0803[CI/CD-Ansible,Jenkins]

망지·2022년 8월 3일
0

📌 SAA 준비

📙 EBS, 인스턴스 스토어

시험준비 - ebs와 인스턴스 스토어.
인스턴스 스토어는 성능위주. ebs는 가용영역 안에서만 사용 가능.

📙 s3 수명주기 전환 정책 표

📌 ansible CI/CD

📌 ansible

📙 인스턴스 생성

이름 : ansible-server
이미지 : amazon linux 2
유형 : t2.micro
키페어 선택
네트워크 : MY-VPC, PUB2A
보안그룹 : DEV-SG
사용자데이터 :

#!/bin/bash
timedatectl set-timezone Asia/Seoul
hostnamectl set-hostname ansible-server
amazon-linux-extras install -y ansible2
amazon-linux-extras install docker -y
systemctl enable --now docker
curl https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker -o /etc/bash_completion.d/docker.sh
usermod -a -G docker ec2-user

📙 route53 레코드 생성으로 도메인 할당

📙 mobaxterm으로 진입하여 설치 확인

[ec2-user@ansible-server ~]$ ansible --version
ansible 2.9.23
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/ec2-user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.18 (default, May 25 2022, 14:30:51) [GCC 7.3.1 20180712 (Red Hat 7.3.1-15)]
  
  [ec2-user@ansible-server ~]$ docker version
Client:
 Version:           20.10.13
 API version:       1.41

📙 젠킨스가 패스워드로 앤서블에 접속할 수 있게하기

sudo passwd ec2-user
sudo vi /etc/ssh/sshd_config
PasswordAuthentication yes
#PermitEmptyPasswords no
#PasswordAuthentication no
sudo systemctl restart sshd

📙 도커와 앤서블 연결하기 위해 인벤토리 편집

도커호스트의 내부 IP를 앤서블 인벤토리에 넣어주기

# sudo vi /etc/ansible/hosts
10.14.40.211

📙도커와 앤서블 연결을 위한 키 생성

키 만들기 전에는 진입하려면 비밀번호를 수동으로 쳐줘야함.

[ec2-user@ansible-server ~]$ ansible all -m ping -k
SSH password:
[WARNING]: Platform linux on host 10.14.40.211 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.40.211 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

키 생성

[ec2-user@ansible-server ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ec2-user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

카피명령어로 연결, 다시 ping으로 키진입해보기.

# ssh-copy-id 10.14.40.211

# ansible all -m ping

command 모듈(연결된 도커서버 명령어 실행시킬 수 있는 모듈), uptime 사용으로도 확인가능.

[ec2-user@ansible-server ~]$ ansible all -m command -a uptime
[WARNING]: Platform linux on host 10.14.40.211 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.40.211 | CHANGED | rc=0 >>
 10:39:19 up  1:01,  2 users,  load average: 0.00, 0.00, 0.00

command 활용 2

[ec2-user@ansible-server ~]$ ansible all -m command -a "docker ps -a"
[WARNING]: Platform linux on host 10.14.40.211 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.40.211 | CHANGED | rc=0 >>
CONTAINER ID   IMAGE                   COMMAND             CREATED        STATUS                      PORTS     NAMES
b2a6a53c08e6   mj030kk/mytomcat:v1.0   "catalina.sh run"   22 hours ago   Exited (143) 21 hours ago             docker-container

->이런모습으로 도커호스트를 앤서블로 컨트롤 할 것.
command, shell 에서 아쉬운 것은 멱등성이 없음.

📌 jenkins와 앤서블 연결

📙 ansible server

[ec2-user@ansible-server ~]$ sudo mkdir /opt/docker
[ec2-user@ansible-server ~]$ sudo chown -R ec2-user:ec2-user /opt/docker

📙 jenkins

젠킨스대시보드 - 젠킨스 관리 - 시스템설정 - 맨 하단 SSH server 추가

고급 - Use password authentication, or use a different key 체크 - Passphrase / Password 에 비밀번호 입력

📌 빌드

📙 ansible item

jenins 대시보드 - 새로운 item - name:Copy_Artifacts_onto_Ansible -
copy from : BuildAndDeployOnContainer - OK

설명 : 메이븐으로 코드를 빌드하고 앤서블을 활용해서 도커호스트로 배포하자
git 경로 : https://github.com/mangjini/hello-world.git

빌드유발 - poll SCM 체크 해제 (자동화 해제) ; test

빌드 후 조치 - SSh server name : ansible-server로 선택 (기존 : docekr host)
exec command에 있던 내용 삭제 - apply , 저장

  • 지금 빌드 클릭

ansible 서버에서 확인

[ec2-user@ansible-server docker]$ ll
total 932
-rw-rw-r-- 1 ec2-user ec2-user 951824 Aug  3 11:18 webapp.war

📙test

[ec2-user@ansible-server docker]$  vi Dockerfile
FROM tomcat:9
RUN cp -R /usr/local/tomcat/webapps.dist/* /usr/local/tomcat/webapps
COPY ./*.war /usr/local/tomcat/webapps

[ec2-user@ansible-server docker]$ docker build -t mj030kk/mytomcat:v1.0 .

[ec2-user@ansible-server docker]$ docker run -d -p 8080:8080 --name test-container mj030kk/mytomcat:v1.0
51003a858bb4147a3b2e98c964629daf09232ff308efcba7967a2e55024a5571

test 했던 것들 정리

[ec2-user@ansible-server docker]$ docker images
REPOSITORY         TAG       IMAGE ID       CREATED         SIZE
mj030kk/mytomcat   v1.0      7cf717785c7f   5 minutes ago   502MB
tomcat             9         07bcfa45c644   5 days ago      496MB

[ec2-user@ansible-server docker]$ docker rm -f test-container
test-container

[ec2-user@ansible-server docker]$ docker rmi -f mj030kk/mytomcat:v1.0
[ec2-user@ansible-server docker]$ docker rmi -f tomcat:9

📙 앤서블과 도커서버 관리

맨 하단에 인벤토리 IP 정리, 그룹화

[ec2-user@ansible-server docker]$ sudo vi /etc/ansible/hosts
[docker-host]
10.14.40.211

[ansible-server]
10.14.9.46

-> 자기자신도 키 등록해주고, 권한 설정 해줘야 핑 나감.

[ec2-user@ansible-server docker]$ ssh-copy-id 10.14.9.46
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ec2-user/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ec2-user@10.14.9.46's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '10.14.9.46'"
and check to make sure that only the key(s) you wanted were added.

완료

[ec2-user@ansible-server docker]$ ansible all -m ping
[WARNING]: Invalid characters were found in group names but not replaced, use
-vvvv to see details
[WARNING]: Platform linux on host 10.14.40.211 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.40.211 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
[WARNING]: Platform linux on host 10.14.9.46 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
10.14.9.46 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

📙 앤서블로 빌드

[ec2-user@ansible-server docker]$ vi build.yml
- hosts: ansible-server

  tasks:
  - name: create docker image
    command: docker build -t mj030kk/mytomcat:v1.0 .
    args:
      chdir: /opt/docker

  - name: push docker image
    command: docker push mj030kk/mytomcat:v1.0
    
[ec2-user@ansible-server docker]$ docker login
[ec2-user@ansible-server docker]$ ansible-playbook build.yml


도커허브에 업로드 완료

이미지도 잘 들어옴

[ec2-user@ansible-server docker]$ docker images
REPOSITORY         TAG       IMAGE ID       CREATED          SIZE
mj030kk/mytomcat   v1.0      67835a86bcda   15 minutes ago   502MB
tomcat             9         07bcfa45c644   5 days ago       496MB

📙 구성수정

젠킨스 - Copy_Artifacts_onto_Ansible -구성 - 빌드 후 조치 - exec command :

cd /opt/docker;
ansible-playbook build.yml

-apply,저장 - 지금빌드


방금 업로드라고 바뀐 모습 ( 구성 수정 정상작동 확인 )

제대로 확인하기 위해 docker hub에서 mytomcat 리포 삭제 .
ansible 서버에서도 이미지 삭제.

[ec2-user@ansible-server docker]$ docker images
REPOSITORY         TAG       IMAGE ID       CREATED          SIZE
mj030kk/mytomcat   <none>    67835a86bcda   23 minutes ago   502MB
tomcat             9         07bcfa45c644   5 days ago       496MB
[ec2-user@ansible-server docker]$ docker rmi -f 67835a86bcda

다시 젠킨스에서 지금 빌드 클릭


도커허브에 올라온 모습

ansible에서 확인한 모습


[ec2-user@ansible-server docker]$ docker images ## 지금 빌드 전
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
tomcat       9         07bcfa45c644   5 days ago   496MB
[ec2-user@ansible-server docker]$ docker images ##지금 빌드 후
REPOSITORY         TAG       IMAGE ID       CREATED          SIZE
mj030kk/mytomcat   v1.0      537aa9b06cc8   52 seconds ago   502MB
tomcat             9         07bcfa45c644   5 days ago       496MB

📙 test

[ec2-user@ansible-server docker]$ vi deploy.yml
- hosts: docker-host

  tasks:
  - name: remove container
    command: docker rm -f docker-container
  - name: remove image
    command: docker rmi -f mj030kk/mytomcat:v1.0
  - name: create container
    command: docker run -d -p 8080:8080 --name docker-container mj030kk/mytomcat:v1.0
    
[ec2-user@ansible-server docker]$ ansible-playbook deploy.yml

📙 자동으로 업데이트 되게 하기 [CI/CD]

[ec2-user@docker-host ~]$ docker rm -f docker-container
docker-container

젠킨스 - 대시보드 - 포르젝트 - 구성 - 빌드유발 - Poll SCM 스케줄 '* * * * *' - exec command

cd /opt/docker;
ansible-playbook build.yml;
sleep 10;
ansible-playbook deploy.yml
  • apply, 저장 - 지금 빌드

📙 업데이트 확인

git bash에서,

r2com@DESKTOP-DD3FU43 MINGW64 ~
$ rm -rf hello-world/

r2com@DESKTOP-DD3FU43 MINGW64 ~
$ git clone https://github.com/mangjini/hello-world.git
Cloning into 'hello-world'...
remote: Enumerating objects: 565, done.
remote: Total 565 (delta 0), reused 0 (delta 0), pack-reused 565
Receiving objects: 100% (565/565), 826.48 KiB | 917.00 KiB/s, done.
Resolving deltas: 100% (154/154), done.

r2com@DESKTOP-DD3FU43 MINGW64 ~
$ cd hello-world

r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world (master)
$ ls
Dockerfile  README.md  pom.xml  regapp-deploy.yml  regapp-service.yml  server/  test.tml  webapp/

r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world (master)
$ cd webapp/src/main/webapp/

r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ ls
WEB-INF/  assets/  css/  gcp.tar  images/  index.jsp  index.jsp.bak  index.jsp.old  js/  test.txt

r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ vi index.jsp

r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ git add .

r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ git commit -m "edit index.jsp"
[master 8a0b4f1] edit index.jsp
 1 file changed, 1 insertion(+), 1 deletion(-)

r2com@DESKTOP-DD3FU43 MINGW64 ~/hello-world/webapp/src/main/webapp (master)
$ git push origin master

-> 자동업데이트 확인 완료

📙 ✔️✏️📢⭐️📌

profile
꾸준히, 차근차근

0개의 댓글