第十一章 docker镜像的分层(kvm 链接克隆,写时复制的特性)
镜像分层的好处:复用,节省磁盘空间,相同的内容只需加载一份到内存。
修改dockerfile之后,再次构建速度快
dockerfile 优化:
1:尽可能选择体积小linux,alpine
2:尽可能合并RUN指令,清理无用的文件(yum缓存,源码包)
3:修改dockerfile,把变化的内容尽可能放在dockerfile结尾
4: 使用.dockerignore,减少不必要的文件ADD . /html
第十二章 手动制作KVM图形化管理界面容器
0.启动一个容器并进入
docker run -itd -p 80:80 centos:7 /bin/bash
docker exec -it 容器ID /bin/bash
1.初始化
rm -rf /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
2.安装python依赖
yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor gcc python-devel
python -m pip install --upgrade --force pip -i https://pypi.tuna.tsinghua.edu.cn/simple
pip install setuptools==33.1.1 -i https://pypi.tuna.tsinghua.edu.cn/simple
pip install numpy -i https://pypi.tuna.tsinghua.edu.cn/simple
3.安装python的Django环境
cd /opt/
git clone git://github.com/retspen/webvirtmgr.git
cd webvirtmgr
pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
./manage.py syncdb
./manage.py collectstatic
4.安装Nginx
cat>/etc/yum.repos.d/nginx.repo<<EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
yum makecache fast
yum install nginx -y
yum clean all
5.配置Nginx和代码
mkdir /code
mv /opt/webvirtmgr /code/
chown -R nginx:nginx /code
rm -rf /etc/nginx/conf.d/default.conf
cat >/etc/nginx/conf.d/webvirtmgr.conf<<EOF
server {
listen 80 default_server;
server_name localhost;
access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /code/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-for \$proxy_add_x_forwarded_for;
proxy_set_header Host \$host:\$server_port;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
EOF
nginx -t
nginx
netstat -lntup|grep 80
6.配置Supervisor
cat >/etc/supervisord.d/webvirtmgr.ini<<EOF
[program:webvirtmgr]
command=/usr/bin/python /code/webvirtmgr/manage.py run_gunicorn -c /code/webvirtmgr/conf/gunicorn.conf.py
directory=/code/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python /code/webvirtmgr/console/webvirtmgr-console
directory=/code/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
[program:nginx]
command=nginx -g 'daemon off;'
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/nginx.log
redirect_stderr=true
EOF
sed -i "s#nodaemon=false#nodaemon=true#g" /etc/supervisord.conf
supervisord -c /etc/supervisord.conf
supervisorctl status
7.创建用户
mkdir /var/cache/nginx/.ssh/ -p
chown -R nginx:nginx /var/cache/nginx/
su - nginx -s /bin/bash
ssh-keygen
touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
chmod 0600 ~/.ssh/config
ssh-copy-id root@10.0.0.11
8.提交新镜像
docker commit 容器ID my_kvm_web:v1
9.基于新镜像创建新容器
docker stop $(docker ps -qa)
docker rm $(docker ps -qa)
docker run -itd -p 80:80 my_kvm_web:v1 supervisord -c /etc/supervisord.conf
第十三章 docker安装私有仓库harbor
1.下载软件包
cd /opt
wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-installer-v1.9.3.tgz
tar xf harbor-offline-installer-v1.9.0-rc1.tgz
2.修改配置
vim harbor.yml
hostname: 10.0.0.51
harbor_admin_password: 123456
3.下载docker-compose
yum install docker-compose -y
4.安装harbor
./install.sh
5.修改镜像名称
docker tag 容器ID 10.0.0.51/linux/my_kod:v2
docker images
6.修改docker配置添加信任仓库
cat >/etc/docker/daemon.json<<EOF
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.51"]
}
EOF
7.docker登录到harbor
docker login 10.0.0.51
8.上传镜像到私有仓库
docker push 10.0.0.51/linux/my_kod:v2
9.客户端使用仓库下载镜像
docker run -p 80:80 -d 10.0.0.51/linux/my_kod:v2
10.访问
10.0.0.51
十四章 docker-compose(单机版容器编排工具)
ansible剧本
yum install -y docker-compose(需要epel源)
cd my_wordpress/
vi docker-compose.yml
version: '3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- web_data:/var/www/html
ports:
- "80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
db_data:
web_data:
启动
docker-compose up
后台启动
docker-compose up -d
gitlab
zabbix
https://www.zabbix.com/documentation/4.0/zh/manual/installation/containers
第十五章 重启docker服务,容器全部退出的解决办法
方法一:docker run --restart=always
方法二:"live-restore": true docker server配置文件/etc/docker/daemon.json参考
{
"registry-mirrors": ["[http://b7a9017d.m.daocloud.io](http://b7a9017d.m.daocloud.io)"],
"insecure-registries":["10.0.0.11:5000"],
"live-restore": true
}
第十六章 docker监控容器
1.docker自带的监控命令
docker container ps :查看正在运行的容器
docker container top :知道某个容器运行了哪些进程
docker container stats :显示每个容器各种资源使用情况
2.cAdvisor+ prometheus+ grafana组件介绍
组件介绍:
#cAdvisor
cAdvisor是google开发的容器监控工具,cAdvisor会显示当前host的资源使用情况,包括CPU,内存,网络,文件系统。
不过cAdvisor提供的操作界面略显简陋,而且需要在不同页面之间跳转,并且只能监控一个host,这不免让人质疑他的实用性,但cAdvisor有一个亮点是可以将监控到的数据导出给第三方工具,有这些工具进一步加工处理。
所以我们可以把cAdvisor定位为一个监控数据收集器,收集和导出数据是他的强项,而非展示数据。
cAdvisor支持很多第三方工具,其中就包含prometheus
#prometheus
Prometheus是一个非常优秀的监控工具。提供了监控数据搜集,存储,处理,可视化和告警一系列完整的解决方案。包含组件
Node Exporter :负责收集host硬件和操作系统数据,以容器的形式运行在所有host上
cAdvisor :负责收集容器数据,以容器的形式运行在所有host上
#grafana
grafana是一款支持多种数据源的图形展示工具
3.部署
#地址规划:
10.0.0.51 cAdvisor+ Node Exporter +prometheus+ grafana
10.0.0.52 cAdvisor+ Node Exporter
#上传 node-exporter、prometheus、grafana 软件包
导入镜像
docker load < node-exporter.tar.gz
docker load < prometheus.tar.gz
docker load < grafana.tar.gz
#docker01的配置文件:
cat >docker-compose.yml<<EOF
version: '3.2'
services:
prometheus:
image: prom/prometheus:latest
container_name: prometheus
ports:
- 9090:9090
command:
- --config.file=/etc/prometheus/prometheus.yml
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
depends_on:
- cadvisor
node-exporter:
image: prom/node-exporter:latest
container_name: node_exporter
ports:
- 9100:9100
cadvisor:
image: google/cadvisor:latest
container_name: cadvisor
ports:
- 8080:8080
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
grafana:
image: grafana/grafana:latest
container_name: grafana
ports:
- 3000:3000
EOF
#prometheus配置文件
cat >prometheus.yml <<EOF
scrape_configs:
- job_name: cadvisor
scrape_interval: 5s
static_configs:
- targets:
- 10.0.0.51:8080
- 10.0.0.52:8080
- job_name: prometheus
scrape_interval: 5s
static_configs:
- targets:
- 10.0.0.51:9090
- job_name: node_exporter
scrape_interval: 5s
static_configs:
- targets:
- 10.0.0.51:9100
- 10.0.0.52:9100
EOF
#docker02配置文件:
cat >docker-compose.yml<<EOF
version: '3.2'
services:
node-exporter:
image: prom/node-exporter:latest
container_name: node_exporter
ports:
- 9100:9100
cadvisor:
image: google/cadvisor:latest
container_name: cadvisor
ports:
- 8080:8080
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
EOF
4.运行
ntpdate time1.aliyun.com
docker-compose up -d
5.检查
http://10.0.0.51:8080/metrics
http://10.0.0.51:9100/metrics
http://10.0.0.51:9090
http://10.0.0.51:3000
第十七章 docker安装zabbix/gitlab
docker运行zabbix
docker run --name mysql-server -t \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
-d mysql:5.7 \
--character-set-server=utf8 --collation-server=utf8_bin
docker run --name zabbix-server-mysql -t \
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
--link mysql-server:mysql \
-p 10051:10051 \
-d zabbix/zabbix-server-mysql:latest
docker run --name zabbix-web-nginx-mysql -t \
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
--link mysql-server:mysql \
--link zabbix-server-mysql:zabbix-server \
-p 80:80 \
-d zabbix/zabbix-web-nginx-mysql:latest
docker运行gitlab
docker run --detach \
--hostname 10.0.0.11 \
--publish 443:443 --publish 80:80 --publish 22:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
报错:
docker: Error response from daemon: Conflict. The container name "/gitlab" is already in use by container "a2e152ae8a61c059867886dc857cb4c45aac14fdc17eb1df16da549ce53c5d33". You have to remove (or rename) that container to be able to reuse that name.
See 'docker run --help'.
解决方法:
修改name gitlab 改gitlab2 端口22:22 改2222:22
第十八章 Docker跨主机容器之间的通信macvlan
默认一个物理网卡,只有一个物理mac地址,虚拟多个mac地址
第一种方法
1.创建macvlan网络
docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
2.设置eth0的网卡为混杂模式
ip link set eth1 promisc on
3.创建使用macvlan网络的容器
docker run -it --network macvlan_1 --ip=10.0.0.200 busybox
第二种方式
1.创建网络
sysctl -w net.ipv4.ip_forward=1 docker network create -d macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
2.启动容器
docker01 启动容器
docker run -it --network macvlan_1 --ip 10.0.0.100 alpine docker
02 启动容器 docker
run -it --network macvlan_1 --ip 10.0.0.200 alpine
启动后互相 ping 发现可以正常通讯
ping 10.0.0.100
ping 10.0.0.200
第十九章 Dcoker跨主机容器通信之overlay
第一种安装部署方式
docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
设置容器的主机名
consul:kv类型的存储数据库(key:value)
docker01、02上:
vim /etc/docker/daemon.json
{
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://10.0.0.13:8500",
"cluster-advertise": "10.0.0.11:2376"
}
vim /etc/docker/daemon.json
vim /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker
2)创建overlay网络
docker network create -d overlay --subnet 172.16.1.0/24 --gateway 172.16.1.254 ol1
3)启动容器测试
docker run -it --network ol1 --name oldboy01 busybox /bin/bash
每个容器有两块网卡,eth0实现容器间的通讯,eth1实现容器访问外网
第二种安装部署方式
二进制安装
wget https://releases.hashicorp.com/consul/1.4.4/consul_1.4.4_linux_amd64.zip
unzip consul_1.4.4_linux_amd64.zip
mv consul /usr/bin/
chmod +x /usr/bin/consul
nohup consul agent -server -bootstrap -ui -data-dir /var/lib/consul -client=10.0.0.11 -bind=10.0.0.11 &>/var/log/consul.log &
tail -f /var/log/consul.log
1.docker 容器安装
docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
2.修改 docker 启动文件
[root@docker01 ~]# vim /lib/systemd/system/docker.service
#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --
cluster-store consul://10.0.0.11:8500 --cluster-advertise 10.0.0.11:2375
3.重启 docker
systemctl daemon-reload
systemctl restart docker.service
4.同样方法修改 docker2 的配置
[root@docker01 ~]# vim /lib/systemd/system/docker.service
#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store
consul://10.0.0.11:8500 --cluster-advertise 10.0.0.12:2375
5.重启docker02
systemctl daemon-reload
systemctl restart docker.service
6.在 docker 主机上创建 overlay 网络
在 docker1 上创建网络,然后会自动同步到 docker2 上
docker network create -d overlay overlay_net
6.分别在两个节点上创建容器
docker01
docker run -it --net=overlay_net --name busybox01 busybox:latest
docker02
docker run -it --net=overlay_net --name busybox02 busybox:latest
7.测试联通性
[root@docker01 ~]# docker run -it --net=overlay_net --name busybox01 busybox:latest
Unable to find image 'busybox:latest' locally latest: Pulling from library/busybox
0f8c40e1270f: Pull complete Digest:
sha256:1303dbf110c57f3edf68d9f5a16c082ec06c4cf7604831669faf2c712260b5a0
Status: Downloaded newer image for busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
10: eth1@if11: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth1
valid_lft forever preferred_lft forever
/ # ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3): 56 data bytes
64 bytes from 10.0.0.3: seq=0 ttl=64 time=0.667 ms
64 bytes from 10.0.0.3: seq=1 ttl=64 time=0.822 ms
^C
--- 10.0.0.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.667/0.744/0.822 ms
/ #
网友评论