自動(dòng)化部署 docker 項(xiàng)目
Jenkins + Ansible + Gitlab 自動(dòng)化部署 基于docker的nginx+flask+gunicorn+mysql項(xiàng)目
三劍客環(huán)境搭建
確保兩臺(tái)服務(wù)器一臺(tái) gitlab.example.com 提供 gitlab 代碼倉(cāng)庫(kù)服務(wù), 一臺(tái) jenkins.example.com 提供 jenkins + ansible 服務(wù)曾撤。兩臺(tái)服務(wù)器三個(gè)服務(wù)部署主機(jī) flask.example.com 上的 flask 項(xiàng)目
搭建過(guò)程參考
GitLab
準(zhǔn)備 flask 項(xiàng)目
[root@gitlab.example.com lab_project]# tree -L 3 ./
./
├── docker-compose.yml
├── flask
│ ├── Dockerfile
│ └── lab_app
│ ├── app
│ ├── manage.py
│ ├── __pycache__
│ ├── requirement.txt
│ └── venv
├── mysql
│ ├── Dockerfile
│ └── laboratory_web.sql
├── nginx
│ ├── Dockerfile
│ ├── nginx.conf
│ └── seafile.conf
└── seafile
└── docker-compose.yml
8 directories, 10 files
將 flask 項(xiàng)目添加進(jìn)gitlab
# 在gitlab頁(yè)面建好一個(gè)項(xiàng)目
# 登錄gitlab主界面潦闲,添加一個(gè)New project,輸入 Project name: lab_project 和 Project description : lab_project repo迫皱,Visibility Level 選擇默認(rèn) Private歉闰,創(chuàng)建好后復(fù)制倉(cāng)庫(kù)http地址 COPY URL
# 回到 gitlab.example.com 服務(wù)器,在用戶下創(chuàng)建 repo 目錄
mkdir repo
cd repo
# 這里的 -c http.sslVerify=false 用來(lái)避免本地證書無(wú)法進(jìn)行clone操作卓起,如果沒(méi)有添加dns和敬,則直接訪問(wèn)ip/root/test-repo.git 輸入用戶名和密碼
git -c http.sslVerify=false clone https://gitlab.example.com/root/lab_project.git
mv /root/lab_project/ /root/repo/lab_project/
# 添加lab_project到本地倉(cāng)庫(kù)
git add .
# 提交
git commit -m"First commit of lab_project"
# 提示創(chuàng)建本地git全局的郵箱和用戶名,再次運(yùn)行 git commit -m"First commit" 即可提交成功
git config --global user.email "admin@example.com"
git config --global user.name "admin"
# 輸入賬號(hào)密碼戏阅,同步本地master分支到遠(yuǎn)程服務(wù)器當(dāng)中
git -c http.sslVerify=false push origin master
Ansible
ansible-playbook
在 jenkins.example.com 上配置 ansible-playbook
# 加載ansible
source /root/ansible/hacking/env-setup -q
# 驗(yàn)證是否開啟ansible服務(wù)
ansible-playbook --version
cd repo
mkdir ansible-playbook-repo
cd ansible-playbook-repo
# 創(chuàng)建如下目錄結(jié)構(gòu)
[root@jenkins.example.com ~]# tree ./lab_project_playbook/
./lab_project_playbook/
├── deploy.retry
├── deploy.yml
├── inventory
│ ├── dev
│ └── prod
└── roles
├── docker-ce
│ ├── handlers
│ │ ├── main.yml
│ │ ├── yum-clean-metadata.yml
│ │ └── yum-makecache.yml
│ ├── tasks
│ │ ├── install_docker-ce_based.yml
│ │ ├── install_docker-compose.yml
│ │ ├── main.yml
│ │ └── remove_oldder_version_docker.yml
│ └── vars
│ └── main.yml
└── lab_project
├── tasks
│ ├── install_based.yml
│ ├── main.yml
│ └── pull_base_image.yml
└── vars
└── main.yml
9 directories, 16 files
vim deploy.retry
flask.example.com
vim deploy.yml
- hosts: "lab_project"
gather_facts: true
remote_user: root
roles:
- { role: docker-ce }
- { role: lab_project }
vim inventory/dev
vim inventory/prod
[lab_project]
flask.example.com
vim roles/docker-ce/tasks/main.yml
---
# tasks file for docker-ce
- include: remove_oldder_version_docker.yml
- name: clean repo
yum_repository:
name: docker-ce
state: absent
notify: yum-clean-metadata
- include: install_docker-ce_based.yml
- name: config repo
shell: yum-config-manager --add-repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
notify: yum-makecache
- name: install docker-ce
yum:
name: docker-ce
state: present
register: docker_installed
- name: enable & start docker
when: docker_installed is success
service:
name: docker
enabled: yes
state: started
- include: install_docker-compose.yml
vim roles/docker-ce/tasks/remove_oldder_version_docker.yml
---
# possible saved as remove_oldder_version_docker.yml
- name: remove oldder version docker
yum:
name: "{{ item }}"
state: absent
with_items:
- docker
- docker-client
- docker-client-latest
- docker-common
- docker-latest
- docker-latest-logrotate
- docker-selinux
- docker-engine
- docker-engine-selinux
vim roles/docker-ce/tasks/install_docker-ce_based.yml
---
# possible saved as install_docker-ce-based.yml
- name: install yum-utils device-mapper-persistent-data lvm2
yum:
name: "{{ item }}"
state: latest
with_items:
- yum-utils
- device-mapper-persistent-data
- lvm2
vim roles/docker-ce/tasks/install_docker-compose.yml
---
# possible saved as install_docker-compose.yml
- name: check if docker-compose exists
stat: "path={{ docker_compose_file_path }}"
register: docker_compose_file
- name: install docker-compose
when: not docker_compose_file.stat.exists
get_url:
url: "{{ docker_compose_file_url }}"
dest: "{{ docker_compose_file_path }}"
validate_certs: no
mode: 0755
vim roles/docker-ce/handlers/main.yml
---
# handlers file for docker-ce
- include: yum-clean-metadata.yml
- include: yum-makecache.yml
vim roles/docker-ce/handlers/yum-clean-metadata.yml
---
- name: yum-clean-metadata
command: "yum clean metadata"
vim roles/docker-ce/handlers/yum-makecache.yml
---
- name: yum-makecache
command: "yum makecache"
vim roles/docker-ce/vars/main.yml
---
# vars file for docker-ce
docker_compose_file_url: https://github.com/docker/compose/releases/download/1.23.2/docker-compose-Linux-x86_64
docker_compose_file_path: /usr/local/bin/docker-compose
vim roles/lab_project/tasks/main.yml
---
# tasks file for start lab_app
- include: install_based.yml
- include: pull_base_image.yml
- name: close git ssl verification
command: "git config --global http.sslVerify false"
register: git_sslVerify
- name: clone git.repo to remote
when: git_sslVerify is success
git:
repo: "https://{{ gitlab_user | urlencode }}:{{ gitlab_pass | urlencode }}@192.168.220.132/root/lab_project.git"
dest: "{{ lab_project_dir }}"
force: yes
- name: check if lab_project exists
stat: 'path={{ lab_project_dir }}'
register: lab_project_stat
- name: run the docker-compose
when: lab_project_stat.stat.exists
command: 'docker-compose up -d'
args:
chdir: "{{ lab_project_dir }}"
vim roles/lab_project/tasks/install_base.yml
---
# possible saved as install_based.yml
- name: Install pip
yum:
name: python2-pip
state: installed
- name: Install docker python lib
pip:
name: docker
- name: Install git package
yum:
name: git
state: present
vim roles/lab_project/tasks/pull_base_image.yml
---
# possible saved as pull_base_image.yml
- name: pull base image
docker_image:
name: "{{ item }}"
state: present
with_items:
- mysql:5.7.20
- python:3.8.0-alpine
- nginx:1.16.1
vim roles/lab_project/vars/main.yml
---
lab_project_dir: /root/lab_project
gitlab_user: root
gitlab_pass: 1234qwer
cd root/repo/ansible-playbook
# 添加修改后的 ansible-playbook 項(xiàng)目到 gitlab
git add .
# 提交
git commit -m"This is my lab_project ansible playbook commit"
# 輸入賬號(hào)密碼昼弟,同步本地master分支到遠(yuǎn)程服務(wù)器當(dāng)中
git -c http.sslVerify=false push origin master
Jenkins
Freestyle 任務(wù)構(gòu)建和自動(dòng)化部署
# 進(jìn)入 Jenkins
# Jenkins 進(jìn)入 New Item 新建任務(wù)
輸入 lab_project 選擇Freestyle project
# 編輯描述信息
Description:This is lab project job
# 選擇參數(shù)化構(gòu)建過(guò)程,添加參數(shù)
# This project is parameterized -> Add Parameter -> Choice Parameter (選項(xiàng)參數(shù))
Name : deploy_env
Choices : dev
prod
Description : Choose deploy environment
# 選擇 add Parameter 選擇 String Parameter (文本參數(shù))
Name : branch
Default Value : master
Description : Build branch
# 配置源代碼管理
進(jìn)入 gitlab 倉(cāng)庫(kù)奕筐, 選擇 Administrator / test-repo 代碼倉(cāng)庫(kù) clone URL
將 https://gitlab.example.com/root/ansible-playbook-repo.git 粘貼到
Jenkins Source Code Management 的 Git 選項(xiàng)中的 Repository URL
Credentials 選擇之前創(chuàng)建的 Git Credential 憑據(jù) (憑據(jù)驗(yàn)證通過(guò)可以看到錯(cuò)誤消失)
# Build配置 -e branch=$branch -e env=$deploy_env 表示在 jenkins 的環(huán)境變量引入到 ansible
選則 Build舱痘,點(diǎn)擊 Add build step变骡,選則 Execute shell
在 command 中輸入
#!/bin/sh
set +x
source /root/ansible/hacking/env-setup -q
cd $WORKSPACE/lab_project_playbook
ansible --version
ansible-playbook --version
ansible-playbook -i inventory/$deploy_env ./deploy.yml -e project=nginx -e branch=$branch -e env=$deploy_env
# 保存并開始構(gòu)建
# 訪問(wèn)部署目標(biāo)主機(jī)的域名或ip地址,即可訪問(wèn)
