container-selinux-2.21-1.el7.noarch.rpm
docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
libsemanage-2.5-8.el7.x86_64.rpm
libsemanage-python-2.5-8.el7.x86_64.rpm
pigz-2.3.4-1.el7.x86_64.rpm
policycoreutils-2.5-17.1.el7.x86_64.rpm
policycoreutils-python-2.5-17.1.el7.x86_64.rpm
docker 默认补不齐需要下载 bash-*
systemctl start docker
[root@server docker]# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.03.1-ce
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-514.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.3 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.797GiB
Name: server
ID: 4BZQ:ZSSB:B2WX:DTSF:A762:4SKK:EUJ5:4FLO:3PZM:CWFB:GLQB:X43E
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
[root@server docker]# docker node
Usage: docker node COMMAND
Manage Swarm nodes
Options:
Commands:
demote Demote one or more nodes from manager in the swarm
inspect Display detailed information on one or more nodes
ls List nodes in the swarm
promote Promote one or more nodes to manager in the swarm
ps List tasks running on one or more nodes, defaults to current node
rm Remove one or more nodes from the swarm
update Update a node
Run 'docker node COMMAND --help' for more information on a command.
[root@server docker]# docker load
requested load from stdin, but stdin is empty
[root@server docker]# docker load
requested load from stdin, but stdin is empty
[root@server docker]# docker load -i rhel7.tar
e1f5733f050b: Loading layer 147.1MB/147.1MB
[root@server docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 latest 0a3eb3fde7fd 3 years ago 140MB
[root@server docker]# docker load -i ubuntu.tar 把ubuntu.tar包放入docker
454970bd163b: Loading layer 196.8MB/196.8MB
38112156678d: Loading layer 208.9kB/208.9kB
4e1f7c524148: Loading layer 4.608kB/4.608kB
56063ad57855: Loading layer 1.024kB/1.024kB
[root@server docker]# docker load -i nginx.tar nginx载入docker
d8bd0657b25f: Loading layer 130.9MB/130.9MB
a582cd499e0f: Loading layer 1.024kB/1.024kB
f5a1ef78853b: Loading layer 1.024kB/1.024kB
605083c53cc5: Loading layer 1.024kB/1.024kB
c95d1af3960d: Loading layer 67.97MB/67.97MB
0a410ba58143: Loading layer 3.584kB/3.584kB
fb6fc13654c9: Loading layer 1.024kB/1.024kB
36b0adefb2f3: Loading layer 1.024kB/1.024kB
[root@server docker]# docker load -i game2048.tar
011b303988d2: Loading layer 5.05MB/5.05MB
36e9226e74f8: Loading layer 51.46MB/51.46MB
192e9fad2abc: Loading layer 3.584kB/3.584kB
6d7504772167: Loading layer 4.608kB/4.608kB
88fca8ae768a: Loading layer 629.8kB/629.8kB
Loaded image: game2048:latest
[root@server docker]# docker history nginx:latest 查看执行动作
IMAGE CREATED CREATED BY SIZE COMMENT
af4b3d7d5401 2 years ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon … 0B
1f13f00bff49 2 years ago /bin/sh -c #(nop) EXPOSE 443/tcp 80/tcp 0B
ca041140639d 2 years ago /bin/sh -c ln -sf /dev/stdout /var/log/nginx… 22B
991d91ef3b7a 2 years ago /bin/sh -c apt-key adv --keyserver hkp://pgp… 65.4MB
0b9cb8ba0ed6 2 years ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.9.12-1… 0B
e8ec4c78f0a1 2 years ago /bin/sh -c #(nop) MAINTAINER NGINX Docker Ma… 0B
f50f9524513f 2 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
61e59900d3c0 2 years ago /bin/sh -c #(nop) ADD file:b5391cb13172fb513… 125MB
[root@server docker]# docker run -d nginx.tar
Unable to find image 'nginx.tar:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on [::1]:53: read udp [::1]:51447->[::1]:53: read: connection refused.
See 'docker run --help'.
[root@server docker]# docker run -d nginx 启动nginx
9bf83c8a2368a8e2bcf03598a79211bbfc7a768e212d169ed56e29ac5d2ade78
[root@server docker]# docker run -d nginx
ac488e0e2a822fb082ebd0c05b3803a768a5358268aab9ad58ad1894bedcad15
[root@server docker]# docker images 查看所有镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
game2048 latest 19299002fdbe 16 months ago 55.5MB
nginx latest af4b3d7d5401 2 years ago 191MB
ubuntu latest 07c86167cdc4 2 years ago 188MB
rhel7 latest 0a3eb3fde7fd 3 years ago 140MB
[root@server docker]# docker ps 列出在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac488e0e2a82 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp, 443/tcp mystifying_leakey
9bf83c8a2368 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp, 443/tcp goofy_noyce
[root@server docker]# docker ps -a 显示所有容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac488e0e2a82 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp, 443/tcp mystifying_leakey
9bf83c8a2368 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp, 443/tcp goofy_noyce
[root@server docker]# docker inspect
"docker inspect" requires at least 1 argument.
See 'docker inspect --help'.
Usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...] [flags]
Return low-level information on Docker objects
[root@server docker]# yum install -y bridge-utils -y 安装
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package bridge-utils.x86_64 0:1.5-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bridge-utils x86_64 1.5-9.el7 rhel7.3 32 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 32 k
Installed size: 56 k
Downloading packages:
bridge-utils-1.5-9.el7.x86_64.rpm | 32 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : bridge-utils-1.5-9.el7.x86_64 1/1
Verifying : bridge-utils-1.5-9.el7.x86_64 1/1
Installed:
bridge-utils.x86_64 0:1.5-9.el7
Complete!
[root@server docker]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02422aea9d96 no veth4ffca5c
veth8bf0f75
[root@server docker]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.154 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.056 ms
^C
--- 172.17.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.056/0.105/0.154/0.049 ms
[root@server docker]# ping 172.17.0.1`
> ^C
[root@server docker]# ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
64 bytes from 172.17.0.1: icmp_seq=1 ttl=64 time=0.076 ms
64 bytes from 172.17.0.1: icmp_seq=2 ttl=64 time=0.050 ms
^C
--- 172.17.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.050/0.063/0.076/0.013 ms
[root@server docker]# curl 172.17.0.2 查看nginx 是否启动
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@server docker]# docker
docker docker-containerd-shim docker-proxy
docker-containerd dockerd docker-runc
docker-containerd-ctr docker-init
[root@server docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac488e0e2a82 nginx "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes 80/tcp, 443/tcp mystifying_leakey
9bf83c8a2368 nginx "nginx -g 'daemon of…" 4 minutes ago Up 3 minutes 80/tcp, 443/tcp goofy_noyce
[root@server docker]# docker stop 9b 停止nginx 停止只需要前面两位就可以
9b
[root@server docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac488e0e2a82 nginx "nginx -g 'daemon of…" 4 minutes ago Up 4 minutes 80/tcp, 443/tcp mystifying_leakey
[root@server docker]# docker stop ac 如果需要删除容器 需要先停止然后删除
ac
[root@server docker]# docker rm 9b 删除的时候可以直接加头两个字母
9b
[root@server docker]# docker rm ac
ac
[root@server docker]# docker ps 查看已经z
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server docker]# docker run -d -p 80:80 --name vm1 nginx 端口映射
489d7785ebfbba59b3b71a5753c8c425568c8891a6f00c94a28333e0466ff74c
[root@server docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
489d7785ebfb nginx "nginx -g 'daemon of…" 7 seconds ago Up 5 seconds 0.0.0.0:80->80/tcp, 443/tcp vm1
docker 命令安装
docker run -it --name vm1 rhel7:v1 启动镜像
docker start vm1
docker attach vm1 进入
写配置文件 docker.repo
[root@server docker]# cat /etc/yum.repos.d/docker.repo 配置docker 源
[docker]
name=docker
baseurl=ftp://172.25.254.53/pub/docker
gpgcheck=0
配置文件 supervisord.conf
[root@server docker]# cat supervisord.conf
[supervisord]
nodaemon=true
[program:sshd]
command=/usr/sbin/sshd -D
[program:httpd]
command=/usr/sbin/httpd
配置文件 Dockerfile
[root@server docker]# cat Dockerfile
From rhel7:v1
MAINTAINER xxxxxqq@westos.org
ENV HOSTNAME server3
EXPOSE 22 80
COPY docker.repo /etc/yum.repos.d/docker.repo
RUN yum install -y openssh-server openssh-clients httpd supervisor && ssh-keygen -q -t rsa -f /etc/ssh/ssh_rsa_key -N "" && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N "" && ssh-keygen -q -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" && echo root:westos | chpasswd
VOLUME ["/var/www/html"]
CMD [""/usr/bin/supervisord]
Docker 仓库
[root@server docker]# docker load -i registry-2.3.1.tar 打入docker
[root@server docker]# docker history registry:2.3.1 查看信息
[root@server docker]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2.3.1 启动 目录 /var/lib/registry 是仓库存放镜像的位置
8d2cae2e87630181a334a4e4c45b74c1871b69ff8764c2be61b24104e83878fa
[root@server docker]# cd /opt/registry/
[root@server registry]# ls
[root@server registry]# docker tag nginx localhost:5000/nginx:latest
[root@server registry]# docker push localhost:5000/nginx:latest 推送镜像到 localhost:5000 仓库
[root@server registry]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8d2cae2e8763 registry:2.3.1 "/bin/registry /etc/…" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp registry
[root@server registry]# cd docker/
[root@server docker]# ls
registry
[root@server docker]# cd registry/
[root@server registry]# s
-bash: s: command not found
[root@server registry]# ls
v2
[root@server docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v3 9cee67f06fcc 31 minutes ago 204MB
rhel7 v2 8acbcc8d9ffb 3 days ago 166MB
rhel7 v1 261ad7f9416f 3 days ago 166MB
game2048 latest 19299002fdbe 16 months ago 55.5MB
nginx latest af4b3d7d5401 2 years ago 191MB
localhost:5000/nginx latest af4b3d7d5401 2 years ago 191MB
registry 2.3.1 83139345d017 2 years ago 166MB
ubuntu latest 07c86167cdc4 2 years ago 188MB
rhel7 latest 0a3eb3fde7fd 3 years ago
删除 nginx
[root@server docker]# docker rmi localhost:5000/nginx
[root@server docker]# docker rmi nginx
[root@server ~]# docker pull localhost:5000/nginx 拉取镜像到本地
[root@server ~]# docker tag localhost:5000/nginx nginx
[root@server ~]# docker rmi localhost:5000/nginx
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v3 9cee67f06fcc About an hour ago 204MB
rhel7 v2 8acbcc8d9ffb 3 days ago 166MB
rhel7 v1 261ad7f9416f 3 days ago 166MB
game2048 latest 19299002fdbe 16 months ago 55.5MB
nginx latest af4b3d7d5401 2 years ago 191MB
registry 2.3.1 83139345d017 2 years ago 166MB
ubuntu latest 07c86167cdc4 2 years ago 188MB
rhel7 latest 0a3eb3fde7fd 3 years ago 14
加密
[root@server ~]# vi /etc/hosts
172.25.254.215 server2 westos.org
[root@server ~]# ping westos.org
PING server (172.25.254.215) 56(84) bytes of data.
64 bytes from server (172.25.254.215): icmp_seq=1 ttl=64 time=0.042 ms
[root@server ~]# cd /opt/registry/
[root@server registry]# ls
docker
[root@server registry]# rm -fr *
[root@server ~]# mkdir certs
[root@server ~]# ls
anaconda-ks.cfg certs doc docker
[root@server ~]# cd certs/
[root@server certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout westos.org.key -x509 -days 365 -out westos.org.crt
Generating a 4096 bit RSA private key
...........................++
...................................................++
writing new private key to 'westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:
[root@server certs]# ls
westos.org.crt westos.org.key
[root@server ~]# cd docker/
[root@server docker]# ls
Dockerfile docker.repo registry-2.3.1.tar supervisord.conf web
[root@server certs]# docker run -d --name registry --restart=always -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 -v /opt/registry:/var/lib/registry registry:2.3.1
5475ba95b2099d5a7abd148a0696acbf245ce354c37540e623aa12100db2cb39
[root@server certs]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5475ba95b209 registry:2.3.1 "/bin/registry /etc/…" 17 seconds ago Up 16 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
[root@server certs]# iptables -t nat -nL
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.17.0.2:4
上传下载
开启一台新的虚拟机
在新的虚拟机中安装docker registry-2.3.1.tar 安装bash-*
[root@server certs]# cd /etc/docker/
[root@server docker]# ls
key.json
[root@server docker]# mkdir certs.d
ls[root@server docker]# ls
certs.d key.json
[root@server docker]# cd certs.d/
[root@server certs.d]# ls
[root@server certs.d]# mkdir westos.org
[root@server certs.d]# ls
westos.org
[root@server certs.d]# cd westos.org/
[root@server westos.org]# ls
[root@server westos.org]# mv /root/certs/westos.org.crt ca.crt
[root@server westos.org]# ls
ca.crt
[root@server westos.org]# pwd
/etc/docker/certs.d/westos.org
[root@server westos.org]# cd
[root@server ~]# cd docker/
[root@server docker]# ls
Dockerfile docker.repo registry-2.3.1.tar supervisord.conf web
[root@server docker]# cd
[root@server ~]# ls
anaconda-ks.cfg certs doc docker nginx.tar rhel7.tar ubuntu.tar
[root@server ~]# mv certs/ docker/
[root@server ~]# cd docker/
[root@server docker]# ls
certs Dockerfile docker.repo registry-2.3.1.tar supervisord.conf web
[root@server docker]# cd certs/
[root@server certs]# ls
westos.org.key
[root@server certs]# cp /etc/docker/
certs.d/ key.json
[root@server certs]# cp /etc/docker/certs.d/westos.org/ca.crt .
[root@server certs]# mv ca.crt westos.org.crt
[root@server certs]# ls
westos.org.crt westos.org.key
[root@server certs]# ll
total 8
-rw-r--r-- 1 root root 2009 May 8 02:15 westos.org.crt
-rw-r--r-- 1 root root 3272 May 7 23:50 westos.org.key
[root@server certs]# docker push westos.org/ubuntu 上传
The push refers to repository [westos.org/ubuntu]
5f70bf18a086: Pushed
11083b444c90: Pushed
9468150a390c: Pushed
56abdd66ba31: Pushed
latest: digest: sha256:4e709bde11754c2a27ed6e9b9ba55569647f83903f85cd8107e36162c5579984 size: 1151
[root@server certs]# ls
westos.org.crt westos.org.key
[root@server certs]# cd /etc/docker/
[root@server docker]# ls
certs.d key.json
[root@server docker]# cd certs.d/
[root@server certs.d]# ls
westos.org
[root@server certs.d]# cd westos.org/
[root@server westos.org]# ls
ca.crt
[root@server westos.org]# scp ca.crt root@172.25.254.115:/etc/docker/certs.d
root@172.25.254.115's password:
ca.crt 100% 2009 2.0KB/s 00
在server3 中
[root@server3 certs.d]# cd /etc/docker/
[root@server3 docker]# mkdir certs.d
[root@server3 docker]# cd certs.d/
[root@server3 certs.d]# ls
[root@server3 certs.d]# pwd
/etc/docker/certs.d
[root@server3 certs.d]# ls
ca.crt
[root@server3 certs.d]# pwd
/etc/docker/certs.d
[root@server3 certs.d]# mkdir westos.org
[root@server3 certs.d]# mv ca.crt westos.org/
[root@server3 certs.d]# ls
westos.org
[root@server3 certs.d]# cd westos.org/
[root@server3 westos.org]# ls
ca.crt
[root@server3 westos.org]# pwd
/etc/docker/certs.d/westos.org
[root@server3 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server3 ~]# docker pull westos.org/ubuntu 下载
Using default tag: latest
latest: Pulling from ubuntu
257507fcd746: Pull complete
cd03f9b52ed8: Pull complete
493709ab45b5: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:4e709bde11754c2a27ed6e9b9ba55569647f83903f85cd8107e36162c5579984
Status: Downloaded newer image for westos.org/ubuntu:latest
[root@server3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry 2.3.1 83139345d017 2 years ago 166MB
westos.org/ubuntu latest 07c86167cdc4 2 years ago 188MB
[root@server3 ~]# curl --cacert /etc/docker/certs.d/westos.org/ca.crt https://westos.org/v2/_catalog
{"repositories":["ubuntu"]}
[root@server3 ~]# cd /etc/pki/
[root@server3 pki]# ls
CA consumer java product rpm-gpg tls
ca-trust entitlement nssdb product-default rsyslog
[root@server3 pki]# cd ca-trust/
[root@server3 ca-trust]# ls
ca-legacy.conf extracted README source
[root@server3 ca-trust]# cd source/
[root@server3 source]# ls
anchors blacklist ca-bundle.legacy.crt README
[root@server3 source]# cd anchors/
[root@server3 anchors]# ls
[root@server3 anchors]# pwd
/etc/pki/ca-trust/source/anchors
[root@server3 anchors]# cp /etc/docker/certs.d/westos.org/ca.crt .
[root@server3 anchors]# mv ca.crt westos.org.crt
[root@server3 anchors]# update-ca-trust
[root@server3 anchors]# curl https://westos.org/v2/_catalog
{"repositories":["ubuntu"]}
加密
[root@server docker]#docker kill registry
[root@server ~]# cp docker/certs/* certs/
[root@server docker]# docker run -d --name registry --restart=always -v /root/certs:/certs -v /root/auth:/auth -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -e REGISTRY_AUTH=htpasswd -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -p 443:443 -v /opt/registry:/var/lib/registry registry:2.3.1
216a587a83332efd7db504cb096bda5e6fb581ccc89f697295dc8312b65be0c4
[root@server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc473a5e3d8c registry:2.3.1 "/bin/registry /etc/…" 10 seconds ago Up 8 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
[root@server ~]#
[root@server ~]# docker run --entrypoint htpasswd registry:2.3.1 -Bbn qq westos > auth/htpasswd[root@server ~]# docker login westos.org
Username: qq
Password:
Login Succeeded
负载均衡
[root@server2 ~]# docker kill registry
registry
[root@server2 ~]# docker rm registry
registry
[root@server2 ~]# docker load -i haproxy.tar
[root@server2 ~]# file docker-compose-Linux-x86_64-1.16.1
[root@server2 ~]# mv docker-compose-Linux-x86_64-1.16.1 /usr/local/sbin
[root@server2 sbin]# ls
docker-compose-Linux-x86_64-1.16.1
[root@server2 sbin]# chmod +x docker-compose-Linux-x86_64-1.16.1
[root@server2 sbin]# ln -s docker-compose-Linux-x86_64-1.16.1 docker-compose
[root@server2 sbin]# docker
docker docker-containerd-shim
docker-compose dockerd
docker-compose-Linux-x86_64-1.16.1 docker-init
docker-containerd docker-proxy
docker-containerd-ctr docker-runc
[root@server2 ~]# cd docker/
[root@server2 docker]# ls
123 certs Dockerfile docker.repo registry-2.3.1.tar supervisord.conf web
[root@server2 docker]# mkdir compose/
[root@server2 docker]# cd compose/
[root@server2 compose]# mkdir haproxy
[root@server2 compose]# vim docker-compose.yml
apache:
build: ./web
expose:
- 80
nginx:
image: nginx
expose:
- 80
haproxy:
image: haproxy
volumes:
- ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
links:
- apache
- nginx
ports:
- "80:80"
expose:
- "80"
[root@server2 compose]# mkdir web
[root@server2 compose]# cd ..
[root@server2 docker]# cp Dockerfile compose/web/
[root@server2 web]# vim Dockerfile
From rhel7:v1
MAINTAINER xxxxxqq@westos.org
ENV HOSTNAME apache
EXPOSE 80
RUN yum install -y httpd
COPY index.html /var/www/html/index.html
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
[root@server2 compose]# cd web/
[root@server2 web]# ls
Dockerfile
[root@server2 web]# vim index.html
www.westos.html
[root@server2 web]# cd ..
[root@server2 compose]# cd haproxy/
[root@server2 haproxy]# vime haproxy.cfg
global
log 127.0.0.1 local0
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
stats uri /status
frontend balancer
bind 0.0.0.0:80
default_backend web_backends
backend web_backends
balance roundrobin
server web1 apache:80 check
server web2 nginx:80 check
[root@server2 compose]# docker-compose up --build
Building apache
Step 1/7 : From rhel7:v1
---> 261ad7f9416f
Step 2/7 : MAINTAINER xxxxxqq@westos.org
---> Using cache
---> 0ba9efacce82
Step 3/7 : ENV HOSTNAME apache
---> Using cache
---> 242468c59c9c
Step 4/7 : EXPOSE 80
---> Using cache
---> 1c19c57d9278
Step 5/7 : RUN yum install -y httpd
---> Using cache
---> 4c71d8eed3fb
Step 6/7 : COPY index.html /var/www/html/index.html
---> Using cache
---> 8f2ed4a3e141
Step 7/7 : CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
---> Using cache
---> 078134619654
Successfully built 078134619654
Successfully tagged compose_apache:latest
compose_apache_1 is up-to-date
compose_nginx_1 is up-to-date
Starting compose_haproxy_1 ...
Starting compose_haproxy_1 ... done
Attaching to compose_apache_1, compose_nginx_1, compose_haproxy_1
apache_1 | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
haproxy_1 | <7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -f /usr/local/etc/haproxy/haproxy.cfg -Ds
^CGracefully stopping... (press Ctrl+C again to force)
Stopping compose_haproxy_1 ... done
Stopping compose_nginx_1 ... done
Stopping compose_apache_1 ... done
[root@server2 compose]# docker-compose start
Starting apache ... done
Starting nginx ... done
Starting haproxy ... done
[root@server2 compose]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
70d0463390d2 haproxy "/docker-entrypoint.…" 13 minutes ago Up 45 seconds 0.0.0.0:80->80/tcp compose_haproxy_1
9a161c7df7b7 nginx "nginx -g 'daemon of…" 13 minutes ago Up 46 seconds 80/tcp, 443/tcp compose_nginx_1
feb9b0db4181 compose_apache "/usr/sbin/httpd -D …" 13 minutes ago Up 46 seconds 80/tcp compose_apache_1
docker集群
创建
开启两台新的docker虚拟机 安装nginx
在主机上执行
[root@server2 ~]# docker swarm init
Swarm initialized: current node (tu147q51zis8us5bte43pvuvr) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-4w4luqu291eb7ztwqfc4un0b2ek4mmvfeasp6m2djt4790uu1r-a5btizkp36716rkh49eeyuhp8 172.25.254.215:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
在 另外两台虚拟机中复制 docker swarm join --token
[root@server ~]# docker swarm join --token SWMTKN-1-4w4luqu291eb7ztwqfc4un0b2ek4mmvfeasp6m2djt4790uu1r-a5btizkp36716rkh49eeyuhp8 172.25.254.215:2377
This node joined a swarm as a worker.
[root@server3 ~]# docker swarm join --token SWMTKN-1-4w4luqu291eb7ztwqfc4un0b2ek4mmvfeasp6m2djt4790uu1r-a5btizkp36716rkh49eeyuhp8 172.25.254.215:2377
This node joined a swarm as a worker.
在主上查看
[root@server2 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
wty04ne8pf395nbfyatzztecy server Ready Active 18.03.1-ce
tu147q51zis8us5bte43pvuvr * server2 Ready Active Leader 18.03.1-ce
3q0gls87whqbri0akqfnde4kj server3 Ready Active 18.03.1-ce
集群的负载均衡和健康检查
[root@server2 ~]# docker service create --name web --publish 80:80 --replicas 4 nginx 创建
image nginx:latest could not be accessed on a registry to record
its digest. Each node will access nginx:latest independently,
possibly leading to different nodes running different
versions of the image.
t2jn0oy9xm26ope8kq2gjsyg9
overall progress: 4 out of 4 tasks
1/4: running
2/4: running
3/4: running
4/4: running
verify: Service converged
[root@server2 ~]# docker service ps web
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
nruhdq9u0xdv web.1 nginx:latest server Running Running 17 seconds ago
rubyv4c1umli web.2 nginx:latest server3 Running Running 19 seconds ago
95csfktrtlfa web.3 nginx:latest server2 Running Running 20 seconds ago
6t9nb5cl9uni web.4 nginx:latest server Running Running 16 seconds ago
用图形显示
在主上
[root@server2 ~]# docker load -i visualizer.tar
[root@server2 ~]# docker service create --name=viz --publish=8080:8080/tcp --constraint=node.role==manager --mount=type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock dockersamples/visualizer
[root@server2 ~]# docker service create --name=vi4 --publish=8282:8080/tcp --constraint=node.role==manager --mount=type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock dockersamples/visualizer
image dockersamples/visualizer:latest could not be accessed on a registry to record
its digest. Each node will access dockersamples/visualizer:latest independently,
possibly leading to different nodes running different
versions of the image.
twyu39boy31eoprvnbwam0izt
overall progress: 1 out of 1 tasks
1/1: running
verify: Service converged
[root@server2 ~]# docker service scale web=10 创建删除都用这个
web scaled to 10
overall progress: 10 out of 10 tasks
1/10: running
2/10: running
3/10: running
4/10: running
5/10: running
6/10: running
7/10: running
8/10: running
9/10: running
10/10: running
verify: Service converged
在浏览去中执行 172.25.254.215:8282 查看
在server 中stop掉 docker
[root@server ~]# systemctl stop docker
在次刷新web 看状态
挂载
[root@server2 ~]# docker service create --name web --replicas 3 -p 80:80 --mount type=bind,source=/root/web,target=/usr/share/nginx/html nginx
创建一个文件位web 本地文件 目录地址/root/web nginx 的html 文件
image nginx:latest could not be accessed on a registry to record
its digest. Each node will access nginx:latest independently,
possibly leading to different nodes running different
versions of the image.
y1rl2ibgakfclxjej8wdndr1c
overall progress: 3 out of 3 tasks
1/3: running
2/3: running
3/3: running
verify: Service converged