标签 docker 下的文章

一个简单的dockerfile范例

作者: 九零不老心
时间: 2019-11-11
分类: IT技术
评论

一个简单的dockerfile范例：

FROM alpine:latest
ADD business_sms.tar /opt/
WORKDIR /opt/business_sms/business_sms
RUN sed -i 's/http:\/\/dl-cdn.alpinelinux.org/https:\/\/mirror.tuna.tsinghua.edu.cn/g' /etc/apk/repositories \
&& apk add --no-cache -U tzdata \
&& cp -rf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& apk del tzdata \
&& apk add --no-cache python3 \
&& pip3 install --upgrade pip -i https://pypi.tuna.tsinghua.edu.cn/simple \
&& pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple -r ../requirements.txt
CMD ["/usr/bin/python3","/opt/business_sms/business_sms/main.py"]

alpine linux配置使用国内镜像源

作者: 九零不老心
时间: 2019-10-30
分类: IT技术
评论

docker build https://github.com/wurstmeister/kafka-docker
时，有一步骤是使用apk命令安装软件包，默认使用alpine linux官方源，但是下载太慢。

解决办法，Dockerfile文件内替换为国内镜像源：

RUN echo https://mirror.tuna.tsinghua.edu.cn/alpine/v3.9/main > /etc/apk/repositories \\
&& echo https://mirror.tuna.tsinghua.edu.cn/alpine/v3.9/community >> /etc/apk/repositories \\
&& apk add --no-cache bash curl jq docker \\
……

# 创建redis sentinel 单机伪集群
# 提前安装好docker和docker-compose
# 拉取相应镜像
docker pull redis
docker pull joshula/redis-sentinel
# 创建伪redis的数据目录，持久化redis数据
mkdir -p /opt/redis-sentinel-cluster/data/{master,slave1,slave2,sentinel1,sentinel2,sentinel3}
# 创建三个哨兵的配置文件
# monitor 指的是初始化的监控主切点，ip和端口，后面的数字2代表，必须2个sentinel才能判断主节点是否失败
# down-after-milliseconds 指的是超过5000秒，且没有回复，则判定主节点不可达
# failover-timeout 指的是故障转移时间
# parallel-syncs 指的是故障转移到新的主节点时，从节点的复制节点数量
cat <<EOF > /opt/redis-sentinel-cluster/sentinel1.conf
port 26379
dir "/data"
sentinel monitor mymaster localhost 16379 2
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 5000
sentinel parallel-syncs mymaster 1
EOF
cat <<EOF > /opt/redis-sentinel-cluster/sentinel2.conf
port 26380
dir "/data"
sentinel monitor mymaster localhost 16379 2
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 5000
sentinel parallel-syncs mymaster 1
EOF
cat <<EOF > /opt/redis-sentinel-cluster/sentinel3.conf
port 26381
dir "/data"
sentinel monitor mymaster localhost 16379 2
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 5000
sentinel parallel-syncs mymaster 1
EOF
# 创建docker-compose.yml文件
cat <<EOF > /opt/redis-sentinel-cluster/docker-compose.yml
version: '3.7'
services:
master:
image: redis:latest
container_name: redis-master
restart: always
network_mode: "host"
volumes:
- /opt/redis-sentinel-cluster/data/master:/data
command: redis-server --port 16379
slave1:
image: redis:latest
container_name: redis-slave1
restart: always
network_mode: "host"
volumes:
- /opt/redis-sentinel-cluster/data/slave1:/data
command: redis-server --port 16380 --slaveof localhost 16379
slave2:
image: redis:latest
container_name: redis-slave2
restart: always
network_mode: "host"
volumes:
- /opt/redis-sentinel-cluster/data/slave2:/data
command: redis-server --port 16381 --slaveof localhost 16379
sentinel1:
image: joshula/redis-sentinel
container_name: sentinel1
restart: always
network_mode: "host"
volumes:
- /opt/redis-sentinel-cluster/sentinel1.conf:/etc/redis/sentinel.conf
- /opt/redis-sentinel-cluster/data/sentinel1:/data
sentinel2:
image: joshula/redis-sentinel
container_name: sentinel2
restart: always
network_mode: "host"
volumes:
- /opt/redis-sentinel-cluster/sentinel2.conf:/etc/redis/sentinel.conf
- /opt/redis-sentinel-cluster/data/sentinel2:/data
sentinel3:
image: joshula/redis-sentinel
container_name: sentinel3
restart: always
network_mode: "host"
volumes:
- /opt/redis-sentinel-cluster/sentinel3.conf:/etc/redis/sentinel.conf
- /opt/redis-sentinel-cluster/data/sentinel3:/data
EOF
# 启动redis sentienl cluster
cd /opt/
# 安装并后台启动
docker-compose up -d
# 校验结果
# 连接哨兵
docker exec -it sentinel1 redis-cli -h localhost -p 26379
localhost:26379> info
# Server
redis_version:2.8.16
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:9b6f16e360929887
redis_mode:sentinel
os:Linux 3.10.0-957.12.2.el7.x86_64 x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:4.8.2
process_id:1
run_id:de77486594c6860852d587adea86cd0dc86f97a8
tcp_port:26379
uptime_in_seconds:664
uptime_in_days:0
hz:10
lru_clock:7996744
config_file:/etc/redis/sentinel.conf

# Sentinel
sentinel_masters:1
sentinel_tilt:0
sentinel_running_scripts:0
sentinel_scripts_queue_length:0
master0:name=mymaster,status=ok,address=::1:16379,slaves=2,sentinels=3
# 查看master
localhost:26379> sentinel masters
1) 1) "name"
2) "mymaster"
3) "ip"
4) "::1"
5) "port"
6) "16379"
7) "runid"
8) "502cd09af60f1f49dd570b223028356e15714ac1"
9) "flags"
10) "master"
11) "pending-commands"
12) "0"
13) "last-ping-sent"
14) "0"
15) "last-ok-ping-reply"
16) "1068"
17) "last-ping-reply"
18) "1068"
19) "down-after-milliseconds"
20) "5000"
21) "info-refresh"
22) "3932"
23) "role-reported"
24) "master"
25) "role-reported-time"
26) "14020"
27) "config-epoch"
28) "4"
29) "num-slaves"
30) "2"
31) "num-other-sentinels"
32) "2"
33) "quorum"
34) "2"
35) "failover-timeout"
36) "5000"
37) "parallel-syncs"
38) "1"
# 查看slaves
localhost:26379> sentinel slaves mymaster
1) 1) "name"
2) "[::1]:16380"
3) "ip"
4) "::1"
5) "port"
6) "16380"
7) "runid"
8) "5d2f70bb455426c542af074014c54448bf805704"
9) "flags"
10) "slave"
11) "pending-commands"
12) "0"
13) "last-ping-sent"
14) "0"
15) "last-ok-ping-reply"
16) "942"
17) "last-ping-reply"
18) "942"
19) "down-after-milliseconds"
20) "5000"
21) "info-refresh"
22) "3330"
23) "role-reported"
24) "slave"
25) "role-reported-time"
26) "93778"
27) "master-link-down-time"
28) "0"
29) "master-link-status"
30) "ok"
31) "master-host"
32) "::1"
33) "master-port"
34) "16379"
35) "slave-priority"
36) "100"
37) "slave-repl-offset"
38) "15873"
2) 1) "name"
2) "[::1]:16381"
3) "ip"
4) "::1"
5) "port"
6) "16381"
7) "runid"
8) "f377550544a6a1e59ea2b24c3cc78dff570a74a8"
9) "flags"
10) "slave"
11) "pending-commands"
12) "0"
13) "last-ping-sent"
14) "0"
15) "last-ok-ping-reply"
16) "528"
17) "last-ping-reply"
18) "528"
19) "down-after-milliseconds"
20) "5000"
21) "info-refresh"
22) "3330"
23) "role-reported"
24) "slave"
25) "role-reported-time"
26) "93778"
27) "master-link-down-time"
28) "0"
29) "master-link-status"
30) "ok"
31) "master-host"
32) "::1"
33) "master-port"
34) "16379"
35) "slave-priority"
36) "100"
37) "slave-repl-offset"
38) "15873"
# 主可以写入数据，从不可以
docker exec -it redis-master redis-cli -h localhost -p 16379
localhost:16379> set test_name test
OK
localhost:16379>
docker exec -it redis-slave1 redis-cli -h localhost -p 16380
localhost:16380> get test_name
"test"
localhost:16380> set test_aget 20
(error) READONLY You can't write against a read only replica.
# 关闭master，看是否切换（已由master的16379切换为slave1的16380）
docker stop redis-master
docker exec -it sentinel1 redis-cli -h localhost -p 26379
localhost:26379> sentinel masters
1) 1) "name"
2) "mymaster"
3) "ip"
4) "::1"
5) "port"
6) "16380"
7) "runid"
8) "6c9cb99e35505ce70dedca96fce8f72b0e57269f"
9) "flags"
10) "master"
11) "pending-commands"
12) "0"
13) "last-ping-sent"
14) "0"
15) "last-ok-ping-reply"
16) "263"
17) "last-ping-reply"
18) "263"
19) "down-after-milliseconds"
20) "5000"
21) "info-refresh"
22) "3971"
23) "role-reported"
24) "master"
25) "role-reported-time"
26) "34139"
27) "config-epoch"
28) "1"
29) "num-slaves"
30) "2"
31) "num-other-sentinels"
32) "2"
33) "quorum"
34) "2"
35) "failover-timeout"
36) "5000"
37) "parallel-syncs"
38) "1"
# 卸载
docker-compose down -v
# 启动
docker-compose start
# 停止
docker-compose stop

docker私库管理

作者: 九零不老心
时间: 2019-07-08
分类: IT技术
评论

#docker私库管理
#新建docker私库
docker pull registry
docker run -d -p 5000:5000 -v /opt/docker/registry:/var/lib/registry --restart=always --privileged=true --name registry registry:latest
# 开启非安全http访问方式
/etc/docker/daemon.json内添加"insecure-registries" : ["192.168.100.6:5000"]并重启docker服务systemctl restart docker,否则报错：The push refers to repository [192.168.100.6:5000/nginx], Get https://192.168.100.6:5000/v2/: http: server gave HTTP response to HTTPS client
# 开启安全https访问
详见官方教程https://docs.docker.com/registry/insecure/
docker pull nginx
docker tag nginx 192.168.100.6:5000/nginx
docker push 192.168.100.6:5000/nginx (push相应镜像即可)
#查看私库里的镜像信息
curl -XGET http://192.168.100.6:5000/v2/_catalog
curl -XGET http://192.168.100.6:5000/v2/dnsmasq-metrics-amd64/tags/list
#获取私库里的镜像digest
curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -XGET 192.168.100.6:5000/v2/registry/manifests/v1
curl -X GET -I http://10.30.17.155:5000/v2/dnsmasq-metrics-amd64/manifests/v1
#删除私库里的镜像
curl -I -X DELETE http://192.168.100.6:5000/v2/dnsmasq-metrics-amd64/manifests/sha256:6a67ba482a8dd4f8143ac96b1dcffa5e45af95b8d3e37aeba72401a5afd7ab8e

#阿里云私库管理（官方参考：https://helpcdn.aliyun.com/document_detail/60743.html?spm=a2c4e.11153987.0.0.47da6474kxuhUE）
#Docker的镜像地址是什么？我们来看一个完整的例子。（以容器服务的公共镜像为例）
#registry.cn-hangzhou.aliyuncs.com/acs/agent:0.8
registry.cn-hangzhou.aliyuncs.com 叫做 "Registry域名"
acs 叫做 "命名空间"
agent 叫做 "仓库名称"
0.8 叫做 "Tag"、"镜像标签"（非必须，默认latest）
将这个几个完全独立的概念组合一下，还有几个术语
registry.cn-hangzhou.aliyuncs.com/acs/agent 称为 "仓库坐标"
acs/agent 称为 "仓库全名"（通常在API中使用）
#开通registry服务，并设置Registry登录密码
登录https://cr.console.aliyun.com/cn-beijing/new
#创建镜像仓库
设置地域-命名空间-仓库名称-仓库类型-等
设置完毕后会有三个地址：公网地址、专有网络、经典网络
#登录阿里云私有仓库registry（阿里云帐号用户名，密码为开通registry服务时的密码）
docker login --username=*** registry.cn-beijing.aliyuncs.com
#从Registry中拉取镜像
docker pull registry.cn-beijing.aliyuncs.com/[命名空间]/[仓库名称]:[镜像版本号]
#将镜像推送到registry
docker login --username=*** registry.cn-beijing.aliyuncs.com
docker tag [ImageId] registry.cn-beijing.aliyuncs.com/[命名空间]/[仓库名称]:[镜像版本号]
docker push registry.cn-beijing.aliyuncs.com/[命名空间]/[仓库名称]:[镜像版本号]
#选择合适的镜像地址
从ECS推送镜像时，可以选择使用镜像仓库内网地址。推送速度将得到提升并且将不会损耗您的公网流量。
如果您使用的机器位于经典网络，请使用 registry-internal.cn-beijing.aliyuncs.com 作为Registry的域名登录，并作为镜像命名空间前缀。
如果您使用的机器位于VPC网络，请使用 registry-vpc.cn-beijing.aliyuncs.com 作为Registry的域名登录，并作为镜像命名空间前缀。
#退出仓库
docker logout registry.cn-beijing.aliyuncs.com
#查看公共仓库的tag信息
https://cr.console.aliyun.com/cn-beijing/instances/images
比如搜索google_containers/tiller查看tiller的具体tag信息

#推荐一个第三方的docker-ls工具，用以查询镜像tags（https://github.com/mayflower/docker-ls）
#安装
wget https://github-production-release-asset-2e65be.s3.amazonaws.com/52611782/16210e00-c5ce-11e8-80bc-670983318ca9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190514%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190514T053201Z&X-Amz-Expires=300&X-Amz-Signature=d52c7e14fa5fd8a4718a1ac76d598c0a5272271b2ef10f63d38be18eebfa24c5&X-Amz-SignedHeaders=host&actor_id=17699536&response-content-disposition=attachment%3B%20filename%3Ddocker-ls-linux-amd64.zip&response-content-type=application%2Foctet-stream -o docker-ls-linux-amd64.zip
unzip docker-ls-linux-amd64.zip && mv docker-ls /usr/local/bin/docker-ls && mv docker-rm /usr/local/bin/docker-rm
#使用范例
List all repositories in a custom registry:
docker-ls repositories --registry https://my.registry.org --user hanni --password hanni123
List all repositories in a custom registry, including their tags:
docker-ls repositories --registry https://my.registry.org --user hanni --password hanni123 --level 1
List all tags in stuff/busybox using HTTP basic auth
docker-ls tags --registry https://my.registry.org --user hanni --password hanni123 --basic-auth stuff/busybox
Inspect tag stuff/busybox:latest, no authentication, JSON output.
docker-ls tag --registry https://my.registry.org --json stuff/busybox:latest
Inspect tag stuff/busybox:latest, no authentication, dump the raw manifest with parsed history as JSON.
docker-ls tag --registry https://my.registry.org --json --raw-manifest --parse-history stuff/busybox:latest
#查看docker官方站点某个image的tags信息
curl 'https://registry.hub.docker.com/v2/repositories/library/debian/tags/'|jq '."results"[]["name"]'
# 安装jq命令
yum -y epel-release && yum install -y jq

一个简单的dockerfile范例

alpine linux配置使用国内镜像源

创建redis sentinel单机伪集群

docker私库管理

最新文章

分类