Jenkins流水线--部署多模块maven项目(推荐)

最终Jenkins流水线各步骤分解

Jenkins+Springboot+gitlab+maven+jdk+docker

目录

多模块maven项目结构大概如下:

cfw-project  #父工程
       -canfu-eureka    #子工程(1)
       -canfu-provider  #子工程(2)
       -canfu-supplier  #子工程(n)
             -src
             -pom.xml
       -pom.xml
       -Dockerfile_config  #存放各子工程Dockerfile
       -Deploy.sh          #远程部署脚本

1、编写Jenkinsfile,Dockerfile,Deploy.sh

编写声明式Jenkinsfile

  • 步骤大概为:(1)打印变量信息;(2)从源码库拉取对应分支代码到"${WORKSPACE}";(3)maven编译、打包;(4)将jar包构建成docker镜像;(5)触发部署脚本(Deploy.sh )实施远程部署/重启/回滚;(6)清理工作目录
pipeline {
    agent any
    environment {
        registryUrl= "192.168.1.110:5000"       //搭建docker私有仓库(Harbor)或者 用DockerHub 又或者用云平台的“容器镜像服务”
        registry_user= "xxx"
        registry_pass= "xxx"
    }
    options {
        timestamps()    //设置在项目打印日志时带上对应时间
        disableConcurrentBuilds()   //不允许同时执行流水线,被用来防止同时访问共享资源等
        timeout(time: 5, unit: 'MINUTES')   // 设置流水线运行超过n分钟,Jenkins将中止流水线
        buildDiscarder(logRotator(numToKeepStr: '20'))   // 表示保留n次构建历史
    }

    //gitlab  webhook触发器
    //代码推到gitlab上后,所有子项目将被触发构建,不可取,待优化启用
    //triggers{
    //   gitlab( triggerOnPush: true,                       //代码有push动作就会触发job
    //       triggerOnMergeRequest: true,                   //代码有merge动作就会触发job
    //        branchFilterType: "NameBasedFilter",          //只有符合条件的分支才会触发构建 “All/NameBasedFilter/RegexBasedFilter”
    //        includeBranchesSpec: "${Branch_name}")      //基于branchFilterType值,输入期望包括的分支的规则
    //}

    stages{
        stage('Print Message') {      //打印信息
            steps {
                echo '打印信息'
                echo "Project_Pipeline_name: ${JOB_NAME}"
                echo "Project_module_name: ${PROJECT_NAME}"
                echo "workspace: ${WORKSPACE}"
                echo "branch: ${Branch_name}"           //gitlab分支名
                echo "build_id: ${BUILD_ID}"
                echo "target_action: ${action}"
                echo "registryUrl: ${registryUrl}"
                echo "image_repository: ${registryUrl}/${Project_name}"
           }
        }
        stage ('Checkout'){         //拉取代码
            steps{
                echo '拉取代码'
                script {
                    if ( action == 'deploy' ) {    //判断当action == 'deploy' 时,才执行此stage
                        checkout([$class: 'GitSCM', branches: [[name: '${Branch_name}']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [],
                            userRemoteConfigs: [[credentialsId: '7ff3778d-124f-40b1-a5e6-05d600a7e59e', //gitlab登录令牌,如何设置自行搜索方法
                            url: 'http://192.168.1.110/java/pipeline-project.git']]])    //gitlab项目clone地址
                    }
                }
            }
        }
        stage('Packaging project') {        //mvn打包
            steps {
                echo 'mvn打包子项目'
                script {
                    if ( action == 'deploy' ) {
                       sh 'source /etc/profile && mvn clean package -pl ${Project_name} -am -amd -P${Branch_name} -Dmaven.test.skip=true'
                       //“-pl”指定子项目名称 ; “-P”指定使用哪个环节的配置文件(-Ptest即表示使用文件application-test.yml配置文件打包)
                    }
                }
            }
        }
        stage('Build & Push Image to Harbor') {      //构建,推送镜像
            steps {
                echo '构建,推送镜像到docker镜像仓库'
                dir ('./') {       //指定工作目录(默认为${WORKSPACE})
                    script {
                        if ( action == 'deploy' ) {                         
                           //方法一:
                           //sh 'docker login  --username=${registry_user} --password=${registry_pass}   ${registryUrl}'
                           //sh 'cp ${Project_name}/target/*.jar ./'
                           //sh 'docker build  -t ${registryUrl}/${Project_name}:${Branch_name}-${BUILD_ID} -f ./Dockerfile_config/${Project_name}/Dockerfile . '
                           //sh 'docker push ${registryUrl}/${Project_name}:${Branch_name}-${BUILD_ID}'
                           //方法二:
                           sh 'docker login  --username=${registry_user} --password=${registry_pass}   ${registryUrl}'
                           sh 'cp ${Project_name}/target/*.jar ./ '
                           def app = docker.build('${registryUrl}/${Project_name}:${Branch_name}-${BUILD_ID} -f ./Dockerfile_config/${Project_name}/Dockerfile')
                           app.push('${Branch_name}-${BUILD_ID}')

                           //sh 'docker rmi ${registryUrl}/${Project_name}:${Branch_name}-${BUILD_ID}'
                        }
                    }
                }
            }
        }
        stage('Deploy to the Target server') {      //部署到目标服务器($action == deploy/restart/rollback)
            steps {
                echo '部署到目标服务器'
                script {
                    timeout(time: 40, unit: 'SECONDS') {    // 设置远程部署超过n秒,将终止该步骤
                        sh 'bash  ./Deploy.sh  ${Project_name}  ${registryUrl}/${Project_name}:${Branch_name}  ${Branch_name}  ${action}  ${BUILD_ID} ${rollback_id}'   //${1,2,3,4,5,6}
                }
            }
        }
        //此步骤在调试Jenkinsfile时可以注释以便了解目录结构
        //亦可以忽略这步骤(有磁盘空间,任性)
        stage('Delete Workspace') {         //清理工作目录(从jenkins上清除刚拉取的代码及mvn编译打包的内容,节省磁盘空间)
            steps {
                echo "清理工作目录: ${WORKSPACE}"
                deleteDir()     //表示删除当前目录(${WORKSPACE})下内容,通常用在构建完毕之后清空工作空间
            }
        }
    }
}

编写各子项目Dockerfile

FROM java:latest
LABEL maintainer="qiujt <qiujt123@163.com>"
ADD canfu-admin/target/canfu-supplier-0.0.1-SNAPSHOT.jar     canfu-supplier.jar
EXPOSE  8096
ENTRYPOINT    ["java","-jar","-Xms512m","-Xmx1024m","-XX:PermSize=512M","-XX:MaxPermSize=1024M","/canfu-supplier.jar"]
  • FROM 指定基础镜像,并且必须是第一条指令。(可以选择更小的镜像openjdk:8-jdk-alpine,不过一些后台项目验证码图片会出不来,慎用)
  • LABEL MAINTAINER 指定维护者信息 语法:LABEL maintainer=" user_name <user_email>"
  • ADD 将宿主机目录下的文件拷贝进镜像且 ADD 命令会自动处理 URL 和解压 tar 压缩包
  • EXPOSE 当前容器对外暴露出的端口
  • ENTRYPOINT:指定一个容器启动时要运行的命令,ENTRYPOINT 的目的和 CMD 一样,都是在指定容器启动程序及参数

编写启动脚本Deploy.sh

#!/bin/bash
#ENV
 #docker私有仓库(Harbor)
  registryUrl=192.168.1.110:5000
  registry_user="xxx"
  registry_pass="xxx"
  project_name=$1
  image_name=$2-${6:-$5}  #表示$6缺省值为$5;$6非空仅用于回滚操作)
  env=$3
  action=$4
  build_id=$5
  rollback_id=$6
  node_user=root

  if [ "${env}" == test ];then
    #测试环境
    node1=192.168.1.105
  elif [ "${env}" == master ];then
    #生产环境
    node1=192.168.1.106
  else
    echo '没有${env}环境!!!'
  fi

#Prepare
echo "project_name: $1 , image_name: $2-${6:-$5} , env: $3 , action: $4 , build_id: $5 , rollback_id: $6"
#触发动作
case $action in
deploy | rollback)
  echo "The service is deployed in $node1"
  ssh $node_user@$node1 "docker login --username=${registry_user} --password=${registry_pass} ${registryUrl} && docker pull $image_name && docker rm -f $project_name || true &&  docker  run -itd  --name=$project_name  --restart=always -e TZ="Asia/Shanghai" --net=host  -v /home/dev/logs/$project_name:/data/logs/$project_name   $image_name && docker image prune -a  -f --filter 'until=1h'"
;;

restart)
  echo "The service is restarted in $node1"
  ssh $node_user@$node1 "docker restart ${project_name} && tailf /home/dev/logs/$project_name/${project_name}.log"
;;

*)
  echo 'Please select the correct trigger action:"deploy/rollback/restart"'
;;

esac
  • 解释:

  • docker login:登录docker私有仓库

  • docker pull && docker rm:服务器拉取对应镜像;判断容器是否存在,如果存在就结束容器,否则跳过

  • docker run:基于镜像创建容器。
    --restart=always:当 Docker进程重启后,容器自动启动;
    --net=host:指定容器网络模式为host,即容器暴露的端口,宿主机就是什么端口;
    -e TZ="Asia/Shanghai" :定义容器使用时区;
    -v:将子项目日志目录从容器里映射到宿主机(视个人项目情况变更)。

  • docker image prune:删除1小时前拉取的、并且未被使用的镜像

  • 补充:由于定义的Jenkinsfile部署阶段需要在目标服务器(例如:192.168.1.105)上执行操作,因此需要配置通过ssh连接。
    (1)首先需要在Jenkins容器里面生成ssh的公钥密钥;

docker exec -it jenkins /bin/bash -c 'ssh-keygen -C "root@jenkins"'

(2)然后复制jenkins容器的公钥(/root/.ssh/id_rsa.pub)文件内容到目标服务器的/root/.ssh/authorized_keys文件中(使用ssh-copy-id命令)。

  • 注意第一次连接目标服务器会提示一个交互动作(提示输入“yes”或者“no”)
[root@tools-env-101 ~]# docker exec -it jenkins /bin/bash -c "ssh-copy-id 192.168.1.105"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.105 (192.168.1.105)' can't be established.
ECDSA key fingerprint is SHA256:/2CklRXsExQNpBUr08qN6jqbx6wBkYceC/IShzwAemk.
Are you sure you want to continue connecting (yes/no)? yes      #提示交互动作,此处输入“yes”继续操作
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.105's password:       #输入目标服务器ssh用户登录密码(默认用户root)

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.1.105'"
and check to make sure that only the key(s) you wanted were added.

[root@tools-env-101 ~]# docker exec -it jenkins /bin/bash -c "ssh 192.168.1.105"    #成功免密登录目标服务器
Last login: Wed Nov 18 12:11:38 2020 from 192.168.1.186
[root@test-env-105 ~]# 
  • 要避开上面提到的交互动作(输入“yes”或者“no”),还有下面一种方法:
    将目标服务器/etc/ssh/ssh_config里面的“StrictHostKeyChecking ask”改为“StrictHostKeyChecking no”,重启ssh服务即可。

2、创建jenkins流水线工程


配置选项参数01

配置选项参数02

放置Jenkinsfile

选择参数触发构建

成功构建,查看操作日志

推荐阅读更多精彩内容