先电云 Paas搭建及运维
server+client两个节点部署,1-5步骤在两个节点均要设置,不能遗漏
vi /etc/sysconfig/selinux
SELINUX=disabled
[root@server ~]# getenforce
Disabled
2. 关闭防火墙
setenforce 0
systemctl stop firewalld.service
systemctl disable firewalld.service
3.删除iptables防火墙规则
# 配置防火墙
# iptables –F //清除所有chains链(INPUT/OUTPUT/FORWARD)中所有的rule规则
# iptables –Z //清空所有chains链(INPUT/OUTPUT/FORWARD)中包及字节计数器
# iptables –X //清除用户自定义的chains链(INPUT/OUTPUT/FORWARD)中的rule规则
/usr/sbin/iptables-save
# service iptables save //保存修改的Iptables规则
# 配置selinux
修改配置文件 /etc/selinux/config
SELINUX=permissive //表示系统会收到警告讯息但是不会受到限制,作为selinux的debug模式用处
# 保存修改内容后退出
4. 修改系统内核
# 打开内核转发功能。
# 编辑配置文件/etc/sysctl.conf,将以下内容添加:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
# 修改完成后使用命令生效。
sysctl –p
上传镜像
分别删除源yum
rm -rf /etc/yum.repos.d/*
5.添加yum软件源
[root@registry ~]# cat /etc/yum.repos.d/yum.repo
[centos]
name=centos
baseurl=ftp://10.0.0.137/centos
gpgcheck=0
enabled=1
[docker]
name=iaas
baseurl=ftp://10.0.0.137/docker
gpgcheck=0
enabled=1
# 挂载并拷贝数据至/opt
[root@server mnt]# mount -o loop XianDian-PaaS-v2.2.iso /mnt/
[root@server mnt]# cp -rvf * /opt/
--------------------------------------------------------------------
# 更新yum源为aliyun源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y install vsftpd
vi /etc/vsftpd/vsftpd.conf
anon_root=/opt/
systemctl restart vsftpd systemctl enable vsftpd
6. 修改主机名,配置域名解析
# server节点:
[root@server ~]# hostnamectl set-hostname server
# client节点:
[root@client ~]# hostnamectl set-hostname client
[root@server ~]# cat /etc/hosts
10.0.0.137 server
10.0.0.138 client
[root@server ~]# ping client
PING client (10.0.0.138) 56(84) bytes of data.
64 bytes from client (10.0.0.138): icmp_seq=1 ttl=64 time=0.624 ms
64 bytes from client (10.0.0.138): icmp_seq=2 ttl=64 time=1.75 ms
64 bytes from client (10.0.0.138): icmp_seq=3 ttl=64 time=0.640 ms
[root@client ~]# ping server
PING server (10.0.0.137) 56(84) bytes of data.
64 bytes from server (10.0.0.137): icmp_seq=1 ttl=64 time=0.654 ms
64 bytes from server (10.0.0.137): icmp_seq=2 ttl=64 time=0.594 ms
64 bytes from server (10.0.0.137): icmp_seq=3 ttl=64 time=0.718 ms
# 配置DNS服务器地址
root@client ~]# vi /etc/resolv.conf
nameserver 114.114.114.114
nameserver 223.5.5.5
# 1. 检查内核
[root@localhost ~]# uname -a
# 2. 检查Device Mapper(存储驱动)
[root@localhost ~]# ls -l /sys/class/misc/device-mapper
ls: cannot access /sys/class/misc/device-mapper: No such file or directory
[root@localhost yum.repos.d]# sudo grep device-mapper /proc/devices
# 3. 以上检查说明没有安装Device Mapper,需要安装Device Mapper软件包如下:
[root@localhost yum.repos.d]# sudo yum install -y device-mapper
# 4. 加载Device Mapper模块
[root@localhost yum.repos.d]# sudo modprobe dm-mod
# 5. 验证Device Mapper安装
[root@localhost yum.repos.d]# ls -l /sys/class/misc/device-mapper
lrwxrwxrwx 1 root root 0 Dec 23 09:39 /sys/class/misc/device-mapper -> ../../devices/virtual/misc/device-mapper
# 6. 更新 系统
sudo yum update
部署服务
7. 安装docker
-
所有节点安装docker环境
1. 安装docker
[root@registry ~]# yum -y install docker-io
2. 启动docker
[root@localhost yum.repos.d]# systemctl restart docker.service
3. 开机启动Docker
[root@localhost yum.repos.d]# systemctl enable docker.service
4. 检查Docker是否正确安装
[root@localhost yum.repos.d]# docker info
====================================================================
5.配置镜像加速器并重启
国内访问 Docker Hub 有时会遇到困难,此时可以配置镜像加速器。国内很多云服务商都提供了加速器服务,例如:阿里云加速器、DaoCloud 加速器、灵雀云加速器。如这里使用DaoCloud 加速器
[root@client ~]# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://ef0cb1d0.m.daocloud.io
Success.
You need to restart docker to take effect: sudo systemctl restart docker
[root@client ~]# sudo systemctl restart docker
部署docker仓库
8. 上传仓库部署使用的镜像
[root@server ~]# cd /opt/images/rancher1.6.5 [root@server rancher1.6.5]# docker load -i registry_latest.tar
9. 启动仓库容器服务
# 1.启动基础仓库容器 [root@server rancher1.6.5]# docker run -d -p 5000:5000 --restart=always --name registry docker.io/registry:latest c965e5487b7d836541a5cc87779b9050cd5a708e1614f45116ffdc72adfa174c # 2.查看正在运行的容器 [root@server rancher1.6.5]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c965e5487b7d docker.io/registry:latest "/entrypoint.sh /e..." 26 seconds ago Up 24 seconds 0.0.0.0:5000->5000/tcp registry
10. 设置仓库地址
# PS:两个节点都做 vi /etc/sysconfig/docker 在最后添加: ADD_REGISTRY=\'--add-registry 10.0.0.137:5000\' INSECURE_REGISTRY=\'--insecure-registry 10.0.0.137:5000\' (注:IP为server节点IP) # 重启服务 systemctl daemon-reload systemctl restart docker docker info 查看docker的详细信息 Insecure Registries: 192.168.200.201:5000 127.0.0.0/8 Registries: 192.168.200.201:5000 (insecure), docker.io (secure) # server节点: [root@server rancher1.6.5]# REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/registry latest c9bd19d022f6 3 years ago 33.3 MB [root@server rancher1.6.5]# docker tag c9bd19d022f6 10.0.0.137:5000/registry:latest [root@server rancher1.6.5]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 10.0.0.137:5000/registry latest c9bd19d022f6 3 years ago 33.27 MB docker.io/registry latest c9bd19d022f6 3 years ago 33.27 MB [root@server rancher1.6.5]# docker push 10.0.0.137:5000/registry:latest The push refers to a repository [10.0.0.137:5000/registry] 9b728062fb6d: Pushed 481c807467a1: Pushed a049b9c716b3: Pushed d57f828d06ea: Pushed 011b303988d2: Pushed latest: digest: sha256:2fdff97736e7dd785a91ccddb6c2df4ad6664f7032e3d8f28f56d94f699a58f9 size: 1363 # 至此仓库就建立好了,我们需要将所有镜像全部推送到仓库中,提供给其他节点使用。
部署Rancher-Server服务
11. 上传rancher-server镜像
rancher_server_v1.6.5.tar [root@server rancher1.6.5]# docker load -i rancher_server_v1.6.5.tar [root@server rancher1.6.5]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE <none> <none> f89070da7581 22 months ago 985 MB 10.0.0.137:5000/registry latest c9bd19d022f6 3 years ago 33.3 MB docker.io/registry latest c9bd19d022f6 3 years ago 33.3 MB [root@server rancher1.6.5]# docker tag f89070da7581 10.0.0.137:5000/rancher/server:v1.6.5 [root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/server:v1.6.5 rancher_agent_v1.2.5.tar [root@Server rancher1.6.5]# docker load -i rancher_agent_v1.2.5.tar [root@server rancher1.6.5]# docker tag ef5fea38dbe6 10.0.0.137:5000/rancher/agent:v1.2.5 [root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/agent:v1.2.5 rancher_net_holder.tar [root@server rancher1.6.5]# docker load -i rancher_net_holder.tar [root@server rancher1.6.5]# docker tag 665d9f6e8cc1 10.0.0.137:5000/rancher/net:holder [root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/net:holder rancher_dns_v0.15.1.tar [root@server rancher1.6.5]# docker load -i rancher_dns_v0.15.1.tar [root@server rancher1.6.5]# docker tag af5509fe436b 10.0.0.137:5000/rancher/dns:v0.15.1 [root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/dns:v0.15.1 rancher-net_v0.11.3.tar [root@server rancher1.6.5]# docker load -i rancher-net_v0.11.3.tar [root@server rancher1.6.5]# docker tag 9495baae8faf 10.0.0.137:5000/rancher/net:v0.11.3 [root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/net:v0.11.3 rancher_healthcheck_v0.3.1.tar [root@server rancher1.6.5]# docker load -i rancher_healthcheck_v0.3.1.tar [root@server rancher1.6.5]# docker tag 10710b438de7 10.0.0.137:5000/rancher/healthcheck:v0.3.1 [root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/healthcheck:v0.3.1 rancher_network-manager_v0.7.4.tar [root@server rancher1.6.5]# docker load -i rancher_network-manager_v0.7.4.tar [root@server rancher1.6.5]# docker tag 787fc137ac53 10.0.0.137:5000/rancher/network-manager:v0.7.4 [root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/network-manager:v0.7.4 rancher_metadata_v0.9.2.tar [root@server rancher1.6.5]# docker load -i rancher_metadata_v0.9.2.tar [root@server rancher1.6.5]# docker tag d46f30a656e0 10.0.0.137:5000/rancher/metadata:v0.9.2 [root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/metadata:v0.9.2 rancher_scheduler_v0.8.2.tar [root@server rancher1.6.5]# docker load -i rancher_scheduler_v0.8.2.tar [root@server rancher1.6.5]# docker tag 690ef14a99b7 10.0.0.137:5000/rancher/scheduler:v0.8.2 [root@server rancher1.6.5]# docker push 10.0.0.137:5000/rancher/scheduler:v0.8.2
12. 启动rancher-server服务
[root@server rancher1.6.5]# docker run -d --restart=unless-stopped -p 8080:8080 rancher/server:v1.6.5 55c09a2bdab5b840ae4e274b1861e854748f0353b43153521b01f1f8bd540460 [root@server rancher1.6.5]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 55c09a2bdab5 rancher/server:v1.6.5 "/usr/bin/entry /u..." 5 seconds ago Up 4 seconds 3306/tcp, 0.0.0.0:8080->8080/tcp relaxed_beaver c965e5487b7d docker.io/registry:latest "/entrypoint.sh /e..." 11 minutes ago Up 7 minutes 0.0.0.0:5000->5000/tcp registry
13. 通过网页访问
-
Rancher-server的访问地址是server IP:8080
将/opt/images/rancher1.6.5镜像全部上传load--->tag--->push
[root@server rancher1.6.5]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 10.0.0.137:5000/rancher/server v1.6.5 f89070da7581 22 months ago 985 MB 10.0.0.137:5000/rancher/scheduler v0.8.2 690ef14a99b7 2 years ago 242 MB 10.0.0.137:5000/rancher/agent v1.2.5 ef5fea38dbe6 2 years ago 237 MB 10.0.0.137:5000/rancher/network-manager v0.7.4 787fc137ac53 2 years ago 249 MB 10.0.0.137:5000/rancher/metadata v0.9.2 d46f30a656e0 2 years ago 252 MB 10.0.0.137:5000/rancher/net v0.11.3 9495baae8faf 2 years ago 267 MB 10.0.0.137:5000/rancher/dns v0.15.1 af5509fe436b 2 years ago 240 MB 10.0.0.137:5000/rancher/healthcheck v0.3.1 10710b438de7 2 years ago 384 MB 10.0.0.137:5000/rancher/net holder 665d9f6e8cc1 2 years ago 267 MB 10.0.0.137:5000/registry latest c9bd19d022f6 3 years ago 33.3 MB docker.io/registry latest c9bd19d022f6 3 years ago 33.3 MB
14. Rancher 服务设置
进去之后选择右下方的语言,设置成中文; 系统管理->访问控制->选择LOCAL(本地)->登录用户名wangjingmao、全名wangjingmao、密码000000->点击启用本地验证
系统管理->系统设置->点击我确认已经知道修改高级设置可能导致的问题->找到registry.default,添加10.0.0.137:5000(IP为server内网IP)->保存
-
将所有镜像上传完之后,点击Default->环境管理->添加环境->名称Rancher、环境模板Cattle->创建
-
点击Default切换到Rancher
-
添加主机->设置client节点的IP(10.0.0.138),复制脚本在client节点执行
# client节点执行脚本自动pull镜像 [root@client ~]# sudo docker run -e CATTLE_AGENT_IP="10.0.0.138" --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.5 http://10.0.0.137:8080/v1/scripts/1E055DBBE42EF6CE70AA:1546214400000:vEBBODv17mJ31Gq78kQiIEKgVk Unable to find image \'rancher/agent:v1.2.5\' locally Trying to pull repository 10.0.0.137:5000/rancher/agent ... v1.2.5: Pulling from 10.0.0.137:5000/rancher/agent c83208261473: Pull complete 6e1a85c1d66a: Pull complete f1320ef45e20: Pull complete 5a6ab6e6fbf6: Pull complete 6fd240c27767: Pull complete e65de2d7811b: Pull complete 69209ef84f12: Pull complete 2f794cb0fa7b: Pull complete 0f461936465b: Pull complete Digest: sha256:9a75552b1c3073349aed0ff75c578382b6ac9c9868a8a4029cc4da55e37b8151 Status: Downloaded newer image for 10.0.0.137:5000/rancher/agent:v1.2.5 INFO: Running Agent Registration Process, CATTLE_URL=http://10.0.0.137:8080/v1 INFO: Attempting to connect to: http://10.0.0.137:8080/v1 INFO: http://10.0.0.137:8080/v1 is accessible INFO: Inspecting host capabilities INFO: Boot2Docker: false INFO: Host writable: true INFO: Token: xxxxxxxx INFO: Running registration INFO: Printing Environment INFO: ENV: CATTLE_ACCESS_KEY=64D9A9AD4C473D98DB84 INFO: ENV: CATTLE_AGENT_IP=10.0.0.138 INFO: ENV: CATTLE_HOME=/var/lib/cattle INFO: ENV: CATTLE_REGISTRATION_ACCESS_KEY=registrationToken INFO: ENV: CATTLE_REGISTRATION_SECRET_KEY=xxxxxxx INFO: ENV: CATTLE_SECRET_KEY=xxxxxxx INFO: ENV: CATTLE_URL=http://10.0.0.137:8080/v1 INFO: ENV: DETECTED_CATTLE_AGENT_IP=10.0.0.138 INFO: ENV: RANCHER_AGENT_IMAGE=rancher/agent:v1.2.5 INFO: Launched Rancher Agent: b24fefd92a34746f96d71cd5b4652a14dce37e82a241de6e873c689bcc7a1d23 # 切换到应用-基础设施,等待基础设施应用自动部署成功,如下图是基础设施应用部署成功的效果,
15. 部署MySQL8.0数据库服务
cd .. [root@server images]# docker load -i mysql_8.0.tar [root@server images]# docker tag 26bd364f80bf 10.0.0.137:5000/mysql:8.0 [root@server images]# docker push 10.0.0.137:5000/mysql:8.0 The push refers to a repository [10.0.0.137:5000/mysql] a5f2a9df13dd: Pushed 4b0cb3e76d62: Pushed 8c75b8d21905: Pushed 2456590c0f90: Pushed 22afc4412590: Pushed 45fb4a2ab5eb: Pushed 8b2d012e71d9: Pushed 19aa284e9bf3: Pushed 889744378e18: Pushed ae12d30e1dfc: Pushed 4bcdffd70da2: Pushed 8.0: digest: sha256:c6a388006b8f706b031279a0102c3b454d9cbee74390a84f3735769f3070d07b size: 2617
应用模板部署
16. 企业级Gogs应用部署
# 1.push gogs镜像 [root@server images]# docker load -i gogs_gogs_0.11.34.tar [root@server images]# docker tag 290bc4df94f2 10.0.0.137:5000/gogs/gogs:0.11.34 [root@server images]# docker push 10.0.0.137:5000/gogs/gogs:0.11.34 # 2.push haproxy镜像 [root@server images]# docker load -i rancher_lb-service-haproxy_v0.7.9.tar [root@server images]# docker tag 774f6505bd28 10.0.0.137:5000/rancher/lb-service-haproxy:v0.7.9 [root@server images]# docker push 10.0.0.137:5000/rancher/lb-service-haproxy:v0.7.9
17. 点击应用商店->全部->搜索Gogs应用->查看详情,将配置选项里的8080端口改为9093,Mysql Password密码为000000,然后点击启动
18. 下面Gogs部署设置,点击最下方的预览,查看具体的服务配置
19. 然后用client节点的IP加9090端口在浏览器中访问,输入密码,点击立即安装
20. 然后打开一个新的标签页访问http://10.0.0.138:9090即可访问Gogs主页
PaaS平台运维
1.容器底层服务(2分)
1.容器底层服务(2分) # 在容器server节点创建CPU控制的cgroup,名称为xiandian。假设存在进程号为8888的进程一直占用CPU,严重影响系统的正常运行。 # 在创建的cgroup中将此进程调用CPU的配额调整为30%。依次将操作命令及返回结果以文本形式提交到答题框。 mkdir -p /sys/fs/cgroup/cpu/xiandian echo 30000 > /sys/fs/cgroup/cpu/xiandian/cpu.cfs_quota_us echo 8888 > /sys/fs/cgroup/cpu/xiandian/tasks cat /sys/fs/cgroup/cpu/xiandian/cpu.cfs_quota_us 30000 #在server节点使用nginx镜像创建一个名为xiandian的容器,只能使用0这个内核,镜像使用nginx:latest,并通过查看Cgroup相关文件查看内核使用情况,将以上操作命令及检查结果填入答题框。 [root@server images]# [root@server images]# docker run -dit --name 1daoyun --cpuset-cpus="0" nginx:latest /bin/bash 6f377e734d407649f8c2703eb336a145a88cd78bdedc077ad1714872b6406514 [root@server images]# cat /sys/fs/cgroup/cpuset/system.slice/docker-6f377e734d407649f8c2703eb336a145a88cd78bdedc077ad1714872b6406514.scope/cpuset.cpus 0
2.容器存储配置(3分)
2.容器存储配置(3分) # (1)在容器server节点运行mysql:8.0镜像,设置数据库密码为xd_root,将server节点的13306端口映射到容器3306端口; docker run -itdP -e MYSQL_ROOT_PASSWORD=xd_root -p 13306:3306 mysql:8.0 263509211cb33853360407fc76c422236e43506738a70b3c1a4d25b6bfd4c93c # (2)进入容器创建名为xd_db的数据库,创建名为xiandian,密码为xd_pass的用户,设置此用户对xd_db数据库拥有所有权限和允许此用户远程访问; docker ps -a 的第一个镜像id [root@server rancher1.6.5]# docker exec -it ea60458029a8 /bin/bash root@ea60458029a8:/# mysql -uroot -pxd_root mysql> create database xd_db; Query OK, 1 row affected (0.15 sec) mysql> grant all privileges on xd_db.* to \'xiandian\'@\'%\' identified by \'xd_pass\'; Query OK, 0 rows affected, 1 warning (0.02 sec) # MySQL 赋予用户权限命令的简单格式 grant 权限 on 数据库对象 to 用户 #(3)使用xiandian用户远程登录数据库并查询数据库内的数据库列表。 [root@Server ~]# docker exec -it ea60458029a8 /bin/bash root@ea60458029a8:/# mysql -uxiandian -pxd_pass -h172.17.0.4 -e "show databases;" mysql: [Warning] Using a password on the command line interface can be insecure. #报错是密码不安全 +--------------------+ | Database | +--------------------+ | information_schema | | xd_db | +--------------------+ crt +p+q 退出
3.容器网络(2分)
3.容器网络(2分)
#(1)在容器server节点,使用docker命令创建名为xd_net的网络,网络网段为192.168.3.0/24,网关为192.168.3.1;
docker network create --subnet=192.168.3.0/24 --ip-range=192.168.3.0/24 --gateway=192.168.3.1 xd_net
6bd7080ec71615b7144161acd4bf83fe3c98f824cc06cf9e62f3e80ce8db5750
docker network ls # 查询网络列表
NETWORK ID NAME DRIVER SCOPE
c780a6066bcb bridge bridge local
bcc52d5172e3 host host local
78c459bf4568 none null local
6bd7080ec716 xd_net bridge local
docker network inspect xd_net # 查询此网络的详细信息
[
{
"Name": "xd_net",
"Id": "6bd7080ec71615b7144161acd4bf83fe3c98f824cc06cf9e62f3e80ce8db5750",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.3.0/24",
"IPRange": "192.168.3.0/24",
"Gateway": "192.168.3.1"
}
]
},
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
#(2)启动镜像为centos:latest、名为centos-xd、网络为xd_net的容器;
# 上传 centos 的镜像
load--->tag--->push
[root@Server images]# docker load -i centos_latest.tar
[root@Server images]# docker tag ff426288ea90 192.168.100.10:5000/centos-xd
[root@Server images]# docker push 192.168.100.10:5000/centos-xd
[root@Server images]# docker run -ditP --net=xd_net --name centos-xd centos-xd
#(3)使用inspect -f命令查询容器IP地址。
docker inspect -f \'{{.NetworkSettings.Networks.xd_net}}\' centos-xd
{<nil> [] [7267f14a3015] 762d4defafef4a5edd86f19752048e140bf293972f782465d9eb974087ec24df a466720c204c31101ff0b696c4eb44249e2f6cca0d73e8f3318f1a1de76d3f47 192.168.3.1 192.168.3.2 24 0 02:42:c0:a8:03:02}
4.容器构建(3分)
4.容器构建(3分) # 在容器server节点,使用supermin5命令(若命令不存在,则自己安装)构建名为centos-7的centos7系统docker镜像,镜像预装yum、net-tools、initscripts和vi命令。构建完成后提交镜像至容器仓库,并查看此镜像。依次将操作命令及返回结果以文本形式提交到答题框。 [root@Server images]# yum install supermin5 supermin5-devel -y [root@Server images]# supermin5 -v --prepare bash yum net-tools initscripts vi coreutils -o supermin.d [root@Server images]# supermin5 -v --build --format chroot supermin.d -o appliance.d [root@Server images]#echo 7 > appliance.d/etc/yum/vars/releasever [root@Server images]#tar --numeric-owner -cpf centos-7.tar -C appliance.d . [root@Server images]#cat centos-7.tar | docker import - 192.168.200.12:5000/centos-7 sha256:cb9effb750bd016112ade73b031646c3411229a998ef16721bc4e7d545687bd4 [root@Server images]#docker push 192.168.200.12:5000/centos-7:latest The push refers to a repository [192.168.100.10:5000/centos-7] 21af50fef18c: Pushed latest: digest: sha256:29a028e0cc15518484f0b80c267b9f714b992fbda95b22a39e25bcffa037a94a size: 528 docker run -i -t --rm 192.168.200.12:5000/centos-7 /bin/bash 进入bash-4.2# # cat /etc/redhat-release Derived from Red Hat Enterprise Linux 7.1 (Source) # docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.200.12:5000/centos-7 latest e40242986ac3 3 minutes ago 258.1 MB
5.Dockerfile编写(3分)
5.Dockerfile编写(3分) # 以上题构建的centos-7镜像为基础,按以下要求构建http服务镜像http:v1.0: # 删除镜像的yum源,使用当前系统的yum源文件; # 完成后安装http服务; # 暴露80端口。 # 使用cat命令查看Dockerfile文件并构建镜像。 [root@server ~]# mkdir docker_demo [root@server ~]# cd docker_demo [root@server nginx]# cat Dockerfile FROM 192.168.200.201:5000/centos-7:latest MAINTAINER Xiandian RUN rm -fv /etc/yum.repos.d/* ADD local.repo /etc/yum.repos.d/ RUN yum install -y httpd EXPOSE 80 PS: FROM 10.0.0.100:5000/centos-7 MAINTAINER myhttp "123@qq.com" RUN rm -f /etc/yum.repos.d/* RUN echo \'[centos]\' > /etc/yum.repos.d/docker.repo RUN echo \'name=centos\' >> /etc/yum.repos.d/docker.repo RUN echo \'baseurl=ftp://192.168.100.10/centos\' >> /etc/yum.repos.d/docker.repo RUN echo \'gpgcheck=0\' >>/etc/yum.repos.d/docker.repo RUN echo \'enabled=1\' >> /etc/yum.repos.d/docker.repo RUN echo \'[docker]\' > /etc/yum.repos.d/docker.repo RUN echo \'name=docker\' >> /etc/yum.repos.d/docker.repo RUN echo \'baseurl=file:///opt/docker/docker\' >> /etc/yum.repos.d/docker.repo RUN echo \'gpgcheck=0\' >> /etc/yum.repos.d/docker.repo RUN echo \'enabled=1\' >> /etc/yum.repos.d/docker.repo RUN yum clean all EXPOSE 80 #以上题构建的centos-7镜像为基础,构建数据库镜像centos-mariadb:v1.0,其要求为: cat Dockerfile #FROM 10.0.6.126:5000/centos-7 镜像来自Centos-7 #MAINTAINER Xiandian 镜像的作者 #RUN rm -fv /etc/yum.repos.d/* 删除镜像的本地yum源, #ADD local.repo /etc/yum.repos.d/ 使用容器server节点的yum源文件; #RUN yum install -y mariadb-server 安装mariadb服务 #RUN mysql_install_db --user=mysql 使用mysql用户初始化数据库; #ENV LC_ALL en_US.UTF-8 数据库支持中文; #ENV MYSQL_USER xiandian 设置MYSQL_USER=xiandian环境变量; #ENV MYSQL_PASS xiandian 设置MYSQL_PASS=xiandian环境变量; #EXPOSE 3306 暴露3306端口; #CMD mysqld_safe 启动容器时能自动运行mysld_safe命令。 [root@server nginx]# docker build -t 192.168.200.201:5000/httpd:v1.0 . [root@server nginx]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.200.201:5000/httpd v1.0 a41a37cb9467 6 minutes ago 554.2 MB
6.容器api(2分)
6.容器api(2分) # 在容器server节点使用docker api 命令查询docker内所有容器 #编写docker文件 vi /usr/lib/systemd/system/docker.service # 在 ExecStart 行最后面加入以下内容 -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock [root@server docker_demo]# source /etc/sysconfig/docker [root@server docker_demo]# vi /etc/sysconfig/docker OPTIONS=\'--selinux-enabled --log-driver=journald --signature-verification=false -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375\' # 查看docker内所有容器 curl -X GET http://localhost:2375/containers/json?all=1
7.在 server 节点使用 netstat 命令查询仓库监听端口号,查询完毕后通过 lsof 命令(如命令不存在则手工安装)查询使用此端口号的进程
[root@server xiandian]# netstat -ntpl | grep docker [root@server xiandian]# yum install lsof -y [root@server xiandian]# lsof -i:5000
8.在 server 节点通过 netstat 命令(如命令不存在则手工安装)查询 docker
镜像仓库 PID,使用 top 命令查询上一步查询到的 PID 的资源使用情况。
[root@client ~]# netstat -ntpl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 941/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 821/master tcp6 0 0 :::22 :::* LISTEN 941/sshd tcp6 0 0 ::1:25 :::* LISTEN 821/master [root@client ~]# top p 941
9.在 server 节点创建 memory 控制的 cgroup,名称为:xiandian,创建完成后将当前进程移动到这个 cgroup 中,通过 cat 相关命令查询 cgroup 中的进程
ID。
[root@server ~]# mkdir /sys/fs/cgroup/memory/xiandian -p [root@server ~]# echo $$ /// 查询进程号 [root@server ~]# echo $$ > /sys/fs/cgroup/memory/xiandian/tasks [root@server ~]# cat /sys/fs/cgroup/memory/xiandian/tasks 18737 18822 [root@server ~]# cat /proc/52345/cgroup
10.查询docker registry 容器后几条日志
[root@server ~]# ls [root@server ~]# docker ps [root@server ~]# docker logs registry | tail -3
11.在 server 节点,查询rancher/server 容器的进程号,建立命名空间 \var\run\netns并与rancher/server 容器进行连接,通过ip netns 相关命令查询该容器的ip
[root@server ~]# docker ps -a ///查询是否有运行的进程
[root@server ~]# docker inspect -f {{.State.Pid}} rancher // 查询进程号ID
52520
[root@server ~]# mkdir -p /var/run/netns
[root@server ~]# ln -s /proc/52520/ns/net /var/run/netns/52520
[root@server ~]#ip netens exec 52520 ip addr list
12.在server节点查询当前cgroup的挂载情况
[root@server ~]# mount -t cgroup
13.在server 节点创建目录,完成号启动镜像为nginx:latest的容器,并指定此目录为容器启动的数据卷,创建完成后通过inspect命令指定查看数据卷的情况。
[root@server ~]# docker rm -f nginx
[root@server ~]# mkdir -p /opt/xiandian
[root@server ~]# docker run -dp --name nginx -v /opt/xiandian/:/opt nginx:latest
[root@server ~]# docker inspect -f {{.Mounts}} nginx
删除docker 标签
docker rmi -f [image]
