https://hub.docker.com/r/jenkins/jenkins
docker run -d --name jenkins --restart=always --privileged=true --pid=host --user 0 -p 8080:8080 -v /data/site/docker/data/jenkins:/var/jenkins_home -v /etc/localtime:/etc/localtime:ro -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/bin/docker -v /data/file:/data/file jenkins/jenkins:latest-jdk17
docker run -d --net=host --name jenkins --restart=always --privileged=true --pid=host --user 0 -p 8080:8080 -p 50000:50000 -v /data/site/docker/data/jenkins:/var/jenkins_home -v /etc/localtime:/etc/localtime:ro -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/bin/docker -v /data/file:/data/file jenkins/jenkins:centos7-jdk8
docker exec -it jenkins /bin/bash
jenkins
jenkins/jenkins:latest
变量:
JAVA_OPTS = -Duser.timezone=Asia/Shanghai
JENKINS_SLAVE_AGENT_PORT = 50001
用户: root
安全/主机:
特权-主机完全访问
PID模式-主机
卷:
/etc/localtime:/etc/localtime:ro
/data/file:/home/file
/data/db/jenkins:/var/jenkins_home
/var/run/docker.sock:/var/run/docker.sock
/usr/bin/docker:/bin/docker
docker run -d --name jenkins --restart=always --privileged=true --pid=host --user 0 -p 8080:8080 -p 50000:50000 -v /home/dqx/jenkins:/var/jenkins_home -v /etc/localtime:/etc/localtime:ro -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/bin/docker -v /home/dqx/jars:/home/dqx/jars jenkins/jenkins:lts
-d --restart=always --privileged=true --pid=host --user 0 or --user root
后台运行, 自动重启, 主机完全访问, PID模式-主机, 用户root
docker exec -it jenkins /bin/bash
cat /var/jenkins_home/secrets/initialAdminPassword
mkdir -p /data/db/jenkins
chown -R 1000 /home/dqx/jenkins # 修改目录权限(很重要!)
1.Configure Global Security
跨站请求伪造保护 ---> 防止跨站点请求伪造 (去掉) ---> 应用.
2.插件管理中下载Publish over SSH插件,该插件主要是构建完毕后自动发包到配置的服务器具体路径中.
3.插件管理中下载Maven Integration, 系统管理,
点击列表中的全局工具配置, 配置JDK, Git, Maven.
查看默认的jdk路径, 进入容器后使用命令, echo $JAVA_HOME
4.插件:
CloudBees Docker Build and Publish :
这个插件允许构建基于Dockerfile的项目,以及将构建的映像/repos发布到docker注册表。
docker-build-step:
此插件允许将各种停靠器命令作为构建步骤添加到您的作业中。
Gitlab Hook Plugin
GitLab Plugin
ssh #执行远程脚本
gitlab #集成gitlab用
Build Authorization Token Root #构建授权token
Gitlab hook #钩子插件
插件地址: https://plugins.jenkins.io/
手工安装顺序: Git client plugin -> Git plugin -> GitLab Plugin -> Gitlab Hook Plugin
5.创建Maven任务
构建触发器:
Build whenever a SNAPSHOT dependency is built - > 意思是依赖于快照的构建,当代码有更新时就构建项目。
触发远程构建 (例如,使用脚本)
Poll SCM:定时检查源码变更(根据SCM软件的版本号),如果有更新就checkout最新code下来,然后执行构建动作。
Build periodically:定时进行项目构建(它不care源码是否发生变化)。
H */12 * * * ---> 设置为每12小时构建一次。
构建环境:
Add timestamps to the Console Output ---> 向控制台输出添加时间戳
Build when a change is pushed to GitLab --->成功推送时候构建,
Filter branches by regex 选择分支---> Target Branch Regex (规则) ---> .*master ---> Secret token
Build:
Root POM : pom.xml
#Goals and options : clean package-Dmaven.test.skip=true
clean package -q # 在Goals and options使用, 可以加快maven构建速度.
Pre Steps: 选项用来配置构建前的工作,这里不作更改。
Post Steps: 在maven项目创建完成后,我们还需要实现每次构建完成.
Run only if build succeeds
shell:
projectName="dockerjenkins.jar"
#kill
ps -ef | grep -v 'grep' | grep 'dockerjenkins.jar' | awk '{print $2}'| xargs kill -9
ps -ef|grep java
echo "start ${projectName}"
java -jar $WORKSPACE/target/${projectName} &插件: CloudBees Docker Build and Publish
Docker Build and Publish:
Repository Name: duoqx
Tag: $JOB_NAME
Docker registry URL: http://34.domsn.com:5000/
6.无密码使用jenkins, 在JENKINS_HOME路径下先备份config.xml, 删除如下标签:
<useSecurity>true</useSecurity> <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy"> <denyAnonymousReadAccess>true</denyAnonymousReadAccess> </authorizationStrategy> <securityRealm class="hudson.security.HudsonPrivateSecurityRealm"> <disableSignup>true</disableSignup> <enableCaptcha>false</enableCaptcha> </securityRealm>
7.使用密钥来配置
ssh-keygen -t rsa # jenkins服务器上生成密钥对
cat /root/.ssh/id_rsa # jenkins -> 添加新凭证,类型: SSH Username with private key, 用户名: jenkins
cat /root/.ssh/id_rsa.pub -> 添加到: gitlab
8.Publish Over SSH标签配置: ---> 系统管理 --->
----------------------------------------------------
Passphrase:密码(key的密码,如果你设置了)
Path to key:key文件(私钥)的路径
SSH Server Name:标识的名字(随便你取什么)
Hostname:需要连接ssh的主机名或ip地址,此处填写应用服务器IP(建议ip)
Username:用户名
Remote Directory:远程目录(根据需要填写文件传到此目录下)
“Use password authentication, or use a different key”:使用密码验证(开启)
Password : 密码
Port : 端口
----------------------------------------------------
SSH Server Name:标识的名字(随便你取什么)
Hostname:需要连接ssh的主机名或ip地址,此处填写应用服务器IP(建议ip)
Username:用户名
Remote Directory:远程目录(根据需要填写文件传到此目录下)
----------------------------------------------------
配置完成后可点击“Test Configuration”测试到目标主机的连接,出现”success“则成功连接
如果有多台应用服务器,可以点击”增加“,配置多个“SSH Servers”
点击“保存”以保存配置
8.找到“增加构建后操作步骤”,选择"Send build artifacts over SSH"
SSH Server Name:选个一个你在系统设置里配置的名字
Transfer Set Source files:需要上传的文件(注意:相对于工作区的路径。看后面的配置可以填写多个,默认用,分隔)注意:如果是多成子目录的需要配置成 target/**/*
Remove prefix:移除目录(只能指定Transfer Set Source files中的目录,这里移除了target目录表示只将FinServer.war传到目标服务器,否则会在目标服务器创建target目录)
Remote directory:远程目录(根据你的需求填写,这里没有填写默认会继承系统配置,即/mnt)
Exec command:把你要执行的命令写在里面(这里的命令是在目标服务器上执行的)
9.中文版
插件: Localization: Chinese (Simplified) ---> Manage Jenkins下的Config System下,配置一下默认语言.
10.Post Steps
projectName="domsn.jar"
#kill
ps -ef | grep -v 'grep' | grep 'domsn.jar' | awk '{print $2}'| xargs kill -9
ps -ef|grep java
echo "start ${projectName}"
java -jar $WORKSPACE/target/${projectName} &Pre Steps
#docker 镜像/容器名字或者jar名字 这里都命名为这个
SERVER_NAME=domsn
#操作/项目路径(Dockerfile存放的路劲)
BASE_PATH=/data/file/dockerfile/$SERVER_NAME
# 源jar路径 即jenkins构建后存放的路径
SOURCE_PATH=/var/jenkins_home/workspace/$SERVER_NAME/target
#把项目从jenkins构建后的目录移动到我们的项目目录下同时重命名下
mv $SOURCE_PATH/$SERVER_NAME.jar $BASE_PATH/$SERVER_NAME.jar
#修改文件的权限
chmod 777 $BASE_PATH/$SERVER_NAME.jar
cd $BASE_PATH
TAG=`date +%Y%m%d-%H%M%S`
sudo docker build -t 34.domsn.com:5000/duo:$SERVER_NAME-${TAG} . &>/dev/null
sudo docker push 34.domsn.com:5000/duo:$SERVER_NAME-${TAG} &>/dev/nullPost Steps
#docker 镜像/容器名字或者jar名字 这里都命名为这个 SERVER_NAME=domsn #操作/项目路径(Dockerfile存放的路劲) BASE_PATH=/data/file/dockerfile/$SERVER_NAME cd $BASE_PATH sudo docker-compose up –d --build
12. over SSH
sudo: docker-compose: command not found
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
Source files: target/*jar
Remove prefix: target/
Exec command:
cd /data/file/dockerfile/$JOB_NAME
sudo docker-compose down
sudo docker-compose up -d
sudo docker images|grep none|awk '{print $3 }'|xargs docker rmi # 删除所有tag标签是none的镜像
sudo docker rmi 34.domsn.com:5000/duoxq:$JOB_NAME
13.安装插件处于pending
http://updates.jenkins.io/update-center.json
插件管理——高级——升级站点:
-将其改为
http://mirrors.aliyun.com/jenkins/updates/update-center.json
https://repo.huaweicloud.com/jenkins/updates/update-center.json
https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
http://mirror.esuni.jp/jenkins/updates/update-center.json
-默认
https://updates.jenkins.io/update-center.json
14.私人仓库Maven配置修改:
find / -name "settings.xml"
sudo docker cp /data/file/settings.xml b58d4036f3fdf7:/var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/maven/conf/settings.xml
vi /var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/maven/conf/settings.xml
wget https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.2/apache-maven-3.6.2-bin.zip
cp -a /data/file/maven /var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation
全局工具配置: 取消自动安装
jdk: /usr/local/openjdk-8
Git: /usr/bin/git
maven: /var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/maven
15. jar:
(1)Build:
pom.xml
clean package -q
(2)Post Steps:
vi /var/jenkins_home/workspace/work/Dockerfile
FROM java:8 ADD app.jar app.jar ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
cp -a $JENKINS_HOME/workspace/work/Dockerfile $WORKSPACE cd $WORKSPACE/target cp -a *-0.0.1.jar ../app.jar
(3)Docker Build and Publish:
Repository Name: duoxq
Tag: $JOB_NAME
Docker registry URL: http://34.domsn.com:5000/
(4)构建后操作-Send build artifacts over SSH
Source files: target/*jar Remove prefix: target/ cd /data/file/dockerfile/$JOB_NAME sudo docker-compose down sudo docker-compose up -d sudo docker rmi 34.domsn.com:5000/duoxq:$JOB_NAME
16. upgrade:
find / -name "jenkins.war"
/usr/share/jenkins/jenkins.war
-JAVA_HOME:
/usr/java/default
-git-比较特别,必须到git:
/usr/bin/git/bin/git
-maven:
/usr/local/maven/
-java -verbose
/usr/local/openjdk-8/
cd /usr/share/jenkins
cp -a jenkins.war jenkins.war.bak
cd /var/jenkins_home
wget http://mirrors.jenkins.io/war/latest/jenkins.war # 每周更新版
wget http://mirrors.jenkins.io/war-stable/latest/jenkins.war # 长期支持版本
cp -a jenkins.war /usr/share/jenkins
17. docker-compose安装
操作docker-compose up -d的主机安装: https://abc.htmltoo.com/thread-45046.htm
18. 集成nodejs:https://abc.htmltoo.com/thread-569.htm
安装插件nodejs---> 全局工具配置 --> nodejs,自动安装
任务选择,自由风格的软件项目--->构建环境, 选择: Provide Node & npm bin/ folder to PATH
npm config set proxy null # 设置代理为空 !!!!! npm set registry https://registry.npm.taobao.org npm set disturl https://npm.taobao.org/distnpm cache clean --force npm install chromedriver --chromedriver_cdnurl=http://cdn.npm.taobao.org/dist/chromedriver npm install -g cnpm --registry=https://registry.npm.taobao.org cnpm install node-sass
chmod -R 777 /var/jenkins_home/
cd cont-admin
cnpm install
cnpm run build:prod
mkdir -p /home/file/nodejs/cont-admin
cp -a dist/* /home/file/nodejs/cont-admin
chmod -R 777 /home/file/nodejs/
or
cd $JOB_NAME
chmod -R 777 /var/jenkins_home/
npm cache verify
rm -rf node_modules/
cnpm install core-js@2
cnpm install @babel/core@^7.0.0 webpack@>=2
cnpm install babel-loader
cnpm install thread-loader
cnpm install css-loader@* vue-loader
cnpm install cache-loader
cnpm install eslint babel-eslint
cnpm i
cnpm run build:prod
mkdir -p /data/file/nodejs/$JOB_NAME
cp -a dist/* /data/file/nodejs/$JOB_NAME
chmod -R 777 /data/file/nodejs/
19.mvn
cp -a /data/file/dockerfile/Dockerfile $WORKSPACE
cd $WORKSPACE
cp -a target/*.jar app.jar
TAG=`date +%Y%m%d-%H%M%S`
docker build -t $JOB_NAME:${TAG} .
docker tag $JOB_NAME:${TAG} 192.168.1.201:5000/$JOB_NAME:${TAG}
docker push 192.168.1.201:5000/$JOB_NAME:${TAG} &>/dev/null
20. sonarqube 部署 - 持续检查代码质量: https://abc.htmltoo.com/thread-45732.htm
调用顶层Maven目标
---> Maven 版本: maven
---> 目标: sonar:sonar
---> 高级,属性:
Dsonar.projectKey=domsn
Dsonar.host.url=http://105.domsn.com:9001
Dsonar.login=20a51750ee2d3f69aab9a4602cf6e03eedc13d17
21. ansible部署
1) 安装ansible
#安装的是2.5.4版本
pip install --upgrade pip
pip install paramiko PyYAML Jinja2 httplib2 six
pip install ansible
# 兼容异常
pip uninstall urllib3
pip uninstall chardet
pip install requests
2) 安装插件: Ansible plugin、Ansible Tower Plugin、AnsiColor
3) 配置: Invoke Ansible Ad-Hoc Command
22.jenkins+gitlab webhooks 实现自动触发打包
1)jenkins->构建触发器
Build when a change is pushed to GitLab --->成功推送时候构建,
Filter branches by regex 选择分支---> Target Branch Regex (规则) ---> .*master ---> Secret token
GitLab webhook URL: http://jenkins:端口/project/项目名
Secret token:*******
2)gitlab->管理中心->系统钩子
URL: http://jenkins:端口/project/项目名
Secret令牌:*******
23.备份&恢复
1)进入主目录拷贝以下文件
cp config.xml /data/db/jenkins
cp -r jobs /data/db/jenkins
cp -r users /data/db/jenkins
cp -r plugins /data/db/jenkins
-jobs 文件较大,可以删除/jobs/modules下的编译文件
2)在新安装的jenkins中覆盖以上文件,并重新加载配置
工具和动作 -> 读取设置
24.ssh密钥
docker exec -it jenkins /bin/bash
cd /var/jenkins_home/
mkdir /var/jenkins_home/.ssh/
私钥 ->/var/jenkins_home/.ssh/jenkins #确认密码: 54321
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,6D2683146E5AC4F260DE8465C9CB3744 BA20wSgpobZCPAaCfa04eZZjMg4wSjHSSPcmBxwvmSmomwhv5Bt3zwmpoLc1+sTX an9v7kkx8SeH4GBhx1YU7DKL/FDp49HqcHODYGbhFZbhnwnecW4EFR4V1bVZwkkZ sRq8FvmEsahMj13wvTbyRRSc9nrMgzaZQQO32S+nTkFNf+dwt989wBe4+2e7rgGr 2a98buPThd+LsbgI1Udj6LdktLVzvyDyx6fUmXYwDnc9bK2AAACs32cdflCSd0BV Hf2FqXDBD6xJeAsRZbsIgaGfjbQYxEG0szZc9rixq/7gDkRuKBQhIyNxguAgBMI8 7HJA34W+edM47oebAWAB5UMFVnOFa8tA/qr2NBYcKm409C5DV/Uy7om7igU3UEoM h618b/lvzaxs8QJhV0FdHkfFgmAdzH/4bf/i6La6Sr8eDptOuH3YSPZxj79EBfX5 LiIOjXi+z5c+t3mRjIFSyNlI6UsJJzXkM+8dQ7zcwaYSBzHP6Kskyq689OrkzfjM T7rUV764V+zA3j489m+X8uSx5gi7IYBOfWt+OWSF6aI/n+agIUN/R1b34Cu6n1SL C7IXLGASp7NakoM1E/J7p1gV1fhK0ncrdVn1okKFIbtEdbxEU445UrsCCE8sKk5P 1m23Mnt28pu3Buzrq6iBOWxc5KxQyQyHrAzOcnZE5tFwzW7MRZlu7vmqer/XpGsY 00M4hLZsMVgGdKohctbkiVQ1XzF4eFIidJV8OBw2cGsC4DnrEt9/d42GF/EEMhk7 bBu1WkGafSS2VNXKG5Gw4ReV0XNnEhN5rTwqPrxS5lcocV7JD7wKywhJC9XvPwyA y+ZZ/JzyxXQPgSqznxEQSvUwDgG7TdmW62cgRPJV0DzOfm/IqCv1IwshakTXiGNM ekg+oTWsyVtGcsGQu0SDlkRBM9dEqda9CE7Ybcrc9vWyVITYZrU7okXlXEATCssb i2hKl0z/zo3g16kBijhN3oZxZekAXtFK/wXDOKpShVV9MLvl/3gHD3PXhQd6y+K6 Uyig8LtMCfep6KO2AT1W1m3XctzluQ/GJGiZFsD3b/8v+RcCU5qhBovfI8oBzbuX WqUemKhm9ROKh7pC9KHvjRtIq+Yec4Fzn/vw3dSo/+F3qN4H5K4j1XnlTVvKmxZA wS0GuHh1FnjIEPtJH2KKq4YKQOlTZPV7t6hdajL8pZzoYgqqAVDcs5rrP50uAbYT 62xuIwnToh8tju9WfPG8HqgNnhrOqD20HnLUvb3ekWMZHby8IV9rfE1Kz3Mcpkmt Q8dZBxVOdvfeB7teAf5oVU5wFbM6W8pa27ZncXqdrH08H/sLJpqY6h0jY9v9rA8g XYrRQ8OApwhpcXTQ7nxZOXLoXUijbd7E0ig65jSi9F0QxIaJCs2kk05MXFlSqoGL SljnPjvefAmOyC7ydeHYuQTaWEjy6goXmjd8Li5e1GW7QPx8cQxtPrvgGSf9kttx MWdCptyrn5zR6vTG2q1+MozRs9zkZ811fJNQpv87o+s2UasnbcP97sNMk0CEBGbv I89UJfg6KYtBfR4ve35+FVeno23t9zvUWM2oxMDiaArGHweDo1Gk4XvTMxGBpAgh -----END RSA PRIVATE KEY-----
公钥->/var/jenkins_home/.ssh/jenkins.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2Ynrlr7uBtj7rB8xR2FHvOScF+lm9duO2SLvk3kA0OiPZvKtjT/Dag40hAAXN2Qpah4Tf9mfCbsP+tImFCKbcolpBRdPJCqwIems8pS0IMLGQFVyK7A0n4DNAs+lFsFrAETrxqJOQiYpKVknFspTmzur/psFZfvb4G1pxVljSnjzYsTFt7Y6RC1rQbfCKQ3m0deCBx1hr2YpwN0JJTwh3oqS8H7fNbEbmqu/QWMe28cTPA59s8hcUD2IlTIZGAKLKW80QzvROllFiEbqBNEczcGAFo+T2BcMu0mIwugYdaKD7lGZQTfZuDVWr+ml9hXZ7yHMcLZ4aucwYsKcli3Iz ihunter@vip.qq.com
ssh-keygen -t rsa -C "ihunter@vip.qq.com"
---jenkins 添加私钥
---gitlab 添加公钥
# 重置密码
-停止 jenkins 服务
cp /root/.jenkins/config.xml /root/.jenkins/config.xml.bak
-删除config.xml文件中的以下内容
vi /root/.jenkins/config.xml
<useSecurity>true</useSecurity>
...
</securityRealm>
-重置admin密码
-进入首页-》系统管理-》全局安全配置
-把“启用安全”、Jenkins 专有用户数据库、允许用户注册 勾上后保存
-然后看jenkins界面右上角有个注册用户,重新注册即可
-恢复配置文件
cp /root/.jenkins/config.xml.bak /root/.jenkins/config.xml
-重启jenkins
-恢复config.xml文件
# 用war包的方式安装jenkins
docker run -itd --name jenkins -p 8080:8080 arm64v8/tomcat
wget http://mirrors.jenkins.io/war-stable/latest/jenkins.war
docker cp jenkins.war jenkins:/usr/local/tomcat/webapps/jenkins.war
-http://localhost:8080/jenkins/
https://www.toutiao.com/i6868823682672919044/
https://blog.csdn.net/qq_39211866/article/details/80878369
https://www.jianshu.com/p/d4ff64736330
https://blog.csdn.net/artaganan8/article/details/93386196
https://blog.csdn.net/zhangxing52077/article/details/83589479
https://www.cnblogs.com/wang-yaz/p/10437377.html
https://blog.csdn.net/m0_37444820/article/details/80865240
https://blog.csdn.net/iamniconico/article/details/82023173
https://blog.csdn.net/pucao_cug/article/details/82531681
https://blog.csdn.net/ggjlvzjy/article/details/51151591
https://blog.csdn.net/hc_ttxs/article/details/79384535
https://www.jianshu.com/p/eabf80b7b0e6
https://blog.csdn.net/MenofGod/article/details/81941223
https://www.cnblogs.com/hanxiaohui/p/8796025.html
https://blog.csdn.net/qq_16538827/article/details/81873997
https://www.cnblogs.com/lucoo/p/10209892.html
https://blog.csdn.net/qq_16538827/article/details/81873997
https://www.cnblogs.com/wsy1030/p/9228488.html
https://blog.51cto.com/bigboss/2129477
https://www.jianshu.com/p/133cebbb21c2
https://blog.csdn.net/GX_1_11_real/article/details/99411759
https://blog.csdn.net/jonsonler/article/details/81317352
https://www.jianshu.com/p/cefaa78537b2
https://rorschachchan.github.io/2018/06/12/Jenkins%E6%90%AD%E9%85%8Dansible%E9%83%A8%E7%BD%B2/
https://blog.csdn.net/zz_jesse/article/details/108945777