美文网首页
docker总结

docker总结

作者: dotff | 来源:发表于2019-03-27 14:21 被阅读0次
    一. Docker的安装
    1. 准备
      确保内核版本大于3.1 并更新yum

      uname -r
      yum update
      
    2. 添加仓库 安装

        yum install -y yum-utils device-mapper-persistent-data lvm2    # 安装yum的辅助包
      
      
        yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo  # 设置阿里的镜像
      
        yum install docker-ce       # 安装
      
    3. 启动并加入开机启动

          
          systemctl start docker
          systemctl enable docker
          docker version
      
    4. 配置远程访问

         vim /usr/lib/systemd/system/docker.service
      

      ExecStart=/usr/bin/dockerd 这一行改为

       ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375
      

      重启docker服务

        systemctl daemon-reload #通知systemd重载配置文件
        systemctl restart docker
      

      此时访问 http://IP:2375/version 可以看到版本为17.05.0-ce

    5. 设置国内镜像源
      新增/修改 /etc/docker/daemon.json

          {
                    "registry-mirrors": ["https://registry.docker-cn.com"]
          }
      
    6. 安装 docker-compose
      参见GitHub上的shell

       docker-compose --version # 测试安装成功了吗
      
    7. TLS
      在/etc/docker目录下新建shell

    #!/bin/bash
    # 
    # Created by L.STONE <web.developer.network@gmail.com>
    # -------------------------------------------------------------
    # 自动创建 Docker TLS 证书
    # -------------------------------------------------------------
    
    # 以下是配置信息
    # --[BEGIN]------------------------------
    
    CODE="ADMIN"
    IP="139.196.122.34"
    PASSWORD="ADMIN"
    COUNTRY="CN"
    STATE="sd"
    CITY="qd"
    ORGANIZATION="redsoft"
    ORGANIZATIONAL_UNIT="Dev"
    COMMON_NAME="$IP"
    EMAIL="dotff@qq.com"
    
    # --[END]--
    
    # Generate CA key
    openssl genrsa -aes256 -passout "pass:$PASSWORD" -out "ca-key-$CODE.pem" 4096
    # Generate CA
    openssl req -new -x509 -days 365 -key "ca-key-$CODE.pem" -sha256 -out "ca-$CODE.pem" -passin "pass:$PASSWORD" -subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORGANIZATION/OU=$ORGANIZATIONAL_UNIT/CN=$COMMON_NAME/emailAddress=$EMAIL"
    # Generate Server key
    openssl genrsa -out "server-key-$CODE.pem" 4096
    
    # Generate Server Certs.
    openssl req -subj "/CN=$COMMON_NAME" -sha256 -new -key "server-key-$CODE.pem" -out server.csr
    
    echo "subjectAltName = IP:$IP,IP:127.0.0.1" >> extfile.cnf
    echo "extendedKeyUsage = serverAuth" >> extfile.cnf
    
    openssl x509 -req -days 365 -sha256 -in server.csr -passin "pass:$PASSWORD" -CA "ca-$CODE.pem" -CAkey "ca-key-$CODE.pem" -CAcreateserial -out "server-cert-$CODE.pem" -extfile extfile.cnf
    
    
    # Generate Client Certs.
    rm -f extfile.cnf
    
    openssl genrsa -out "key-$CODE.pem" 4096
    openssl req -subj '/CN=client' -new -key "key-$CODE.pem" -out client.csr
    echo extendedKeyUsage = clientAuth >> extfile.cnf
    openssl x509 -req -days 365 -sha256 -in client.csr -passin "pass:$PASSWORD" -CA "ca-$CODE.pem" -CAkey "ca-key-$CODE.pem" -CAcreateserial -out "cert-$CODE.pem" -extfile extfile.cnf
    
    rm -vf client.csr server.csr
    
    chmod -v 0400 "ca-key-$CODE.pem" "key-$CODE.pem" "server-key-$CODE.pem"
    chmod -v 0444 "ca-$CODE.pem" "server-cert-$CODE.pem" "cert-$CODE.pem"
    
    # 打包客户端证书
    mkdir -p "tls-client-certs-$CODE"
    cp -f "ca-$CODE.pem" "cert-$CODE.pem" "key-$CODE.pem" "tls-client-certs-$CODE/"
    cd "tls-client-certs-$CODE"
    tar zcf "tls-client-certs-$CODE.tar.gz" *
    mv "tls-client-certs-$CODE.tar.gz" ../
    cd ..
    rm -rf "tls-client-certs-$CODE"
    
    # 拷贝服务端证书
    mkdir -p /etc/docker/certs.d
    cp "ca-$CODE.pem" "server-cert-$CODE.pem" "server-key-$CODE.pem" /etc/docker/certs.d/
    
    # /etc/docker/daemon.json
    # {
    #   "tlsverify": true,
    #   "tlscacert": "/etc/docker/certs.d/ca.pem",
    #   "tlscert": "/etc/docker/certs.d/server-cert.pem",
    #   "tlskey": "/etc/docker/certs.d/server-key.pem",
    #   "hosts": ["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"]
    # }
    
    echo " - 修改 /etc/docker/daemon.json 文件"
    cat <<EOF
    vi /etc/docker/daemon.json
    {
      "tlsverify": true,
      "tlscacert": "/etc/docker/certs.d/ca-$CODE.pem",
      "tlscert": "/etc/docker/certs.d/server-cert-$CODE.pem",
      "tlskey": "/etc/docker/certs.d/server-key-$CODE.pem",
      "hosts": ["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"]
    }
    EOF
    
    # 拷贝客户端证书文件
    # cp -v {ca,cert,key}.pem ~/.docker
    
    # 客户端远程连接
    # docker -H 192.168.1.130:2376 --tlsverify --tlscacert ~/.docker/ca.pem --tlscert ~/.docker/cert.pem --tlskey ~/.docker/key.pem ps -a
    echo "docker -H $IP:2376 --tlsverify --tlscacert ~/.docker/ca-$CODE.pem --tlscert ~/.docker/cert-$CODE.pem --tlskey ~/.docker/key-$CODE.pem ps -a"
    
    # 客户端使用 cURL 连接
    # curl --cacert ~/.docker/ca.pem --cert ~/.docker/cert.pem --key ~/.docker/key.pem https://192.168.1.130:2376/containers/json
    echo "curl --cacert ~/.docker/ca-$CODE.pem --cert ~/.docker/cert-$CODE.pem --key ~/.docker/key-$CODE.pem https://$IP:2376/containers/json"
    
    echo -e "\e[1;32mAll be done.\e[0m"
    

    执行脚本,设置 /usr/lib/systemd/system/docker.service

    ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -D -H tcp://0.0.0.0:2376 --tlsverify --tlscacert=/etc/docker/certs.d/ca.pem --tlscert=/etc/docker/certs.d/server-cert.pem --tlskey=/etc/docker/certs.d/server-key.pem
    

    重新加载配置文件重启docker。下载tls-client-certs-.tar 设置idea
    URL: https://IP:2376
    把下载的文件夹放上,主要去掉-

    二 . rabbitmq
    1. 拉取镜像
    docker pull rabbitmq:management
    
    1. 配置命令
    #!/bin/bash
    docker run -d --name rabbit -e RABBITMQ_DEFAULT_USER=admin -e RABBITMQ_DEFAULT_PASS=redSoft123  -p 5672:5672 -p 15672:15672 rabbitmq:management
    

    添加执行权限 执行ok

    1. 常用命令
      停止: docker ps
      docker stop [id]
      如果修改了启动shell的文件 则 docker rm [id]
      启动 docker start [id]
      初次启动 执行如上脚本
    三. redis
    1. 配置命令
    #!/bin/bash
    docker run --name redis -p 6379:6379 -v /Users/fengfan/doc/temp/redis_temp_data:/data -d redis:latest  redis-server --appendonly yes --requirepass "123456"
    

    相关文章

      网友评论

          本文标题:docker总结

          本文链接:https://www.haomeiwen.com/subject/zhrzvqtx.html