58.DevOps进阶
·
文章目录
第2部:DevOps进阶
代码审计
SonarQube 是一个开源的代码质量管理平台,用于自动化检测代码中的质量问题和安全漏洞,帮助团队 持续提升代码质量。
官方地址:https://www.sonarsource.com/products/sonarqube/downloads/
核心功能
- 静态代码分析
- 自动识别代码缺陷(如空指针异常)、安全漏洞(如SQL注入)和代码异味(不良设计),支 持30+编程语言(Java、C#、Python等)。
- 集成PMD、FindBugs、Checkstyle等插件增强检测能力,提供深度规则定制。
- 多维质量指标
- 分析代码重复率、复杂度(圈复杂度)、注释覆盖率及单元测试覆盖率(需集成JaCoCo等工 具)。
- 量化技术债务,生成修复优先级建议。
- 开发流程集成
- 无缝对接CI/CD工具(Jenkins、GitLab CI、GitHub Actions),提交代码后自动触发扫描。
- 通过IDE插件(SonarLint)实时反馈问题,支持开发阶段即时修复。
- 质量门禁(Quality Gate)
- 定义质量阈值(如漏洞数量上限),未达标代码自动阻断合并或部署。
部署
在Jenkins服务器上,拉取postgres数据库和代码审计sonarqube镜像
[root@jenkins ~]# docker pull postgres:12.6 #支持版本
[root@jenkins ~]# docker pull sonarqube:8.9.6-community # 此版本为TLS长期稳定版
创建代码审计容器创建脚本
[root@jenkins ~]# cd /usr/local/docker
[root@jenkins docker]# mkdir sonarqube_docker
[root@jenkins docker]# ls
jenkins_docker sonarqube_docker
[root@jenkins docker]# cd sonarqube_docker/
[root@jenkins sonarqube_docker]# vim docker-compose.yml
脚本内容如下:
version: '3.1'
services:
db:
image: postgres:12.6
container_name: db
ports:
- 5432:5432
networks:
- sonarnet
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
POSTGRES_DB: sonar
sonarqube:
image: sonarqube:8.9.6-community
container_name: sonarqube
depends_on:
- db
ports:
- 9000:9000
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
networks:
- sonarnet
networks:
sonarnet:
driver: bridge
启动脚本
[root@jenkins sonarqube_docker]# docker-compose up -d
Creating network "sonarqube_docker_sonarnet" with driver "bridge"
Creating db ... done
Creating sonarqube ... done
查看日志
[root@jenkins sonarqube_docker]# docker logs -f sonarqube
...
ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
ERROR: Elasticsearch did not exit normally - check the logs at /opt/sonarqube/logs/sonarqube.log
2026.01.29 10:40:47 INFO es[][o.e.n.Node] stopping ...
2026.01.29 10:40:47 INFO es[][o.e.n.Node] stopped
2026.01.29 10:40:47 INFO es[][o.e.n.Node] closing ...
2026.01.29 10:40:47 INFO es[][o.e.n.Node] closed
2026.01.29 10:40:47 WARN app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 78
2026.01.29 10:40:47 INFO app[][o.s.a.SchedulerImpl] Process[es] is stopped
2026.01.29 10:40:47 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped
[root@jenkins sonarqube_docker]# Connection closing...Socket close.
解决问题:虚拟内存太小,max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144],需要扩容
[root@jenkins sonarqube_docker]# vim /etc/sysctl.conf
vm.max_map_count=262144 # 最末尾追加
[root@jenkins sonarqube_docker]# sysctl -p
重新创建
[root@jenkins sonarqube_docker]# docker-compose up -d
Starting db ... done
Starting sonarqube ... done
再次查看日志,资源顺利启动
[root@jenkins sonarqube_docker]# docker logs -f sonarqube
...
2026.01.29 10:50:34 INFO web[][o.s.s.q.ProjectsInWarningDaemon] Counting number of projects in warning will be disabled as there are no more projects in warning.
2026.01.29 10:50:34 INFO app[][o.s.a.SchedulerImpl] Process[web] is up
2026.01.29 10:50:34 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='ce', ipcIndex=3, logFilenamePrefix=ce]] from [/opt/sonarqube]: /opt/java/openjdk/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube/temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-8.9.6.50800.jar:/opt/sonarqube/lib/jdbc/postgresql/postgresql-42.2.19.jar org.sonar.ce.app.CeServer /opt/sonarqube/temp/sq-process11066565767740586938properties
2026.01.29 10:50:34 INFO ce[][o.s.p.ProcessEntryPoint] Starting ce
2026.01.29 10:50:35 INFO ce[][o.s.ce.app.CeServer] Compute Engine starting up...
2026.01.29 10:50:35 INFO ce[][o.s.s.e.EsClientProvider] Connected to local Elasticsearch: [http://localhost:9001]
2026.01.29 10:50:36 INFO ce[][o.sonar.db.Database] Create JDBC data source for jdbc:postgresql://db:5432/sonar
2026.01.29 10:50:39 INFO ce[][o.s.s.p.ServerFileSystemImpl] SonarQube home: /opt/sonarqube
2026.01.29 10:50:39 INFO ce[][o.s.c.c.CePluginRepository] Load plugins
2026.01.29 10:50:41 INFO ce[][o.s.c.c.ComputeEngineContainerImpl] Running Community edition
2026.01.29 10:50:41 INFO ce[][o.s.ce.app.CeServer] Compute Engine is operational
2026.01.29 10:50:41 INFO app[][o.s.a.SchedulerImpl] Process[ce] is 
2026.01.29 10:50:41 INFO app[][o.s.a.SchedulerImpl] SonarQube is up
访问地址:http://192.168.108.31:9000/
进行登录
更新密码
登录到sonarqube首页界面
下载并安装中文插件
下载并安装
出现报错:Error while downloading plugin ‘10nzh’ with version ‘10.7’. No compatible plugin found.
问题解决:
修正docker-compose.yml文件:
[root@jenkins sonarqube_docker]# vim docker-compose.yml
version: '3.1'
services:
db:
image: postgres:12.6
container_name: db
ports:
- 5432:5432
networks:
- sonarnet
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
POSTGRES_DB: sonar
sonarqube:
image: sonarqube:8.9.6-community
container_name: sonarqube
depends_on:
- db
ports:
- 9000:9000
volumes:
- ./plugins/:/opt/sonarqube/extensions/plugins # 添加创建仓库数据卷
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
networks:
- sonarnet
networks:
sonarnet:
driver: bridge
本地中文插件sonar-l10n-zh-plugin-8.9.jar放入,并服务重启
[root@jenkins sonarqube_docker]# docker-compose stop
Stopping sonarqube ... done
Stopping db ... done
[root@jenkins sonarqube_docker]# docker-compose up -d
Starting db ... done
Recreating sonarqube ... done
[root@jenkins sonarqube_docker]# ls
docker-compose.yml plugins
[root@jenkins sonarqube_docker]# cd plugins/
# 插件复制到plugins目录中,并再次重新启动
[root@jenkins plugins]# rz -E
rz waiting to receive.
[root@jenkins plugins]# ls
sonar-l10n-zh-plugin-8.9.jar
[root@jenkins plugins]# docker-compose restart
Restarting sonarqube ... done
Restarting db ... done
# 注意:如果出现sonar无法正常启动,需要把原来启动的sonarqube和postgre容器删除掉,再重新使用docker-compose拉起来
首页显示为中文
代码测试
回到Windows系统的idea上
sonarqube会支持两种方式测试代码:
maven方式
1:maven方式,sonarqube对maven有支持,可以使用maven命令对代码测试。
修改maven目录下的settings.xml文件
指定位置插入如下内容:sonarqube的用户名、密码和Jenkins主机节点
代码:(放在文件最后一个profiles中)
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<sonar.login>admin</sonar.login>
<sonar.password>abc123</sonar.password>
<sonar.host.url>http://192.168.108.31:9000</sonar.host.url>
</properties>
</profile>
设置maven环境变量
在idea当前终端命令行进行输入:
执行
C:\IdeaProjects\demo>mvn sonar:sonar
版本报错
原因:sonar-maven-plugin:4.0.0.4121默认支持jdk11,而项目中使用的是jdk8,导致版本出错
解决问题:
可以采用下载对应的sonar-maven-plugin:3.11.0.3922版本来解决
在pom.xml中插入以下内容:
插件代码如下:
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.11.0.3922</version>
</plugin>
重新执行mvn sonar:sonar,进行加载
打开sonarqube网页,完成项目代码审计
查看检测结果
选择查看到的问题点
sonar-scanner方式
官方插件下载地址:https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner/
在Jenkins服务器上操作,把压缩包sonar-scanner-cli-4.6.0.2311-linux.zip解压到Jenkins的data目录中
[root@jenkins ~]# unzip sonar-scanner-cli-4.6.0.2311-linux.zip
[root@jenkins ~]# mv sonar-scanner-4.6.0.2311-linux/ sonar-scanner
[root@jenkins ~]# mv sonar-scanner /usr/local/docker/jenkins_docker/data/
修改配置
[root@jenkins ~]# cd /usr/local/docker/jenkins_docker/data/sonar-scanner/conf/
[root@jenkins conf]# ls
sonar-scanner.properties
[root@jenkins conf]# vim sonar-scanner.properties
#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here
#----- Default SonarQube server
sonar.host.url=http://192.168.108.31:9000
#----- Default source code encoding
sonar.sourceEncoding=UTF-8
进行项目代码测试
[root@jenkins data]# cd /usr/local/docker/jenkins_docker/data/workspace/mytest
[root@jenkins mytest]# /usr/local/docker/jenkins_docker/data/sonar-scanner/bin/sonar-scanner -Dsonar.sources=./ -Dsonar.projectname=linux-test
......
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /usr/local/docker/jenkins_docker/data/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: Analyzing on SonarQube server 8.9.6
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.889s
INFO: Final Memory: 4M/20M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: Not authorized. Analyzing this project requires authentication. Please provide a user token in sonar.login or other credentials in sonar.login and sonar.password.
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
需要使用token令牌进行身份验证
点击右上角,用户-我的账号
添加参数,再次执行,需要添加编译过后内容的位置
[root@jenkins mytest]# /usr/local/docker/jenkins_docker/data/sonar-scanner/bin/sonar-scanner -Dsonar.sources=./ -Dsonar.projectname=linux-test -Dsonar.login=097c0077b020a413fb59f8dd423b13144575833a -Dsonar.projectKey=linux-test
......
INFO: Final Memory: 12M/44M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
继续添加参数,则测试成功(注意:756ecd2921adb03b586562f76b62815ad234081d,这个密钥后 面整合Jenkins要用到)
[root@jenkins mytest]# /usr/local/docker/jenkins_docker/data/sonar-scanner/bin/sonar-scanner -Dsonar.sources=./ -Dsonar.projectname=linux-test -Dsonar.login=097c0077b020a413fb59f8dd423b13144575833a -Dsonar.projectKey=linux-test -Dsonar.java.binaries=./target/
......
INFO: Analysis report generated in 138ms, dir size=100 KB
INFO: Analysis report compressed in 61ms, zip size=18 KB
INFO: Analysis report uploaded in 1074ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://192.168.108.31:9000/dashboard?id=linux-test
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://192.168.108.31:9000/api/ce/task?id=AZwMk_WjIbUwvHkwOiiV
INFO: Analysis total time: 12.552 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 16.201s
INFO: Final Memory: 8M/34M
INFO: ------------------------------------------------------------------------
回到sonarqube网页中查看
代码审计整合Jenkins
系统管理>插件管理>高级
使用插件导入sonar.hpi
搜索已安装插件
系统配置-SonarQube servers
注意:先应用再保存后,再回到系统配置中
添加凭据信息
应用凭据
Jenkins中调用sonar-scanner工具
系统管理-全局工具配置
添加名称和容器内部路径
在项目中进行配置
构建位置进行添加构建步骤
添加内容如下
sonar.projectname=${JOB_NAME}
sonar.projectKey=${JOB_NAME}
sonar.source=./
sonar.java.binaries=target
进行构建
构建报错:
解决问题:因为之前在Jenkins服务器上使用命令进行了构建,产生过隐藏文件.scannerwork夹需要删除
[root@jenkins mytest]# ls -a
. demo.iml .git .gitignore .idea .scannerwork target
.. docker .gitattributes HELP.md pom.xml src
[root@jenkins mytest]# rm -rf .scannerwork/
[root@jenkins mytest]# ls -a
. .. demo.iml docker .git .gitattributes .gitignore HELP.md .idea pom.xml src target
再次构建
过程中调用了sonarqube
完成构建
查看sonarqube网页,观察到代码测试结果
harbor镜像仓库
部署
在Jenkins服务器上把harbor压缩包进行解压缩,进行设置后,启动安装
[root@jenkins ~]# tar zxvf harbor-offline-installer-v2.8.2.tgz -C /usr/local/
[root@jenkins ~]# cd /usr/local/harbor/
[root@jenkins harbor]# cp -p harbor.yml.tmpl harbor.yml
[root@jenkins harbor]# vim harbor.yml
# 设置Jenkins节点IP
hostname: 192.168.108.31
# 注释掉所有关于https选项
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
harbor_admin_password: harbor123 # 设置账户密码
# 启动安装脚本
[root@jenkins harbor]# ./install.sh
WARN[0000] /usr/local/harbor/docker-compose.yml: `version` is obsolete
[+] Running 10/10
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 0.8s
✔ Container registry Started 1.9s
✔ Container redis Started 1.8s
✔ Container registryctl Started 1.8s
✔ Container harbor-portal Started 1.7s
✔ Container harbor-db Started 1.7s
✔ Container harbor-core Started 2.3s
✔ Container harbor-jobservice Started 3.1s
✔ Container nginx Started 3.1s
✔ ----Harbor has been installed and started successfully.----
打开harbor镜像仓库地址网页,默认端口80
http://192.168.108.31/
输入用户名:admin
密码:harbor123
登录成功后进入首页
创建项目
点击新建好的repo项目,默认没有任何镜像
修改docker配置文件,添加仓库地址
[root@jenkins docker]# vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.108.31:80"], # 添加仓库节点地址及端口
"registry-mirrors": [
"https://09def58152000fc00ff0c00057bad7e0.mirror.swr.myhuaweicloud.com",
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn",
"https://registry.docker-cn.com",
"https://hub-mirror.c.163.com",
"https://hub.uuuadc.top",
"https://docker.anyhub.us.kg",
"https://dockerhub.jobcher.com",
"https://dockerhub.icu",
"https://docker.ckyl.me",
"https://docker.awsl9527.cn",
"https://mirror.baidubce.com",
"https://docker.1panel.live"
]
}
# 重启docker服务,后面需要把运行容器服务都进行重启(harbor,Jenkins,sonarqube)
[root@jenkins docker]# systemctl restart docker
# 重启harbor
[root@jenkins docker]# cd /usr/local/harbor/
[root@jenkins harbor]# docker-compose restart
Restarting nginx ... done
Restarting harbor-jobservice ... done
Restarting harbor-core ... done
Restarting redis ... done
Restarting harbor-portal ... done
Restarting harbor-db ... done
Restarting registry ... done
Restarting registryctl ... done
Restarting harbor-log ... done
[root@jenkins harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f9a930cba9fd goharbor/nginx-photon:v2.8.2 "nginx -g 'daemon of…" 25 minutes ago Up 32 seconds (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
31da16150bc8 goharbor/harbor-jobservice:v2.8.2 "/harbor/entrypoint.…" 25 minutes ago Up 30 seconds (health: starting) harbor-jobservice
63426515dfde goharbor/harbor-core:v2.8.2 "/harbor/entrypoint.…" 25 minutes ago Up 33 seconds (healthy) harbor-core
14c8a4166074 goharbor/redis-photon:v2.8.2 "redis-server /etc/r…" 25 minutes ago Up 33 seconds (healthy) redis
938d88291b6a goharbor/harbor-portal:v2.8.2 "nginx -g 'daemon of…" 25 minutes ago Up 33 seconds (healthy) harbor-portal
f9df2e57d249 goharbor/harbor-db:v2.8.2 "/docker-entrypoint.…" 25 minutes ago Up 32 seconds (healthy) harbor-db
1f26e425cfbc goharbor/registry-photon:v2.8.2 "/home/harbor/entryp…" 25 minutes ago Up 33 seconds (healthy) registry
ace63cce8979 goharbor/harbor-registryctl:v2.8.2 "/home/harbor/start.…" 25 minutes ago Up 33 seconds (healthy) registryctl
d4fe3077577d goharbor/harbor-log:v2.8.2 "/bin/sh -c /usr/loc…" 25 minutes ago Up 23 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
f4ade5f00862 sonarqube:8.9.6-community "bin/run.sh bin/sona…" 17 hours ago Exited (143) 18 minutes ago sonarqube
aba65078643d postgres:12.6 "docker-entrypoint.s…" 17 hours ago Exited (0) 18 minutes ago db
d9b2e4203ede jenkins/jenkins:2.346.3-lts-jdk8 "/usr/bin/tini -- /u…" 21 hours ago Exited (143) 18 minutes ago
重启Jenkins服务
[root@jenkins harbor]# cd /usr/local/docker/jenkins_docker/
[root@jenkins jenkins_docker]# docker-compose restart
Restarting jenkins ... done
重启sonarqube服务
[root@jenkins jenkins_docker]# cd ../sonarqube_docker/
[root@jenkins sonarqube_docker]# docker-compose restart
Restarting sonarqube ... done
Restarting db ... done
推送镜像
Jenkins服务器本地登录harbor
[root@jenkins sonarqube_docker]# docker login -u admin -p harbor123 192.168.108.31:80
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
下载测试镜像nginx
[root@jenkins sonarqube_docker]# docker pull nginx
修改tag标签
镜像命名规范:仓库IP地址/项目名称/镜像名称:版本号
[root@jenkins sonarqube_docker]# docker tag nginx:latest 192.168.108.31:80/repo/nginx:test
推送镜像到harbor
[root@jenkins sonarqube_docker]# docker push 192.168.108.31:80/repo/nginx:test
The push refers to repository [192.168.108.31:80/repo/nginx]
d9d3f8c27ad7: Pushed
4b53e01dba29: Pushed
3b4fce0e490d: Pushed
4c34f6878173: Pushed
547c913b4108: Pushed
e84c0e25063e: Pushed
e50a58335e13: Pushed
test: digest: sha256:a6dd519f4cc2f69a8f049f35b56aec2e30b7ddfedee12976c9e289c07b421804 size: 1778
查看harbor的repo中已经有了nginx:test镜像
拉取镜像
在本地Jenkins服务器中测试拉取,在拉取前先删除原有镜像
# 查看本地镜像
root@jenkins sonarqube_docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.108.31:80/repo/nginx test 4af177a024eb 2 weeks ago 161MB
nginx latest 4af177a024eb 2 weeks ago 161MB
goharbor/harbor-exporter v2.8.2 63341a78f287 2 years ago 98.1MB
goharbor/redis-photon v2.8.2 6f4498a430ca 2 years ago 121MB
goharbor/trivy-adapter-photon v2.8.2 06de9f1c733d 2 years ago 460MB
goharbor/notary-server-photon v2.8.2 ef7c8ea2dc49 2 years ago 114MB
goharbor/notary-signer-photon v2.8.2 4e5b1746a124 2 years ago 111MB
goharbor/harbor-registryctl v2.8.2 fa61a236a6d6 2 years ago 142MB
goharbor/registry-photon v2.8.2 f80e71363231 2 years ago 79.3MB
goharbor/nginx-photon v2.8.2 3d009028f260 2 years ago 120MB
goharbor/harbor-log v2.8.2 2914d282d9bf 2 years ago 127MB
goharbor/harbor-jobservice v2.8.2 40118f1568a8 2 years ago 141MB
goharbor/harbor-core v2.8.2 0bbbd1f379fc 2 years ago 165MB
goharbor/harbor-portal v2.8.2 3e74e0758aa4 2 years ago 127MB
goharbor/harbor-db v2.8.2 5126635ae9f0 2 years ago 174MB
goharbor/prepare v2.8.2 eb3cf3cdd17a 2 years ago 163MB
jenkins/jenkins 2.346.3-lts-jdk8 d2378ff7630c 3 years ago 570MB
sonarqube 8.9.6-community 3f623568fa64 4 years ago 497MB
postgres 12.6 145bb83bd157 4 years ago 314MB
# 删除已有的镜像
[root@jenkins sonarqube_docker]# docker rmi 192.168.108.31:80/repo/nginx:test
Untagged: 192.168.108.31:80/repo/nginx:test
Untagged: 192.168.108.31:80/repo/nginx@sha256:a6dd519f4cc2f69a8f049f35b56aec2e30b7ddfedee12976c9e289c07b421804
# 测试拉取
[root@jenkins sonarqube_docker]# docker pull 192.168.108.31:80/repo/nginx:test
test: Pulling from repo/nginx
Digest: sha256:a6dd519f4cc2f69a8f049f35b56aec2e30b7ddfedee12976c9e289c07b421804
Status: Downloaded newer image for 192.168.108.31:80/repo/nginx:test
192.168.108.31:80/repo/nginx:test
# 再次查看,拉取成功
[root@jenkins sonarqube_docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.108.31:80/repo/nginx test 4af177a024eb 2 weeks ago 161MB
nginx latest 4af177a024eb 2 weeks ago 161MB
goharbor/harbor-exporter v2.8.2 63341a78f287 2 years ago 98.1MB
goharbor/redis-photon v2.8.2 6f4498a430ca 2 years ago 121MB
goharbor/trivy-adapter-photon v2.8.2 06de9f1c733d 2 years ago 460MB
goharbor/notary-server-photon v2.8.2 ef7c8ea2dc49 2 years ago 114MB
goharbor/notary-signer-photon v2.8.2 4e5b1746a124 2 years ago 111MB
goharbor/harbor-registryctl v2.8.2 fa61a236a6d6 2 years ago 142MB
goharbor/registry-photon v2.8.2 f80e71363231 2 years ago 79.3MB
goharbor/nginx-photon v2.8.2 3d009028f260 2 years ago 120MB
goharbor/harbor-log v2.8.2 2914d282d9bf 2 years ago 127MB
goharbor/harbor-jobservice v2.8.2 40118f1568a8 2 years ago 141MB
goharbor/harbor-core v2.8.2 0bbbd1f379fc 2 years ago 165MB
goharbor/harbor-portal v2.8.2 3e74e0758aa4 2 years ago 127MB
goharbor/harbor-db v2.8.2 5126635ae9f0 2 years ago 174MB
goharbor/prepare v2.8.2 eb3cf3cdd17a 2 years ago 163MB
jenkins/jenkins 2.346.3-lts-jdk8 d2378ff7630c 3 years ago 570MB
sonarqube 8.9.6-community 3f623568fa64 4 years ago 497MB
postgres 12.6 145bb83bd157 4 years ago 314MB
Jenkins服务中使用docker
Jenkins需要把镜像制作并推送到harbor中,就需要具备docker环境
让Jenkins容器使用宿主机中docker环境
修改docker.sock的权限
[root@jenkins ~]# cd /var/run
[root@jenkins run]# ll
...
srw-rw---- 1 root docker 0 Jan 30 13:42 docker.sock
...
[root@jenkins run]# chown root:root docker.sock
[root@jenkins run]# chmod o+rw docker.sock
[root@jenkins run]# ll
...
srw-rw-rw- 1 root root 0 Jan 30 13:42 docker.sock
...
修改Jenkins脚本配置文件
[root@jenkins run]# cd /usr/local/docker/jenkins_docker/
[root@jenkins jenkins_docker]# vim docker-compose.yml
version: "3.1"
services:
jenkins:
image: jenkins/jenkins:2.346.3-lts-jdk8
container_name: jenkins
ports:
- 8080:8080
- 50000:50000
volumes:
- ./data/:/var/jenkins_home/
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker
- /etc/docker/daemon.json:/etc/docker/daemon.json
启动Jenkins服务
[root@jenkins jenkins_docker]# docker-compose up -d
Recreating jenkins ... done
验证:进入Jenkins容器内部执行docker命令
[root@jenkins jenkins_docker]# docker exec -it jenkins bash
jenkins@51c548a67cdf:/$ docker version
Client: Docker Engine - Community
Version: 26.1.4
API version: 1.45
Go version: go1.21.11
Git commit: 5650f9b
Built: Wed Jun 5 11:32:04 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 26.1.4
API version: 1.45 (minimum version 1.24)
Go version: go1.21.11
Git commit: de5c9cf
Built: Wed Jun 5 11:31:02 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.33
GitCommit: d2d58213f83a351ca8f528a95fbd145f5654e957
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Jenkins服务中构建镜像推送到harbor仓库
到Windows系统的idea中,删除docker-compose文件
修改一下内容3.0重新提交
添加3.0标签
项目-配置-构建后操作
选择执行shell
命令内容如下:
mv target/*.jar docker/
docker build -t mytest:$tag docker/
选择对应的标签进行构建
镜像构建成功
在Jenkins服务器中查看镜像
[root@jenkins jenkins_docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mytest v3.0 0b12b479244b 45 seconds ago 543MB
......
推送到harbor配置
项目-配置-构建后操作
编辑内容如下:(登录harbor-定义镜像标签-推送harbor)
mv target/*.jar docker/
docker build -t mytest:$tag docker/
docker image prune -f
docker login -u admin -p harbor123 192.168.108.31:80
docker tag mytest:$tag 192.168.108.31:80/repo/mytest:$tag
docker push 192.168.108.31:80/repo/mytest:$tag
再次进行构建3.0项目
完成构建
查看harbor的repo项目中已成功存储mytest镜像
镜像部署目标web服务器
1:告知目标服务器拉取哪个镜像。告知内容(harbor地址;harbor仓库名;镜像名;镜像版本;容器 运行端口号)
2:判断当前服务器是否正在运行该容器,如果正在运行则需要删除。
3:如果目标服务器已经存在当前镜像,则需要删除该镜像。
4:目标服务器拉取harbor上的镜像。
5:将拉取的镜像运行为容器 在Jenkins服务器中,编写脚本
[root@jenkins jenkins_docker]# vim deploy.sh
#!/bin/bash
harbor_ip=$1
harbor_repo=$2
project=$3
version=$4
container_port=$5
host_port=$6
imageName=$harbor_ip/$harbor_repo/$project:$version
echo $imageName
#如果当前容器正在运行,则删除
container_id=`docker ps -a | grep ${project} | awk '{print $1}'`
echo $container_id
if [ "$container_id" != "" ]
then
docker stop $container_id
docker rm $container_id
fi
#如果当前镜像已存在,则删除
tag=`docker images | grep ${project} | awk '{print $2}'`
echo $tag
if [[ "$tag" =~ "$version" ]]
then
docker rmi $imageName
fi
#非本地登录镜像仓库
cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak
sed -i 's|ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock|ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.108.31 --containerd=/run/containerd/containerd.sock|g' /lib/systemd/system/docker.service
systemctl daemon-reload && systemctl restart docker && docker login -u admin -p harbor123 $harbor_ip
#拉取镜像
docker pull $imageName
#运行容器
docker run -d -p $host_port:$container_port --name $project $imageName
echo "SUCCESS"
# 把脚本放在mytest项目目录下,等待发送给目标web服务器
[root@jenkins jenkins_docker]# mv deploy.sh /usr/local/docker/jenkins_docker/data/workspace/mytest
打开项目-配置-General
添加字符参数,容器启动时,主机端口
再添加字符参数,添加容器端口
构建后操作
命令内容如下:(注意:deploy.sh脚本复制过去,并没有执行权限,需要重新赋予)
mv /usr/local/test/deploy.sh /usr/bin/
chmod +x /usr/bin/deploy.sh
deploy.sh 192.168.108.31 repo ${JOB_NAME} $tag $container_port $host_port
进行构建
查看构建结果
在目标web服务器中查看镜像
[root@web ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.108.31/repo/mytest v3.0 0b12b479244b Less than a second ago 543MB
......
查看容器
[root@web ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9c73edfad36a 192.168.108.31/repo/mytest:v3.0 "/bin/sh -c 'java -j…" 2 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp mytest
查看网页
http://192.168.108.32:8080/test
AtomGit 是由开放原子开源基金会联合 CSDN 等生态伙伴共同推出的新一代开源与人工智能协作平台。平台坚持“开放、中立、公益”的理念,把代码托管、模型共享、数据集托管、智能体开发体验和算力服务整合在一起,为开发者提供从开发、训练到部署的一站式体验。
更多推荐
8
0- 0
已为社区贡献3条内容
所有评论(0)