openshift/origin工作记录(1)——S2I镜像定制(基于SVN)
来源:互联网 发布:如何看待网络暴力 知乎 编辑:程序博客网 时间:2024/05/16 14:52
上周的工作内容是迁移微服务管控平台到openshift集群上。定制了基于git的S2I,走通了从gitlab拉取代码、打包、部署等一系列流程,成功迁移并向部门老大做了汇报。
本周的工作是定制基于SVN的S2I,走通从SVN拉取代码、打包、部署这套流程。
本篇博客所用到的代码已上传至github。https://github.com/hu12081/openshift-s2i-tomcat-svn.git
s2i源码研究(能力不够,修改失败)
周一的时候在github上粗略阅读了source-to-image的源码,代码地址为https://github.com/openshift/source-to-image。整体代码采用go语言实现,https://github.com/openshift/source-to-image/tree/master/pkg/scm/downloaders目录下的代码应该是实现代码下载功能的,包括从本地文件路径拷贝代码、通过git克隆代码。
无奈对go语言一窍不通,如果从零学习go语言修改s2i的代码,短期内无法实现。强行建议老大抛弃openshift s2i那一套,走jkenins(虽然我还是一窍不通,但组内有人会,可以把锅甩出去。。。),老大基本被我说服。
修改builder镜像,定制部署模板(成功实现)
周二在看《开源容器云openshift》一书时,无意在书中发现作者的github,上面就有svn的demo,地址为https://github.com/nichochen/openshift-tomcat-svn。着实尴尬。
该项目的最后提交时间为两年前,在尝试部署的过程中发现存在以下问题:
1.ose-json文件夹下的openshift-tomcat7-svn-is.json存在语法错误。
2.该部署模板虽然集成了svn,但是在web界面上必须填写可用的git地址(该地址只用于跳过s2i验证),作者在README.md指出了该缺陷,缺没有修复。
3.没有提供svn的账号、密码输入功能。
4.直接clone该项目,在builder镜像的使用过程中,会报文件夹权限的问题。
优化已有的开源项目
参考我的博客openshift/origin学习记录(9)——S2I镜像定制(基于Git)
以下内容有做了一些定制化开发(基本都有表明)不具有通用性,不推荐直接复制粘贴使用!!!请自行修改参数、指令等内容。
创建S2I Builder镜像工作目录
通过s2i create命令创建一个名为tomcat-s2i的S2I Builder镜像。第二个参数tomcat-svn为S2I Builder镜像名称。第三个参数tomcat-svn-catalog定义了工作目录的名称。
s2i create tomcat-svn tomcat-svn-catalog
编写Dockerfile
修改tomcat-svn-catalog目录下的Dockerfile文件。
# openshift-tomcat8-svnFROM docker.io/centos# TODO: Put the maintainer name in the image metadataMAINTAINER huliaoliao# TODO: Rename the builder environment variable to inform users about application you provide themENV BUILDER_VERSION 1.0# TODO: Set labels used in OpenShift to describe the builder imageLABEL io.openshift.s2i.scripts-url=image:///usr/libexec/s2i \ io.k8s.description="Platform for building tomcat" \ io.k8s.display-name="builder tomcat" \ io.openshift.expose-services="8080:http" \ io.openshift.tags="builder,tomcat,java,etc."# TODO: Install required packages here:COPY ./CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repoRUN yum makecache && yum install -y java-1.8.0-openjdk subversion maven && yum clean all -yCOPY ./s2i/bin/ /usr/libexec/s2i# TODO (optional): Copy the builder files into /opt/app-rootCOPY ./tomcat8/ /opt/app-root/tomcat8# TODO: Copy the S2I scripts to /usr/local/s2i, since openshift/base-centos7 image sets io.openshift.s2i.scripts-url label that way, or update that label#COPY ./s2i/bin/ /usr/libexec/s2i# TODO: Drop the root user and make the content of /opt/app-root owned by user 1001RUN useradd -m tomcat -u 1002 && \ chmod -R a+rw /opt && \ chmod -R a+rw /opt/app-root && \ chmod a+rwx /opt/app-root/tomcat8/* && \ chmod +x /opt/app-root/tomcat8/bin/*.sh && \ rm -rf /opt/app-root/tomcat8/webapps/* && \ rm -rf /usr/share/maven/conf/settings.xmlADD ./settings.xml /usr/share/maven/conf/# This default user is created in the openshift/base-centos7 imageUSER 1002# TODO: Set the default port for applications built using this imageEXPOSE 8080ENTRYPOINT []# TODO: Set the default CMD for the imageCMD ["/usr/libexec/s2i/usage"]
其中COPY ./CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo
是为了换源。rm -rf /usr/share/maven/conf/settings.xml
和ADD ./settings.xml /usr/share/maven/conf/
是修改镜像中maven的配置,指向自己的maven库。
下载tomcat
wget http://archive.apache.org/dist/tomcat/tomcat-8/v8.5.5/bin/apache-tomcat-8.5.5.tar.gz
解压到tomcat-svn-catalog目录下的tomcat8文件夹下。
修改s2i/bin/assemble脚本(负责源代码的编译、构建以及构建产出物的部署)
#!/bin/bash -e## S2I assemble script for the 'nico-tomcat' image.# The 'assemble' script builds your application source ready to run.## For more information refer to the documentation:# https://github.com/openshift/source-to-image/blob/master/docs/builder_image.md## Restore artifacts from the previous build (if they exist).#if [ "$1" = "-h" ]; then # If the 'nico-tomcat' assemble script is executed with '-h' flag, # print the usage. exec /usr/libexec/s2i/usagefi# Restore artifacts from the previous build (if they exist).#if [ "$(ls /tmp/artifacts/ 2>/dev/null)" ]; then echo "---> Restoring build artifacts" mv /tmp/artifacts/. ./fiecho "---> Installing application source"WORK_DIR=/tmp/src;cd $WORK_DIR;if [ ! -z ${SVN_URI} ] ; then echo "Fetching source from Subversion repository ${SVN_URI}" svn co ${SVN_URI} --username=${SVN_USERNAME} --password=${SVN_PASSWORD} --no-auth-cache export SRC_DIR=`basename $SVN_URI` echo "Finished fetching source from Subversion repository ${SVN_URI}" cd $WORK_DIR/$SRC_DIR/ mvn package -Dmaven.test.skip=true;else echo "SVN_URI not set, skip Subverion source download";fifind /tmp/src/ -name '*.war'|xargs -i mv -v {} /opt/app-root/tomcat8/webapps/ROOT.warecho "---> Building application from source"
文件中下面这句就是根据用户输入的svn路径、账号、密码下载代码。
svn co ${SVN_URI} --username=${SVN_USERNAME} --password=${SVN_PASSWORD} --no-auth-cache
编辑s2i/bin/run脚本(S2I流程生成的最终镜像将以这个脚本作为容器的启动命令)。
脚本内容为启动tomcat。
#!/bin/bash -e## S2I run script for the 'nico-tomcat' image.# The run script executes the server that runs your application.## For more information see the documentation:# https://github.com/openshift/source-to-image/blob/master/docs/builder_image.md#exec /opt/app-root/tomcat8/bin/catalina.sh run
构建镜像并推送到自己的镜像仓库
在tomcat-svn-catalog目录下执行make。得到docker镜像后修改tag推送到镜像仓库。
在master节点上创建openshift-tomcat8-svn-is.json文件
{ "kind": "ImageStreamList", "apiVersion": "v1", "metadata": {}, "items": [ { "kind": "ImageStream", "apiVersion": "v1", "metadata": { "name": "openshift-tomcat8-svn", "annotations": {"openshift.io/image.insecureRepository": "true"}, "creationTimestamp": null }, "spec": { "dockerImageRepository": "master.example.com:5000/openshift-tomcat8-svn", "tags": [ { "name": "latest" }, { "name": "2.0", "annotations": { "description": "Run JavaEE WAR applications", "iconClass": "icon-ruby", "tags": "builder,tomcat,java,war", "supports": "java", "version": "1.0" }, "from": { "kind": "ImageStreamTag", "name": "latest" } } ] } } ]}
集群管理员账号执行命令。
oc create -n openshift -f openshift-tomcat8-svn-is.json
在master节点上创建openshift-tomcat8-svn-removegit-template.json文件
{ "kind": "Template", "apiVersion": "v1", "metadata": { "annotations": { "iconClass" : "icon-tomcat", "description": "Application template for JavaEE WAR deployment with Tomcat 8." }, "name": "openshift-tomcat8-svn-removegit" }, "labels": { "template": "openshift-tomcat8-svn-removegit" }, "parameters": [ { "description": "Tomcat 8.5.5", "name": "IMG_VERSION", "displayName":"Image Version", "value": "latest", "required": true }, { "description": "The name for the application.", "name": "APPLICATION_NAME", "displayName":"Application Name", "value": "", "required": true }, { "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", "displayName":"Application Hostname", "value": "" }, { "description": "Subversion source URI for application", "name": "SVN_URI", "displayName":"Subversion source URI", "value": "", "required": true }, { "description": "Subversion Username", "name": "SVN_USERNAME", "displayName":"Subversion Username", "value": "", "required": true }, { "description": "Subversion Password", "name": "SVN_PASSWORD", "displayName":"Subversion Password", "value": "", "required": true } ], "objects": [ { "kind": "Service", "apiVersion": "v1", "spec": { "ports": [ { "port": 8080, "targetPort": 8080 } ], "selector": { "deploymentConfig": "${APPLICATION_NAME}" } }, "metadata": { "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, "annotations": { "description": "The web server's http port." } } }, { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http-route", "metadata": { "name": "${APPLICATION_NAME}-http-route", "labels": { "application": "${APPLICATION_NAME}" }, "annotations": { "description": "Route for application's http service." } }, "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { "name": "${APPLICATION_NAME}" } } }, { "kind": "ImageStream", "apiVersion": "v1", "metadata": { "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" } } }, { "kind": "BuildConfig", "apiVersion": "v1", "metadata": { "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" } }, "spec": { "strategy": { "type": "Source", "sourceStrategy": { "from": { "kind": "ImageStreamTag", "namespace": "openshift", "name": "openshift-tomcat8-svn:latest" }, "env": [ { "name": "SVN_URI", "value": "${SVN_URI}" }, { "name": "SVN_USERNAME", "value": "${SVN_USERNAME}" }, { "name": "SVN_PASSWORD", "value": "${SVN_PASSWORD}" } ] } }, "output": { "to": { "kind": "ImageStreamTag", "name": "${APPLICATION_NAME}:latest" } }, "triggers": [ { "type": "GitHub", "github": { "secret": "${GITHUB_TRIGGER_SECRET}" } }, { "type": "Generic", "generic": { "secret": "${GENERIC_TRIGGER_SECRET}" } }, { "type": "ImageChange", "imageChange": {} } ] } }, { "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" } }, "spec": { "strategy": { "type": "Recreate" }, "triggers": [ { "type": "ImageChange", "imageChangeParams": { "automatic": true, "containerNames": [ "${APPLICATION_NAME}" ], "from": { "kind": "ImageStream", "name": "${APPLICATION_NAME}" } } } ], "replicas": 1, "selector": { "deploymentConfig": "${APPLICATION_NAME}" }, "template": { "metadata": { "name": "${APPLICATION_NAME}", "labels": { "deploymentConfig": "${APPLICATION_NAME}", "application": "${APPLICATION_NAME}" } }, "spec": { "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", "readinessProbe": { "exec": { "command": [ "/bin/bash", "-c", "curl http://localhost:8080" ] } }, "ports": [ { "name": "http", "containerPort": 8080, "protocol": "TCP" } ], "env": [ { "name": "SVN_URI", "value": "${SVN_URI}" } ] } ] } } } } ]}
集群管理员账号执行命令。
oc create -n openshift -f openshift-tomcat8-svn-removegit-template.json
验证
可从界面输入SVN的地址、账号、密码完成创建。
最终完成了从SVN拉取代码、编译、部署等一系列流程。
已知缺陷
1.SVN密码现在是明文的形式
2.template中暂未提供对build config、deploy config等的配置,界面还较为简单。
结语
本篇博客主要记录了工作过程,没有特别具体,但基本覆盖了所有过程。
仅供参考。
- openshift/origin工作记录(1)——S2I镜像定制(基于SVN)
- openshift/origin学习记录(9)——S2I镜像定制(基于Git)
- openshift/origin学习记录(8)——基于镜像安装多节点集群(Containerized Installer)
- openshift/origin学习记录(1)——基于二进制文件的安装(单机版)
- openshift/origin工作记录(2)——RESTful编程接口使用
- openshift/origin工作记录(3)——Application的删除
- openshift/origin工作记录(4)——Pod时区同步
- openshift/origin学习记录(10)——基于已有镜像部署应用
- openshift/origin学习记录(3)——添加Registry
- openshift/origin学习记录(0)——Ansible安装多节点openshift集群
- openshift/origin学习记录(5)——添加Template(模板)并基于模板部署应用
- openshift/origin学习记录(13)——集群节点扩容(Master/node/etcd)
- openshift/origin学习记录(2)——添加Router组件
- openshift/origin学习记录(4)——添加Image Stream
- openshift/origin学习记录(7)——集成Jenkins服务
- openshift/origin学习记录(6)——集群节点管理
- openshift/origin学习记录(11)——赋予用户集群管理员权限
- openshift/origin学习记录(12)——离线安装集群
- javascript label语句学习
- wamp自定义网站根目录
- 通俗易懂解释java反射机制(一)
- oh-my-zsh小记
- 推荐一个软件
- openshift/origin工作记录(1)——S2I镜像定制(基于SVN)
- TensorFlow的cnn做mnist例子
- QImage与QPixmap完全解析
- ckplayer播放器控制播放/暂停
- 4、Python 处理 ini 文件
- match返回参数和分组
- 五分钟学GIS | 大数据之分布式空间分析服务
- java调用WebService接口的几种方法
- C++中的基础相关知识之预处理,const,sizeof