ARM部署gitlab-ci
[[离线安装docker]]
[[docker loki]]
上传镜像包
# docker images
REPOSITORY TAG SIZE
encircles/alpine-rsync latest 9.28MB
alpinelinux/gitlab-runner-helper latest-aarch64 45.8MB
golang 1.17.6-alpine3.15 313MB
golang 1.17.6 805MB
yrzr/gitlab-ce-arm64v8 14.6.1-ce.0 2.3GB
gitlab-runner-arm64 latest 686MB
导入镜像
docker load < alpine-rsync-arm64.tar
docker load < gitlab-arm64.tar
docker load < golang-1.17.6-arm64.tar
docker load < golang-alpine-1.17.6-arm64.tar
docker load < runner-arm64.tar
docker load < runner-helper-arm64.tar
启动gitlab-ce
docker run -d -p 7000:7000 -p 2443:443 -p 5678:5678 -p 2222:22 --name gitlab --restart always -v /data/docker/data/gitlab/config:/etc/gitlab -v /data/docker/data/gitlab/logs:/var/log/gitlab -v /data/docker/data/gitlab/data:/var/opt/gitlab yrzr/gitlab-ce-arm64v8:14.6.1-ce.0
启动成功之后, 修改一下gitlab的配置
vim gitlab/data/gitlab-rails/etc/gitlab.yml
production: &base
#
# 1. GitLab app settings
# ==========================
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: bz.soyi.sh.cn
port: 443
https: true
vim gitlab/config/gitlab.rb
external_url 'https://bz.soyi.sh.cn/gitlab/'
nginx['listen_port'] = 7000
nginx['listen_https'] = false
gitlab_rails['gitlab_shell_ssh_port'] = 2222
gitlab_rails['time_zone'] = 'Asia/Shanghai'
查看gitlab登录账号root密码
cat gitlab/config/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: O+6/sAWTl6zo1kuRIZyeT++jvqoBL2kCC2Imk3YJ28M=
d2eamwork
# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
重新运行容器
docker rm -f gitlab
docker run -d -p 7000:7000 -p 2443:443 -p 5678:5678 -p 2222:22 --name gitlab --restart always -v /data/docker/data/gitlab/config:/etc/gitlab -v /data/docker/data/gitlab/logs:/var/log/gitlab -v /data/docker/data/gitlab/data:/var/opt/gitlab yrzr/gitlab-ce-arm64v8:14.6.1-ce.0
修改 互联网 和 政务外网 机器的nginx容器配置, 反向代理gitlab出去
nginx/conf.d/wisdom.conf
互联网
# gitlab
location /gitlab {
# 设置最大允许上传单个的文件大小
client_max_body_size 1024m;
proxy_redirect off;
#以下确保 gitlab中项目的 url 是域名而不是 http://git,不可缺少
proxy_set_header Host host;
proxy_set_header X-Real-IPremote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 反向代理到 gitlab 内置的 nginx
proxy_pass http://100.68.222.62:39501/gitlab;
index index.html index.htm;
}
政务外网
location /gitlab/ {
# 设置最大允许上传单个的文件大小
client_max_body_size 100m;
proxy_redirect off;
#以下确保 gitlab中项目的 url 是域名而不是 http://git,不可缺少
proxy_set_header Host host;
proxy_set_header X-Real-IPremote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 反向代理到 gitlab 内置的 nginx
proxy_pass http://172.20.10.172:7000;
index index.html index.htm;
}
外网访问 https://bz.soyi.sh.cn/gitlab/ 看看是否启动成功
启动gitlab-runner
-v /var/run/docker.sock:/var/run/docker.sock 是为了容器内可以操作宿主机的docker
docker run -d --name gitlab-runner --restart always -v /data/docker/data/gitlab-runner/config:/etc/gitlab-runner -v /var/run/docker.sock:/var/run/docker.sock gitlab-runner-arm64:latest
进入runner容器内
docker exec -it gitlab-runner bash
容器内执行: 注册runner
gitlab-runner register
输入Gitlab实例的地址
地址是你手动设置Runner区域里面的URL
> Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com )
http://172.20.10.172:7000/gitlab/
输入token, 是你手动设置Runner区域里面的令牌
> Please enter the gitlab-ci token for this runner
dwkT946MVbC5tmSsAcxX
输入Runner的描述
> Please enter the gitlab-ci description for this runner
[hostname] my-runner
输入与Runner关联的标签
标签是为了让后期在CI脚本中指定选择某个或者多个Runner,这里我们设置他的标签为test,你们可以设置其他的
> Please enter the gitlab-ci tags for this runner (comma separated):
runner1
输入Runner的执行器
由于我们都是基于Docker,所以这里选择执行器为Docker
> Please enter the executor: ssh, docker+machine, docker-ssh+machine, kubernetes, docker, parallels, virtualbox, docker-ssh, shell:
docker
设置执行器的版本
> Please enter the Docker image (eg. ruby:2.1):
encircles/alpine-rsync:latest
退出容器
exit
vim gitlab-runner/config/config.toml
runner配置文件
- clone_url:是runner-helper执行git拉取的时候只能走内网,所以需要设置
- volumes:是为了在容器中可以执行宿主机的Docker命令。
- pull_policy:当指定的镜像不存在的话,则通过docker pull拉取。
- image = “encircles/alpine-rsync:latest” 指定runner运行时的基础镜像
- helper_image = “alpinelinux/gitlab-runner-helper:latest-aarch64” 指定helper镜像
- pre_clone_script = “git config –global http.sslVerify false”
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "my-runner"
url = "http://172.20.10.172:7000/gitlab/"
clone_url = "http://172.20.10.172:7000/gitlab/"
token = "dwkT946MVbC5tmSsAcxX"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "encircles/alpine-rsync:latest"
helper_image = "alpinelinux/gitlab-runner-helper:latest-aarch64"
pre_clone_script = "git config --global http.sslVerify false"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/data/www/codes:/build/cache_codes:rw", "/run/docker.sock:/var/run/docker.sock", "/cache"]
pull_policy = ["if-not-present"]
shm_size = 0
重启一下 runner容器
docker restart gitlab-runner
至此gitlab-ci部署成功,接下来需要在项目内添加 .gitlab-ci.yml 文件
示例 .gitlab-ci.yml
传统的php上传代码
# 所有任务基于这个镜像 此镜像已经安装了 rsync
image: encircles/alpine-rsync:latest
# 在每个任务执行前运行
before_script:
# 如果是文件上传的话, 需要在runner的配置文件的volumes里面写好挂载目录
- mkdir -p /build/cache_dir
# 阶段
stages:
- deploy
deploy:
stage: deploy
tags:
- runner1
only:
- main
script:
# 实际上就是在容器内拉取git代码,然后通过rsync传到宿主机挂载的目录
- rsync -av --delete --exclude='.git/' --exclude='.gitlab-ci.yml' $(pwd)/ /build/cache_dir/
Go打包镜像
因为是内网, go build 不能访问到依赖地址, 所以需要把依赖打包到当前目录
go mod vendor
buildDockerImage.sh
#!/bin/bash
echo "检测GOPATH"
if [ -z "GOPATH" ]; then
echo "GOPATH 未设定"
exit 1
else
echo "GOPATH=GOPATH"
fi
if [ ! "1" ]; then
echo "请输入应用版本"
exit 1
fi
app_name="app"
new_version=1
echo "当前路径 (pwd)"
echo "编译app_name 应用"
CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o app_name .
echo "检测app_name 应用"
FILE="app_name"
if [ -f "FILE" ]; then
echo "FILE 已就绪"
else
echo "FILE 应用不存在"
exit 1
fi
echo "开始构建Docker镜像"
echo "sudo docker build -t app_name:new_version ."
docker build -t app_name:new_version .
echo "删除老的编译文件"
rm -rf $app_name
Dockerfile
FROM golang:1.17.6-alpine3.15 AS development
ENV GO111MODULE=on \
GOPROXY=https://goproxy.cn,direct
WORKDIR /app
COPY . .
RUN go build -o test
FROM encircles/alpine-rsync:latest AS production
WORKDIR /app
COPY --from=development /app/test .
EXPOSE 8080
ENTRYPOINT ["./test"]
.gitlab-ci.yml
# 所有任务基于这个镜像
image: golang:1.17.6
# 在每个任务执行前运行
before_script:
- export VERSION=`echo {CI_COMMIT_TAG} | awk -F"_" '{print1}'`
# 安装 docker,由于需要在容器里面使用宿主的docker命令,这里就需要安装一个docker的可执行文件,然后在启动容器的时候,将宿主的 docker.sock 文件挂载到容器内的同样位置。
- tar zxvf docker-latest-arm64.tgz
- cp docker/docker /usr/local/bin/
- chmod +x /usr/local/bin/docker
- rm -rf docker docker-latest-arm64.tgz
# 阶段
stages:
- build
# 定义 job
build_uat:
stage: build
tags:
- runner1
script:
- echo "开始构建 uat 程序"
- chmod +x *.sh
- make build_image ENV="prod" VERSION={VERSION}
rules:
# 根据tag名称正则来决定
- if:CI_COMMIT_TAG =~ /^uat\d+\.\d+\.\d+/
when: always
build_release:
stage: build
tags:
- runner1
script:
- echo "开始构建 release 程序"
- chmod +x *.sh
- make build_image ENV="prod" VERSION={VERSION}
rules:
- if: CI_COMMIT_TAG =~ /^release\d+\.\d+\.\d+/
when: always
发表回复