PaaS平台搭建

server+client两个节点部署,1-5步骤在两个节点均要设置,不能遗漏

1. 关闭selinux 暂时不做

vi /etc/sysconfig/selinux
SELINUX=disabled

[root@server ~]# getenforce
Disabled

2. 关闭防火墙

 setenforce 0
systemctl stop firewalld.service
systemctl disable firewalld.service

3.删除iptables防火墙规则


# 配置防火墙
# iptables –F //清除所有chains链(INPUT/OUTPUT/FORWARD)中所有的rule规则
# iptables –Z //清空所有chains链(INPUT/OUTPUT/FORWARD)中包及字节计数器
# iptables –X   //清除用户自定义的chains链(INPUT/OUTPUT/FORWARD)中的rule规则
/usr/sbin/iptables-save
# service iptables save //保存修改的Iptables规则
# 配置selinux
修改配置文件 /etc/selinux/config
SELINUX=permissive //表示系统会收到警告讯息但是不会受到限制,作为selinux的debug模式用处
# 保存修改内容后退出

4. 修改系统内核

# 打开内核转发功能。
# 编辑配置文件/etc/sysctl.conf,将以下内容添加:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0

# 修改完成后使用命令生效。
sysctl –p

上传镜像

image-20200708114512558

 

image-20200708114636027

分别删除源yum

rm -rf /etc/yum.repos.d/*

 

5.添加yum软件源

[root@registry ~]# cat /etc/yum.repos.d/yum.repo
[centos]
name=centos
baseurl=ftp://10.0.0.137/centos
gpgcheck=0
enabled=1
[docker]
name=iaas
baseurl=ftp://10.0.0.137/docker
gpgcheck=0
enabled=1

# 挂载并拷贝数据至/opt
[root@server mnt]# mount -o loop XianDian-PaaS-v2.2.iso /mnt/
[root@server mnt]# cp -rvf * /opt/

--------------------------------------------------------------------
# 更新yum源为aliyun源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

image-20200619160328637

yum -y install vsftpd

vi /etc/vsftpd/vsftpd.conf

anon_root=/opt/

systemctl restart vsftpd systemctl enable vsftpd

6. 修改主机名,配置域名解析

# server节点:
[root@server ~]# hostnamectl set-hostname server

# client节点:
[root@client ~]# hostnamectl set-hostname client

[root@server ~]# cat /etc/hosts
10.0.0.137 server
10.0.0.138 client

[root@server ~]# ping client
PING client (10.0.0.138) 56(84) bytes of data.
64 bytes from client (10.0.0.138): icmp_seq=1 ttl=64 time=0.624 ms
64 bytes from client (10.0.0.138): icmp_seq=2 ttl=64 time=1.75 ms
64 bytes from client (10.0.0.138): icmp_seq=3 ttl=64 time=0.640 ms

[root@client ~]# ping server
PING server (10.0.0.137) 56(84) bytes of data.
64 bytes from server (10.0.0.137): icmp_seq=1 ttl=64 time=0.654 ms
64 bytes from server (10.0.0.137): icmp_seq=2 ttl=64 time=0.594 ms
64 bytes from server (10.0.0.137): icmp_seq=3 ttl=64 time=0.718 ms

# 配置DNS服务器地址
root@client ~]# vi /etc/resolv.conf
nameserver 114.114.114.114
nameserver 223.5.5.5

 


# 1. 检查内核
[root@localhost ~]# uname -a

# 2. 检查Device Mapper(存储驱动)
[root@localhost ~]# ls -l /sys/class/misc/device-mapper
ls: cannot access /sys/class/misc/device-mapper: No such file or directory
[root@localhost yum.repos.d]# sudo grep device-mapper /proc/devices

# 3. 以上检查说明没有安装Device Mapper,需要安装Device Mapper软件包如下:
[root@localhost yum.repos.d]# sudo yum install -y device-mapper

# 4. 加载Device Mapper模块
[root@localhost yum.repos.d]# sudo modprobe dm-mod


# 5. 验证Device Mapper安装
[root@localhost yum.repos.d]# ls -l /sys/class/misc/device-mapper

lrwxrwxrwx 1 root root 0 Dec 23 09:39 /sys/class/misc/device-mapper -> ../../devices/virtual/misc/device-mapper

# 6. 更新 系统
sudo yum update

部署服务

7. 安装docker

  • 所有节点安装docker环境

1. 安装docker
[root@registry ~]# yum -y install docker-io

2. 启动docker
[root@localhost yum.repos.d]# systemctl restart docker.service

3. 开机启动Docker
[root@localhost yum.repos.d]# systemctl enable docker.service

4. 检查Docker是否正确安装
[root@localhost yum.repos.d]# docker info

====================================================================
5.配置镜像加速器并重启

国内访问 Docker Hub 有时会遇到困难,此时可以配置镜像加速器。国内很多云服务商都提供了加速器服务,例如:阿里云加速器、DaoCloud 加速器、灵雀云加速器。如这里使用DaoCloud 加速器
[root@client ~]# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://ef0cb1d0.m.daocloud.io
Success.
You need to restart docker to take effect: sudo systemctl restart docker

[root@client ~]# sudo systemctl restart docker

部署docker仓库

8. 上传仓库部署使用的镜像

[root@server ~]# cd /opt/images/rancher1.6.5

[root@server rancher1.6.5]# docker load -i registry_latest.tar 

9. 启动仓库容器服务

# 1.启动基础仓库容器
[root@server rancher1.6.5]# docker run -d -p 5000:5000 --restart=always --name registry docker.io/registry:latest
c965e5487b7d836541a5cc87779b9050cd5a708e1614f45116ffdc72adfa174c

# 2.查看正在运行的容器
[root@server rancher1.6.5]# docker ps -a
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS                    NAMES
c965e5487b7d        docker.io/registry:latest   "/entrypoint.sh /e..."   26 seconds ago      Up 24 seconds       0.0.0.0:5000->5000/tcp   registry

10. 设置仓库地址

# PS:两个节点都做
vi /etc/sysconfig/docker
在最后添加:
ADD_REGISTRY=\'--add-registry 10.0.0.137:5000\'
INSECURE_REGISTRY=\'--insecure-registry 10.0.0.137:5000\'
(注:IP为server节点IP)

# 重启服务
systemctl daemon-reload
systemctl restart docker
docker info    查看docker的详细信息
Insecure Registries:
 192.168.200.201:5000
 127.0.0.0/8
Registries: 192.168.200.201:5000 (insecure), docker.io (secure)

# server节点:
[root@server rancher1.6.5]#   
REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
docker.io/registry   latest              c9bd19d022f6        3 years ago         33.3 MB

[root@server rancher1.6.5]# docker tag c9bd19d022f6 10.0.0.137:5000/registry:latest
[root@server rancher1.6.5]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
10.0.0.137:5000/registry   latest              c9bd19d022f6        3 years ago         33.27 MB
docker.io/registry         latest              c9bd19d022f6        3 years ago         33.27 MB

[root@server rancher1.6.5]# docker push 10.0.0.137:5000/registry:latest
The push refers to a repository [10.0.0.137:5000/registry]
9b728062fb6d: Pushed 
481c807467a1: Pushed 
a049b9c716b3: Pushed 
d57f828d06ea: Pushed 
011b303988d2: Pushed 
latest: digest: sha256:2fdff97736e7dd785a91ccddb6c2df4ad6664f7032e3d8f28f56d94f699a58f9 size: 1363

# 至此仓库就建立好了,我们需要将所有镜像全部推送到仓库中,提供给其他节点使用。

image-20200708141606693

部署Rancher-Server服务

11. 上传rancher-server镜像

rancher_server_v1.6.5.tar

[root@server rancher1.6.5]# docker load -i rancher_server_v1.6.5.tar

[root@server rancher1.6.5]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
<none>                     <none>              f89070da7581        22 months ago       985 MB
10.0.0.137:5000/registry   latest              c9bd19d022f6        3 years ago         33.3 MB
docker.io/registry         latest              c9bd19d022f6        3 years ago         33.3 MB	

[root@server rancher1.6.5]# docker tag f89070da7581 10.0.0.137:5000/rancher/server:v1.6.5
[root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/server:v1.6.5

rancher_agent_v1.2.5.tar 

[root@Server rancher1.6.5]# docker load -i rancher_agent_v1.2.5.tar 
[root@server rancher1.6.5]# docker tag  ef5fea38dbe6 10.0.0.137:5000/rancher/agent:v1.2.5
[root@server rancher1.6.5]# docker push  10.0.0.137:5000/rancher/agent:v1.2.5

rancher_net_holder.tar

[root@server rancher1.6.5]# docker load -i rancher_net_holder.tar
[root@server rancher1.6.5]# docker tag  665d9f6e8cc1 10.0.0.137:5000/rancher/net:holder
[root@server rancher1.6.5]# docker push  10.0.0.137:5000/rancher/net:holder

rancher_dns_v0.15.1.tar 

[root@server rancher1.6.5]# docker load -i rancher_dns_v0.15.1.tar 
[root@server rancher1.6.5]# docker tag  af5509fe436b   10.0.0.137:5000/rancher/dns:v0.15.1
[root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/dns:v0.15.1

rancher-net_v0.11.3.tar 

[root@server rancher1.6.5]# docker load -i rancher-net_v0.11.3.tar 
[root@server rancher1.6.5]# docker tag   9495baae8faf 10.0.0.137:5000/rancher/net:v0.11.3
[root@server rancher1.6.5]# docker push  10.0.0.137:5000/rancher/net:v0.11.3

rancher_healthcheck_v0.3.1.tar 

[root@server rancher1.6.5]# docker load -i rancher_healthcheck_v0.3.1.tar 
[root@server rancher1.6.5]# docker tag    10710b438de7   10.0.0.137:5000/rancher/healthcheck:v0.3.1
[root@server rancher1.6.5]# docker  push  10.0.0.137:5000/rancher/healthcheck:v0.3.1

 rancher_network-manager_v0.7.4.tar 
 
[root@server rancher1.6.5]# docker load -i rancher_network-manager_v0.7.4.tar 
[root@server rancher1.6.5]# docker tag   787fc137ac53   10.0.0.137:5000/rancher/network-manager:v0.7.4
[root@server rancher1.6.5]# docker push  10.0.0.137:5000/rancher/network-manager:v0.7.4

rancher_metadata_v0.9.2.tar 

[root@server rancher1.6.5]# docker load -i rancher_metadata_v0.9.2.tar 
[root@server rancher1.6.5]# docker tag    d46f30a656e0  10.0.0.137:5000/rancher/metadata:v0.9.2
[root@server rancher1.6.5]# docker push  10.0.0.137:5000/rancher/metadata:v0.9.2


rancher_scheduler_v0.8.2.tar 

[root@server rancher1.6.5]# docker load -i rancher_scheduler_v0.8.2.tar 
[root@server rancher1.6.5]# docker tag    690ef14a99b7   10.0.0.137:5000/rancher/scheduler:v0.8.2
[root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/scheduler:v0.8.2

image-20200708161355680

12. 启动rancher-server服务

[root@server rancher1.6.5]# docker run -d --restart=unless-stopped -p 8080:8080 rancher/server:v1.6.5
55c09a2bdab5b840ae4e274b1861e854748f0353b43153521b01f1f8bd540460

[root@server rancher1.6.5]# docker ps -a
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS                              NAMES
55c09a2bdab5        rancher/server:v1.6.5       "/usr/bin/entry /u..."   5 seconds ago       Up 4 seconds        3306/tcp, 0.0.0.0:8080->8080/tcp   relaxed_beaver
c965e5487b7d        docker.io/registry:latest   "/entrypoint.sh /e..."   11 minutes ago      Up 7 minutes        0.0.0.0:5000->5000/tcp             registry

13. 通过网页访问

  • Rancher-server的访问地址是server IP:8080

image-20200611210918312

将/opt/images/rancher1.6.5镜像全部上传load--->tag--->push
[root@server rancher1.6.5]# docker images
REPOSITORY                                TAG                 IMAGE ID            CREATED             SIZE
10.0.0.137:5000/rancher/server            v1.6.5              f89070da7581        22 months ago       985 MB
10.0.0.137:5000/rancher/scheduler         v0.8.2              690ef14a99b7        2 years ago         242 MB
10.0.0.137:5000/rancher/agent             v1.2.5              ef5fea38dbe6        2 years ago         237 MB
10.0.0.137:5000/rancher/network-manager   v0.7.4              787fc137ac53        2 years ago         249 MB
10.0.0.137:5000/rancher/metadata          v0.9.2              d46f30a656e0        2 years ago         252 MB
10.0.0.137:5000/rancher/net               v0.11.3             9495baae8faf        2 years ago         267 MB
10.0.0.137:5000/rancher/dns               v0.15.1             af5509fe436b        2 years ago         240 MB
10.0.0.137:5000/rancher/healthcheck       v0.3.1              10710b438de7        2 years ago         384 MB
10.0.0.137:5000/rancher/net               holder              665d9f6e8cc1        2 years ago         267 MB
10.0.0.137:5000/registry                  latest              c9bd19d022f6        3 years ago         33.3 MB
docker.io/registry                        latest              c9bd19d022f6        3 years ago         33.3 MB

14. Rancher 服务设置

进去之后选择右下方的语言,设置成中文;
系统管理->访问控制->选择LOCAL(本地)->登录用户名wangjingmao、全名wangjingmao、密码000000->点击启用本地验证

image-20200609195858041

系统管理->系统设置->点击我确认已经知道修改高级设置可能导致的问题->找到registry.default,添加10.0.0.137:5000(IP为server内网IP)->保存

image-20200609195946401

image-20200609194901972

 

 

  • 将所有镜像上传完之后,点击Default->环境管理->添加环境->名称Rancher、环境模板Cattle->创建

  • 点击Default切换到Rancher

  • 添加主机->设置client节点的IP(10.0.0.138),复制脚本在client节点执行

 

image-20200609194940543

 

 

# client节点执行脚本自动pull镜像
[root@client ~]# sudo docker run -e CATTLE_AGENT_IP="10.0.0.138"  --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.5 http://10.0.0.137:8080/v1/scripts/1E055DBBE42EF6CE70AA:1546214400000:vEBBODv17mJ31Gq78kQiIEKgVk
Unable to find image \'rancher/agent:v1.2.5\' locally
Trying to pull repository 10.0.0.137:5000/rancher/agent ... 
v1.2.5: Pulling from 10.0.0.137:5000/rancher/agent
c83208261473: Pull complete 
6e1a85c1d66a: Pull complete 
f1320ef45e20: Pull complete 
5a6ab6e6fbf6: Pull complete 
6fd240c27767: Pull complete 
e65de2d7811b: Pull complete 
69209ef84f12: Pull complete 
2f794cb0fa7b: Pull complete 
0f461936465b: Pull complete 
Digest: sha256:9a75552b1c3073349aed0ff75c578382b6ac9c9868a8a4029cc4da55e37b8151
Status: Downloaded newer image for 10.0.0.137:5000/rancher/agent:v1.2.5

INFO: Running Agent Registration Process, CATTLE_URL=http://10.0.0.137:8080/v1
INFO: Attempting to connect to: http://10.0.0.137:8080/v1
INFO: http://10.0.0.137:8080/v1 is accessible
INFO: Inspecting host capabilities
INFO: Boot2Docker: false
INFO: Host writable: true
INFO: Token: xxxxxxxx
INFO: Running registration
INFO: Printing Environment
INFO: ENV: CATTLE_ACCESS_KEY=64D9A9AD4C473D98DB84
INFO: ENV: CATTLE_AGENT_IP=10.0.0.138
INFO: ENV: CATTLE_HOME=/var/lib/cattle
INFO: ENV: CATTLE_REGISTRATION_ACCESS_KEY=registrationToken
INFO: ENV: CATTLE_REGISTRATION_SECRET_KEY=xxxxxxx
INFO: ENV: CATTLE_SECRET_KEY=xxxxxxx
INFO: ENV: CATTLE_URL=http://10.0.0.137:8080/v1
INFO: ENV: DETECTED_CATTLE_AGENT_IP=10.0.0.138
INFO: ENV: RANCHER_AGENT_IMAGE=rancher/agent:v1.2.5
INFO: Launched Rancher Agent: b24fefd92a34746f96d71cd5b4652a14dce37e82a241de6e873c689bcc7a1d23

# 切换到应用-基础设施,等待基础设施应用自动部署成功,如下图是基础设施应用部署成功的效果,

image-20200609195037396

 

 

15. 部署MySQL8.0数据库服务

cd ..
[root@server images]# docker load -i mysql_8.0.tar

[root@server images]# docker tag 26bd364f80bf 10.0.0.137:5000/mysql:8.0

[root@server images]# docker push 10.0.0.137:5000/mysql:8.0
The push refers to a repository [10.0.0.137:5000/mysql]
a5f2a9df13dd: Pushed 
4b0cb3e76d62: Pushed 
8c75b8d21905: Pushed 
2456590c0f90: Pushed 
22afc4412590: Pushed 
45fb4a2ab5eb: Pushed 
8b2d012e71d9: Pushed 
19aa284e9bf3: Pushed 
889744378e18: Pushed 
ae12d30e1dfc: Pushed 
4bcdffd70da2: Pushed 
8.0: digest: sha256:c6a388006b8f706b031279a0102c3b454d9cbee74390a84f3735769f3070d07b size: 2617

 

应用模板部署

16. 企业级Gogs应用部署

# 1.push gogs镜像
[root@server images]# docker load -i gogs_gogs_0.11.34.tar
[root@server images]# docker tag 290bc4df94f2 10.0.0.137:5000/gogs/gogs:0.11.34
[root@server images]# docker push 10.0.0.137:5000/gogs/gogs:0.11.34

# 2.push haproxy镜像
[root@server images]# docker load -i rancher_lb-service-haproxy_v0.7.9.tar
[root@server images]# docker tag 774f6505bd28 10.0.0.137:5000/rancher/lb-service-haproxy:v0.7.9
[root@server images]# docker push 10.0.0.137:5000/rancher/lb-service-haproxy:v0.7.9
 

17. 点击应用商店->全部->搜索Gogs应用->查看详情,将配置选项里的8080端口改为9093,Mysql Password密码为000000,然后点击启动

image-20200613165911306

image-20200613165859821

18. 下面Gogs部署设置,点击最下方的预览,查看具体的服务配置

image-20200609195430091

image-20200613173539312

19. 然后用client节点的IP加9090端口在浏览器中访问,输入密码,点击立即安装

image-20200609195534478

 

20. 然后打开一个新的标签页访问http://10.0.0.138:9090即可访问Gogs主页

PaaS平台运维

1.容器底层服务(2分)

1.容器底层服务(2分)
# 在容器server节点创建CPU控制的cgroup,名称为xiandian。假设存在进程号为8888的进程一直占用CPU,严重影响系统的正常运行。
# 在创建的cgroup中将此进程调用CPU的配额调整为30%。依次将操作命令及返回结果以文本形式提交到答题框。
mkdir -p /sys/fs/cgroup/cpu/xiandian
echo 30000 > /sys/fs/cgroup/cpu/xiandian/cpu.cfs_quota_us
echo 8888 > /sys/fs/cgroup/cpu/xiandian/tasks
cat /sys/fs/cgroup/cpu/xiandian/cpu.cfs_quota_us
30000
#在server节点使用nginx镜像创建一个名为xiandian的容器,只能使用0这个内核,镜像使用nginx:latest,并通过查看Cgroup相关文件查看内核使用情况,将以上操作命令及检查结果填入答题框。
[root@server images]#
[root@server images]# docker run -dit --name 1daoyun --cpuset-cpus="0" nginx:latest /bin/bash
6f377e734d407649f8c2703eb336a145a88cd78bdedc077ad1714872b6406514 
[root@server images]# cat /sys/fs/cgroup/cpuset/system.slice/docker-6f377e734d407649f8c2703eb336a145a88cd78bdedc077ad1714872b6406514.scope/cpuset.cpus
0

2.容器存储配置(3分)

2.容器存储配置(3分)
# (1)在容器server节点运行mysql:8.0镜像,设置数据库密码为xd_root,将server节点的13306端口映射到容器3306端口;
docker run -itdP -e MYSQL_ROOT_PASSWORD=xd_root -p 13306:3306  mysql:8.0
263509211cb33853360407fc76c422236e43506738a70b3c1a4d25b6bfd4c93c
# (2)进入容器创建名为xd_db的数据库,创建名为xiandian,密码为xd_pass的用户,设置此用户对xd_db数据库拥有所有权限和允许此用户远程访问;
docker ps -a 的第一个镜像id
[root@server rancher1.6.5]# docker exec -it ea60458029a8 /bin/bash
root@ea60458029a8:/# mysql -uroot -pxd_root
mysql> create database xd_db;
Query OK, 1 row affected (0.15 sec)

mysql> grant all privileges on xd_db.* to \'xiandian\'@\'%\'  identified by \'xd_pass\';
Query OK, 0 rows affected, 1 warning (0.02 sec)

# MySQL 赋予用户权限命令的简单格式
 grant 权限 on 数据库对象 to 用户

#(3)使用xiandian用户远程登录数据库并查询数据库内的数据库列表。
[root@Server ~]# docker exec -it ea60458029a8 /bin/bash
root@ea60458029a8:/# mysql -uxiandian -pxd_pass -h172.17.0.4 -e "show databases;"
mysql: [Warning] Using a password on the command line interface can be insecure. #报错是密码不安全
+--------------------+
| Database           |
+--------------------+
| information_schema |
| xd_db              |
+--------------------+
crt +p+q 退出

3.容器网络(2分)

3.容器网络(2分)
#(1)在容器server节点,使用docker命令创建名为xd_net的网络,网络网段为192.168.3.0/24,网关为192.168.3.1;
docker network create --subnet=192.168.3.0/24 --ip-range=192.168.3.0/24 --gateway=192.168.3.1 xd_net
6bd7080ec71615b7144161acd4bf83fe3c98f824cc06cf9e62f3e80ce8db5750

docker network ls  # 查询网络列表
NETWORK ID          NAME                DRIVER              SCOPE
c780a6066bcb        bridge              bridge              local               
bcc52d5172e3        host                host                local               
78c459bf4568        none                null                local               
6bd7080ec716        xd_net              bridge              local 
docker network inspect xd_net   # 查询此网络的详细信息
[
    {
        "Name": "xd_net",
        "Id": "6bd7080ec71615b7144161acd4bf83fe3c98f824cc06cf9e62f3e80ce8db5750",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.3.0/24",
                    "IPRange": "192.168.3.0/24",
                    "Gateway": "192.168.3.1"
                }
            ]
        },
        "Internal": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]
 
#(2)启动镜像为centos:latest、名为centos-xd、网络为xd_net的容器;
# 上传 centos 的镜像
load--->tag--->push
[root@Server images]# docker load -i centos_latest.tar
[root@Server images]# docker tag  ff426288ea90  192.168.100.10:5000/centos-xd
[root@Server images]# docker push  192.168.100.10:5000/centos-xd  
[root@Server images]# docker run -ditP --net=xd_net --name centos-xd centos-xd
#(3)使用inspect -f命令查询容器IP地址。
docker inspect -f \'{{.NetworkSettings.Networks.xd_net}}\' centos-xd

{<nil> [] [7267f14a3015] 762d4defafef4a5edd86f19752048e140bf293972f782465d9eb974087ec24df a466720c204c31101ff0b696c4eb44249e2f6cca0d73e8f3318f1a1de76d3f47 192.168.3.1 192.168.3.2 24   0 02:42:c0:a8:03:02}

 

4.容器构建(3分)

4.容器构建(3分)

# 在容器server节点,使用supermin5命令(若命令不存在,则自己安装)构建名为centos-7的centos7系统docker镜像,镜像预装yum、net-tools、initscripts和vi命令。构建完成后提交镜像至容器仓库,并查看此镜像。依次将操作命令及返回结果以文本形式提交到答题框。
[root@Server images]# yum install supermin5 supermin5-devel -y

[root@Server images]# supermin5 -v --prepare bash yum net-tools initscripts vi coreutils -o supermin.d

[root@Server images]# supermin5 -v --build --format chroot supermin.d -o appliance.d

[root@Server images]#echo 7 > appliance.d/etc/yum/vars/releasever

[root@Server images]#tar --numeric-owner -cpf centos-7.tar -C appliance.d .

[root@Server images]#cat centos-7.tar | docker import - 192.168.200.12:5000/centos-7
sha256:cb9effb750bd016112ade73b031646c3411229a998ef16721bc4e7d545687bd4

[root@Server images]#docker push 192.168.200.12:5000/centos-7:latest
The push refers to a repository [192.168.100.10:5000/centos-7]
21af50fef18c: Pushed 
latest: digest: sha256:29a028e0cc15518484f0b80c267b9f714b992fbda95b22a39e25bcffa037a94a size: 528

docker run -i -t --rm 192.168.200.12:5000/centos-7 /bin/bash     
	进入bash-4.2#

# cat /etc/redhat-release
Derived from Red Hat Enterprise Linux 7.1 (Source)

# docker images
REPOSITORY                                   TAG                 IMAGE ID            CREATED             SIZE
192.168.200.12:5000/centos-7                      latest              e40242986ac3        3 minutes ago       258.1 MB

 

5.Dockerfile编写(3分)

5.Dockerfile编写(3分)
# 以上题构建的centos-7镜像为基础,按以下要求构建http服务镜像http:v1.0:
# 删除镜像的yum源,使用当前系统的yum源文件;
# 完成后安装http服务;
# 暴露80端口。
# 使用cat命令查看Dockerfile文件并构建镜像。
[root@server ~]# mkdir docker_demo
[root@server ~]# cd docker_demo
[root@server nginx]# cat Dockerfile 
FROM 192.168.200.201:5000/centos-7:latest
MAINTAINER Xiandian
RUN rm -fv /etc/yum.repos.d/*
ADD local.repo /etc/yum.repos.d/
RUN yum install -y httpd
EXPOSE 80

PS: 
FROM 10.0.0.100:5000/centos-7
MAINTAINER myhttp "123@qq.com"
RUN rm -f /etc/yum.repos.d/*
RUN echo \'[centos]\' > /etc/yum.repos.d/docker.repo
RUN echo \'name=centos\' >> /etc/yum.repos.d/docker.repo
RUN echo \'baseurl=ftp://192.168.100.10/centos\' >> /etc/yum.repos.d/docker.repo
RUN echo \'gpgcheck=0\' >>/etc/yum.repos.d/docker.repo
RUN echo \'enabled=1\' >> /etc/yum.repos.d/docker.repo
RUN echo \'[docker]\' > /etc/yum.repos.d/docker.repo
RUN echo \'name=docker\' >> /etc/yum.repos.d/docker.repo
RUN echo \'baseurl=file:///opt/docker/docker\' >> /etc/yum.repos.d/docker.repo
RUN echo \'gpgcheck=0\' >> /etc/yum.repos.d/docker.repo
RUN echo \'enabled=1\' >> /etc/yum.repos.d/docker.repo
RUN yum clean all
EXPOSE 80
#以上题构建的centos-7镜像为基础,构建数据库镜像centos-mariadb:v1.0,其要求为:
cat Dockerfile  
#FROM 10.0.6.126:5000/centos-7 			镜像来自Centos-7
#MAINTAINER Xiandian 				   镜像的作者
#RUN rm -fv /etc/yum.repos.d/*       	删除镜像的本地yum源,
#ADD local.repo /etc/yum.repos.d/  		使用容器server节点的yum源文件;
#RUN yum install -y mariadb-server  	安装mariadb服务
#RUN mysql_install_db --user=mysql 		使用mysql用户初始化数据库;
#ENV LC_ALL en_US.UTF-8 			   数据库支持中文;
#ENV MYSQL_USER xiandian 			   设置MYSQL_USER=xiandian环境变量;
#ENV MYSQL_PASS xiandian 			   设置MYSQL_PASS=xiandian环境变量;
#EXPOSE 3306 						  暴露3306端口;
#CMD mysqld_safe 					  启动容器时能自动运行mysld_safe命令。

[root@server nginx]# docker build -t 192.168.200.201:5000/httpd:v1.0 .
[root@server nginx]# docker images
REPOSITORY                                                  TAG                 IMAGE ID            CREATED             SIZE
192.168.200.201:5000/httpd                                       v1.0                a41a37cb9467        6 minutes ago       554.2 MB

6.容器api(2分)

6.容器api(2分)
# 在容器server节点使用docker api 命令查询docker内所有容器

#编写docker文件 
vi /usr/lib/systemd/system/docker.service
# 在 ExecStart 行最后面加入以下内容
-H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock

[root@server docker_demo]# source /etc/sysconfig/docker
[root@server docker_demo]# vi /etc/sysconfig/docker
OPTIONS=\'--selinux-enabled --log-driver=journald --signature-verification=false  -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375\'
# 查看docker内所有容器
curl -X GET http://localhost:2375/containers/json?all=1

7.在 server 节点使用 netstat 命令查询仓库监听端口号,查询完毕后通过 lsof 命令(如命令不存在则手工安装)查询使用此端口号的进程

[root@server xiandian]# netstat -ntpl | grep docker	
[root@server xiandian]# yum install lsof -y
[root@server xiandian]# lsof -i:5000

8.在 server 节点通过 netstat 命令(如命令不存在则手工安装)查询 docker

镜像仓库 PID,使用 top 命令查询上一步查询到的 PID 的资源使用情况。

[root@client ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      941/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      821/master          
tcp6       0      0 :::22                   :::*                    LISTEN      941/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      821/master
[root@client ~]# top p 941

9.在 server 节点创建 memory 控制的 cgroup,名称为:xiandian,创建完成后将当前进程移动到这个 cgroup 中,通过 cat 相关命令查询 cgroup 中的进程

ID。

[root@server ~]# mkdir /sys/fs/cgroup/memory/xiandian -p
[root@server ~]# echo $$  /// 查询进程号
[root@server ~]# echo $$ > /sys/fs/cgroup/memory/xiandian/tasks 
[root@server ~]# cat /sys/fs/cgroup/memory/xiandian/tasks 
18737
18822
[root@server ~]# cat  /proc/52345/cgroup

 

10.查询docker registry 容器后几条日志

[root@server ~]# ls
[root@server ~]# docker ps
[root@server ~]# docker logs registry | tail -3

11.在 server 节点,查询rancher/server 容器的进程号,建立命名空间 \var\run\netns并与rancher/server 容器进行连接,通过ip netns 相关命令查询该容器的ip

[root@server ~]# docker ps -a   ///查询是否有运行的进程
[root@server ~]# docker inspect -f {{.State.Pid}} rancher  // 查询进程号ID
52520
[root@server ~]# mkdir -p /var/run/netns
[root@server ~]# ln -s /proc/52520/ns/net /var/run/netns/52520
[root@server ~]#ip netens exec 52520 ip addr list

12.在server节点查询当前cgroup的挂载情况

[root@server ~]# mount  -t cgroup

13.在server 节点创建目录,完成号启动镜像为nginx:latest的容器,并指定此目录为容器启动的数据卷,创建完成后通过inspect命令指定查看数据卷的情况。

[root@server ~]# docker rm -f nginx
[root@server ~]# mkdir -p  /opt/xiandian
[root@server ~]# docker run -dp --name nginx -v /opt/xiandian/:/opt nginx:latest
[root@server ~]# docker inspect -f {{.Mounts}} nginx

 

 

删除docker 标签

docker rmi -f [image]