Gitlab+Jenkins 自动构建
1 Jenkins设置
1.1 构建maven项目
1、添加git地址
2、添加webhook
此处需要安装插件Generic Webhook Trigger、GitLab两个插件才能有此选项。
要记清楚URL因为后面gitlab需要使用此URL。
2 Gitlab设置
2.1 设置webhook
此版本的gitlab webhook在
在url上填写jenkins上的URL
填写URL及token(由于我的没做ssh认证,所以没用ssl认证)
2.2 测试webhook是否成功
2.3 验证webhook
测试webhook,并且查看jenkins
Jenkins出现构建说明webhook生效,并且构建是gitlab的管理员构建的。如果出现404、401等报错请看报错解决。
3 报错解决
3.1 jenkins连接git
报错内容:
Failed to connect to repository : Error performing command: git ls-remote -h http://10.10.8.116/ucbms/ucbms.git HEAD
解决办法:
在jenkins机器上安装git。说明无git命令。或者git版本比较低。一般情况下使用yum安装一个git就可以解决问题。
3.2 webhook本地网络限制
报错内容:
Urlis blocked:Requests to the local network are not allowed
解决办法:
gitlab 10.6 版本以后为了安全,不允许向本地网络发送webhook请求,如果想向本地网络发送webhook请求,则需要使用管理员帐号登录,默认管理员帐号是admin@example.com,密码就是你gitlab搭建好之后第一次输入的密码。
3.3 HTTP 403
报错内容:
image.pngHook executed successfully but returned HTTP 403<html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 403 No valid crumb was included in the request</title> </head> <body><h2>HTTP ERROR 403</h2> <p>Problem accessing /job/eureka-service/build. Reason: <pre> No valid crumb was included in the request</pre></p>
<a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.z-SNAPSHOT</a>
></body> </html>
解决办法:
由于Jenkins的安全策略配置了CSRF跨站点保护。进入Jenkins,系统管理-->全局安全配置,勾选匿名用户具有可读权限和去掉CSRF防止跨站点请求伪造:
3.4 HTTP 401
报错内容:
Hook executed successfully but returned HTTP 401 <!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Invalid token</p><p><b>Description</b> The request has not been applied because it lacks valid authentication credentials for the target resource.</p><hr class="line" /><h3>Apache Tomcat/8.5.34</h3></body></html>
解决办法:
在jenkins上生成密钥,填写在gitlab
4 我的jenkins配置
5 脚本
脚本写在jenkins构建shell上编写
LOG_PATH=/docker/logs/${JOB_NAME}
HARBOR_URL=www.btharbor.com
PROJECT_NAME=bytuetech
#www.btharbor.com/bytuetech/tomcat:8.5.34 的bytuetech
case $Options in
Deploy)
IMAGE_VERSION=`head /root/.jenkins/workspace/${JOB_NAME}/pom.xml |grep '</version>' |awk -F '[<>]' '{print $3}'`
TOMCAT_VERSION=`cat /root/.jenkins/workspace/${JOB_NAME}/Dockerfile/Dockerfile |grep FROM |awk -F '[ :./]+' '{printf $7}'`
# TOMCAT_VERSION=`cat /root/.jenkins/workspace/${JOB_NAME}/Dockerfile/Dockerfile |grep FROM |awk -F '[ :.]+' '{printf $3}'`
mkdir -p ${LOG_PATH}
mkdir -p /root/project
cd /root/project
cp -rp /root/.jenkins/workspace/${JOB_NAME}/target/${JOB_NAME}.war .
cp -rp /root/.jenkins/workspace/${JOB_NAME}/Dockerfile/${JOB_NAME}.xml .
cp -rp /root/.jenkins/workspace/${JOB_NAME}/Dockerfile/Dockerfile .
docker build -t ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION} .
docker login --username=admin -p 12345 ${HARBOR_URL}
docker push ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION}
docker rmi -f ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION}
rm -f ./${JOB_NAME}.war
rm -f ./${JOB_NAME}.xml
rm -f ./Dockerfile
#ansible
#删除同名docker容器
docker_id=$(docker ps | grep "${JOB_NAME}" | awk '{print $1}')
if [ "${docker_id}" != "" ]; then
docker rm -f ${docker_id}
fi
docker login --username=admin -p 12345 ${HARBOR_URL}
# docker pull ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION}
docker run -itd -p 8888:8080 --name ${JOB_NAME}-${IMAGE_VERSION} -v ${LOG_PATH}:/opt/tomcat/logs ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${IMAGE_VERSION}
;;
RollBack)
docker_id=$(docker ps | grep "${JOB_NAME}" | awk '{print $1}')
if [ "${docker_id}" != "" ]; then
docker rm -f ${docker_id}
fi
docker run -itd -p 8888:8080 --name ${JOB_NAME}-${Jobs_Version} -v ${LOG_PATH}:/opt/tomcat/logs ${HARBOR_URL}/${PROJECT_NAME}/${JOB_NAME}:${Jobs_Version}
;;
esac
6 Dockerfile
Dockerfile要在源码的dockerfile目录内
FROM www.btharbor.com/bytuetech/tomcat:8.5.34
RUN mkdir -p /opt/tomcat/conf/Catalina/localhost/
COPY ./ucbms.war /data/webapps/
COPY ./ucbms.xml /opt/tomcat/conf/Catalina/localhost/
EXPOSE 8080
ENTRYPOINT ["/opt/tomcat/bin/catalina.sh", "run" ]
7 .xml
和dockerfile在一个目录上