docker-compose :單機容器編排工具 https://docs.docker.com/compose/install/
1、安裝docker-compose 在一台容器中使用,輕松的管理容器,定義運行多個容器
[root@localhost ~]# wget https://hub.fastgit.org/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
[root@localhost ~]# mv docker-compose-Linux-x86_64 docker-compose
[root@localhost ~]# chmod +x docker-compose
[root@localhost ~]# mv docker-compose /usr/local/bin/
# docker-compose命令補全
[root@localhost ~]# curl -L https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose > /etc/bash_completion.d/docker-compose
2、docker-compose的使用
[root@localhost ~]# mkdir docker-compose
[root@localhost ~]# cd docker-compose/
[root@localhost docker-compose]# pwd
/root/docker-compose
[root@localhost docker-compose]# touch docker-compose.yaml
# 啟動一個服務
docker-compose up
參數:
-d :以守護進程方式運行
# 停止一個服務
docker-compose down
3、docker-compose的配置文件
version : 指定配置文件的版本號
services :指定項目的
image :指定鏡像
3.1、build
根據Dockerfile,臨時構建鏡像,並運行。
build Dockerfile的路徑
[root@localhost work]# cat docker-compose.yaml
version: "3"
services:
django:
build: ./django
3.2、command
指定容器啟動命令。
version: "3"
services:
nginxweb:
build: ./django
command: python manage.py runserver 0.0.0.0:8080
3.3、container_name
指定容器名稱,默認將會使⽤ 項⽬名稱_服務名稱_序號 這樣的格式。
version: "3"
services:
nginxweb:
build: ./django
command: python manage.py runserver 0.0.0.0:8080
container_name: djangov1
3.4、depends_on
解決容器的依賴、啟動先后的問題
version
3.5、env_file
指定一個環境變量文件名稱。
version: "3"
services:
nginx:
image: nginx
depends_on:
- django
env_file:
- ./env
3.6、environment
設置環境變量。
3.7、healthcheck
健康檢查
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 1m #延時探測時間
timeout: 10s #超時時間
retries: 3 #時間間隔
3.8、networks
定義再服務中的network,代表指定使用哪個網橋;定義在頂級中的network,代表創建的networks
3.9、ports
映射端口
ports:
- 8092:80
- 8093:443
3.10、sysctls vim/etc/sysctl.conf
設置內核參數。
sysctls:
- net.core.somaxconn=1024
- net.ipv4.tcp_syncookies=0
3.11 ulimits
3.12、volumes
掛載存儲卷
案例:nginx+django
version: "3" services: django: build: ./django container_name: django networks: - nginx nginx: build: ./nginx ports: - 8099:80 networks: - nginx depends_on: - django networks: nginx:
bbs
version: "3" services: bbs: build: ./bbs container_name: bbs networks: - nginx nginx: build: ./nginx ports: - 8098:80 depends_on: - bbs networks: - nginx networks: nginx:
#詳細操作 cd bbs ll rm -rf bbs/app01/migrations/* touch bbs/app01/migrations/__init__.py #創建數據庫,數據遷移 docker run -d --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7 docker exec -it mysql bash mysql -uroot -p123456 create database bbs; exit; exit python3 manage.py makemigrations python3 manage.py migrate 此時如果報錯,去settingd.py 修改HOST:192.168.15.105,然后重新遷移 python3 manage.py makemigrations python3 manage.py migrate vim docker-compose.yaml(見上面) cd work/ docker-compose down docker-compose up -d
docker可視化⼯具
官網: https://www.portainer.io/installation/
Portainer圖形化工具構建
# 1、編寫docker-compose.yaml文件 [root@docter portainer]# vim docker-compose.yaml version: '3' services: portainer: image: portainer/portainer-ce container_name: portainer ports: - "8000:8000" - "9000:9000" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "portainer_data:/data" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000"] interval: 15s timeout: 10s retries: 3 volumes: portainer_data: 如果報錯: [root@localhost portainer]# chmod 777 portainer_data/ volumes: - "./portainer_data:/data" # 2、啟動 docker-compose [root@docter portainer]# docker-compose up -d Creating network "portainer_default" with the default driver Creating volume "portainer_portainer_data" with default driver Pulling portainer (portainer/portainer-ce:)... latest: Pulling from portainer/portainer-ce 651a8e6e1630: Pull complete 56e38df73332: Pull complete 635ae9c57e4c: Pull complete Digest: sha256:3e499846ae1830e9465de7f110cbf19f4dff076e80abc0f7a1d4b50e67c6b873 Status: Downloaded newer image for portainer/portainer-ce:latest Creating portainer ... done # 3、查看 docker-compose容器 [root@docter portainer]# docker-compose ps Name Command State Ports ----------------------------------------------------------------------------------------------------------------------------------- portainer /portainer Up (health: starting) 0.0.0.0:8000->8000/tcp,:::8000->8000/tcp, 0.0.0.0:9000->9000/tcp,:::9000->9000/tcp # 4、IP訪問 192.168.15.30:9000
4、Harbor 自己的私有倉庫,用來存放鏡像
Harbor 是由 VMware 公司中國團隊為企業用戶設計的 Registry server 開源項目,包括了權限管理(RBAC)、LDAP、審計、管理界面、自我注冊、HA 等企業必需的功能,同時針對中國用戶的特點,設計鏡像復制和中文支持等功能。作為一個企業級私有 Registry 服務器,Harbor 提供了更好的性能和安全。提升用戶使用 Registry 構建和運行環境傳輸鏡像的效率。Harbor 支持安裝在多個 Registry 節點的鏡像資源復制,鏡像全部保存在私有 Registry 中, 確保數據和知識產權在公司內部網絡中管控。另外,Harbor 也提供了高級的安全特性,諸如用戶管理,訪問控制和活動審計等。
4.1、配置HTTPS
1、生成CA證書私鑰 mkdir /opt/cert cd /opt/cert openssl genrsa -out ca.key 4096 2、生成CA證書 openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=ShangHai/L=ShangHai/O=Oldboy/OU=Linux/CN=192.168.15.101" \ -key ca.key \ -out ca.crt 3、生成服務器證書 openssl genrsa -out 192.168.15.101.key 4096 4、生成證書簽名請求 openssl req -sha512 -new \ -subj "/C=CN/ST=ShangHai/L=ShangHai/O=Oldboy/OU=Linux/CN=192.168.15.101" \ -key 192.168.15.101.key \ -out 192.168.15.101.csr 5、生成一個x509 v3擴展文件 # 域名版 cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=yourdomain.com DNS.2=yourdomain DNS.3=hostname EOF # IP版 cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = IP:192.168.15.101 EOF 6、使用該v3.ext文件生成證書 openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in 192.168.15.101.csr \ -out 192.168.15.101.crt 7、提供證書給Harbor和Docker openssl x509 -inform PEM -in 192.168.15.101.crt -out 192.168.15.101.cert mkdir -pv /etc/docker/certs.d/192.168.15.101/ cp 192.168.15.101.cert /etc/docker/certs.d/192.168.15.101/ cp 192.168.15.101.key /etc/docker/certs.d/192.168.15.101/ cp ca.crt /etc/docker/certs.d/192.168.15.101/ # 如果nginx端口默認部署443和80 /etc/docker/certs.d/192.168.15.101:port /etc/docker/certs.d/192.168.15.101:port # 復制Harbor證書 mkdir -p /data/cert cp 192.168.15.101.crt /data/cert cp 192.168.15.101.key /data/cert cd /data/cert 8、證書受信 在/etc/docker/daemon.json 中添加如下內容 { "insecure-registries": ["192.168.15.101"] } 9、docker加載證書 systemctl restart docker
4.2、安裝Harbor
1、安裝harbor [root@localhost ~]# tar -xf harbor-offline-installer-v2.3.3.tgz -C /usr/local/ [root@localhost ~]# cd /usr/local [root@localhost local]# cd harbor/ [root@localhost harbor]# docker load < harbor.v2.3.3.tar.gz (可省) [root@localhost harbor]# cp harbor.yml.tmpl harbor.yml 2、修改harbor的配置文件 [root@localhost harbor]#vim harbor.yml hostname: 192.168.15.101 https: certificate: /data/cert/192.168.15.101.crt private_key: /data/cert/192.168.15.101.key 3、安裝啟動 ./install.sh scp /usr/local/bin/docker-compose 192.168.15.101:/usr/local/bin/ .
4.3、其他的docker免密
mkdir -pv /etc/docker/certs.d/192.168.15.101/ scp 192.168.15.101.cert root@192.168.15.105:/etc/docker/certs.d/192.168.15.101/ scp 192.168.15.101.key root@192.168.15.105:/etc/docker/certs.d/192.168.15.101/ scp ca.crt root@192.168.15.105:/etc/docker/certs.d/192.168.15.101/ # 證書受信 在/etc/docker/daemon.json 中添加如下內容 { "insecure-registries": ["192.168.15.101"] } systemctl restart docker
Habor推送命令
docker images
docker tag nginx:latest 192.168.15.101/linux/nginx:latest
docker images
docker push 192.168.15.101/linux/nginx:latest
然后Harbor后台可以看到上傳的鏡像