Linux-容器(二)
容器-容器架构自动化部分(二)
一、手动实现创建tengine镜像
1.流程
1. 下载并启动ubuntu:20.04 容器 叫 ubt_tengine_2.3.3
2. 配置apt源
3. 下载软件包
4. 编译安装3步曲 ./configure ; make ; make install
5. 启动与测试
6. 清理痕迹
7. 生成镜像
1.1 下载并启动ubuntu:20.04 容器 叫 ubt_tengine_2.3.3
[root@docker01 ~]# docker run -it --name 'ubt_tengine' ubuntu:20.04 /bin/bash
Unable to find image 'ubuntu:20.04' locally
20.04: Pulling from library/ubuntu
846c0b181fff: Pull complete
Digest: sha256:b872b0383a2149196c67d16279f051c3e36f2acb32d7eb04ef364c8863c6264f
Status: Downloaded newer image for ubuntu:20.04
root@a3371923e4e9:/#
1.2 配置apt源
root@a3371923e4e9:/# sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list
root@a3371923e4e9:/# apt update
1.3 安装软件包
root@a3371923e4e9:/# apt -y install vim curl
1.4 编译安装
#复制包到容器
[root@docker01 ~]# docker cp tengine-2.3.3.tar.gz ubt_tengine:/tmp/
Successfully copied 2.85MB to ubt_tengine:/tmp/
#安装依赖
root@a3371923e4e9:/# apt install -y libssl-dev make gcc pcre2-utils libpcre3-dev zlib1g-dev
#进入目录进行配置
root@a3371923e4e9:/# cd /tmp
root@a3371923e4e9:/tmp# ll
total 2784
drwxrwxrwt 1 root root 34 Mar 7 12:19 ./
drwxr-xr-x 1 root root 50 Mar 7 12:16 ../
-rw-r--r-- 1 root root 2848144 Feb 17 01:37 tengine-2.3.3.tar.gz
root@a3371923e4e9:/tmp# tar xf tengine-2.3.3.tar.gz
root@a3371923e4e9:/tmp# cd tengine-2.3.3
root@a3371923e4e9:/tmp/tengine-2.3.3# ./configure --prefix=/app/tools/tengine-2.3.3/ \
> --user=nginx \
> --group=nginx \
> --with-http_ssl_module \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_stub_status_module \
> --with-http_mp4_module \
> --with-stream \
> --with-stream_ssl_module \
> --with-stream_realip_module \
> --add-module=modules/ngx_http_upstream_check_module/ \
> --add-module=modules/ngx_http_upstream_session_sticky_module
root@a3371923e4e9:/tmp/tengine-2.3.3# echo $?
0
#make编译
root@a3371923e4e9:/tmp/tengine-2.3.3# make -j 1
root@a3371923e4e9:/tmp/tengine-2.3.3# echo $?
0
root@a3371923e4e9:/tmp/tengine-2.3.3# make install
#创建软链接
root@a3371923e4e9:/tmp/tengine-2.3.3# ln -s /app/tools/tengine-2.3.3/ /app/tools/tengine
#添加用户nginx
root@a3371923e4e9:/tmp/tengine-2.3.3# useradd -s /sbin/nologin nginx
root@a3371923e4e9:/tmp/tengine-2.3.3# id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
#nginx命令软连接到/sbin/下面.
root@a3371923e4e9:/tmp/tengine-2.3.3# ln -s /app/tools/tengine/sbin/nginx /sbin
root@a3371923e4e9:/tmp/tengine-2.3.3# nginx -v
Tengine version: Tengine/2.3.3
nginx version: nginx/1.18.0
1.5 启动与测试
root@a3371923e4e9:/tmp/tengine-2.3.3# nginx
root@a3371923e4e9:/tmp/tengine-2.3.3# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to tengine!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to tengine!</h1>
<p>If you see this page, the tengine web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://tengine.taobao.org/">tengine.taobao.org</a>.</p>
<p><em>Thank you for using tengine.</em></p>
</body>
</html>
1.6 清理痕迹
root@a3371923e4e9:/tmp/tengine-2.3.3# cd /tmp/
root@a3371923e4e9:/tmp# rm -rf *
1.7 生成镜像
[root@docker01 ~]# docker commit ubt_tengine tengine:ubt20.04
sha256:144bdda15c0d37ce8abba3589f90e7498f3f3fd327c26fc227e18a1161034bb2
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tengine ubt20.04 144bdda15c0d 5 seconds ago 357MB
#测试镜像
#启动容器容器中,要有个服务在前台阻塞住.
#这个容器中没有配置的.
#需要手动指定.
[root@docker01 ~]# docker run -d -p 81:80 tengine:ubt20.04 nginx -g "daemon off;"
nginx -g用于在命令行中指定配置文件中的选项/指令,要以分号结尾.
daemon off 关闭守护进程模式,前台运行
二、自动实现Dockerfile实现
1.Dockerfile概述
应用场景: 通过1个文件Dockerfile,生成自定义 镜像
为何使用Dockerfile:
我们目前都是手动拉取镜像,手动进行配置,手动安装依赖,手动编译安装,创建用户....,这个过程类似于命令行使用ansible模块(繁 琐,不方便重复执行). 书写Dockerfile把之前手动创建自定义镜像的过程,通过Dockerfile里面的指令实现.类似于书写playbook.
Dockerfile用于根据要求自动创建 镜像
2.Dockerfile指令
指令都是大写.
| Dockerfile指令 | 含义 | 应用 | 建议 |
|---|---|---|---|
| 开头部 分 | |||
| FROM | 指定基本镜像类似于 docker pull 下载镜像 | FROM ubuntu:20.04 | 尽量少写ubuntu或 ubuntu:latest,尽量指定具体的版 本. |
| LABEL | 用于指定容器的属性信息,作者,个人联系方式(邮件) | LABEL author="wh" | 推荐使用LABEL,不推荐使用下面的 MAINTAINER |
| MAINTAINER | 不再使用,推荐使用LABEL 个人信息 | ||
| ENV | 用于创建Dockerfile中使用的变量 | ENV Tengine_Version空格2.3.3 | 软件版本可以创建使用变量. |
| 中间处 理部分 | |||
| RUN | 制作镜像过程中需要的执行命令,通常系统配置,服务配置,部署。 但不能出现阻塞当前终端的命令。 | RUN 系统命令即可 | 不建议使用连续多个RUN,合并连续多 个RUN. |
| ADD | 可以把指定文件或目录拷贝到容器中(指定目录),会解压压缩包. 相对于当前目录 | ADD restart.tar.gz空 格/app/code/restart/ | 拷贝压缩包使用. |
| COPY | 可以把指定文件或目录拷贝到容器中(指定目录),不支持自动解压. 相对于当前目录. | COPY nginx.conf空格 /etc/nginx/nginx.conf | 拷贝文件或目录. |
| WORKDIR | 指定 容器 的默认工作目录 | WORKDIR /app/code/restart/ ADD restart.tar.gz空 | 一般用于配合ADD,COPY需要书写容器 中路径指令. Dockerfile中使用相对路径操作容 器 |
| VOLUME | 挂载数据卷. | VOLUME /usr/share/nginx/html | 创建随机数据卷挂载容器的目录. 未来推荐docker run的时候指定 -v 即可. |
| 结尾部 分书写的内容 | |||
| EXPOSE | 指定镜像要对外暴露的端口 | EXPOSE 80 | 用于指定一个或多个容器的端口. 未来这个端口可以被-P识别. xxxx:80 |
| CMD | 用于指定容器的入口命令.入口命令可以在docker run的时候替换.运行镜像 启动容器的时候,容器默认运行的命令是什么. | CMD ["命令","参数01","参数02"] CMD ["nginx","-g","daemon off;"] | 大部分都会使用CMD. |
| ENTRYPOINT | 用于指定容器的入口命令.无法被docker run替换, dockerrun指定的时候仅 仅作为 entrypoint命令的参数而已. | ENTRYPOINT ["executable", "param1", "param2"] | 使用不多. |
3. 编译安装tengine变成Dockerfile
[root@docker01 /app/docker/dockerfile/tengine_ubt_bird]# ll
total 2880
-rw-r--r-- 1 root root 91580 Mar 7 15:29 bird.tar.gz
-rw-r--r-- 1 root root 1287 Mar 7 15:55 Dockerfile
-rw-r--r-- 1 root root 2848144 Mar 7 15:51 tengine-2.3.3.tar.gz
[root@docker01 /app/docker/dockerfile/tengine_ubt_bird]# cat Dockerfile
#1.基本信息
FROM ubuntu:20.04
LABEL author="wh" \
desc="bird"
#2.传输软件包
ADD tengine-2.3.3.tar.gz /tmp/
#3.环境准备
RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \
&& apt update \
&& apt install -y libssl-dev make gcc pcre2-utils libpcre3-dev zlib1g-dev \
&& cd /tmp/tengine-2.3.3/ \
&& ./configure --prefix=/app/tools/tengine-2.3.3/ \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_mp4_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--add-module=modules/ngx_http_upstream_check_module/ \
--add-module=modules/ngx_http_upstream_session_sticky_module \
&& make -j 1 \
&& make install \
&& ln -s /app/tools/tengine-2.3.3/ /app/tools/tengine \
&& ln -s /app/tools/tengine/sbin/nginx /sbin/ \
&& useradd -s /sbin/nologin nginx
#传输代码
ADD bird.tar.gz /app/tools/tengine/html
#清理
RUN rm -rf /tmp/* /var/cache/*
#暴露端口和设置入口指令
EXPOSE 80
CMD [ "nginx","-g","daemon off;" ]
4.案例: 多服务镜像nginx+php
[root@docker01 /app/docker/dockerfile/nginx_php]# ll
total 21708
-rw-r--r-- 1 root root 467 Mar 8 10:24 Dockerfile
-rw-r--r-- 1 root root 45 Mar 8 10:14 entrypoint.sh
-rw-r--r-- 1 root root 22218170 Mar 8 10:06 ngx-dep-php72w.tar.gz
[root@docker01 /app/docker/dockerfile/nginx_php]# cat Dockerfile
FROM centos:7
LABEL author="wh" \
desc="nginx+php"
#拷贝压缩包
ADD ngx-dep-php72w.tar.gz /tmp/
COPY entrypoint.sh /
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo \
&& curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo \
&& yum -y localinstall /tmp/*.rpm \
&& sed -i "s#apache#nginx#g" /etc/php-fpm.d/www.conf
RUN chmod 755 /entrypoint.sh
EXPOSE 80
CMD ["/entrypoint.sh"]
[root@docker01 /app/docker/dockerfile/nginx_php]# cat entrypoint.sh
#!/bin/bash
php-fpm
nginx -g "daemon off;"
#注:#!/bin/bash必须写
5.案例 部署可道云
[root@docker01 /app/docker/dockerfile/php_nginx_kodexp]# ll
total 13668
-rw-r--r-- 1 root root 228 Mar 8 14:31 Dockerfile
-rw-r--r-- 1 root root 310 Mar 8 11:47 kod.cn.conf
-rw-r--r-- 1 root root 13983417 Mar 8 11:44 kodexp.tar.gz
-rw-r--r-- 1 root root 653 Mar 8 11:46 nginx.conf
[root@docker01 /app/docker/dockerfile/php_nginx_kodexp]# cat Dockerfile
FROM web:nginx_php
LABEL author="wh" \
desc="kodexp"
COPY nginx.conf /etc/nginx/nginx.conf
COPY kod.cn.conf /etc/nginx/conf.d
ADD kodexp.tar.gz /app/code
RUN chown -R nginx.nginx /app/code
EXPOSE 80
CMD ["/entrypoint.sh"]
[root@docker01 /app/docker/dockerfile/php_nginx_kodexp]# cat nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
##
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
[root@docker01 /app/docker/dockerfile/php_nginx_kodexp]# cat kod.cn.conf
server {
listen 80;
server_name kod.cn;
root /app/code/kodexp;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
6.CMD与ENTRYPOINT
| 指令 | CMD | ENTRYPOINT |
|---|---|---|
| 共同点 | 用于设置容器入口命令 容器启动后默认运行什么指令什么参数 | 用于设置容器入口命令 容器启动后默认运行什么指令什么参数 |
| 共同点 | CMD ["命令","参数1","参数2"] | ENTRYPOINT ["命令","参数1","参数2"] |
| 区别(非同时使用) | 用户通过docker run/exec启动进入容 器的时候,指定了命令. 这个命令会替代CMD命令和参数. |
用户通过docker run/exec启动进入容器的时候,指定了命令. 指定的命令,选项会成为ENTRYPOINT命令的参数 |
| 区别(一起使用) | CMD写的入口命令和命令的选项.(可以被 替换) | 入口的指令不可替换. 一般指定脚本,脚本用于判断用户docker run/exec的时候是否输入了命令. 如果没加 docker run -d nginx:1.20.2,直接运行CMD. 如果加了,则运行对应的命令和选项. |
#单独使用,也就是Dockerfile里只有一个指令时
docker run -d --name "test" -p 80:80 nginx:alpine sleep 999
#CMD方式:替换原有的指令
CMD [ "nginx","-g","daemon off;" ]
不会继续运行这个CMD里的nginx -g "daemon off;" ,运行sleep 999命令
#ENTRYPOINT方式:追加
ENTRYPOINT [ "nginx","-g","daemon off;" ]
命令就会变成 nginx -g "daemon off;" sleep 999
#同时使用,在1个dockerfile中同时使用
ENTRYPOINT ["/entrypoint.sh"]
CMD [ "nginx","-g","daemon off;" ]
#启动容器的时候什么都不加
docker run -d --name "test" -p 80:80 nginx:alpine /entrypoint.sh nginx -g "daemon off;"
#启动容器的时候加上了sleep 999
docker run -d --name "test" -p 80:80 nginx:alpine /entrypoint.sh sleep 999
7.多阶段提交
目前使用多节点提交实现:
编译安装一些软件的时候,一般是先安装各种依赖,然后开始编译安装,编译安装一般会生成新的命令.
1个镜像负责编译安装,生成命令.(临时)
1个镜像上一个镜像的命令复制过来+服务必要的配置.
最终使用最后的这个镜像.
tengine+type项目多阶段提交
- 创建镜像的时候起个别名 FROM xxx AS temp
- 对中间镜像进行操作,下载依赖,下载软件包,编译....
- 创建镜像 FROM ubuntu:20.04
- 把中间镜像的命令,配置文件/目录复制到最终镜像中.
- 复制代码
- EXPOSE 80, 设置入口指令CMD....
[root@docker01 /app/docker/dockerfile/tengine_ubt_bird]# ll
total 2880
-rw-r--r-- 1 root root 91580 Mar 7 15:29 bird.tar.gz
-rw-r--r-- 1 root root 1535 Mar 8 15:17 Dockerfile
-rw-r--r-- 1 root root 2848144 Mar 7 15:51 tengine-2.3.3.tar.gz
[root@docker01 /app/docker/dockerfile/tengine_ubt_bird]# cat Dockerfile
FROM ubuntu:20.04 AS TEMP
LABEL author="wh" \
desc="多模块"
ENV WEB_SERVER=tengine-2.3.3
ENV INSTALL_DIR=/app/tools/${WEB_SERVER}
ENV NGX_USER=nginx
ENV CPU_CORES=1
ADD tengine-2.3.3.tar.gz /tmp/
RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \
&& apt update \
&& apt install -y libssl-dev make gcc pcre2-utils libpcre3-dev zlib1g-dev \
&& cd /tmp/tengine-2.3.3/ \
&& ./configure --prefix=${INSTALL_DIR} \
--user=${NGX_USER} \
--group=${NGX_USER} \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_mp4_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--add-module=modules/ngx_http_upstream_check_module/ \
--add-module=modules/ngx_http_upstream_session_sticky_module \
&& make -j ${CPU_CORES} \
&& make install
FROM ubuntu:20.04
COPY --from=TEMP /app/ /app/
RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \
&& apt update
RUN apt install -y libssl-dev pcre2-utils libpcre3-dev zlib1g-dev
RUN ln -s /app/tools/tengine-2.3.3/ /app/tools/tengine \
&& ln -s /app/tools/tengine/sbin/nginx /sbin/ \
&& useradd -s /sbin/nologin nginx
ADD bird.tar.gz /app/tools/tengine/html
EXPOSE 80
CMD [ "nginx","-g","daemon off;" ]
8. dockerfile
| 生产环境应用建议 | 说明 |
|---|---|
| 尽量保证每个镜像功能单一 | 尽量避免多个服务运行在同一个镜像中. |
| 选择合适的基础镜像 | 不一定都要从头做(系统,ngx,tengine,tomcat,jdk) |
| 注释与说明 | 添加一定的注释和镜像属性信息(LABEL) |
| 指定版本号 | 使用镜像的时候指定版本,nginx:latest php:latest nginx:1.20.2-alpine |
| 减少镜像层数/步骤 | 尽可能合并RUN,ADD,COPY |
| 记得收尾 | 清理垃圾,记得清理缓存,临时文件,压缩包.... |
| 合理使用.dockerignore | 构建的忽略的文件(了解),少传输些文件.(有时会在Dockerfile同目录里有一些无用的东西,要把这些东西忽略) |
三、容器互联 --link
1.案例 分离式 nginx+php+可道云
#准备代码目录
[root@docker01 /app/docker/dockerfile]# mkdir -p kodexp/{conf,code}
[root@docker01 /app/docker/dockerfile]# cd kodexp/
[root@docker01 /app/docker/dockerfile/kodexp]# tar xf kodexp.tar.gz
[root@docker01 /app/docker/dockerfile/kodexp]# ll
total 13656
drwxr-xr-x 2 root root 6 Mar 8 20:05 code
drwxr-xr-x 2 root root 43 Mar 8 20:06 conf
drwxr-xr-x 7 root root 126 Mar 8 11:44 kodexp
-rw-r--r-- 1 root root 13983417 Mar 8 11:44 kodexp.tar.gz
[root@docker01 /app/docker/dockerfile/kodexp]# mv kodexp/* code
[root@docker01 /app/docker/dockerfile/kodexp]# ll code
total 104
drwxr-xr-x 10 root root 115 Nov 17 14:08 app
-rw-r--r-- 1 root root 91801 Nov 17 14:08 ChangeLog.md
drwxr-xr-x 3 root root 74 Nov 17 14:08 config
drwxr-xr-x 7 root root 72 Nov 17 14:08 data
-rw-r--r-- 1 root root 118 Nov 17 14:08 index.php
drwxr-xr-x 15 root root 218 Nov 17 14:08 plugins
-rw-r--r-- 1 root root 8074 Nov 17 14:08 README.MD
drwxr-xr-x 6 root root 57 Nov 17 14:08 static
#准备配置文件
[root@docker01 /app/docker/dockerfile/kodexp/conf]# cat kod.cn.conf
server {
listen 80;
server_name kod.cn;
root /app/code/kodexp;
location / {
index index.php;
}
location ~ \.php$ {
#互联容器的别名 php
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@docker01 /app/docker/dockerfile/kodexp/conf]# cat nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
##
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
#php配置文件
[root@docker01 /app/docker/dockerfile/kodexp/conf]# cat www.conf
[www]
user = www-data
group = www-data
listen = 0.0.0.0:9000
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
#修改代码目录权限
[root@docker01 /app/docker/dockerfile/kodexp]# chmod -R 777 code
#准备nginx和php容器
[root@docker01 /app/docker/dockerfile/kodexp]# docker pull nginx:1.22.1-alpine
[root@docker01 /app/docker/dockerfile/kodexp]# docker pull php:7-fpm-alpine
#启动php容器
[root@docker01 /app/docker/dockerfile/kodexp]# docker run -d --name "kodexp_php" \
> -v /app/docker/dockerfile/kodexp/conf/www.conf:/usr/local/etc/php-fpm.d/www.conf \
> -v /app/docker/dockerfile/kodexp/code:/app/code/kodexp \
> php:7-fpm-alpine
aa9c480edef00ac668fa1e97b5a42e456f7d66a9e6bfdeddb24b63e98455687b
#启动nginx容器
[root@docker01 /app/docker/dockerfile/kodexp]# docker run -d -p 80:80 --name "kodexp_nginx" \
> --link kodexp_php:php \
> -v /app/docker/dockerfile/kodexp/conf/nginx.conf:/etc/nginx/nginx.conf \
> -v /app/docker/dockerfile/kodexp/conf/kod.cn.conf:/etc/nginx/conf.d/kod.cn.conf \
> -v /app/docker/dockerfile/kodexp/code:/app/code/kodexp \
> nginx:1.22.1-alpine
9c02ff66299a7da467469dd37f5e0776c87c238604f73983c99ed2b3c237fa5e
[root@docker01 /app/docker/dockerfile/kodexp]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9c02ff66299a nginx:1.22.1-alpine "/docker-entrypoint.…" 54 seconds ago Up 53 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp kodexp_nginx
aa9c480edef0 php:7-fpm-alpine "docker-php-entrypoi…" About a minute ago Up About a minute 9000/tcp kodexp_php
补充
解决登录提示php环境缺少依赖 gd
##debian系统 FROM php:7.4-fpm RUN apt-get update && apt-get install -y \ libfreetype6-dev \ libjpeg62-turbo-dev \ libpng-dev \ && docker-php-ext-configure gd --with-freetype --with-jpeg \ && docker-php-ext-install -j$(nproc) gd
练习
部署zrlog
[root@docker01 /app/docker/dockerfile/zrlog/conf]# docker run -d -p 8080:8080 --name "zrlog_tomcat" \
> -v /app/docker/dockerfile/zrlog/ROOT.war:/usr/local/tomcat/webapps/ROOT.war \
> tomcat:9.0.52-jre8
[root@docker01 /app/docker/dockerfile/zrlog/conf]# docker pull tomcat:9.0.52-jre8
部署wordpress
[root@docker01 /app/docker/dockerfile/wordpress]# mv wordpress/* code
[root@docker01 /app/docker/dockerfile/wordpress]# chmod -R 777 code
[root@docker01 /app/docker/dockerfile/wordpress]# docker run -d --name "wordpress_php" \
> -v /app/docker/dockerfile/wordpress/conf/www.conf:/usr/local/etc/php-fpm.d/www.conf \
> -v /app/docker/dockerfile/wordpress/code:/app/code/wordpress \
> php:7-fpm-alpine
[root@docker01 /app/docker/dockerfile/wordpress]# cat /app/docker/dockerfile/wordpress/conf/wordpress.cn.conf
server {
listen 80;
server_name wordpress.cn;
root /app/code/wordpress;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@docker01 /app/docker/dockerfile/wordpress]# docker run -d -p 80:80 --name "wordpress_nginx" \
> --link wordpress_php:php \
> -v /app/docker/dockerfile/wordpress/conf/nginx.conf:/etc/nginx/nginx.conf \
> -v /app/docker/dockerfile/wordpress/conf/wordpress.cn.conf:/etc/nginx/conf.d/wordpress.cn.conf \
> -v /app/docker/dockerfile/wordpress/code:/app/code/wordpress \
> nginx:1.22.1-alpine
四、Docker Compose
单机容器编排工具
- docker compose
容器集群管理
- ansible+docker compose+dockerfile
- docker swarm实现集群管理.
- mesos
- 通过k8s kubernetes(船舵)实现集群管理
1.docker-compose极速上手指南
[root@docker01 ~]# yum -y install docker-compose
[root@docker01 ~]# mkdir -p /app/docker/compose/
2.案例 初步上手docker-compose
docker-compose默认文件名: docker-compose.yaml 或docker-compose.yml
[root@docker01 /app/docker/compose/nginx]# cat docker-compose.yml
version: "3.3"
services:
nginx_compose:
image: "nginx:1.22.1-alpine"
ports:
- "80:80"
| 命令格式 | |
|---|---|
| 容器 | |
| up -d | up == run 创建并运行容器 启动的时候后台运行类似于docker run -d |
| down | 关闭容器,删除容器,及相关资源. (慎用) |
| stop/start/restart | docker container 关闭、开启、重启容器。 |
| ps | 查看容器运行情况 只有-q选项 |
| top | 容器进程信息 |
| logs | 容器日志 |
| rm | 删除容器(需要容器已经关闭) |
| 镜像 | |
| images | 查看镜像 |
注意事项
如果docker-compose简单修改端口,数据卷.docker-compose up -d 会自动识别,重新创建容器. 如果容器的名字也改了,会造成新旧容器的端口冲突,会失败. 可以 up -d remove-orphans 删除之前容器或失效容器.
3. compose文件的常用指令
depends_on: 依赖,先启动指定的容器然后再启动当前容器.
volumes: 数据卷
links: 容器连接,本质hosts解析.
4.案例 docker-compose部署kodexp
[root@docker01 /app/docker/compose/kodexp]# ll
total 4
drwxrwxrwx 7 root root 126 Mar 9 10:31 code
drwxr-xr-x 2 root root 59 Mar 9 10:53 conf
-rw-r--r-- 1 root root 485 Mar 9 10:58 docker-compose.yml
[root@docker01 /app/docker/compose/kodexp]# cat docker-compose.yml
version: "3.3"
services:
#容器的名字
kodexp_php:
#镜像
image: "php:7-fpm-alpine"
#挂载卷
volumes:
- "./conf/www.conf:/usr/local/etc/php-fpm.d/www.conf"
- "./code:/app/code/kodexp"
#容器的名字
kodexp_nginx:
image: "nginx:1.22.1-alpine"
ports:
- "8088:80"
#容器连接
links:
- "kodexp_php:php"
depends_on:
#依赖
- "kodexp_php"
volumes:
- "./conf/nginx.conf:/etc/nginx/nginx.conf"
- "./conf/kod.cn.conf:/etc/nginx/conf.d/kod.cn.conf"
- "./code:/app/code/kodexp"
[root@docker01 /app/docker/compose/kodexp]# docker-compose up -d
[root@docker01 /app/docker/compose/kodexp]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------
kodexp_kodexp_nginx_1 /docker-entrypoint.sh ngin ... Exit 0
kodexp_kodexp_php_1 docker-php-entrypoint php-fpm Exit 0
5.docker-compose与dockerfile
[root@docker01 /app/docker/compose/bird]# cat Dockerfile
#1.基本信息
FROM nginx:alpine
LABEL author="wh" \
desc="bird"
ADD bird.tar.gz /usr/share/nginx/html
#暴露端口和设置入口指令
EXPOSE 80
CMD [ "nginx","-g","daemon off;" ]
[root@docker01 /app/docker/compose/bird]# cat docker-compose.yml
version: "3.3"
services:
#容器名字
ngx_bird:
#执行构造镜像
build: .
#镜像名字
image: "web:ngx_bird"
ports:
- "80:80"
[root@docker01 /app/docker/compose/bird]# docker-compose up -d
Building ngx_bird
Step 1/5 : FROM nginx:alpine
---> 2bc7edbc3cf2
Step 2/5 : LABEL author="wh" desc="bird"
---> Running in 2cb46a5b7bd2
Removing intermediate container 2cb46a5b7bd2
---> 6a554442356a
Step 3/5 : ADD bird.tar.gz /usr/share/nginx/html
---> 3a29b13e1219
Step 4/5 : EXPOSE 80
---> Running in b8259d68893b
Removing intermediate container b8259d68893b
---> 8208ade895f5
Step 5/5 : CMD [ "nginx","-g","daemon off;" ]
---> Running in df1964ceb672
Removing intermediate container df1964ceb672
---> 7a728380c533
Successfully built 7a728380c533
Successfully tagged web:ngx_bird
WARNING: Image for service ngx_bird was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating bird_ngx_bird_1 ... done
[root@docker01 /app/docker/dockerfile/tengine_ubt_bird_bak]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cf86d4d34055 web:ngx_bird "/docker-entrypoint.…" 2 minutes ago Up About a minute 0.0.0.0:80->80/tcp, :::80->80/tcp bird_ngx_bird_1
五、docker镜像仓库之registry仓库
1.仓库选型与概述
| docker镜像仓库方案 | 应用场景与特点 |
|---|---|
| 镜像保存为压缩包 | 使用的时候,sl(save/load),仅适用于节点极少的情况.很不方便. |
| registry镜像仓库 | 使用方便,适用于小型网站集群.(镜像不多,环境不复杂),命令行操作. |
| harbor镜像仓库 | 企业级镜像仓库(docker,k8s)都可用,图形化页面 |
| 公有云的镜像服务 | 在公有云上申请个人,企业. |
2.环境准备
#修改hosts
[root@docker01 ~]# cat /etc/hosts
10.0.0.81 docker01.cn
10.0.0.82 docker02.cn reg.cn
[root@docker02 ~]# cat /etc/hosts
10.0.0.81 docker01.cn
10.0.0.82 docker02.cn reg.cn
3.极速上手指南
#下载registry #镜像仓库服务器配置
[root@docker02 ~]# docker pull registry
#配置(docker服务端准许使用http) (所有使用私有镜像仓库的节点都要配置)
[root@docker01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": [ "华为云加速地址" ],
"insecure-registries": ["reg.cn"] #修改这个域名
}
#注意第2行结尾的逗号
#使用启动registry指定端口号5000:5000
[root@docker02 ~]# docker volume create registry
[root@docker02 ~]# docker volume ls
[root@docker02 ~]# docker run -d --name "registry" -p 5000:5000 -v registry:/var/lib/registry \
> --restart=always registry:latest
#docker01使用,先修改标签为仓库的地址,然后push
[root@docker01 /app/docker/compose/kodexp]# docker tag nginx:1.22.1-alpine reg.cn:5000/wh/nginx:1.22
[root@docker01 /app/docker/compose/kodexp]# docker push reg.cn:5000/wh/nginx:1.22
The push refers to repository [reg.cn:5000/wh/nginx]
7fbf7f6957d5: Pushed
7ef61094715c: Pushed
98e71313b6c2: Pushed
78bf1b847806: Pushed
d58d318d37eb: Pushed
aa5968d388b8: Pushed
1.22: digest: sha256:ff2a5d557ca22fa93669f5e70cfbeefda32b98f8fd3d33b38028c582d700f93a size: 1568
#进行查看
[root@docker02 ~]# curl -L 10.0.0.82:5000/v2/_catalog
{"repositories":["wh/nginx"]}
#下载镜像
[root@docker02 ~]# docker pull reg.cn:5000/wh/nginx:1.22
4.把启动registry写成docker compose
[root@docker02 /app/docker/compose/registry]# cat docker-compose.yml
version: "3.3"
services:
wh_registry:
#容器名字
container_name: "wh_reg"
#镜像名字
image: "registry:latest"
ports:
- "5000:5000"
restart: always
#引用卷
volumes:
- "registry:/var/lib/registry"
#创建卷
volumes:
registry:
[root@docker02 /app/docker/compose/registry]# docker-compose up -d
Creating network "registry_default" with the default driver
Creating volume "registry_registry" with default driver
Creating wh_reg ... done
六、 docker企业级镜像仓库-harbor仓库
1.环境准备
由于harbor的包挺大,需要1核2G的空间
公有云的软件下载的地址:
https://github.com/goharbor/harbor/releases/download/v2.7.1/harbor-offline-installer-v2.7.1.tgz
需要安装docker和docker-compose
[root@docker02 ~]# ll
total 770352
-rw-r--r-- 1 root root 629571428 Mar 9 14:36 harbor-offline-installer-v2.3.1.tgz
[root@docker02 ~]# mkdir /app/tools
[root@docker02 ~]# tar xf harbor-offline-installer-v2.3.1.tgz -C /app/tools
[root@docker02 /app/tools/harbor]# ll
total 618140
drwxr-xr-x 3 root root 20 Mar 9 15:16 common
-rw-r--r-- 1 root root 3361 Jul 19 2021 common.sh
-rw-r--r-- 1 root root 5996 Mar 9 15:18 docker-compose.yml
-rw-r--r-- 1 root root 632922189 Jul 19 2021 harbor.v2.3.1.tar.gz
-rw-r--r-- 1 root root 7840 Jul 19 2021 harbor.yml.tmpl
-rwxr-xr-x 1 root root 2500 Jul 19 2021 install.sh
-rw-r--r-- 1 root root 11347 Jul 19 2021 LICENSE
-rwxr-xr-x 1 root root 1881 Jul 19 2021 prepare
[root@docker02 /app/tools/harbor]# cp harbor.yml.tmpl harbor.yml
#修改harbor.yml文件
[root@docker02 /app/tools/harbor]# cat -n harbor.yml
1 # Configuration file of Harbor
2
3 # The IP address or hostname to access admin UI and registry service.
4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
####################修改第5行为自己的域名
hostname: harbor.cn
5 #hostname: reg.mydomain.com
6
7 # http related config
8 http:
9 # port for http, default is 80. If https enabled, this port will redirect to https port
10 port: 80
11
##################注释13,15,17,18行
12 # https related config
13 #https:
14 # https port for harbor, default is 443
15 # port: 443
16 # The path of cert and key files for nginx
17 #certificate: /your/certificate/path
18 #private_key: /your/private/key/path
19
20 # # Uncomment following will enable tls communication between all harbor components
21 # internal_tls:
22 # # set enabled to true means internal tls is enabled
23 # enabled: true
24 # # put your cert and key files on dir
25 # dir: /etc/harbor/tls/internal
26
27 # Uncomment external_url if you want to enable external proxy
28 # And when it enabled the hostname will no longer used
29 # external_url: https://reg.mydomain.com:8433
30
31 # The initial password of Harbor admin
32 # It only works in first time to install harbor
33 # Remember Change the admin password from UI after launching Harbor.
##############修改第34行的密码
harbor_admin_password:admin
34 #harbor_admin_password: Harbor12345
#执行install
[root@docker02 /app/tools/harbor]# ./install.sh
#注意要检查80是否被占用
#提示successfully成功
? ----Harbor has been installed and started successfully.----
#修改上传镜像服务器的docker配置
[root@docker01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": [ "华为云加速地址" ],
"insecure-registries": ["harbor.cn"]
}
[root@docker01 ~]# systemctl restart docker
#docker01测试上传
[root@docker01 /app/docker/compose/kodexp]# docker login -uadmin -padmin harbor.cn
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker01 /app/docker/compose/kodexp]# docker tag nginx:1.22.1-alpine harbor.cn/library/nginx:1.22
[root@docker01 /app/docker/compose/kodexp]# docker push harbor.cn/library/nginx:1.22
The push refers to repository [harbor.cn/library/nginx]
7fbf7f6957d5: Pushed
7ef61094715c: Pushed
98e71313b6c2: Pushed
78bf1b847806: Pushed
d58d318d37eb: Pushed
aa5968d388b8: Pushed
1.22: digest: sha256:ff2a5d557ca22fa93669f5e70cfbeefda32b98f8fd3d33b38028c582d700f93a size: 1568
[root@docker01 /app/docker/compose/kodexp]#
2.故障
2.1 harbor提示"no such host"
原因:
1.没有做host解析
2.harbor.yml 文件的第5行的域名不对
解决:
1.查看/etc/hosts
2.修改harbor.yml重新install一下,
2.2 harbor提示"connect: connection refused"
[root@docker01 ~]# docker login -uadmin -padmin harbor.cn
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://harbor.cn/v2/": dial tcp 10.0.0.82:443: connect: connection refused
#原因:
/etc/docker/daemon.json 没有加 "insecure-registries": ["harbor.cn"]
#解决:
[root@docker01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": [ "华为云加速地址" ],
"insecure-registries": ["harbor.cn"]
}
[root@docker01 ~]# systemctl restart docker
2.3 docker提示"because start of the service was attempted too often"
[root@docker01 ~]# systemctl restart docker
Job for docker.service failed because start of the service was attempted too often. See "systemctl status docker.service" and "journalctl -xe" for details.
To force a start use "systemctl reset-failed docker.service" followed by "systemctl start docker.service" again.
[root@docker01 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Thu 2023-03-09 20:18:32 CST; 26s ago
Docs: https://docs.docker.com
Process: 4872 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
Main PID: 4872 (code=exited, status=1/FAILURE)
Mar 09 20:18:30 docker01 systemd[1]: docker.service failed.
Mar 09 20:18:32 docker01 systemd[1]: docker.service holdoff time over, scheduling restart.
Mar 09 20:18:32 docker01 systemd[1]: Stopped Docker Application Container Engine.
Mar 09 20:18:32 docker01 systemd[1]: start request repeated too quickly for docker.service
Mar 09 20:18:32 docker01 systemd[1]: Failed to start Docker Application Container Engine.
Mar 09 20:18:32 docker01 systemd[1]: Unit docker.service entered failed state.
Mar 09 20:18:32 docker01 systemd[1]: docker.service failed.
Mar 09 20:18:40 docker01 systemd[1]: start request repeated too quickly for docker.service
Mar 09 20:18:40 docker01 systemd[1]: Failed to start Docker Application Container Engine.
Mar 09 20:18:40 docker01 systemd[1]: docker.service failed.
#原因:
#重启docker的时候需要点时间
2.4 docker-compose 提示 "you're using the wrong Compose file version"
[root@aliyun bbs-go-master]# docker-compose pull
ERROR: Version in "./docker-compose.yml" is unsupported. You might be seeing this error because you're using the wrong Compose file version. Either specify a supported version (e.g "2.2" or "3.3") and place your service definitions under the `services` key, or omit the `version` key and place your service definitions at the root of the file to use version 1.
For more on the Compose file format versions, see https://docs.docker.com/compose/compose-file/
[root@aliyun bbs-go-master]# cat docker-compose.yml
version: '3.8'
原因:
docker-compose:1.25.5 才支持docker-compose3.8
解决:
2.16.0
[root@aliyun ~]# wget https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64
[root@aliyun tools]# mv /usr/bin/docker-compose /usr/bin/docker-compose_bak
[root@aliyun tools]# ll
total 46592
-rwxr-xr-x 1 root root 47706112 Mar 11 18:13 docker-compose-linux-x86_64
[root@aliyun tools]# chmod +x /app/tools/docker-compose-linux-x86_64
[root@aliyun tools]# ln -s /app/tools/docker-compose-linux-x86_64 /usr/bin/docker-compose
[root@aliyun tools]# docker-compose -v
Docker Compose version v2.16.0
浙公网安备 33010602011771号