基于gitlab的drone的搭建和使用
基于 Docker 的 CI/CD 工具 Drone 所有编译、测试的流程都在 Docker 容器中进行。
开发者只需在项目中包含 .drone.yml 文件,将代码推送到 git 仓库,Drone 就能够自动化的进行编译、测试、发布。
本小节以 GitLab+ Drone 来演示 Drone 的工作流程。
环境:CentOS Linux release 7.6.1810
gitlab服务地址:192.168.25.135
drone服务地址:192.168.25.132
在192.168.25.135部署gitlab服务:
1、安装依赖
sudo yum install -y curl policycoreutils-python openssh-server
sudo systemctl enable sshd
sudo systemctl start sshd2、打开防火墙访问控制(关闭防火墙,可忽略)
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo systemctl reload firewalld3、安装邮件服务(按需配置)
sudo yum install postfix
sudo systemctl enable postfix
sudo systemctl start postfix4、配置gitlab的yum仓库
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash5、yum安装gitlab服务
安装时要将EXTERNAL_URL的内容填写为自己gitlab准备配置的地址(因为此时用虚拟机,未配置域名,所以使用http://192.168.25.135)
sudo EXTERNAL_URL="http://192.168.25.135" yum install -y gitlab-ee6、gitlab配置文件:/etc/gitlab/gitlab.rb(可以修改EXTERNAL_URL等配置)
修改配置文件后执行进行更新:gitlab-ctl reconfigure
gitlab项目目录:/var/opt/gitlab
gitlab服务名称:gitlab-runsvdir
启动、停止、重启服务:
systemctl (start|stop|restart|status) gitlab-runsvdir
gitlab-ctl (start|stop|restart|status)7、修改管理员默认密码
#gitlab-rails console production //进入gitlab管理控制台
irb(main):001:0>u=User.where(id:1).first //查找账号(User.all 可以查看所有用户)
irb(main):002:0>u.password='12345678' //设置密码为12345678
irb(main):003:0>u.password_confirmation='12345678' //再次确认密码
irb(main):004:0>u.save! //保存
irb(main):005:0>exit //退出当前设置流程参考:https://about.gitlab.com/install/ (所有系统的安装方式)
在192.168.25.132部署drone服务:
1、在gitlab上创建认证。user-setting-Applications
填写名称(name),回调地址(Redirect URI),勾选api、read_user权限
2、创建完成,复制Application ID 和Secret
3、生成drone server和agent之间使用的验证secret
$ openssl rand -hex 16
4f3b7f51e3dd678c08cf2d0675c667604、下载drone server镜像
docker pull drone/drone:15、启动服务
docker run \
--volume=/var/lib/drone:/data \
--env=DRONE_AGENTS_ENABLED=true \ //是否允许agent
--env=DRONE_GITLAB_SERVER=http://192.168.25.135 \ //gitlab地址
--env=DRONE_GITLAB_CLIENT_ID=${DRONE_GITLAB_CLIENT_ID} \ //gitlab上创建的application ID
--env=DRONE_GITLAB_CLIENT_SECRET=${DRONE_GITLAB_CLIENT_SECRET} \ //gitlab上创建的application ID对应的secret
--env=DRONE_RPC_SECRET=${DRONE_RPC_SECRET} \ //与drone agent验证使用,即在3中命令生成的secret
--env=DRONE_SERVER_HOST=${DRONE_SERVER_HOST} \ //drone-server地址
--env=DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO} \ //drone-server访问协议,如果配置了ssl或acme,此字段默认为https
--publish=80:80 \
--publish=443:443 \
--restart=always \
--detach=true \
--name=drone \
drone/drone:1例:
docker run \
--volume=/var/lib/drone:/data \
--env=DRONE_AGENTS_ENABLED=true \
--env=DRONE_GITLAB_SERVER=http://192.168.25.135 \
--env=DRONE_GITLAB_CLIENT_ID=fc7611e90bcdb7d3dc19bd0ad5338bffadfe48c1a3a13af6912863745e2894d7 \
--env=DRONE_GITLAB_CLIENT_SECRET=8d3ab2adeb18bdd09cd8b9987955e282db0ab35e2efd2f30b7a71f320e5f2ac7 \
--env=DRONE_RPC_SECRET=4f3b7f51e3dd678c08cf2d0675c66760 \
--env=DRONE_SERVER_HOST=192.168.25.132 \
--env=DRONE_SERVER_PROTO=http \
--env=DRONE_TLS_AUTOCERT=false \
--env=DRONE_LOGS_DEBUG=true \ //打开了debug日志,便于调试
--publish=80:80 \
--publish=443:443 \
--restart=always \
--detach=true \
--name=drone \
drone/drone:16、访问http://192.168.25.132,自动跳转到gitlab授权。
同步仓库
激活
参考:https://docs.drone.io/installation/overview/
在192.168.25.132上部署docker runner服务
docker pull drone/drone-runner-docker:1
$ docker run -d \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DRONE_RPC_PROTO=https \ //drone server通信协议
-e DRONE_RPC_HOST=drone.company.com \ //drone server地址
-e DRONE_RPC_SECRET=super-duper-secret \ //drone server启动时配置的secret
-e DRONE_RUNNER_CAPACITY=2 \ //设置并发数量,默认为2
-e DRONE_RUNNER_NAME=${HOSTNAME} \
-p 3000:3000 \
--restart always \
--name runner \
drone/drone-runner-docker:1例如:
docker run -d \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DRONE_RPC_PROTO=http \
-e DRONE_RPC_HOST=192.168.25.132 \
-e DRONE_RPC_SECRET=4f3b7f51e3dd678c08cf2d0675c66760 \
-e DRONE_RUNNER_CAPACITY=2 \
-e DRONE_RUNNER_NAME=192.168.25.132 \
-p 3000:3000 \
--restart always \
--name runner drone/agent:1遇到问题:
1、仓库不能激活。
日志报错
{"admin":false,"level":"debug","msg":"api: sync repository permissions","name":"456","namespace":"liyang","read":true,"request-id":"1UC2for9ub8hMZeIbmCtD2uKb7A","time":"2019-11-27T09:19:22Z","user.login":"liyang","write":false}
{"admin":false,"level":"debug","msg":"api: repository permissions synchronized","name":"456","namespace":"liyang","read":true,"request-id":"1UC2fuYsMFEy2USt6v0bOCpNC3o","time":"2019-11-27T09:19:22Z","user.login":"liyang","write":false}查询gitlab访问日志
192.168.25.132 - - [27/Nov/2019:17:19:26 +0800] "POST /api/v4/projects/abcd%2F456/hooks?merge_requests_events=true&push_events=true&tag_push_events=true&token=V3zqKtE9ZWaoeTxAlbqnW55FHp9NY79H&url=http%3A%2F%2F192.168.25.132%2Fhook HTTP/1.1" 422 29 "" "Go-http-client
193经过查找,此问题为gitlab局域网访问配置问题,
解决方案:使用管理员账号登录setting-network-Outbound requests
Expand-勾选Allow requests to the local network from web hooks and services
参考:https://discourse.drone.io/t/error-activating-gitlab-repository/3153
https://gitlab.com/gitlab-org/gitlab-foss/issues/55605
https://discourse.drone.io/c/general-discussion
https://gitlab.com/gitlab-org/gitlab-foss/issues?state=all
问题2:Project settings没有Trusted选项
Protected - If Enabled, blocks pipeline if the yaml signature cannot be verified.
Trusted - Enables privileged capabilities: an ability to start privileged containers and mount host machine volumes.
解决方案:在启动时添加选项--env=DRONE_USER_CREATE=username:abcd,admin:true \
参考:https://discourse.drone.io/t/the-repositories-setting-does-not-have-trusted/6093
https://docs.drone.io/manage/user/