openshift/origin工作记录(1)——S2I镜像定制(基于SVN)
openshift/origin工作记录(1)——S2I镜像定制(基于SVN)
胡了了
发布于 2017-12-28 18:09:37
发布于 2017-12-28 18:09:37
上周的工作内容是迁移微服务管控平台到openshift集群上。定制了基于git的S2I,走通了从gitlab拉取代码、打包、部署等一系列流程,成功迁移并向部门老大做了汇报。 本周的工作是定制基于SVN的S2I,走通从SVN拉取代码、打包、部署这套流程。
本篇博客所用到的代码已上传至github。https://github.com/hu12081/openshift-s2i-tomcat-svn.git
s2i源码研究(能力不够,修改失败)
周一的时候在github上粗略阅读了source-to-image的源码,代码地址为https://github.com/openshift/source-to-image。整体代码采用go语言实现,https://github.com/openshift/source-to-image/tree/master/pkg/scm/downloaders目录下的代码应该是实现代码下载功能的,包括从本地文件路径拷贝代码、通过git克隆代码。
无奈对go语言一窍不通,如果从零学习go语言修改s2i的代码,短期内无法实现。强行建议老大抛弃openshift s2i那一套,走jkenins(虽然我还是一窍不通,但组内有人会,可以把锅甩出去。。。),老大基本被我说服。
修改builder镜像,定制部署模板(成功实现)
周二在看《开源容器云openshift》一书时,无意在书中发现作者的github,上面就有svn的demo,地址为https://github.com/nichochen/openshift-tomcat-svn。着实尴尬。
该项目的最后提交时间为两年前,在尝试部署的过程中发现存在以下问题:
1.ose-json文件夹下的openshift-tomcat7-svn-is.json存在语法错误。 2.该部署模板虽然集成了svn,但是在web界面上必须填写可用的git地址(该地址只用于跳过s2i验证),作者在README.md指出了该缺陷,缺没有修复。 3.没有提供svn的账号、密码输入功能。 4.直接clone该项目,在builder镜像的使用过程中,会报文件夹权限的问题。
优化已有的开源项目
参考我的博客openshift/origin学习记录(9)——S2I镜像定制(基于Git) 以下内容有做了一些定制化开发(基本都有表明)不具有通用性,不推荐直接复制粘贴使用!!!请自行修改参数、指令等内容。
创建S2I Builder镜像工作目录
通过s2i create命令创建一个名为tomcat-s2i的S2I Builder镜像。第二个参数tomcat-svn为S2I Builder镜像名称。第三个参数tomcat-svn-catalog定义了工作目录的名称。
s2i create tomcat-svn tomcat-svn-catalog编写Dockerfile
修改tomcat-svn-catalog目录下的Dockerfile文件。
# openshift-tomcat8-svn
FROM docker.io/centos
# TODO: Put the maintainer name in the image metadata
MAINTAINER huliaoliao
# TODO: Rename the builder environment variable to inform users about application you provide them
ENV BUILDER_VERSION 1.0
# TODO: Set labels used in OpenShift to describe the builder image
LABEL io.openshift.s2i.scripts-url=image:///usr/libexec/s2i \
io.k8s.description="Platform for building tomcat" \
io.k8s.display-name="builder tomcat" \
io.openshift.expose-services="8080:http" \
io.openshift.tags="builder,tomcat,java,etc."
# TODO: Install required packages here:
COPY ./CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo
RUN yum makecache && yum install -y java-1.8.0-openjdk subversion maven && yum clean all -y
COPY ./s2i/bin/ /usr/libexec/s2i
# TODO (optional): Copy the builder files into /opt/app-root
COPY ./tomcat8/ /opt/app-root/tomcat8
# TODO: Copy the S2I scripts to /usr/local/s2i, since openshift/base-centos7 image sets io.openshift.s2i.scripts-url label that way, or update that label
#COPY ./s2i/bin/ /usr/libexec/s2i
# TODO: Drop the root user and make the content of /opt/app-root owned by user 1001
RUN useradd -m tomcat -u 1002 && \
chmod -R a+rw /opt && \
chmod -R a+rw /opt/app-root && \
chmod a+rwx /opt/app-root/tomcat8/* && \
chmod +x /opt/app-root/tomcat8/bin/*.sh && \
rm -rf /opt/app-root/tomcat8/webapps/* && \
rm -rf /usr/share/maven/conf/settings.xml
ADD ./settings.xml /usr/share/maven/conf/
# This default user is created in the openshift/base-centos7 image
USER 1002
# TODO: Set the default port for applications built using this image
EXPOSE 8080
ENTRYPOINT []
# TODO: Set the default CMD for the image
CMD ["/usr/libexec/s2i/usage"]其中COPY ./CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo是为了换源。rm -rf /usr/share/maven/conf/settings.xml和ADD ./settings.xml /usr/share/maven/conf/是修改镜像中maven的配置,指向自己的maven库。
下载tomcat
wget http://archive.apache.org/dist/tomcat/tomcat-8/v8.5.5/bin/apache-tomcat-8.5.5.tar.gz解压到tomcat-svn-catalog目录下的tomcat8文件夹下。
这里写图片描述
修改s2i/bin/assemble脚本(负责源代码的编译、构建以及构建产出物的部署)
#!/bin/bash -e
#
# S2I assemble script for the 'nico-tomcat' image.
# The 'assemble' script builds your application source ready to run.
#
# For more information refer to the documentation:
# https://github.com/openshift/source-to-image/blob/master/docs/builder_image.md
#
# Restore artifacts from the previous build (if they exist).
#
if [ "$1" = "-h" ]; then
# If the 'nico-tomcat' assemble script is executed with '-h' flag,
# print the usage.
exec /usr/libexec/s2i/usage
fi
# Restore artifacts from the previous build (if they exist).
#
if [ "$(ls /tmp/artifacts/ 2>/dev/null)" ]; then
echo "---> Restoring build artifacts"
mv /tmp/artifacts/. ./
fi
echo "---> Installing application source"
WORK_DIR=/tmp/src;
cd $WORK_DIR;
if [ ! -z ${SVN_URI} ] ; then
echo "Fetching source from Subversion repository ${SVN_URI}"
svn co ${SVN_URI} --username=${SVN_USERNAME} --password=${SVN_PASSWORD} --no-auth-cache
export SRC_DIR=`basename $SVN_URI`
echo "Finished fetching source from Subversion repository ${SVN_URI}"
cd $WORK_DIR/$SRC_DIR/
mvn package -Dmaven.test.skip=true;
else
echo "SVN_URI not set, skip Subverion source download";
fi
find /tmp/src/ -name '*.war'|xargs -i mv -v {} /opt/app-root/tomcat8/webapps/ROOT.war
echo "---> Building application from source"文件中下面这句就是根据用户输入的svn路径、账号、密码下载代码。
svn co ${SVN_URI} --username=${SVN_USERNAME} --password=${SVN_PASSWORD} --no-auth-cache编辑s2i/bin/run脚本(S2I流程生成的最终镜像将以这个脚本作为容器的启动命令)。
脚本内容为启动tomcat。
#!/bin/bash -e
#
# S2I run script for the 'nico-tomcat' image.
# The run script executes the server that runs your application.
#
# For more information see the documentation:
# https://github.com/openshift/source-to-image/blob/master/docs/builder_image.md
#
exec /opt/app-root/tomcat8/bin/catalina.sh run构建镜像并推送到自己的镜像仓库
在tomcat-svn-catalog目录下执行make。得到docker镜像后修改tag推送到镜像仓库。
在master节点上创建openshift-tomcat8-svn-is.json文件
{
"kind": "ImageStreamList",
"apiVersion": "v1",
"metadata": {},
"items": [
{
"kind": "ImageStream",
"apiVersion": "v1",
"metadata": {
"name": "openshift-tomcat8-svn",
"annotations": {"openshift.io/image.insecureRepository": "true"},
"creationTimestamp": null
},
"spec": {
"dockerImageRepository": "master.example.com:5000/openshift-tomcat8-svn",
"tags": [
{
"name": "latest"
},
{
"name": "2.0",
"annotations": {
"description": "Run JavaEE WAR applications",
"iconClass": "icon-ruby",
"tags": "builder,tomcat,java,war",
"supports": "java",
"version": "1.0"
},
"from": {
"kind": "ImageStreamTag",
"name": "latest"
}
}
]
}
} ]
}集群管理员账号执行命令。
oc create -n openshift -f openshift-tomcat8-svn-is.json在master节点上创建openshift-tomcat8-svn-removegit-template.json文件
{
"kind": "Template",
"apiVersion": "v1",
"metadata": {
"annotations": {
"iconClass" : "icon-tomcat",
"description": "Application template for JavaEE WAR deployment with Tomcat 8."
},
"name": "openshift-tomcat8-svn-removegit"
},
"labels": {
"template": "openshift-tomcat8-svn-removegit"
},
"parameters": [
{
"description": "Tomcat 8.5.5",
"name": "IMG_VERSION",
"displayName":"Image Version",
"value": "latest",
"required": true
},
{
"description": "The name for the application.",
"name": "APPLICATION_NAME",
"displayName":"Application Name",
"value": "",
"required": true
},
{
"description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>",
"name": "APPLICATION_HOSTNAME",
"displayName":"Application Hostname",
"value": ""
},
{
"description": "Subversion source URI for application",
"name": "SVN_URI",
"displayName":"Subversion source URI",
"value": "",
"required": true
},
{
"description": "Subversion Username",
"name": "SVN_USERNAME",
"displayName":"Subversion Username",
"value": "",
"required": true
},
{
"description": "Subversion Password",
"name": "SVN_PASSWORD",
"displayName":"Subversion Password",
"value": "",
"required": true
}
],
"objects": [
{
"kind": "Service",
"apiVersion": "v1",
"spec": {
"ports": [
{
"port": 8080,
"targetPort": 8080
}
],
"selector": {
"deploymentConfig": "${APPLICATION_NAME}"
}
},
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
},
"annotations": {
"description": "The web server's http port."
}
}
},
{
"kind": "Route",
"apiVersion": "v1",
"id": "${APPLICATION_NAME}-http-route",
"metadata": {
"name": "${APPLICATION_NAME}-http-route",
"labels": {
"application": "${APPLICATION_NAME}"
},
"annotations": {
"description": "Route for application's http service."
}
},
"spec": {
"host": "${APPLICATION_HOSTNAME}",
"to": {
"name": "${APPLICATION_NAME}"
}
}
},
{
"kind": "ImageStream",
"apiVersion": "v1",
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
}
}
},
{
"kind": "BuildConfig",
"apiVersion": "v1",
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
}
},
"spec": {
"strategy": {
"type": "Source",
"sourceStrategy": {
"from": {
"kind": "ImageStreamTag",
"namespace": "openshift",
"name": "openshift-tomcat8-svn:latest"
},
"env": [
{
"name": "SVN_URI",
"value": "${SVN_URI}"
},
{
"name": "SVN_USERNAME",
"value": "${SVN_USERNAME}"
},
{
"name": "SVN_PASSWORD",
"value": "${SVN_PASSWORD}"
}
]
}
},
"output": {
"to": {
"kind": "ImageStreamTag",
"name": "${APPLICATION_NAME}:latest"
}
},
"triggers": [
{
"type": "GitHub",
"github": {
"secret": "${GITHUB_TRIGGER_SECRET}"
}
},
{
"type": "Generic",
"generic": {
"secret": "${GENERIC_TRIGGER_SECRET}"
}
},
{
"type": "ImageChange",
"imageChange": {}
}
]
}
},
{
"kind": "DeploymentConfig",
"apiVersion": "v1",
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
}
},
"spec": {
"strategy": {
"type": "Recreate"
},
"triggers": [
{
"type": "ImageChange",
"imageChangeParams": {
"automatic": true,
"containerNames": [
"${APPLICATION_NAME}"
],
"from": {
"kind": "ImageStream",
"name": "${APPLICATION_NAME}"
}
}
}
],
"replicas": 1,
"selector": {
"deploymentConfig": "${APPLICATION_NAME}"
},
"template": {
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"deploymentConfig": "${APPLICATION_NAME}",
"application": "${APPLICATION_NAME}"
}
},
"spec": {
"containers": [
{
"name": "${APPLICATION_NAME}",
"image": "${APPLICATION_NAME}",
"imagePullPolicy": "Always",
"readinessProbe": {
"exec": {
"command": [
"/bin/bash",
"-c",
"curl http://localhost:8080"
]
}
},
"ports": [
{
"name": "http",
"containerPort": 8080,
"protocol": "TCP"
}
],
"env": [
{
"name": "SVN_URI",
"value": "${SVN_URI}"
}
]
}
]
}
}
}
}
]
}集群管理员账号执行命令。
oc create -n openshift -f openshift-tomcat8-svn-removegit-template.json验证
这里写图片描述
可从界面输入SVN的地址、账号、密码完成创建。
这里写图片描述
最终完成了从SVN拉取代码、编译、部署等一系列流程。
已知缺陷
1.SVN密码现在是明文的形式 2.template中暂未提供对build config、deploy config等的配置,界面还较为简单。
结语
本篇博客主要记录了工作过程,没有特别具体,但基本覆盖了所有过程。
仅供参考。
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2017-10-25 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读