/tomcat/bin:$PATH

COPY catalina.sh /usr/local/tomcat/bin
COPY server.xml /usr/local/tomcat/conf

RUN chmod +x /usr/local/tomcat/bin/catalina.sh

WORKDIR /usr/local/tomcat
EXPOSE 8080
CMD ["catalina.sh", "run"]

2 构建

# docker build -t tomcat:v1 .

3.4 构建jdk镜像

1 Dockerfile

FROM java:8-jdk-alpine
LABEL maintainer liuchang

ENV JAVA_OPTS="$JAVA_OPTS -Dfile.encoding=UTF8 -Duser.timezone=GMT+08"

RUN apk add -U tzdata && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

COPY ./target/eureka-service.jar ./

EXPOSE 8888
CMD java -jar $JAVA_OPTS /eureka-service.jar

2 构建

# docker build -t jdk:v1 .

4.1 LNMP环境

1 自定义网络

# docker network create lnmp

2 环境设置

# mkdir -p /app/wwwroot/

tar -xzf wordpress-5.4.2.tar.gz -C /app/wwwroot

echo "" > /app/wwwroot/status.php

3 创建php容器

docker run -d \
--name lnmp_php \
--net lnmp \
--mount type=bind,src=/app/wwwroot/,dst=/usr/local/nginx/html \
php:v1

4 创建nginx容器

docker run -d \
--name lnmp_nginx \
--net lnmp \
-p 888:80 \
--mount type=bind,src=/app/wwwroot/,dst=/usr/local/nginx/html \
nginx:v1

测试php页面状态

http://172.16.1.70:888/status.php

5 创建mysql容器

# mkdir -p /opt/mysql/data

mkdir -p /opt/mysql/etc

cp -a my.cnf /opt/mysql/etc

docker run -d \
-p 3306:3306 --name lnmp_mysql \
--net lnmp \
-v /opt/mysql/data:/var/lib/mysql \
-v /opt/mysql/etc:/etc/mysql \
-e MYSQL_ROOT_PASSWORD=123456 \
mysql:5.7

docker exec -it lnmp_mysql ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

6 登录到mysql创建wp库

# mysql -h 172.16.1.70 -uroot -p123456
MySQL [(none)]> create database wp DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 1 row affected (0.00 sec)

MySQL [(none)]> select host,user from mysql.user;
+-----------+---------------+
| host | user |
+-----------+---------------+
| % | root |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-----------+---------------+
4 rows in set (0.00 sec)

7 设置/app/wwwroot/目录的属组属组和php-fpm.conf配置文件中配置的user,group一致

# chown -R 1200.1200 /app/wwwroot/

8 浏览器访问

http://172.16.1.70:888/wordpress

4.2 tomcat环境

1 环境设置

# mkdir -p /opt/tomcat/webapps/ROOT/

unzip jpress-v3.2.5.war -d /opt/tomcat/webapps/ROOT/ &>/dev/null

2 创建数据库

# mysql -h 172.16.1.70 -uroot -p123456
MySQL [(none)]> create database jpress DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

3 创建tomcat容器

docker run -d \
--name tomcat \
-p 8080:8080 \
-v /opt/tomcat/webapps:/usr/local/tomcat/webapps \
tomcat:v1

4 浏览器访问

http://172.16.1.70:8080/

5.1 部署gitlab

# mkdir -p /opt/gitlib

cd /opt/gitlib/

docker run -d \
--name gitlab \
-p 8443:443 \
-p 9999:80 \
-p 9998:22 \
-v $PWD/config:/etc/gitlab \
-v $PWD/logs:/var/log/gitlab \
-v $PWD/data:/var/opt/gitlab \
-v /etc/localtime:/etc/localtime \
gitlab/gitlab-ce:latest

访问地址：http://172.16.1.71:9999/

初次会先设置管理员密码 ，然后登陆，默认管理员用户名root，密码就是刚设置的。

5.2 创建项目，提交测试代码

进入后先创建java-demo项目，提交代码，以便后面测试。

# mkdir -p /tools

cd /tools

git clone http://172.16.1.71:9999/root/java-demo.git

unzip tomcat-java-demo-master.zip &>/dev/null

mv tomcat-java-demo-master/* java-demo/

git add .

git config --global user.email "you@example.com"

git config --global user.name "Your Name"

git commit -m 'all'

git push origin master

提示：可以使用/root/.ssh中私钥访问gitlab。

6.1 安装docker-compose

# curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

6.2 解压离线包部署

# tar -xzf harbor-offline-installer-v1.9.1.tgz

mv harbor/ /usr/local/

cd /usr/local/harbor

vi harbor.yml

hostname: 172.16.1.71
harbor_admin_password: Harbor12345

./prepare

./install.sh

# docker-compose -ps
harbor停止和启动命令

docker-compose stop

docker-compose start

访问地址：http://172.16.1.71/

harbor 安装成功后默认用户名为admin

6.3 上传tomcat镜像到harbor仓库

1 由于harbor 未配置https，还需要在docker上配置可信任

# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries": ["172.16.1.71"]
}

systemctl daemon-reload

systemctl restart docker

2 登录 harbor 仓库

# docker login -uadmin -pHarbor12345 172.16.1.71

3 给镜像打标签

# docker tag SOURCE_IMAGE[:TAG] 172.16.1.71/library/IMAGE[:TAG]

docker tag tomcat:v1 172.16.1.71/library/tomcat:v1

4 上传镜像

# docker push 172.16.1.71/library/IMAGE[:TAG]

docker push 172.16.1.71/library/tomcat:v1

5 在harbor中查看上传的镜像

7.1 由于harbor未配置https，还需要在jenkins上配置可信任

# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries": ["172.16.1.71"]
}

systemctl daemon-reload

systemctl restart docker

7.2 准备JDK和Maven环境

# tar zxf jdk-8u45-linux-x64.tar.gz

mv jdk1.8.0_45 /usr/local/jdk

tar zxf apache-maven-3.5.0-bin.tar.gz

mv apache-maven-3.5.0 /usr/local/maven

docker run -d --name jenkins -p 8080:8080 -p 50000:50000 -u root \
-v /opt/jenkins_home:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /usr/local/maven:/usr/local/maven \
-v /usr/local/jdk:/usr/local/jdk \
-v /etc/localtime:/etc/localtime \
--name jenkins jenkins/jenkins:lts

访问地址：http://172.16.1.72:8080/

不安装推荐的插件，直接安装，插件后面再装

7.3、修改jenkins下载插件的下载源和maven构建时所需软件包的下载源

1 maven

# vim /usr/local/maven/conf/settings.xml +158
central central aliyun maven https://maven.aliyun.com/repository/public

2 jenkins

# cd /opt/jenkins_home/updates

sed -i.bak 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json && \

sed -i.bak 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json

docker restart jenkins

7.4 安装插件

系统管理-->插件管理-->Installed

搜索 git/pipeline，点击安装。

8.1 创建一个流水线任务

8.2 添加gitlab和harbor认证凭据

1、添加拉取git代码凭据，并获取id替换到pipeline脚本中的git_auth变量值。

2、添加拉取harbor镜像凭据，并获取id替换到pipeline脚本中docker_registry_auth变量值。

8.3 添加参数化构建

This project is parameterized -> String Parameter

Name：Branch # 变量名，下面脚本中调用

Default Value：master # 默认分支

Description：发布的代码分支 # 描述

8.4 Pipeline脚本

#!/usr/bin/env groovy

def registry = "172.16.1.71"
def project = "library"
def app_name = "tomcat"
def image_name = "${registry}/${project}/${app_name}:${Branch}-${BUILD_NUMBER}"
def git_address = "http://172.16.1.71:9999/root/java-demo.git"
def docker_registry_auth = "3aadf18f-edca-4d22-a42b-56013fccb681"
def git_auth = "6b7d1b31-830e-416f-9bd6-e6c9e3c1df4b"

pipeline {
agent any
stages {
stage('拉取代码'){
steps {
checkout([$class: 'GitSCM', branches: [[name: '${Branch}']], userRemoteConfigs: [[credentialsId: "${git_auth}", url: "${git_address}"]]])
}
}

    stage('代码编译'){  
       steps {  
         sh """  
            JAVA\_HOME=/usr/local/jdk  
            PATH=$JAVA\_HOME/bin:/usr/local/maven/bin:$PATH  
            mvn clean package -Dmaven.test.skip=true  
            """  
       }  
    }

    stage('构建镜像'){  
       steps {  
            withCredentials(\[usernamePassword(credentialsId: "${docker\_registry\_auth}", passwordVariable: 'password', usernameVariable: 'username')\]) {  
            sh """  
              echo '  
                FROM ${registry}/library/tomcat:v1  
                LABEL maitainer liuchang  
                RUN rm -rf /usr/local/tomcat/webapps/\*  
                ADD target/\*.war /usr/local/tomcat/webapps/ROOT.war  
              ' > Dockerfile  
              docker build -t ${image\_name} .  
              docker login -u ${username} -p '${password}' ${registry}  
              docker push ${image\_name}  
            """  
            }  
       }  
    }

    stage('部署到Docker'){  
       steps {  
          sh """  
          REPOSITORY=${image\_name}  
          docker rm -f tomcat-java-demo |true  
          docker container run -d --name tomcat-java-demo -p 88:8080 ${image\_name}  
          """  
        }  
    }  
}  

}

8.5 构建

1、构建流程图

2、代码构建时的工作空间

# ls /opt/jenkins_home/workspace/item-java
db Dockerfile LICENSE pom.xml README.md src target

ls /opt/jenkins_home/workspace/item-java/target/

classes generated-sources ly-simple-tomcat-0.0.1-SNAPSHOT ly-simple-tomcat-0.0.1-SNAPSHOT.war maven-archiver maven-status

3、查看镜像仓库

4、查看部署的docker容器是否运行

# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.1.71/library/tomcat master-5 b2a8f33a5b69 3 minutes ago 784MB
172.16.1.71/library/tomcat v1 ca2e1ee6962b 3 days ago 765MB

docker ps

5、访问网站

访问地址：http://172.16.1.72:88/

9.1 部署 prometheus

# mkdir -p /opt/prometheus/

docker run -d \

--name prometheus \
-p 9090:9090 \
-v /opt/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml \
prom/prometheus

9.2 部署 grafana

docker run -d \
--name grafana \
-p 3000:3000 \
grafana/grafana

监控Docker主机模板：https://grafana.com/dashboards/193

9.3 部署 cadvisor

docker run \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--volume=/dev/disk/:/dev/disk:ro \
--publish=8090:8080 \
--detach=true \
--name cadvisor \
--privileged \
--device=/dev/kmsg \
google/cadvisor:latest

9.4 展示

1 登录grafana

2 效果图

1、拉取代码
2、代码编译（java项目），产出war包
3、打包项目镜像并推送到镜像仓库
4、部署镜像测试

AUTHOR：刘畅