思路
- 合并代码到master分支,触发Pipeline Job
- GitLab Runner Job拉取最新代码
- 创建部署用docker image
- 提交docker image到GitLab Container Registry
- SSH登录部署主机,拉取最新image
- 重启docke容器
准备工作 注册自己的Gitlab runner
- 准备编译服务器Ubuntu
- 下载安装包
# Replace ${arch} with any of the supported architectures, e.g. amd64, arm, arm64
# A full list of architectures can be found here https://gitlab-runner-downloads.s3.amazonaws.com/latest/index.html
curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_${arch}.deb"
- 安装deb包
dpkg -i gitlab-runner_<arch>.deb
- runner的docker权限添加
sudo usermod -aG docker gitlab-runner
-
获取GitLab分组的CI/CD Runner注册Token
-
注册runner到GitLab分组
- executor: 类型根据情况修改,一般使用docker
sudo gitlab-runner register
--non-interactive
--url "https://gitlab.com/"
--registration-token "PROJECT_REGISTRATION_TOKEN"
--executor "docker"
--name "docker-runner"
--description "docker-runner"
--tag-list "docker,aws"
--run-untagged="true"
--locked="false"
--access-level="not_protected"
--docker-image "docker:19.03.12"
--docker-privileged
--docker-volumes "/certs/client"
- 查看登录情况(TLS启用情况)
cat /etc/gitlab-runner/config.toml
[[runners]]
name = "docker-runner"
url = "https://gitlab.com/"
token = TOKEN
executor = "docker"
[runners.docker]
tls_verify = false
image = "docker:19.03.12"
privileged = true
disable_cache = false
volumes = ["/certs/client", "/cache"]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
- GitLab分组查看注册的runner
配置GitLab与服务器
- 项目仓库根目录下添加创建镜像的Dockerfile
- 项目仓库根目录下添加.gitlab-ci.yml模板
- 编译服务器ssh-key创建
- 千万别设置密码passphrase 内容
ssh-keygen -t rsa -b 2048
- 添加id_rsa内容到GitLab分组参数:SSH_PRIVATE_KEY
- 添加部署服务器ip地址与用户名到GitLab分组参数
- SSH_KNOWN_HOST:ip地址
- SSH_KNOWN_HOST_USER:用户名
- 添加id_rsa.pub内容到部署服务器
- 上传文件id_rsa.pub到部署服务器
- /home/ubuntu/.ssh - 添加认证信息到authorized_keys
- cat id_rsa.pub >> ~/.ssh/authorized_keys - 部署服务器docker-compose.yml配置
- 修改.gitlab-ci.yml添加ssh命令
- 多行命令用&&链接
image: docker:19.03.12
services:
- docker:19.03.12-dind
stages:
- build
- deploy
variables:
DOCKER_TLS_CERTDIR: "/certs"
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
before_script:
- echo "$CI_REGISTRY"
- echo "$IMAGE_TAG"
- echo "$CI_REGISTRY_USER"
- echo "$CI_REGISTRY_PASSWORD"
- echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin
build:
stage: build
script:
- docker build -t $IMAGE_TAG .
- docker push $IMAGE_TAG
deploy:
stage: deploy
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '
' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $SSH_KNOWN_HOST >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh $SSH_KNOWN_HOST_USER@$SSH_KNOWN_HOST "sudo echo $CI_REGISTRY_PASSWORD | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin && docker pull $IMAGE_TAG && docker-compose -f /home/ubuntu/docker-compose.yml restart"
only:
- main
常见问题与解决
Error loading key "(stdin)": invalid format gitlab
- 解决办法: 把参数的Protected去掉
