极客时间运维进阶训练营第三周作业----基于docker-compose实现对nginx+tomcat web服务的单机编排
docker-compose:
V1----python
V2----go
两个版本有些指令是不兼容的
docker-compose在逻辑上把容器分为三层
poject:工程,默认当前目录名
service:服务,通过服务名称管理容器
container:容器
docker-compose的github主页:https://github.com/docker/compose
下载好之后按个人习惯放到PATH里,加上x就可以使用了(用apt或者yum之类的方式安装也可以)
docker-compose相关文档:Compose file versions and upgrading | Docker Documentation
root@docker1:/home/z9999# docker-compose -h
Define and run multi-container applications with Docker.
Usage:
docker-compose [-f <arg>...] [--profile <name>...] [options] [--] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file \\指定compose file,不加该选项会自动读取当前目录的文件
(default: docker-compose.yml) \\docker-compose.yml docker-compose.yaml compose.yml compose.yaml
-p, --project-name NAME Specify an alternate project name \\指定一个项目名称,不加该选项默认项目名称为ompose file所在目录名
(default: directory name)
--profile NAME Specify a profile to enable \\
-c, --context NAME Specify a context name
--verbose Show more output \\输出更详尽的信息
--log-level LEVEL Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL) \\指定记录日志级别
--ansi (never|always|auto) Control when to print ANSI control characters
--no-ansi Do not print ANSI control characters (DEPRECATED)
-v, --version Print version and exit \\显示compose版本
-H, --host HOST Daemon socket to connect to
--tls Use TLS; implied by --tlsverify
--tlscacert CA_PATH Trust certs signed only by this CA
--tlscert CLIENT_CERT_PATH Path to TLS certificate file
--tlskey TLS_KEY_PATH Path to TLS key file
--tlsverify Use TLS and verify the remote
--skip-hostname-check Don't check the daemon's hostname against the
name specified in the client certificate
--project-directory PATH Specify an alternate working directory \\指定project目录,默认为compose file所在目录
(default: the path of the Compose file)
--compatibility If set, Compose will attempt to convert keys
in v3 files to their non-Swarm equivalent (DEPRECATED)
--env-file PATH Specify an alternate environment file
Commands:
build Build or rebuild services \\构建或重新构建服务
config Validate and view the Compose file \\检查compose file, -q 如果没有错误不会输出任何信息
create Create services
down Stop and remove resources \\停止并删除资源(会把容器删除,慎用!)
events Receive real time events from containers
exec Execute a command in a running container \\类似于docker的exec,但不加-it
help Get help on a command
images List images \\列出docker-compose下载的镜像,和docker exec里现实的不一样
kill Kill containers \\杀死容器
logs View output from containers
pause Pause services
port Print the public port for a port binding
ps List containers
pull Pull service images
push Push service images
restart Restart services
rm Remove stopped containers \\删除一个停止的容器
run Run a one-off command \\运行一个容器一次
scale Set number of containers for a service \\为一个服务器的容器设置容器数量,设置这个值后compose里不能写container name和port
start Start services \\启动一个服务
stop Stop services \\停止一个服务
top Display the running processes
unpause Unpause services
up Create and start containers \\创建并启动一个容器 docker-compose up -d
version Show version information and quit \\显示docker-compose版本
compose file:
root@docker1:/home/z9999/docker-compose-cases/case1-commands_options# cat docker-compose.yml
version: '3.8' \\定义compose file版本
services: \\定义服务
nginx-server: \\定义服务名
image: nginx:1.22.0-alpine \\定义要使用的镜像
container_name: nginx-web1 \\定义荣启名称
expose: \\声明端口
- 80
- 443
ports: \\端口映射
- "80:80"
- "443:443"
#profiles: #基于配置文件指定要操作的目的容器 \\大概意思就是把容器打个标签,docker-compose的指令加profiles名的话会只对一部分容器操作
# - frontend
env_file: \\传递环境变量到容器
- test.env
deploy: \\
resources: #资源限制
limits:
cpus: '0.50'
memory: 1024M
reservations:
cpus: '0.5'
memory: 512M
restart: always
healthcheck: #添加服务健康状态检查
test: ["CMD", "curl", "-f", "http://127.0.0.1:80/index.html"] \\在容器里会执行这个命令用于检测health状态
interval: 5s #健康状态检查的间隔时间,默认为30s
timeout: 5s #单次检查的失败超时时间,默认为30s
retries: 3 #连续失败次数默认3次,当连续失败retries次数后将容器置为unhealthy状态
start_period: 60s #60s后每间隔interval的时间检查一次,连续retries次后才将容器置为unhealthy状态, 但是start_period时间内检查成功就认为是检查成功并装容器置于healthy状态
redis-server:
image: redis:6.2.7-alpine3.16
container_name: redis1
expose:
- 6379
ports:
- "6379:6379"
#profiles:
# - backend
让服务使用docker0
root@docker1:/home/z9999/docker-compose-cases/case1-commands_options# cat ../case2-use-default-network/docker-compose.yml
version: '3.8'
services:
nginx-server:
image: nginx:1.22.0-alpine
container_name: nginx-web1
network_mode: bridge #网络1,使用docker安装后的默认网桥
expose:
- 80
- 443
ports:
- "80:80"
- "443:443"
networks:
default: #使用docker的默认网络
external: #docker-compose 之外的网络,不需要docker-compsoe创建网络
name: bridge #自定义一个网络名称,用于被容器引用
自定义网络和磁盘挂载以及依赖关系
root@docker1:/home/z9999/docker-compose-cases/case1-commands_options# cat ../case3-custom-network/docker-compose.yml
version: '3.8'
services:
nginx-server:
image: nginx:1.22.0-alpine
container_name: nginx-web1
# network_mode: bridge #网络1,使用docker安装后的默认网桥
expose:
- 80
- 443
ports:
- "80:80"
- "443:443"
networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有两块网卡
- front
- backend
links: #依赖关系,容器运行起来后会自动在容器内把tomcat-server解析为tomcat-server的地址
- tomcat-server
tomcat-server:
#image: tomcat:7.0.93-alpine
image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-myapp:v1
container_name: tomcat-app1
##network_mode: bridge #网络1,使用docker安装后的默认网桥
#expose:
# - 8080
#ports:
# - "8080:8080"
networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡
- backend
links:
- mysql-server
mysql-server:
image: mysql:5.6.48
container_name: mysql-container
# network_mode: bridge #网络1,使用docker安装后的默认网桥
volumes:
- /data/mysql:/var/lib/mysql
#- /etc/mysql/conf/my.cnf:/etc/my.cnf:ro
environment:
- "MYSQL_ROOT_PASSWORD=12345678"
- "TZ=Asia/Shanghai"
expose:
- 3306
ports:
- "3306:3306"
networks: #网络2,使用自定义的网络,如果网络不存在则会自动创建该网络并分配子网,并且容器会有一块网卡
- backend
networks:
front: #自定义前端服务网络,需要docker-compose创建
driver: bridge
backend: #自定义后端服务的网络,要docker-compose创建
driver: bridge
default: #使用已经存在的docker0默认172.17.0.1/16的网络
external:
name: bridge
基于docker-compose运行一个nginx+java的web服务
root@docker2:/home/z9999/compose-case# ls
docker-compose.yml
root@docker2:/home/z9999/compose-case# cat docker-compose.yml
version: '3.8'
services:
nginx-server:
image: harbor.liuzheng.net/server/nginx:20221108025818
container_name: nginx-server
expose:
- 80
- 443
ports:
- "80:80"
networks:
- front
- backend
environment:
- "TZ=Asia/Shanghai"
#volumes:
# - /home/z9999/compose-case/nginx.conf:/etc/nginx/nginx.conf:ro
links:
- tomcat-server
deploy:
resources:
limits:
cpus: '0.5'
memory: 1024M
restart: always
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:80/index.html"]
interval: 5s
timeout: 5s
retries: 3
start_period: 60s
tomcat-server:
image: ashince/tomcat8
container_name: tomcat-server
environment:
- "TZ=Asia/Shanghai"
networks:
- backend
volumes:
#- /data/:/data
networks:
front:
driver: bridge
backend:
driver: bridge
default:
external:
name: bridge
root@docker2:/home/z9999/compose-case# docker-compose down Stopping nginx-server ... done Stopping tomcat-server ... done Removing nginx-server ... done Removing tomcat-server ... done Removing network compose-case_backend Removing network compose-case_front root@docker2:/home/z9999/compose-case# docker-compose up -d Creating network "compose-case_backend" with driver "bridge" Creating network "compose-case_front" with driver "bridge" Creating tomcat-server ... done
Creating nginx-server ... done
root@docker2:/home/z9999/compose-case# docker network ls
NETWORK ID NAME DRIVER SCOPE
8c09e9963ebb bridge bridge local
d7de761b4c55 compose-case_backend bridge local \\这两个就是docker-compose创建的网络,名字是“项目名称_网络名称”
4a48b5851598 compose-case_front bridge local \\
72549205163a host host local
3ec290be5a76 none null local
\\只把nginx的80和443端口映射到了宿主机上,java和nginx是通过新建的backend网络通信的,通过links创建依赖关系,并在nginx容器中将tomcat-service解析为ip地址
root@docker2:/home/z9999/compose-case# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6bfd127c37c5 harbor.liuzheng.net/server/nginx:20221108025818 "/usr/sbin/nginx -g …" 10 minutes ago Up 10 minutes (unhealthy) 0.0.0.0:80->80/tcp, :::80->80/tcp, 443/tcp nginx-server
fb3e68f4a610 ashince/tomcat8 "catalina.sh run" 10 minutes ago Up 10 minutes 8080/tcp tomcat-server
浙公网安备 33010602011771号