Harbor 环境搭建

https://github.com/goharbor/harbor/releases/tag/v2.5.6

点击下载地址安装包

安装

解压安装包

[root@localhost ~]# tar -zxvf harbor-offline-installer-v2.5.6.tgz -C /usr/local/

修改harbor.yml配置

image.png

[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# vi harbor.yml
[root@localhost harbor]# ./install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 23.0.3

[Step 1]: checking docker-compose is installed ...

Note: Docker Compose version v2.17.2

[Step 2]: loading Harbor images ...

登录

Harbor http://192.168.232.7 admin/Harbor12345

image.png

创建账户

在某些情况下，为了 Harbor仓库的安全性考虑，在流水线任务中直接配置用户的话，后面还要维护其权限，命名项目是公开的了，登录成功在构建步骤中推送时，提示没有权限，直接配置 admin 用户，又不太合适，这时，可以考虑使用 Harbor 自带的 机器人账号。

image.png

docker 添加harbor支持

修改daemon.json，支持Docker仓库，并重启Docker。

sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://jrabvn1q.mirror.aliyuncs.com"],
  "insecure-registries":["192.168.232.7:80"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

发布镜像到Harbor

登录方式一、直接使用admin账户登录

docker login -u admin -p Harbor12345 http://192.168.232.7:80

登录方式二、机器人账户登录
官方文档 https://goharbor.io/docs/1.10/working-with-projects/project-configuration/create-robot-accounts/

[root@localhost ~]# docker login http://192.168.232.7:80
Username: robot$devops
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

博客文档 https://www.cnblogs.com/phpper/p/12899895.html
创建一个~/password.txt文件，将我们的机器人secret写到文件中，然后执行如下命令

cat ~/password.tx | docker login --username 'robot$devops' --password-stdin http://92.168.232.7:80

用机器人账户登录harbor，登录后会生成一个~/.docker/config.json文件，有了这个文件后，后续就不用再次输入密码了。

登录成功修改镜像名称，然后推送镜像，发布镜像到Harbor名称要求：[harbor地址/项目名/镜像名:版本] （192.168.232.7:80/repository/mytest:v1.0.0）

[root@localhost ~]# docker images
REPOSITORY                           TAG       IMAGE ID       CREATED        SIZE
192.168.232.7:80/repository/mytest   v1.0.0    66bbba1a6aa6   11 hours ago   832MB
mytest                               v1.0.0    66bbba1a6aa6   11 hours ago   832MB
[root@localhost ~]# docker tag mytest:v1.0.0 192.168.232.7:80/repository/mytest:v1.0.0
[root@localhost ~]# docker push 192.168.232.7:80/repository/mytest:v1.0.0

从Harbor拉取镜像

先配置/etc/docker/daemon.json文件，然后重启docker，最后拉取镜像。

sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://jrabvn1q.mirror.aliyuncs.com"],
  "insecure-registries":["192.168.232.7:80"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
# 拉取镜像
[root@localhost ~]# docker pull 192.168.232.7:80/repository/mytest:v1.0.0
v1.0.0: Pulling from repository/mytest

Jenkins打通Harbor

构建镜像和发布镜像到harbor都需要使用到docker命令。而在Jenkins容器内部默认是不带docker的，但是我们建议直接使用宿主机带的Docker即可。

设置宿主机docker.sock权限

sudo chown root:root /var/run/docker.sock
sudo chmod o+rw /var/run/docker.sock

查看结果

[root@localhost run]# ll | grep docker
drwx------.  8 root   root    180 4月   8 07:22 docker
-rw-r--r--.  1 root   root      5 4月   8 07:22 docker.pid
srw-rw-rw-.  1 root   root      0 4月   6 16:52 docker.sock
[root@localhost run]# 

添加Jenkins数据卷

修改/usr/local/docker/jenkins/docker-compose.yml文件，

version: "3.1"
services:
  jenkins:
    image: jenkins/jenkins:2.346.3-2-lts-jdk11
    container_name: jenkins
    ports:
      - 8080:8080
      - 50000:50000
    volumes:
      # 将jenkins的工作目录映射到宿主机的data目录
      - ./data/:/var/jenkins_home/
      # 将宿主机的docker映射到jenkins容器
      - /usr/bin/docker:/usr/bin/docker
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/docker/daemon.json:/etc/docker/daemon.json

然后重启容器：

cd /usr/local/docker/jenkins
docker-compose down
docker-compose up -d

Jenkins 任务配置

定义参数

image.png image.png image.png image.png

拉取分支代码

image.png

# 配置参数
REMOTE_NAME="origin"    # 远程仓库名
BRANCH_NAME=$branch     # 拉取的分支名

BRANCH_NAME=${BRANCH_NAME#*/}

# 检查输入参数
if [ -z "$BRANCH_NAME" ]; then
  echo "Please provide the branch name as the first argument."
  exit 1
fi

# 判断本地分支是否存在
if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
  echo "Local branch $BRANCH_NAME exists."
  git checkout $BRANCH_NAME
  git config pull.rebase false
  git pull $REMOTE_NAME $BRANCH_NAME
else
  echo "Local branch $BRANCH_NAME does not exist."
  git fetch $REMOTE_NAME $BRANCH_NAME
  git checkout -b $BRANCH_NAME $REMOTE_NAME/$BRANCH_NAME
fi

# 执行完毕
echo "The latest code has been successfully pulled from the remote branch."
exit 0

maven 打包

image.png

构建docker镜像并上传

image.png

mv **/target/*.jar docker/app.jar
echo "build Image start"
docker build -t $JOB_BASE_NAME:$tag docker/
echo "build Image success"
password=ucTv2l1XeBdgO9tkseoyWVLh47sRN9Py
echo "$password" | docker login $harbor_url --username 'robot$devops' --password-stdin
docker tag $JOB_BASE_NAME:$tag $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
echo "push Image start"
docker push $harbor_url/$harbor_object/$JOB_BASE_NAME:$tag
echo "push Image success"

远程服务器拉取镜像并运行

image.png

harbor_url=$harbor_url
port=$port
tag=$tag
project_name=$JOB_BASE_NAME
imageName=$harbor_url/$harbor_object/$JOB_BASE_NAME:$tag

containerId=`docker ps -a | grep ${project_name} | awk '{print $1}'`
if [ "$containerId" != "" ] ; then
    docker stop $containerId
    docker rm $containerId
    echo "Delete Container Success $containerId"
fi

imageId=`docker images | grep ${project_name} | awk '{print $3}'`

if [ "$imageId" != "" ] ; then
    docker rmi -f $imageId
    echo "Delete Image Success $imageId"
fi

password=ucTv2l1XeBdgO9tkseoyWVLh47sRN9Py
echo "$password" | docker login 192.168.232.7:80 --username 'robot$devops' --password-stdin

docker pull $imageName
docker run -d -p $port --name $project_name $imageName
echo "Start Container Success"
echo $project_name