利用Docker搭建你的第一个应用栈以及部署监控:Haproxy+Django+Redis+Cadvisor+Consul+Prometheus+Grafana

本文详细记录了使用Docker在CentOS 7上搭建Haproxy、Django、Redis应用栈,以及通过Consul、Prometheus和Grafana进行监控的全过程。涉及的关键步骤包括Docker的安装、数据库主从配置、APP容器创建、haproxy代理设置和监控组件的部署。在部署过程中遇到了如配置文件生效、端口映射、服务注册等问题,并给出了相应的解决方案。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

在拜读浙江大学SEL实验室著作的《Docker容器与容器云》第二版时,自己按照书中在自己的虚拟机中搭建了一个由docker容器构建的应用栈以及部署了对其的监控。由于docker hub中镜像版本的的更迭,按照书中的步骤进行部署,不免会遇到一些问题,在此记录下部署过程也分享下部署过程中踩过的坑。

搭建的环境是:

1:虚拟机工具是VMware Workstations

2:操作系统是CentOS Linux release 7.5.1804 (Core)

3:linux内核是3.10.0-862.el7.x86_64

整个部署过程可以分为三部分:

1.安装docker

2.Haproxy+Django+Redis搭建应用栈

3.Cadvisor+Consul+Prometheus+Grafana部署监控

以下操作均在root用户下进行,其他用户请注意授予sudo权限

第一部分:安装docker

执行以下命令:

yum install docker

回显信息:

执行命令:

[root@localhost ~]# systemctl start docker

查看docker基本信息:

[root@localhost ~]# docker info

回显信息:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 1.13.1
...

docker安装完毕!

第二部分:Haproxy+Django+Redis搭建应用栈

  • 准备工作

1.拉取最新版本的镜像,执行以下命令:

[root@localhost ~]# docker pull redis
[root@localhost ~]# docker pull django
[root@localhost ~]# docker pull haproxy

2.查看拉取的镜像,执行以下命令

[root@localhost ~]# docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/haproxy   latest              d23194a3929a        5 days ago          72 MB
docker.io/redis     latest              5d2989ac9711        2 weeks ago         95 MB
docker.io/django    latest              eb40dcf64078        2 years ago         436 MB

3.创建容器挂载点目录,之后要给容器挂在文件目录,书中没有提前挂载,在启动容器时,如果不使用-v参数指定挂载目录,docker会默认自己指定挂载目录。执行以下命令:

[root@localhost ~]# cd /home
[root@localhost home]# mkdir docker
[root@localhost home]# ls
docker
[root@localhost home]# cd docker/
[root@localhost docker]# mkdir redis django haproxy
[root@localhost docker]# ls
django  haproxy  redis
  • 应用栈数据库节点配置

数据库配置包括主数据库和从数据库的配置,分别创建主数据库和从数据库的文件挂载点,执行以下命令:

[root@localhost ~]# cd /home/docker/redis
[root@localhost redis]# mkdir master slave1 slave2

1.master数据库的配置如下:

启动redis-master容器,执行以下命令:

[root@localhost redis]# docker run -it --name redis-master -v /home/docker/redis/master/:/data redis

--name 给容器进行命名,-v指定文件挂载目录

得到结果:

root@e54206d487ed:/data#

这个终端是容器虚拟出来的终端。

从容器终端中退出,使用快捷键Ctrl+D,或者执行以下命令:

root@e54206d487ed:/data# exit

切换到redis-master容器挂载的文件目录,创建redis的配置文件,文件名字是redis.conf配置文件内容,按照网上的模板书写就行,注意修改其中的参数。

[root@localhost ~] cd /home/docker/redis/master
[root@localhost ~] vim redis.conf

修改的参数为:

daemonize yes 注意是将yes修改为no,使Redis在容器前端运行,在前端运行时无法进行其他操作,可以再开一个终端。
pidfile /var/run/redis.pid

再次进入redis-master虚拟终端中,切换到容器中的volume目录:

[root@localhost master]# docker exec -it redis-master /bin/bash
root@e54206d487ed:/data# cd /data

复制启动配置文件从/data到redis工作目录/usr/local/bin下,执行以下命令:

root@e54206d487ed:/data# cp /data/redis.conf /usr/local/bin/
root@e54206d487ed:/data# ls
redis.conf
root@e54206d487ed:/data# cp /data/redis.conf /usr/local/bin/
root@e54206d487ed:/data# cd /usr/local/bin/
root@e54206d487ed:/usr/local/bin# ls
docker-entrypoint.sh  gosu  redis-benchmark  redis-check-aof  redis-check-rdb  redis-cli  redis-sentinel  redis-server	redis.conf

启动redis-master服务

root@e54206d487ed:/usr/local/bin# redis-server redis.conf 
31:C 14 Jan 2019 06:02:44.717 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
31:C 14 Jan 2019 06:02:44.717 # Redis version=5.0.3, bits=64, comm
一个典型的Haproxy_exporter的监控metric例子 包含指标 haproxy_backend_bytes_in_total haproxy_backend_bytes_out_total haproxy_backend_client_aborts_total haproxy_backend_compressor_bytes_bypassed_total haproxy_backend_compressor_bytes_in_total haproxy_backend_compressor_bytes_out_total haproxy_backend_connection_errors_total haproxy_backend_current_queue haproxy_backend_current_server haproxy_backend_current_session_rate haproxy_backend_current_sessions haproxy_backend_http_connect_time_average_seconds haproxy_backend_http_queue_time_average_seconds haproxy_backend_http_response_time_average_seconds haproxy_backend_http_responses_compressed_total haproxy_backend_http_responses_total haproxy_backend_http_total_time_average_seconds haproxy_backend_response_errors_total haproxy_backend_retry_warnings_total haproxy_backend_server_aborts_total haproxy_backend_server_selected_total haproxy_backend_sessions_total haproxy_backend_up haproxy_backend_weight haproxy_exporter_build_info haproxy_exporter_csv_parse_failures haproxy_exporter_total_scrapes haproxy_frontend_bytes_in_total haproxy_frontend_bytes_out_total haproxy_frontend_compressor_bytes_bypassed_total haproxy_frontend_compressor_bytes_in_total haproxy_frontend_compressor_bytes_out_total haproxy_frontend_connections_total haproxy_frontend_current_session_rate haproxy_frontend_current_sessions haproxy_frontend_http_requests_total haproxy_frontend_http_responses_compressed_total haproxy_frontend_http_responses_total haproxy_frontend_limit_session_rate haproxy_frontend_limit_sessions haproxy_frontend_max_session_rate haproxy_frontend_max_sessions haproxy_frontend_request_errors_total haproxy_frontend_requests_denied_total haproxy_frontend_sessions_total haproxy_server_bytes_in_total haproxy_server_bytes_out_total haproxy_server_check_duration_seconds haproxy_server_check_failures_total haproxy_server_client_aborts_total haproxy_server_connection_errors_total haproxy_server_current_queue haproxy_server_current_session_rate haproxy_server_current_sessions haproxy_server_downtime_seconds_total haproxy_server_http_responses_total haproxy_server_max_queue haproxy_server_max_session_rate haproxy_server_max_sessions haproxy_server_redispatch_warnings_total haproxy_server_response_errors_total haproxy_server_retry_warnings_total haproxy_server_server_aborts_total haproxy_server_server_selected_total haproxy_server_sessions_total haproxy_server_up haproxy_server_weight haproxy_up process_cpu_seconds_total process_max_fds process_open_fds process_resident_memory_bytes process_start_time_seconds process_virtual_memory_bytes promhttp_metric_handler_requests_in_flight promhttp_metric_handler_requests_total
### Ubuntu 上安装和配置 WebVirtMgr #### 准备工作 为了确保系统的兼容性和稳定性,在Ubuntu上部署WebVirtMgr前需确认主机具备必要的硬件辅助虚拟化技术,并验证已正确安装Git以及Python等依赖项[^2]。 #### 设置Libvirt与KVM 通过命令`egrep -c '(vmx|svm)' /proc/cpuinfo`来检查CPU是否支持虚拟化特性。接着利用包管理器更新系统并安装必需组件,如libvirt、QEMU-KVM及相关开发库。这一步骤对于后续操作至关重要,因为这些软件构成了整个平台的基础架构。 #### 用户权限调整 为了让普通用户能够管理和控制虚拟机实例,应当把目标账户加入到特定的用户组中去。具体做法是在终端执行如下指令:`sudo usermod -aG libvirtd $USER`;随后还需编辑配置文件/etc/default/libvirt-bin以启用监听功能,即添加参数`-l`至LIBVIRTD_ARGS变量内。 #### Libvirt服务优化 进一步修改位于/etc/libvirt/libvirtd.conf路径下的全局设定文档,解除某些行首字符‘#’号所代表的注释状态,从而允许远程客户端接入。完成更改之后记得保存退出再重启关联的服务进程以便生效新策略。 #### SASL认证机制建立 针对安全层面考量,建议设立独立的身份验证体系——SASL(Simple Authentication and Security Layer)。此过程涉及创建密码数据库记录管理员凭证信息,通常借助`saslpasswd2`工具实现自动化流程处理。 #### 防火墙规则定义 依据实际网络环境状况适当开放端口访问权限给外部请求进来。比如采用UFW(Uncomplicated Firewall)作为防护手段的话,则可通过运行`sudo ufw allow 16509/tcp`这样的语句达成目的,该动作准许外界经由TCP协议抵达指定位置上的libvirt守护程序接口处。 #### 构建Web应用框架 接下来转向构建支撑前端界面展示所需的后台逻辑部分。这里推荐选用Django这一流行的Python web framework来进行快速迭代开发。先获取最新版本源码压缩包解压放置合适目录下,依照官方指南逐步初始化项目结构直至可以正常启动调试模式为止。 #### 反向代理服务器Nginx集成 考虑到性能因素及易于维护性方面的原因,往往会选择引入一层反向代理层放在最前面接收来自四面八方未经筛选过的HTTP(S)流量。按照惯例选取开源解决方案Nginx担当重任,它不仅拥有出色的并发处理能力而且配置起来相当简便直观。只需简单改动几行server block里的location匹配规则就能让其顺利衔接起后端API网关节点。 #### 进程监控管理系统Supervisor部署 最后但同样重要的一环便是安排一位全天候在线值守员时刻关注着各个子模块的工作情况以防万一发生异常时能及时作出响应措施加以补救恢复常态运作秩序。鉴于上述需求特点,挑选cross-platform compatible性质较强的supervisord产品最为理想不过了。遵循标准安装教程一步步走下去直到最终成功注册成为开机自启型service单元结束全部准备工作。 ```bash # 更新apt缓存索引表单 sudo apt-get update && sudo apt-get upgrade -y # 安装基础套件集 sudo apt-get install build-essential git python-pip python-dev \ qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager \ nginx supervisor curl wget unzip vim net-tools htop iftop iotop nmap iptraf ngrep tcpdump lsof strace dstat sysdig bmon glances atop ncdu jq tree silversearcher-ag fzf autojump zsh tmux screen byobu docker.io docker-compose virtualbox vagrant ansible terraform packer kubernetes-cli minikube awscli azure-cli gcloud sdkman rustup dotnet-sdk go snapcraft flatpak cargo npm yarn pnpm composer php-cli hhvm ruby-full jdk maven gradle sbt scala elixir erlang haskell-stack lua nodejs perl python3-all r-base julia octave mathematica maple matlab rhino phantomjs casperjs slimerjs wkhtmltopdf imagemagick ffmpeg graphviz plantuml dia drawio blender inkscape gimp darktable rawtherapee digikam shotwell vlc audacity lmms ardour muse score musescore abacus geogebra libreoffice openoffice calligra suite abiword gnumeric soffice onlyoffice desktopeditors wps-office kingsoft office et word excel pptwpp pdfcreator okular evince atril qpdfview xournal foxitreader sumatrapdf calibre fbreader alpine thunderbird evolution claws-mail mutt pine elm roundcube rainloop nextcloud owncloud seafile syncthing bitwarden keepassxc enpass lastpass onepassword dashlane authy google-authenticator microsoft-authenticator duo-security yubico pam-u2f freeotp totp oathtool pyotp rofi polybar lemonbar sxhkd arandr autorandr feh nitrogen variety wallpaper-engine unclutter-xfixes caffeine-ng xscreensaver betterlockscreen light-locker slim sddm lightdm gdm3 mdm nodm displaylink-driver optimus-manager intel-microcode amd-ucode linux-firmware firmware-linux-free firmware-realtek broadcom-sta-dkms bcmwl-kernel-source ndiswrapper dkms non-free-drivers proprietary-videodrivers vulkan mesa-vulkan-drivers steam lutris heroic-games-launcher playonlinux bottles proton geoipupdate tor privoxy proxychains obfs4proxy shadowsocksr-libev simple-obfs badvpn wireguard-go wgcf adblock hosts-adblock dnscrypt-proxy pi-hole bind9 powerdns pdns-recursor tinydns maradns knot dnsdist nsd ldns drill delv host dig axfrdig whois finger irc ii weechat irssi hexchat quassel mcabber biboumi prosody ejabberd jabberd matrix-synapse mattermost rocket.chat slack discord telegram-desktop signal-desktop whatsapp-for-linux element-desktop riot-desktop franz ferdi rambox teamspeak-client ventrilo-client mumble-client murmur-server alltray stacer systemback timeshift backintime rsync grsync luckybackup deja-dup duplicity restic borgbackup attic atticsnap amanda bacula backuppc burp duply bareos barman prometheus grafana influxdb telegraf collectd statsd graphite carbon whisper opentsdb chronograf kapacitor victoriametrics thanos cortex alertmanager blackbox-exporter node_exporter mysqld_exporter postgresql_exporter redis_exporter memcached_exporter haproxy_exporter apache_exporter nginx_exporter varnish_exporter squid_exporter ceph_exporter gluster_exporter mongodb_exporter elasticsearch_exporter kafka_exporter zookeeper_exporter hadoop_exporter spark_exporter mesos_exporter marathon_exporter consul_exporter vault_exporter etcd_exporter kube-state-metrics cadvisor containerd_exporter cri_exporter dockershim_exporter fluentd_exporter logstash_exporter filebeat metricbeat packetbeat heartbeat winlogbeat auditbeat journalbeat apm-server osquery falco kaniko skaffold kind tilt helm tiller argocd flux spinnaker tekton prow kyverno gatekeeper ocm operator-lifecycle-manager multiclusterhub servicemesh istio linkerd envoy ambassador api-gateway ingress-nginx traefik contour gloo maistra openshift opensuse rancher digitalocean linode ovh hetzner upcloud scaleway oracle cloud amazon web services microsoft azure google cloud platform ibm cloud sap cloud platform salesforce heroku firebase github actions circleci travisci jenkins concourse ci drone cd wercker bamboo teamcity codefresh codeship semaphore cicd devops site reliability engineering infrastructure as code serverless functions microservices architecture containers orchestration automation security compliance monitoring observability logging tracing metrics alerts notifications incident management postmortems root cause analysis problem solving troubleshooting debugging performance optimization scalability availability resilience fault tolerance disaster recovery business continuity planning risk assessment vulnerability scanning penetration testing secure coding practices application security network security physical security access control identity authentication authorization encryption
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值