[docker]一些经常用到的docker容器启动方法
来源:互联网 发布:手机淘宝清缓存的作用 编辑:程序博客网 时间:2024/06/05 00:08
busybox 命令参考
参考:
https://k8smeetup.github.io/docs/concepts/cluster-administration/logging/
https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-policy
相当于
docker run -d –name=b1 busybox i=0; while true; do echo “
docker logs -f b1
docker exec -ti busybox -- nslookup kubernetes.defaultdocker exec busybox cat /etc/resolv.conf
dockerfile拷贝目录的一个坑
参考: https://stackoverflow.com/questions/26504846/copy-directory-to-other-directory-at-docker-using-add-command
## 拷贝文件不需要写目标FROM centosCOPY 2.txt /usr/local/## 拷贝目录则需要这样写,目标,不然拷贝不进去FROM centosCOPY mysql /usr/local/mysql
一些经常或不经常用到的镜像启动方法
设置容器的TZ另一种办法
参考: https://github.com/spujadas/elk-docker/blob/master/start.sh
## override default time zone (Etc/UTC) if TZ variable is setif [ ! -z "$TZ" ]; then ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezonefi
带ssh的centos
docker run -d -p 0.0.0.0:2222:22 tutum/centos6docker run -d -p 0.0.0.0:2222:22 tutum/centosdocker run -d -p 0.0.0.0:2222:22 -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro tutum/centos6docker run -d -p 0.0.0.0:2222:22 -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro tutum/centos支持两种验证方式:docker run -d -p 0.0.0.0:2222:22 -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -e ROOT_PASS="mypass" tutum/centosdocker run -d -p 2222:22 -e AUTHORIZED_KEYS="`cat ~/.ssh/id_rsa.pub`" tutum/centosdocker logs <CONTAINER_ID>ssh -p <port> root@<host>
参考: https://hub.docker.com/r/tutum/centos/
带ping/curl/nslookup的busybox
docker run -itd --name=test1 --net=test-network radial/busyboxplus /bin/sh
nginx
mkdir -p /data/nginx-htmlecho "maotai" > /data/nginx-html/index.htmldocker run -d \ --net=host \ --restart=always \ -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ -v /etc/localtime:/etc/localtime:ro \ -v /data/nginx-html:/usr/share/nginx/html \ --name nginx \nginx
portainer多单节点管理界面的部署
cp /etc/docker/daemon.json /etc/docker/daemon.json.bak.$(date +%F)cat >/etc/docker/daemon.json<<EOF{ "registry-mirrors": ["https://registry.docker-cn.com"], "hosts": [ "tcp://0.0.0.0:2375", "unix:///var/run/docker.sock" ]}EOFsystemctl daemon-reloadsystemctl restart docker && systemctl enable dockerdocker run -d \-p 9000:9000 \--restart=always \-v /etc/localtime:/etc/localtime:ro \-v /var/run/docker.sock:/var/run/docker.sock \portainer/portainer
nginx配置
mv /etc/nginx /etc/nginx_$(date +%F)mkdir -p /etc/nginx/conf.d/mkdir -p /data/nginx-htmlecho "maotai" > /data/nginx-html/index.htmlcat >> /etc/nginx/nginx.conf<<EOFuser nginx;worker_processes 1;error_log /var/log/nginx/error.log warn;pid /var/run/nginx.pid;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; server_name_in_redirect off; client_max_body_size 20m; client_header_buffer_size 16k; large_client_header_buffers 4 16k; sendfile on; tcp_nopush on; keepalive_timeout 65; server_tokens off; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_proxied any; gzip_http_version 1.1; gzip_comp_level 3; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format json '{"@timestamp": "$time_iso8601",' '"@version": "1",' '"client": "$remote_addr",' '"url": "$uri", ' '"status": $status, ' '"domain": "$host", ' '"host": "$server_addr",' '"size":"$body_bytes_sent", ' '"response_time": $request_time, ' '"referer": "$http_referer", ' '"http_x_forwarded_for": "$http_x_forwarded_for", ' '"ua": "$http_user_agent" } '; access_log /var/log/nginx/access.log json; include /etc/nginx/conf.d/*.conf;}EOFtree /etc/nginx/cat >> /etc/nginx/conf.d/default.conf <<EOFserver { listen 80; server_name localhost; #charset koi8-r; #access_log /var/log/nginx/host.access.log json; location / { root /usr/share/nginx/html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #}}EOFtree /etc/nginx/
nginx-lb
docker run --name nginx-lb \ -d \ -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ --net=host \ --restart=always \ -v /etc/localtime:/etc/localtime \nginx:1.13.3-alpine
lnmp(每个组件独立)
参考: https://github.com/micooz/docker-lnmp
docker-compose up
启动一个mysql
cat /root/dockerfile/mysql/start.shdocker run -p 3306:3306 -v /data/mysql:/var/lib/mysql -v /etc/localtime:/etc/localtime --name mysql5 --restart=always -d mysql:5.6.23 --character-set-server=utf8 --collation-server=utf8_general_ci
docker run \-p 3306:3306 \-v /data/mysql:/var/lib/mysql \-v /etc/localtime:/etc/localtime \--name mysql5 \--restart=always \-e MYSQL_ROOT_PASSWORD=123456 \-d mysql:5.6.23 --character-set-server=utf8 --collation-server=utf8_general_ci
show VARIABLES like '%max_allowed_packet%';show variables like '%storage_engine%';show variables like 'collation_%';show variables like 'character_set_%';
mysql主从库
#+++++++++++++++++++++++++++# mysql主从库#+++++++++++++++++++++++++++ docker run -d -e REPLICATION_MASTER=true -e REPLICATION_PASS=mypass -p 3306:3306 --name mysql tutum/mysql docker run -d -e REPLICATION_SLAVE=true -p 3307:3306 --link mysql:mysql tutum/mysql
gogs安装(不过建议用gitlab)
docker run -itd \ -p 53000:3000 -p 50022:22 \ -v /data/gogs:/data \ -v /etc/localtime:/etc/localtime \ --restart=always \ gogs/gogs
cowcloud
docker run -v /data/owncloud-data:/var/www/html -v /etc/localtime:/etc/localtime -v :/var/www/html/config --restart=always -itd -p 8000:80 owncloud
nextcloud(和owncloud一样,据说这个支持在线md记录笔记,总之感觉功能更强大)
参考: /nextcloud/”>https://hub.docker.com//nextcloud/
docker run -d \-p 8080:80-v nextcloud:/var/www/html \nextcloud
安装confluence
docker run \ -v /data/confluence/conflu_data:/var/atlassian/application-data/confluence \ -v /etc/localtime:/etc/localtime \ -v /data/confluence/server.xml:/opt/atlassian/confluence/conf/server.xml \ --restart=always \ --link mysql5:db \ --name="confluence" -d \ -p 8090:8090 \ -p 8091:8091 \ cptactionhank/atlassian-confluence
参考:http://wuyijun.cn/shi-yong-dockerfang-shi-an-zhuang-he-yun-xing-confluence/
- 配置confluence
- 创建数据库
create database confluence default character set utf8 collate utf8_bin;grant all on confluence.* to 'confluence'@"172.17.0.%" identified by "confluenceman";grant all on confluence.* to 'confluence'@"192.168.6.%";grant all on confluence.* to 'confluence'@"192.168.8.%";
- 安装破解
1.导出后用破机器破解docker cp confluence:/opt/atlassian/confluence/confluence/WEB-INF/lib/atlassian-extras-decoder-v2-3.2.jar ./mv atlassian-extras-decoder-v2-3.2.jar atlassian-extras-2.4.jar2. 将破解文件导入系统mv atlassian-extras-2.4.jar atlassian-extras-decoder-v2-3.2.jardocker cp ./atlassian-extras-decoder-v2-3.2.jar confluence:/opt/atlassian/confluence/confluence/WEB-INF/lib/3.重启confluencedocker stop confluencedocker start confluence
- 1.贴上破机器的序列号
- 2.选jdbc连mysql url写:
jdbc:mysql://db:3306/confluence?sessionVariables=storage_engine%3DInnoDB&amp;useUnicode=true&amp;characterEncoding=utf8
3.导入既有的数据
参考:https://www.ilanni.com/?p=11989
如:xmlexport-20170902-100808-153.zip
这里包含了数据库数据.4.安装完毕
管理员帐号密码登陆 http://192.168.x.x:8090adminxxxxx
- 5.配置邮箱
这里我没用server.xml里配置(配了测试有问题),直接smtp用新浪邮箱配的
smtp.sina.commt@sina.com123456
phabricator审计系统(客服给开发提bug)
docker run -d \ -p 9080:80 -p 9443:443 -p 9022:22 \ --env PHABRICATOR_HOST=sj.pp100.net \ --env MYSQL_HOST=192.168.x.x \ --env MYSQL_USER=root \ --env MYSQL_PASS=elc123 \ --env PHABRICATOR_REPOSITORY_PATH=/repos \ --env PHABRICATOR_HOST_KEYS_PATH=/hostkeys/persisted \ -v /data/phabricator/hostkeys:/hostkeys \ -v /data/phabricator/repo:/repos \ redpointgames/phabricator
hackmarkdown安装(内网markdown服务器,支持贴图权限,还有专门的客户端等)
https://github.com/hackmdio/docker-hackmd/blob/master/docker-compose.yml
docker-compose up -d
参考: 数据的备份等都有.
https://github.com/hackmdio/docker-hackmd
https://hub.docker.com/r/hackmdio/hackmd/
容器启动常用选项
- 1, 时区
- 2, 自动重启
- 3, 日志
docker run \-v /etc/localtime:/etc/localtime:ro-v /etc/timezone:/etc/timezone:ro--restart=always \docker run \-v /etc/localtime:/etc/localtime:ro-v /etc/timezone:/etc/timezone:ro-v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro记录两份 一份是前台输出,另一份docker run -it --rm -p 80:80 nginxll /var/lib/docker/containers/*/*.log
针对容器的日志切割(不然日志越滚越大)
容器日志目录: /var/lib/docker/containers//.log.*
docker run -d -v /var/lib/docker/containers:/var/lib/docker/containers:rw \-v /etc/localtime:/etc/localtime:ro \--restart=always \tutum/logrotate
- 原理(logrotated的一个copytruncate选项很好,不截断日志情况下滚动日志)
## 可以进到容器里看看日志滚动策略.#https://hub.docker.com/r/tutum/logrotate// # cat /etc/logrotate.conf/var/lib/docker/containers/*/*.log { rotate 0 copytruncate sharedscripts maxsize 10M postrotate rm -f /var/lib/docker/containers/*/*.log.* endscript#logrotate说明copytruncate# http://www.lightxue.com/how-logrotate-works#让我联想起了nginx日志切割cat > /etc/logrotate.d/nginx/usr/local/nginx/logs/*.log { daily missingok rotate 7 dateext compress delaycompress notifempty sharedscripts postrotate if [ -f /usr/local/nginx/logs/nginx.pid ]; then kill -USR1 `cat /usr/local/nginx/logs/nginx.pid` fi endscript}
清理长时间不用的镜像和volumes
docker run -d \ --privileged \ -v /var/run:/var/run:rw \ -v /var/lib/docker:/var/lib/docker:rw \ -e IMAGE_CLEAN_INTERVAL=1 \ -e IMAGE_CLEAN_DELAYED=1800 \ -e VOLUME_CLEAN_INTERVAL=1800 \ -e IMAGE_LOCKED="ubuntu:trusty, tutum/curl:trusty" \ tutum/cleanup# https://hub.docker.com/r/tutum/cleanup/# IMAGE_CLEAN_INTERVAL (optional) How long to wait between cleanup runs (in seconds), 1 by default.# IMAGE_CLEAN_DELAYED (optional) How long to wait to consider an image unused (in seconds), 1800 by default.# VOLUME_CLEAN_INTERVAL (optional) How long to wait to consider a volume unused (in seconds), 1800 by default.# IMAGE_LOCKED (optional) A list of images that will not be cleaned by this container, separated by ,
- 原理:调用二进制程序
/ # cat run.sh#!/bin/shif [ ! -e "/var/run/docker.sock" ]; then echo "=> Cannot find docker socket(/var/run/docker.sock), please check the command!" exit 1fiif [ "${IMAGE_LOCKED}" == "**None**" ]; then exec /cleanup \ -imageCleanInterval ${IMAGE_CLEAN_INTERVAL} \ -imageCleanDelayed ${IMAGE_CLEAN_DELAYED}else exec /cleanup \ -imageCleanInterval ${IMAGE_CLEAN_INTERVAL} \ -imageCleanDelayed ${IMAGE_CLEAN_DELAYED} \ -imageLocked "${IMAGE_LOCKED}"fi
zk集群
参考: https://segmentfault.com/a/1190000006907443
version: '2'services: zoo1: image: zookeeper restart: always container_name: zoo1 volumes: - /etc/localtime:/etc/localtime ports: - "2181:2181" environment: ZOO_MY_ID: 1 ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888 zoo2: image: zookeeper restart: always container_name: zoo2 volumes: - /etc/localtime:/etc/localtime ports: - "2182:2181" environment: ZOO_MY_ID: 2 ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888 zoo3: image: zookeeper restart: always volumes: - /etc/localtime:/etc/localtime container_name: zoo3 ports: - "2183:2181" environment: ZOO_MY_ID: 3 ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888
检查:
echo stat|nc127.0.0.1 2181或者进入到容器去看#docker exec zoo1 /zookeeper-3.4.10/bin/zkCli.sh -server 127.0.0.1:2181#/zookeeper-3.4.10/bin/zkCli.sh -server 127.0.0.1:2181
zabbix(monitoringartist这小伙把组件搞在一个镜像了)
docker run \ -d \ --name dockbix-db \ -v /backups:/backups \ -v /etc/localtime:/etc/localtime:ro \ --volumes-from dockbix-db-storage \ --env="MARIADB_USER=zabbix" \ --env="MARIADB_PASS=my_password" \ monitoringartist/zabbix-db-mariadb# Start Dockbix linked to the started DBdocker run \ -d \ --name dockbix \ -p 80:80 \ -p 10051:10051 \ -v /etc/localtime:/etc/localtime:ro \ --link dockbix-db:dockbix.db \ --env="ZS_DBHost=dockbix.db" \ --env="ZS_DBUser=zabbix" \ --env="ZS_DBPassword=my_password" \ --env="XXL_zapix=true" \ --env="XXL_grapher=true" \ monitoringartist/dockbix-xxl:latest
分开的zabbix,这个我没测
docker run --name zabbix-server-mysql -t \ -v /etc/localtime:/etc/localtime:ro \ -v /data/zabbix-alertscripts:/usr/lib/zabbix/alertscripts \ -v /etc/zabbix/zabbix_server.conf:/etc/zabbix/zabbix_server.conf \ -e DB_SERVER_HOST="192.168.14.132" \ -e MYSQL_DATABASE="zabbix" \ -e MYSQL_USER="zabbix" \ -e MYSQL_PASSWORD="Tx66sup" \ -e MYSQL_ROOT_PASSWORD="Tinsu" \ -e ZBX_JAVAGATEWAY="127.0.0.1" \ --network=host \ -d registry.docker-cn.com/zabbix/zabbix-server-mysql:ubuntu-3.4.0docker run --name mysql-server -t \ -v /etc/localtime:/etc/localtime:ro \ -v /etc/my.cnf:/etc/my.cnf \ -v /data/mysql-data:/var/lib/mysql \ -e MYSQL_DATABASE="zabbix" \ -e MYSQL_USER="zabbix" \ -e MYSQL_PASSWORD="bix66sup" \ -e MYSQL_ROOT_PASSWORD="adminsu" \ -p 3306:3306 \ -d registry.docker-cn.com/mysql/mysql-server:5.7docker run --name zabbix-java-gateway -t \ -v /etc/localtime:/etc/localtime:ro \ --network=host \ -d registry.docker-cn.com/zabbix/zabbix-java-gateway:latestbdocker run --name zabbix-web-nginx-mysql -t \ -v /etc/localtime:/etc/localtime:ro \ -e DB_SERVER_HOST="192.168.14.132" \ -e MYSQL_DATABASE="zabbix" \ -e MYSQL_USER="zabbix" \ -e MYSQL_PASSWORD="TCzp" \ -e MYSQL_ROOT_PASSWORD="TC6u" \ -e PHP_TZ="Asia/Shanghai" \ --network=host \ -d registry.docker-cn.com/zabbix/zabbix-web-nginx-mysql:ubuntu-3.4.0
docker监控advisor
docker run \ --volume=/:/rootfs:ro \ --volume=/var/run:/var/run:rw \ --volume=/sys:/sys:ro \ --volume=/var/lib/docker/:/var/lib/docker:ro \ --publish=8080:8080 \ --detach=true \ --name=cadvisor \google/cadvisor:latesthttp://192.168.14.133:8080/
centos7跑cAdvisor-InfluxDB-Grafana
- 参考
http://www.pangxie.space/docker/456https://www.brianchristner.io/how-to-setup-docker-monitoring/https://github.com/vegasbrianc/docker-monitoring/blob/master/docker-monitoring-0.9.json
- 启动influxdb(使用最新的发现不好使)
docker run -d -p 8083:8083 -p 8086:8086 --expose 8090 --expose 8099 --name influxsrv tutum/influxdb:0.10
- 创建db
docker exec -it influxsrv bashuse cadvisorCREATE USER "root" WITH PASSWORD 'root' WITH ALL PRIVILEGESCREATE DATABASE cadvisorshow users
- 启动cadvisor
docker run --volume=/:/rootfs:ro --volume=/var/run:/var/run:rw --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:ro --publish=8080:8080 --detach=true --link influxsrv:influxsrv --name=cadvisor google/cadvisor:latest -storage_driver=influxdb -storage_driver_db=cadvisor -storage_driver_host=influxsrv:8086
- 启动grafna, 加db源.导入dashboard
docker run -d -p 3000:3000 -e INFLUXDB_HOST=192.168.14.133 -e INFLUXDB_PORT=8086 -e INFLUXDB_NAME=cadvisor -e INFLUXDB_USER=root -e INFLUXDB_PASS=root --link influxsrv:influxsrv --name grafana grafana/grafana
Prometheus+Grafana(这个比cAdvisor-InfluxDB-Grafana展示效果更好一些)
A Prometheus & Grafana docker-compose stack
参考: https://github.com/vegasbrianc/prometheus
docker-compose up -d
elk
elk容器要占2g内存,vm分配至少给2g
参考:http://elk-docker.readthedocs.io/#installation
https://github.com/gregbkr/elk-dashboard-v5-docker
sysctl -w vm.max_map_count=262144docker run -d -v /etc/localtime:/etc/localtime --restart=always -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elkdocker run -d -v /etc/localtime:/etc/localtime --restart=always -p 9100:9100 mobz/elasticsearch-head:5或docker-compose up -d
纯手动安装elastic+kibana(elk)
useradd elkcd /usr/local/src/tar xf elasticsearch-5.6.4.tar.gz -C /usr/local/tar xf kibana-5.6.4-linux-x86_64.tar.gz -C /usr/local/ln -s /usr/local/elasticsearch-5.6.4 /usr/local/elasticsearchln -s /usr/local/kibana-5.6.4-linux-x86_64 /usr/local/kibanachown -R elk. /usr/local/elasticsearchchown -R elk. /usr/local/elasticsearch/chown -R elk. /usr/local/kibanachown -R elk. /usr/local/kibana/mkdir /data/es/{data,logs} -pchown -R elk. /data修改es配置0.0.0.0http.cors.enabled: truehttp.cors.allow-origin: "*"修改内核:vim /etc/security/limits.conf* soft nproc 65536* hard nproc 65536* soft nofile 65536* hard nofile 65536sysctl -w vm.max_map_count=262144sysctl -pnohup /bin/su - elk -c "/usr/local/elasticsearch/bin/elasticsearch" > /data/es/es-start.log 2>&1 &nohup /bin/su - elk -c "/usr/local/kibana/bin/kibana" > /data/es/kibana-start.log 2>&1 &docker run -d -v /etc/localtime:/etc/localtime --restart=always -p 9100:9100 mobz/elasticsearch-head:5
安装elk的head插件
先修改es的配置文件: elasticsearch.yml追加http.cors.enabled: truehttp.cors.allow-origin: "*"docker run -d -v /etc/localtime:/etc/localtime --restart=always -p 9100:9100 mobz/elasticsearch-head:5
物理机安装elk之前的优化操作sudo sysctl -w vm.max_map_count=262144make it persistent:$ vim /etc/sysctl.confvm.max_map_count=262144## es常用操作参考: http://www.cnblogs.com/lishouguang/p/4560930.html## 备份,扩容等脚本,有点老,但是思路可以参考,https://github.com/gregbkr/docker-elk-cadvisor-dashboardshttp://192.168.14.133:9200/_cat/health?v #查看集群状态http://192.168.14.133:9200/_cat/nodes?v #查看节点状态http://192.168.14.133:9200/_cat/indices?v #查看index列表#创建indexcurl -XPUT http://vm1:9200/customer?pretty#添加一个document[es@vm1 ~]$ curl -XPUT vm1:9200/customer/external/1?pretty -d '{"name":"lisg"}'#检索一个document[es@vm1 ~]$ curl -XGET vm1:9200/customer/external/1?pretty#删除一个document[es@vm1 ~]$ curl -XDELETE vm1:9200/customer/external/1?pretty#删除一个type[es@vm1 ~]$ curl -XDELETE vm1:9200/customer/external?pretty#删除一个index[es@vm1 ~]$ curl -XDELETE vm1:9200/customer?pretty#POST方式可以添加一个document,不用指定ID[es@vm1 ~]$ curl -XPOST vm1:9200/customer/external?pretty -d '{"name":"zhangsan"}'#使用doc更新document[es@vm1 ~]$ curl -XPUT vm1:9200/customer/external/1?pretty -d '{"name":"lisg4", "age":28}'#使用script更新document(1.4.3版本动态脚本是被禁止的)[es@vm1 ~]$ curl -XPOST vm1:9200/customer/external/1/_update?pretty -d '{"script":"ctx._source.age += 5"}'
启动jenkins
docker run -d -u root \-p 8080:8080 \-v /var/run/docker.sock:/var/run/docker.sock \-v $(which docker):/bin/docker \-v /var/jenkins_home:/var/jenkins_home \jenkins
带ssh的tomcat
之前一直使用单个app的容器,如tomcat,我只需要catalina.sh run来启动前台容器.其中方法:我可以CMD [‘run.sh’],其中run.sh有了我想执行的命令.
我也可以通过ENTRYPOINT [“docker-entrypoint.sh”],这样更加灵活了.可以通过CMD往这个脚本传参了.
后台tomcat容器需要ssh进去管理.这就意味着必须sshd也要同时前台启动,只能用supervisor来管理了.
参考:http://blog.csdn.net/iiiiher/article/details/70918045,其中包含了,
但是我感觉还是不太完善.
- 1,熟悉dockerfile语法
- 2,手动构建centos7
- 3,使用官网centos7
- 4,系统层–基于官网cenos7 添加 supervisor+ssh,启动后即启动ssh
- 5,运行层—安装jdk
- 6,app层安装tomcat,暴露8080.—supervisor接管.
新总结下supervisord.conf的配置(tomcat+ssh镜像)
参考: https://github.com/zabbix/zabbix-docker/blob/3.4/web-apache-mysql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
[supervisord]nodaemon = true[program:sshd]command=/usr/sbin/sshd -Dprocess_name=%(program_name)sauto_start = trueautorestart = true[program:tomcat]command=/data/tomcat/bin/catalina.sh runprocess_name=%(program_name)sauto_start = trueautorestart = truestdout_logfile = /dev/stdoutstdout_logfile_maxbytes = 0stderr_logfile = /dev/stderrstderr_logfile_maxbytes = 0这是tomcat的dockerfile[tomcat+ssh镜像],其中要准备,下载解压这些目录到Dockerfile所在目录, jdk, tomcat,tomcat的server.xml(后期我k8s集群使用cm来覆盖)
Dockerfile
FROM centos:6.8# Init centosENV TERM="linux"ENV TERMINFO="/etc/terminfo"ENV LANG="en_US.UTF-8"ENV LANGUAGE="en_US.UTF-8"ENV LC_ALL="en_US.UTF-8"ENV TZ="PRC"COPY localtime /etc/localtime#sshRUN yum -y install openssh-server epel-release && \ rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key && \ ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key && \ ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key && \ sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config && \ sed -i "s/UsePAM.*/UsePAM yes/g" /etc/ssh/sshd_config && \ sed -i 's#\#UseDNS yes#UseDNS no#g' /etc/ssh/sshd_config && \ sed -i 's#GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config && \ echo "root:123456" | chpasswd && \ yum clean all#supervisorRUN yum -y install supervisor && \ mkdir -p /etc/supervisor/COPY supervisord.conf /etc/supervisor/# Prepare jdk and tomcat environmentENV JAVA_HOME /usr/local/jdkENV CLASSPATH .:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jarENV TOMCAT_HOME /data/tomcatENV PATH $JAVA_HOME/bin:$TOMCAT_HOME/bin:$PATHENV CATALINA_HOME=/data/tomcatENV ENVCATALINA_BASE=/data/tomcat#RUN export JAVA_HOME CLASSPATH TOMCAT_HOME PATH CATALINA_HOME ENVCATALINA_BASE# Install Oracle jdk-8u25COPY jdk /usr/local/jdk# Install apache-tomcat-7.0.62RUN mkdir -p /data/tomcat && mkdir -p /data/web/elc/ && \ ulimit -SHn 65535 && \ echo '* - nofile 65536' >>/etc/security/limits.confCOPY tomcat /data/tomcatCOPY server.xml /tmp/server.xmlRUN ln -s /tmp/server.xml /data/tomcat/conf/server.xmlWORKDIR /data/tomcatEXPOSE 8080 22CMD ["supervisord","-c","/etc/supervisor/supervisord.conf"]
其中centos的dockerfile参考: https://github.com/tutumcloud/tutum-centos/blob/master/centos6/Dockerfile
这里可以指定ssh的密码,你也可以使用pwdgen(yum install)工具随机生成密码,打印在console口通过docker logs -f来查看到密码,后期直接自己改密码.参考那个github吧.
docker容器volume从容器里挂文件到宿主机
参考: 这几篇Dockerfile最佳实践很有必要去读一读.
http://blog.csdn.net/shanyongxu/article/details/51456444
http://blog.csdn.net/shanyongxu/article/details/51456592
http://blog.csdn.net/shanyongxu/article/details/51460930
http://blog.csdn.net/shanyongxu/article/details/51476997
后来发现,-v选项 之前是把容器外的数据挂容器里用 刚想把容器里的某个文件挂到宿主机用,
只能挂出 run之后容器产生的数据,
如nginx: 可以获取到nginx的access日志和error日志,因为这些日志都是容器启动后生成的
docker run -itd -v /tmp/nginx/:/var/log/nginx/ -p 80:80 nginx
在比如centos: 我只在宿主机/tmp下发现hostname hosts resolv.conf这三个文件,这些文件是容器run之后产生的文件.
docker run -itd -v /tmp/etc/:/tmp/etc/ centos
nginx基于centos的dockerfile
参考: https://github.com/nginxinc/docker-nginx/blob/3ba04e37d8f9ed7709fd30bf4dc6c36554e578ac/mainline/stretch/Dockerfile
FROM centos:6.8ENV NGINX_VERSION 1.13.6RUN CONFIG="\ --user=nginx \ --group=nginx \ --prefix=/usr/local/nginx \ --with-http_stub_status_module \ --with-http_ssl_module \ " \ && useradd nginx -s /sbin/nologin \ && yum install openssl openssl-devel pcre pcre-devel gcc c++ -y \ && curl -fSL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -o /usr/local/src/nginx-${NGINX_VERSION}.tar.gz \ && tar -xvf /usr/local/src/nginx-$NGINX_VERSION.tar.gz -C /usr/local/src \ && cd /usr/local/src/nginx-$NGINX_VERSION \ && ./configure $CONFIG \ && make \ && make install \ && rm -rf /usr/local/src/*RUN ln -sf /dev/stdout /usr/local/nginx/log/access.log \ && ln -sf /dev/stderr /usr/local/nginx/log/error.logEXPOSE 80 443CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
搭建registry
导入导出镜像比较麻烦,共享镜像占了工作中一大部分时间.搭建了个本地registry, 不支持用户名密码验证的 和 支持用户名密码验证的两种.## 参考:https://docs.docker.com/registry/#requirementshttps://docs.docker.com/registry/insecure/#deploy-a-plain-http-registryhttps://docs.docker.com/registry/deploying/#restricting-access# 我需要仓库,我不需要验证## node1(192.168.14.132)-作为docker仓库
docker run -d -p 5000:5000 -v /data/docker/registy:/var/lib/registry registry:2
## node2(192.168.14.133)-作为客户端push镜像到仓库```shell$ cat /etc/docker/daemon.json { "insecure-registries" : ["192.168.14.132:5000"]}<div class="se-preview-section-delimiter"></div>
$ systemctl restart docker$ docker info...Experimental: falseInsecure Registries: 192.168.14.132:5000 #看到这玩意了 127.0.0.0/8...<div class="se-preview-section-delimiter"></div>
docker tag centos 192.168.14.132:5000/maotai/centosdocker push 192.168.14.132:5000/maotai/centos<div class="se-preview-section-delimiter"></div>
[root@node1 repositories]# tree -L 1 ./maotai./maotai #根据用名来操作├── busybox└── centos<div class="se-preview-section-delimiter"></div>
打tag有讲究,把对应人的名字打上,容易区分
查看
查看仓库中的镜像:
GET /v2/_catalog<div class="se-preview-section-delimiter"></div>
查看镜像的 tag:
GET /v2/huayong/busybox/tags/list<div class="se-preview-section-delimiter"></div>
我需要支持用户名密码验证的仓库
稍微比较麻烦,docker要求验证时候不能明文传输用户名密码.所有只能https了.
mkdir /data/registry/auth/{certs,auth} -pcd /data/registry/auth/certsopenssl req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout domain.key -out domain.crt -subj "/CN=reg.maotai.com"cd /data/registry/auth<div class="se-preview-section-delimiter"></div>## 创建testuser/testpassworddocker run \ --entrypoint htpasswd \ registry:2 -Bbn testuser testpassword > auth/htpasswdcd /data/registrydocker run -d \ -p 5000:5000 \ --restart=always \ -v /data/docker/registy:/var/lib/registry \ -v /etc/localtime:/etc/localtime \ --name registry \ -v `pwd`/auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ registry:2<div class="se-preview-section-delimiter"></div>
客户端同样需要配置daemon.json
“`
- [docker]一些经常用到的docker容器启动方法
- 进入docker容器的方法
- 进入docker容器的方法
- 进入Docker容器的方法
- win7下启动docker容器的访问地址和SSH连接docker虚拟环境的方法
- docker启动容器
- docker容器启动
- Docker查看 启动容器
- 启动docker容器
- Docker 进入启动容器
- Docker容器自启动
- 如何启动Docker容器
- 经常用到的一些js方法
- Velocity经常要用到的一些方法
- docker容器的多应用开机启动
- Docker删除所有启动的容器
- Docker容器的多应用开机启动
- 关于docker容器网络的一些理解
- 简单的选择排序
- Max Sum
- 手机游戏中遇到的坑(三)
- 分布式系统事务一致性
- DWORD转为char *
- [docker]一些经常用到的docker容器启动方法
- VUE2 中 v-for,v-on:click 使用需要注意的地方
- mysql语句中的sum(if(exp1,exp2,exp3))
- 数组模拟栈+自定义异常
- go 使用lib 调用 c++ 方法(c 调用形式)
- 当使用git push origin master 报错时
- docker 入门
- 洛谷 P1171 售货员的难题 【状压dp】
- shared_ptr不明确