企业级-搭建CICD(持续集成持续交付)实验手册_企业级前端cicd

搭建CI/CD(持续集成/持续交付)企业示例

为了让容器构建镜像并可以持续集成，可以自动上传到Harbor仓库；并且业务主机可以通过CD自动从仓库中下载镜像latest版本并实现业务更新。

1.环境部署

1.1 环境搭建

业务 IP 域名 GitLab 172.25.254.50 gitlab.dhj.org Jenkins 172.25.254.60 jenkins.dhj.org Dockernode 172.25.254.100 dockernode.dhj.org Harbor 172.25.254.200 harbor.dhj.org

1.2 环境准备

1.2.1 火墙及SELinux的关闭

~]# systemctl disable --now firewalld~]# sed -i \'/^SELINUX=/ c SELINUX=disabled\' /etc/selinux/config~]# reboot# 如果想直接将selinux设置为disabled，可以使用临时命令setenforce=0;但是还是建议永久修改配置文件

1.2.2 编写各业务主机解析

~]# vim /etc/hosts172.25.254.50 gitlab.dhj.org172.25.254.60 jenkins.dhj.org172.25.254.100 dockernode.dhj.org172.25.254.200 reg.dhj.org# 如果在上面发现这样很麻烦，可以使用scpscp /etc/hosts root@172.25.254.xxx:/etc/hosts

1.2.3 Harbor业务主机：Harbor仓库搭建–registry

[root@reg ~]# cd /etc/yum.repos.d[root@reg yum.repos.d]# vim docker.repo[docker]name = docker-cebaseurl = https://mirrors.aliyun.com/docker-ce/linux/rhel/9/x86_64/stablegpgcheck = 0[root@reg yum.repos.d]# yum makecache[root@reg yum.repos.d]# rpm -qa | grep podmanpodman-4.6.1-5.el9.x86_64cockpit-podman-76-1.el9_3.noarch[root@reg yum.repos.d]# rm -rf podman-4.6.1-5.el9.x86_64[root@reg yum.repos.d]# rm -rf cockpit-podman-76-1.el9_3.noarch# 上传所需文件[root@reg ~]# cd /mnt/[root@reg mnt]# lsdocker.tar.gz packages.zip[root@reg mnt]# tar zxf docker.tar.gz[root@reg mnt]# unzip packages.zip[root@reg mnt]# lsdocker docker.tar.gz packages packages.zip[root@reg mnt]# cd docker/[root@reg docker]# yum install *.rpm# 在第15行命令，在后面加上参数 --iptables=true[root@reg docker]# vim /usr/lib/systemd/system/docker.service15 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=true[root@reg docker]# systemctl daemon-reload[root@reg docker]# systemctl restart docker

[root@reg docker]# echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf[root@reg docker]# sysctl -pnet.ipv4.ip_forward = 1[root@reg docker]# systemctl enable --now docker[root@reg docker]# docker info

# 以下除了rhel9不需要做，其他版本的系统建议去做# 激活内核网络选项]# echo br_netfilter > /etc/modules-load.d/docker_mod.conf]# modprobe br_netfilter]# vim /etc/sysctl.d/docker.confnet.bridge.bridge-nf-call-iptables = 1net.bridge.bridge-nf-call-ip6tables = 1net.ipv4.ip_forward = 1]# sysctl --system]# systemctl restart docker

# 创建了证书与密钥[root@reg ~]# mkdir -p /data/certs[root@reg ~]# openssl req -newkey rsa:4096 \\-nodes -sha256 -keyout /data/certs/dhj.org.key \\-addext \"subjectAltName = DNS:reg.dhj.org\" \\-x509 -days 365 -out /data/certs/dhj.org.crtCommon Name (eg, your name or your server\'s hostname) []:reg.dhj.org# 创建证书目录并部署信任证书（使Docker客户端信任私有仓库的HTTPS证书）[root@reg ~]# mkdir /etc/docker/certs.d/reg.dhj.org/ -p[root@reg ~]# cp /data/certs/dhj.org.crt /etc/docker/certs.d/reg.dhj.org/ca.crt[root@reg ~]# systemctl restart docker

[root@reg ~]# cd /mnt/packages/[root@reg packages]# cp -p harbor-offline-installer-v2.5.4.tgz /root[root@reg packages]# cd[root@reg ~]# tar zxf harbor-offline-installer-v2.5.4.tgz[root@reg ~]# cd harbor[root@reg harbor]# cp harbor.yml.tmpl harbor.yml# 需要修改内容如下（如果一致，不变即可）：[root@reg harbor]# vim harbor.yml 5 hostname: reg.dhj.org 17 certificate: /data/certs/dhj.org.crt# 看自己的存放位置 18 private_key: /data/certs/dhj.org.key# 看自己的存放位置 34 harbor_admin_password: admin# 初始密码 47 data_volume: /data# 此处挂载的目录（需要跟上面证书与密钥在一个目录下）[root@reg harbor]# ./install.sh --with-chartmuseum[root@reg harbor]# docker compose down[root@reg harbor]# docker compose up -d

# 去浏览器中去测试https://172.25.254.200

[root@reg ~]# cd /etc/docker/[root@reg docker]# vim daemon.json[root@reg docker]# cat daemon.json{ \"registry-mirrors\": [\"https://reg.dhj.org\"]}[root@reg docker]# systemctl restart docker[root@reg docker]# docker logout reg.dhj.orgRemoving login credentials for reg.dhj.org~]# cd harbor/[root@reg harbor]# docker compose restart[root@reg harbor]# docker login reg.dhj.orgUsername: adminPassword:admin~]# docker info 

# 测试：上传一个镜像[root@reg harbor]# cd[root@reg ~]# cd /mnt/packages/[root@reg packages]# docker load -i busybox-latest.tar.gz[root@reg packages]# docker tag busybox:latest reg.dhj.org/ceshi/busybox:latest[root@reg packages]# docker push reg.dhj.org/ceshi/busybox:latest# 查看是否上传成功[root@reg packages]# curl -k https://reg.dhj.org/v2/_catalog -u admin:admin{\"repositories\":[\"ceshi/busybox\"]}# 在浏览器中可以进行查看，如下图所示# 成功即为部署完成！

1.2.4 GitLab业务主机：gitlab代码仓库搭建

1.2.4.1 部署git

1.安装

# 在rhel9的系统中默认自带git[root@CICD-node1 ~]# dnf install git -y# 设定命令补全功能[root@CICD-node1 timinglee]# echo \"source /usr/share/bash-completion/completions/git\" >> ~/.bashrc[root@CICD-node1 timinglee]# source ~/.bashrc

2.初始化

[root@CICD-node1 ~]# mkdir timinglee[root@CICD-node1 timinglee]# git init# 设定用户信息[root@CICD-node1 timinglee]# git config --global user.name \"timinglee\"[root@CICD-node1 timinglee]# git config --global user.email \"timinglee@timinglee.org\"[root@CICD-node1 timinglee]# git status -s#简化输出

1.2.4.2 部署gitlab

# 在安装包之前需配置好软件仓库来解决依赖性[root@CICD-node1 ~]# yum install -y curl policycoreutils-python-utils openssh-server perl# 此处需要上传资源包[root@CICD-node1 ~]# dnf install gitlab-ce-17.1.6-ce.0.el9.x86_64.rpm -y

# 修改配置文件[root@CICD-node1 ~]# cd /etc/gitlab/[root@CICD-node1 gitlab]# lsgitlab.rb[root@CICD-node1 gitlab]# vim gitlab.rb32 external_url \'http://172.25.254.50\'# 修改配置文件后需利用gitlab-crt来生效，[root@CICD-node1 gitlab]# gitlab-ctl reconfigure# 执行命令成功后会把所有组件全部启动起来

# 查看原始密码[root@CICD-node1 gitlab]# cat /etc/gitlab/initial_root_passwordPassword: jN9lq6NSP8a2V+4n57djzWlEGP7RZ43DSIse8sXJGTQ=# 密码（后面需要改密码！要不然密码24小时换一次--账户默认root---后面设置成Dhjnb520即可）# 进入浏览器搜索172.25.254.50# 用户即为root

1.登陆

​

2.设置语言

3.设置密码

4.在gitlab中新建项目

# 生成sshd密钥[root@CICD-node1 ~]# ssh-keygen# 一路回车[root@CICD-node1 ~]# cat .ssh/id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5Zg+ZbnTCrOPVne0OhYzGhxIsAcyuq7dGvG8EkMl+KGZD4+4vI3dxznQHbIa2ZNoC6gatHzdCty5KK+Ipkywzq0YSxJEzjfbCQX8n8AHRka7EI/IlkGenwD3ALkncMop7GmMNiNgfpFqQCTpM/cptXzDdAVA5AwRgIVB1efCU7QhwL/IHs91eAqH4ZalGh2W+hRAjdc3Iv68TyOTMFU5qg9CuEb899+qu8qCZlerj49ot7cps5O0wDFfyYopIKvdeYzDCDXTkd+dlHUqeSaSOh1yccCobT10wVmZDYdV7cDBsjZN3mlTKfCUAixVlyreWMXUyjQx1I+6iy0PVfrOt98ZjLb6D2oSFljvVeO57f3U/NRw90H1yOZ/FPrCGXfueSmwya9d+A6WtJFQ+eirrtqh8Q4Vy87BL2GbaKZxoLdvt7b5crqix95KzY4IAE51HvS6KQDlpR8PQKokTvRzDHWcEfcbpnBpPPA06oB89RNAeEJksaykcVen9peksRVs= root@gitlab.dhj.org

5.上传公钥到gitlab中

6.下载项目

# 做此实验之前，需要将前面的timinglee目录删除，以免影响实验效果！[root@gitlab ~]# rm -rf timinglee[root@gitlab ~]# git clone git@172.25.254.50:root/timinglee.git[root@gitlab ~]# cd timinglee/[root@gitlab timinglee]# lsREADME.md[root@gitlab timinglee]# git remote -vorigin git@172.25.254.50:root/timinglee.git (fetch)origin git@172.25.254.50:root/timinglee.git (push)# 文件提交[root@CICD-node1 timinglee]# echo timinglee > timinglee[root@CICD-node1 timinglee]# git add timinglee[root@CICD-node1 timinglee]# git commit -m \"add timinglee\"[root@CICD-node1 timinglee]# git push -u origin main# 去浏览器中进行网页刷新，发现已经成功！

1.2.5 Jenkins业务主机：jenkins部署

jenkins需要部署在新的虚拟机中，建议最少4G内存，4核心cpu

# 安装依赖包[root@jenkins ~]# dnf install -y fontconfig java-21-openjdk# 上传资源包并安装jenkins[root@jenkins ~]# dnf install -y jenkins-2.516.2-1.1.noarch.rpm# 启动jenkins[root@jenkins ~]# systemctl enable --now jenkins.service# 查看原始密码[root@jenkins ~]# cat /var/lib/jenkins/secrets/initialAdminPasswordf0d8f8bb85ff4b81aa65db1aff88d0ac# 浏览器中进行172.25.254.60:8080

1.2.5.1 部署插件

# 如果网络环境不对；# 此时会发现，很慢而且过不去，上传资源包里面的文件即可[root@jenkins ~]# cd /var/lib/jenkins/[root@jenkins jenkins]# systemctl stop jenkins.service[root@jenkins jenkins]# rm -fr plugins[root@jenkins ~]# lsjenkins-2.516.2-1.1.noarch.rpm plugins.tar.gz[root@jenkins ~]# tar zxf /root/plugins.tar.gz -C /var/lib/jenkins/[root@jenkins ~]# systemctl enable --now jenkins.service[root@jenkins ~]# systemctl restart jenkins.service# 一定要进行重启！！！[root@jenkins ~]# cat /var/lib/jenkins/secrets/initialAdminPasswordf0d8f8bb85ff4b81aa65db1aff88d0ac# 再次去测试即可# 出现满屏红，后退之后进行安装即可

建议修改admin的密码，在admin的设置中修改即可

1.2.5.2 jenkins与gitlab的整合

# 下载git命令[root@gitlab ~]# dnf install git -y[root@gitlab ceshi]# echo \"source /usr/share/bash-completion/completions/git\" >> ~/.bashrc[root@gitlab ceshi]# source ~/.bashrc

这个错误的原因是因为本机没有gitlab上的sshkey

[root@jenkins ~]# ssh-keygen[root@jenkins ~]# cat /root/.ssh/id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCv//RUt7dZbb5N6P6SF/nnmSMqgYPHTs3UQ2gCYeAFiS0i917BCwQURsCrh6fnIgk2NOuzP6ZxuE5fqqvBM6gaME1/o/GFvavy7Qe22alrYhSTxITUgVEwwgn1dqjzEB/AmbBMwTCf7VUJHISkchmuUNOhtynwBrZDobzMP+wHFOdpSoL9WRUSEOEHMhAvSZmU7uhyXorOyKBD/cryTq4ul8CRO5oor5Te+YhJEctA7UhXa11Ug1rFp+tZhr8RPWjk6BFMenexq6nDHPwcKgtRz9fXo+DRrJSwGWs9IFQt5skpyRcjJpb4fXsP66aTSr/PgGW+oaAQJGGRenLxU+ys7yx4wxP7JHSeOlibeeDzl8QTtVq6lXH9/0RNo/VDJUr97uBmUKBpZpRBg50PWvx9OmCC6dB/rKSGBe3xFgnGGqlB9v4mXyGMixFwBteQ4PG4DD95BnItfwtoe8XyqiTBGmYl0uhI13Bhh6e0q3eqDdN0033EG/I8qz8aJXKM7RU= root@jenkins.dhj.org

把此密钥添加到gitlab上即可

添加密钥凭据

[root@jenkins ~]# cd .ssh/[root@jenkins .ssh]# cat id_rsa-----BEGIN OPENSSH PRIVATE KEY-----b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAr//0VLe3WW2+Tej+khf555kjKoGDx07N1ENoAmHgBYktIvdewQsEFEbAq4en5yIJNjTrsz+mcbhOX6qrwTOoGjBNf6Pxhb2r8u0Httmpa2IUk8SE1IFRMMIJ9Xao8xAfwJmwTMEwn+1VCRyEpHIZrlDTobcp8Aa2Q6G8zD/sBxTnaUqC/VkVEhDhBzIQL0mZlO7ocl6KzsigQ/3K8k6uLpfAkTuaKK+U3vmISRHLQO1IV2tdVINaxafrWYa/ET1o5OgRTHp3saupwxz8HCoLUc/X16Pg0ayUsBlrPSBULebJKckXIyaW+H17D+umk0q/z4BlvqGgECRhkXpy8VPsrO8seMMT+yR0njpYm3ng85fEE7VaupVx/f9ETaP1QyVK/e7gZlCgaWaUQYOdD1r8fTpggunQf6ykhgXt8RYJxhqpQfb+Jl8hjIsRcAbXkODxuAw/eQZyLX8LaHvF8qokwRpmJdLoSNdwYYentKt3qg3TdNN9xBvyPKs/GiVyjO0VAAAFkOsA5aTrAOWkAAAAB3NzaC1yc2EAAAGBAK//9FS3t1ltvk3o/pIX+eeZIyqBg8dOzdRDaAJh4AWJLSL3XsELBBRGwKuHp+ciCTY067M/pnG4Tl+qq8EzqBowTX+j8YW9q/LtB7bZqWtiFJPEhNSBUTDCCfV2qPMQH8CZsEzBMJ/tVQkchKRyGa5Q06G3KfAGtkOhvMw/7AcU52lKgv1ZFRIQ4QcyEC9JmZTu6HJeis7IoEP9yvJOri6XwJE7miivlN75iEkRy0DtSFdrXVSDWsWn61mGvxE9aOToEUx6d7GrqcMc/BwqC1HP19ej4NGslLAZaz0gVC3mySnJFyMmlvh9ew/rppNKv8+AZb6hoBAkYZF6cvFT7KzvLHjDE/skdJ46WJt54POXxBO1WrqVcf3/RE2j9UMlSv3u4GZQoGlmlEGDnQ9a/H06YILp0H+spIYF7fEWCcYaqUH2/iZfIYyLEXAG15Dg8bgMP3kGci1/C2h7xfKqJMEaZiXS6EjXcGGHp7Srd6oN03TTfcQb8jyrPxolcoztFQAAAAMBAAEAAAGACBwLWk73yg1aODVM65biuzbtbaM3mvqo1cfAVmHDpIWoWITc7xiumK+U56JxzF7fXUnNdX4wkWtcYyCWVunmLES/AWtgsNinQGOHGDgJzCqiB5gFxdPqlYxPUKnlyYNb7zA1tSeusaPKKAgSHZCrWcKcKcaqjkaE5fNhI2krmzztl8ao5/sPkzxHXiFCqScjRj9G4yQzkakhZ1idnhIdiQSRiS+doBPNEIQfcTx6aNS2IV8PVxpRV6uv1rl0etshMzPMxrLC171J+OdMths+HbsXhXYDLgE7rB8ildhicWUY+pQ4BGN3MP9FbpKe/vK3VxktN+WgfXMRN09IyULRuXVWkgQ/7WARiu2aGerKRa7zzEkIEaRgGt/sySX2D4d2fuvNehqN1zB0/HhM+QYPiiuqFfxRJC90U7T37MGm705T0xbOzfNz8qylfvI902qbFHTOa0KOwUbc8N3uD8VIn+rEY2qwm3Yk6s7T8k2o/+O4TF9VoaQdD62RvVYnsjVZAAAAwHBY1Aa9jX1dhGUG3Zziz2hJ/nJx2vEXPl55kQ5hUeqT4HCDyYHCx006eLeLcBpa2F19aUqxhktHS+nBCE0du3s1Ieo2p6LQSTEQyo8H2TBwlZNF2Hot7K18lUMJM7n9iAc42P7rZoL6jfKtiODpCHFrN6UQRZa50+dw0PjRwzeuLZYEHOhKAE882I2rBSj5xomhZ0wfw9qyY0C5Lb8NrTcDApIFyDtH1DJScKxDM9HYE4T5sQ4h5LT+E4GHmY0lsAAAAMEAuYV38YsSZnDK56+2hYPU0hJo3mIiEnEch4k1zSH5RlHY7i6VBNkEZkruqGGxMjUuqDYhzQNO03jmfsZp6JMWwfW0gaw8oAGMLaWcnWgmxBcnk8hHyXOPbTD8eLE9e1SHP3gM7zLAj97Baboo2i3EWxZXImwiyfrJUpaMSh9K9zKnW7tmosXcrbvo90i9KW767Ywe9ZrEIXow3QpSAow27vJt4pqYTiUoKEO1VLN6v7le9FKf16rV3lbR9EFy8HAZAAAAwQDy3HyII2xJq/FXz7qAYOPosf0YSBzNvHt0r8UcqX3qDtsb3BLiWOIdVoU2N2ce21goaXUAUaBjrstNU0cFsUJoGPBhKIWJjRiMzIOSqxHS/lsTUn+sMZGVh4sS1ZRzhpWNJF6cTyeczmfBvgOesqEAfSfyZbgCfjS1uxMWwTGOGDZXA9cH+X9avhqU8961fI+ticfgD4yTJALmP5cElQEyPKEI0wve6UTme5nxdIStvUjw3JfmvbsAJ5ZV501MVF0AAAAUcm9vdEBqZW5raW5zLmRoai5vcmcBAgMEBQYH-----END OPENSSH PRIVATE KEY-----

添加完成后报错依然存在，因为ssh首次连接主机是需要签名认证，需要手动输入yes（也可以网页刷新一下，重新添加即可）

# 方法1[root@jenkins ~]# vim /etc/ssh/ssh_config 33 StrictHostKeyChecking no

# 方法2:看下面步骤即可

完成此设定即可解决

1.2.5.3 genkins中gitlab触发器的部署

在 Jenkins 中配置 GitLab 触发器可以实现代码提交或合并请求时自动触发 Jenkins 流水线

1.安装插件

如果需要使用gitlab触发器需要安装gitlab插件。

目前使用官方源下载比较吃力，可以直接本地部署插件即可

# 由于网络环境差，访问官网下载插件的效果并不好；# 可以选择本地部署插件

2.部署自动触发

插件加载完毕后在jenkins中选择之前构建的项目并配置自动触发

在gitlab中设定

# 这样可以感受到自动触发；但是发现感觉不是很强烈，下面展示明显的自动触发的效果！

3.测试自动触发

# 编写测试文件[root@gitlab timinglee]# echo \"This is a ceshi project! \" > ceshi.txt[root@gitlab timinglee]# git add ceshi.txt[root@gitlab timinglee]# git commit -m \"ceshi v1\"[root@gitlab timinglee]# git push -u origin main

# 此时打开浏览器去观察！

1.2.6 Dockernode业务主机：docker部署

1.2.6.1 docker部署与测试及配置Java环境

[root@dockernode ~]# vim /etc/yum.repos.d/docker.repo[docker]name = dockerbaseurl = https://mirrors.aliyun.com/docker-ce/linux/rhel/9/x86_64/stable/gpgcheck = 0[root@dockernode ~]# yum makecache[root@dockernode ~]# yum install docker-ce fontconfig java-21-openjdk git -y# 从harbor仓库中把认证文件复制到当前主机[root@dockernode ~]# mkdir /etc/docker/certs.d/reg.dhj.org/ -p[root@dockernode ~]# scp root@172.25.254.200:/data/certs/dhj.org.crt /etc/docker/certs.d/reg.dhj.org/ca.crt[root@dockernode ~]# vim /etc/docker/daemon.json{ \"registry-mirrors\": [\"https://reg.dhj.org\"]}[root@dockernode ~]# systemctl restart docker[root@dockernode ~]# systemctl enable --now docker# 测试一下docker是否安装好(先要在harbor-reg主机中)[root@reg packages]# lsnginx-latest.tar.gz[root@reg packages]# docker load -i nginx-latest.tar.gz[root@reg packages]# docker tag nginx:latest reg.dhj.org/library/nginx:latest[root@reg packages]# docker push reg.dhj.org/library/nginx:latest[root@dockernode ~]# docker info | grep https https://reg.dhj.org/[root@dockernode ~]# docker pull nginx[root@dockernode ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 5ef79149e0ec 12 months ago 188MB

1.2.7 Jenkins业务主机：将Harbor仓库-registry节点部署在jenkins上

1.2.7.1 在harbor仓库主机中安装java环境及git

[root@harbor harbor]# dnf install fontconfig java-21-openjdk git -y# 设定git命令补全功能[root@harbor harbor]# echo \"source /usr/share/bash-completion/completions/git\" >> ~/.bashrc[root@harbor harbor]# source ~/.bashrc

初始只有一个master节点

# 添加凭证# 用户 --> root# 密码 --> root

# 如果出现registry主机一直连接不上，一般问题是Jenkins服务器（/var/lib/jenkins/.ssh/known_hosts）从未连接过目标主机 172.25.254.200，因此没有后者的 SSH 主机密钥记录[root@jenkins ~]# ssh-keygen -R 172.25.254.200[root@jenkins ~]# ssh-keyscan 172.25.254.200 >> ~/.ssh/known_hosts[root@jenkins ~]# grep \"172.25.254.200\" ~/.ssh/known_hosts[root@jenkins ~]# systemctl restart jenkins

# Number of executors（执行器数量）指的是Jenkins主节点上可以同时运行的任务（Job）的数量# 将master节点任务数量降为0

1.3 配置构建节点

1.3.1 在jenkins中安装构建插件

# 此处在上面已经安装过了，本处可以忽略

# 这里的ssh插件会报毒（没关系）

1.3.2 设置jenkins的容器构建规则

2.解决ca证书问题

# 诊断SSL证书问题[root@reg reg.dhj.org]# curl -v https://reg.dhj.org/v2/ 2>&1 | grep -E \"(SSL|cert|CA)\"* CAfile: /etc/pki/tls/certs/ca-bundle.crt* TLSv1.2 (OUT), TLS alert, unknown CA (560):* SSL certificate problem: self-signed certificatecurl: (60) SSL certificate problem: self-signed certificateMore details here: https://curl.se/docs/sslcerts.html# 获取服务器当前证书[root@reg reg.dhj.org]# echo | openssl s_client -connect reg.dhj.org:443 -showcerts 2>/dev/null | \\sed -ne \'/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p\' > /tmp/current_cert.pem# 比较证书文件[root@reg reg.dhj.org]# diff /etc/docker/certs.d/reg.dhj.org/ca.crt /tmp/current_cert.pem# 复制证书到系统CA存储目录[root@reg reg.dhj.org]# cd[root@reg ~]# cp /etc/docker/certs.d/reg.dhj.org/ca.crt /etc/pki/ca-trust/source/anchors/# 更新CA信任存储[root@reg ~]# update-ca-trust# 验证证书已被添加[root@reg ~]# openssl verify /etc/docker/certs.d/reg.dhj.org/ca.crt# 重启Docker服务[root@reg ~]# systemctl restart docker# 重载docker compose[root@reg ~]# cd harbor/[root@reg harbor]# docker compose down && docker compose up -d# 测试连接[root@reg harbor]# curl -v https://reg.dhj.org/v2/* Trying 172.25.254.200:443...* Connected to reg.dhj.org (172.25.254.200) port 443 (#0)# 测试Docker是否能与Registry--harbor仓库正常通信[root@dockernode ~]# docker pull reg.dhj.org/library/nginx:latest# 成功！

3.测试镜像构建

在gitlab中建立Dockerfile和index.html

[root@gitlab timinglee]# vim index.htmlwww.dhj.org v1[root@gitlab timinglee]# vim DockerfileFROM nginxCOPY index.html /usr/share/nginx/html[root@gitlab timinglee]# git add index.html Dockerfile[root@gitlab timinglee]# git status -s[root@gitlab timinglee]# git commit -m \"webserver v1\"[root@gitlab timinglee]# git push -u origin main

4.设置在业务节点自动运行

# 上面的ssh.hpi的插件上面已经装过

# command命令（一定要注意docker里面只有rm -f 没有-rf）docker ps -a | grep myapp && docker rm -f myapp && docker rmi reg.dhj.org/library/webserver:latestsleep 4docker run -d --name myapp -p 80:80 reg.dhj.org/library/webserver:latest

# 此时会发现并没有改变# 是由于docker-action此项目是由timinglee这个项目触发的

# 可以自己构建（手动触发）

# 此时去浏览器中搜索172.25.254.100即可看到测试效果

5.测试效果

[root@gitlab ceshi]# vim index.html[root@gitlab ceshi]# git commit -a -m \"webserver v4\"[root@gitlab ceshi]# git push -u origin main

此时会发现并没有改变

是由于docker-action此项目是由timinglee这个项目触发的

[外链图片转存中...(img-CMByYc8a-1756452027229)]~~~bash# 可以自己构建（手动触发）

[外链图片转存中…(img-D5TgWxdS-1756452027229)]

# 此时去浏览器中搜索172.25.254.100即可看到测试效果

[外链图片转存中…(img-0SaGGgyG-1756452027229)]

5.测试效果

[root@gitlab ceshi]# vim index.html[root@gitlab ceshi]# git commit -a -m \"webserver v4\"[root@gitlab ceshi]# git push -u origin main

[外链图片转存中…(img-Rd0i3D1I-1756452027229)]

[外链图片转存中…(img-g7EgFNIT-1756452027229)]