Detail the Docker based service deployment process
- 2020-12-05 17:28:49
- OfStack
This summary covers the installation of ES1en-ES2en and ES3en-ES4en, the production of CentOS7 image, the construction of Docker private warehouse, the pulling of private image from CentOS7 private warehouse under es7EN6.7 environment, the operation of Docker container, the compatibility handling of CentOS6.5 and CentOS71 when they are shipped, etc.
1. Docker basic components and DevOps operation process
DockerImage: The Docker image is a read-only template for a running container.
DockerContainer: The Docker container is a standardized unit for running an application.
DockerRegistry: The Docker registry server is used to store images.
DockerEngine: The Docker engine is used to create, run, and manage containers on the host.
2. Docker installation and configuration
Since the Docker foreign site downloads slowly or cannot be downloaded normally, it needs to be updated to the foreign source before quick installation configuration. CentOS 6.5 Install ES41en-ES42en and CnetOS7 install ES44en-ES45en
# create docker Related directories
mkdir -p /data/docker
# The installation docker Run the necessary tools
sudo yum install -y yum-utilsdevice-mapper-persistent-data lvm2 crontabs
# increase docker Download warehouse, using Aliyun warehouse download, foreign sites download too slow
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum makecache fast
# The installation docker And testing docker Installation operation
sudo yum -y install docker-ce
docker version
systemctl enable docker.service
systemctl start docker.service
# configuration docker
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json<<-'EOF'
{"graph": "/data/docker"}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
3. Set up private Docker warehouse
dockerd Docker installation is completed the configuration files in/etc docker/daemon json, if there is no this file, you can manually create.
1. Install and configure registry image
pull docker the second version of registry, es68EN 1.6 above supports registry2
docker pull registry:2.6.0Or do not specify version, indicating version latest
docker pull registryConfigure ES77en. json to remove docker's default access to https, otherwise the following problems may occur:
[Get https://120.78.253.133:5000/v2/:http: server gave HTTP response to HTTPS client
]Open configuration file
vim /etc/docker/daemon.json
The contents are 1 json object, plus 1 item ES94en-ES95en, the address is changed by itself:
{
"insecure-registries":["192.168.1.78:5000"]
}
If the setting here is invalid, directly configure the service program as follows (add red font content) :
vim/usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry 172.18.3.242:5000
Restart docker
systemctl daemon-reload
systemctl restart docker
2. Start registry container without authentication
Uploaded to the private warehouse when the mirror is the default in/var lib registry/container, in order to prevent delete registry upload image has been deleted, so to enable a volume, will upload the image of persisted in our physical machine, saving location is/opt registry/here.
docker run -d --name registry -p5000:5000 --restart=always -v /opt/registry/:/var/lib/registry/ registry:2.6.0Test whether to start the container
curlhttp://192.168.1.78:5000/v2/_catalogIf the following information is returned, the startup is successful
{"repositories":["mynginx"]}
3. Private repository pushes and pulls private images
The test was uploaded to our own private registry, first renaming the mynginx image tag:
docker tag mynginx 192.168.1.78:5000/mynginxIt is important to note here that the renamed tag must have the prefix establishing 192.168.1.78:5000/ followed by mynginx, which is the new mirror name. The two names can be different. Then start push to the private registry warehouse we set up:
docker push 192.168.1.78:5000/mynginxDetect the push image and return the following results indicating that the push is normal.
curl http://192.168.1.78:5000/v2/_catalog
{"repositories":["mynginx"]}
Test private warehouse image pull pull, the local pull is as follows:
docker pull registry:2.6.0Other physical host pull private warehouse mirror, under the premise that install docker configuration/etc docker/daemon json file add insecure - registries, ip address oneself changes:
docker pull registry:2.6.0Then restart docker and execute pull. You can also upload the image
docker pull registry:2.6.0
4. Dockerfile creates service image
Dockfile is a script interpreted by the Docker program. Dockerfile consists of 1 instruction by 1 instruction, each instruction corresponds to 1 command under Linux. The Docker program translates these Dockerfile instructions into the real Linux commands. Dockerfile has its own written format and supported commands, and the Docker program resolves dependencies between these commands, similar to Makefile. The Docker program reads Dockerfile and generates a custom image based on the instruction. The obvious script, Dockerfile, is much more acceptable to users than the black box image, which clearly shows how image came about. With Dockerfile, when we need to customize our additional requirements, we just need to add or modify instructions on Dockerfile and regenerate image, saving the trouble of typing commands.
Create the image based on centos7. First pull the image of centos7.
docker pull centos7dockerfile for mirroring is shown below:
docker pull registry:2.6.0Compile to create image
docker pull registry:2.6.0Create a container
The program files and dockerfile are in the same 1 directory
docker create --name octmts3.0 -v/home/docker_oct/data:/home/mynginx/octmts/log -p 50000:50000 -p 50001:50001 -p50002:50002 octmts1.0Create container + run
docker run -id --net=host --nameoctmts2.0 -v /home/docker_oct/data:/home/mynginx/octmts/log -p 50000:5000octmts1.0When creating the CentOS7 container and using systemctl to run the service program in the background, we encountered the following problems:
[Failed to get D-Bus connection
]Solution (This solution is invalid under the host es231EN6.5 system and cannot be handled temporarily) :
docker create --privileged --net=host --nameoctmts3.0 -v /home/docker_oct/data:/home/mynginx/octmts/log -p 50000:50000 -p50001:50001 -p 50002:50002 octmts1.0 /usr/sbin/initor
docker run --privileged --net=host -id --nameoctmts3.0 -v /home/docker_oct/data:/home/mynginx/octmts/log -p 50000:5000octmts1.0 /usr/sbin/init
4. Compatibility problem of using private warehouse in CentOS6.5 system
When using the private warehouse in es246EN 6.5 system, the private image of pull failed due to the version problem. Docker 1.7.1 version of pull private image warehouse reported an error, V1, V2, etc. Docker 1.7 and Docker CE have different configuration file locations:
Docker 1.7 /etc/sysconfig/docker
Docker CE version USES/etc docker/daemon json
Using docker 1.7 If you want the mirror in pulldocker registry v2 or harbor, you need to configure insecure-ES278en if the CA certificate is not configured, and you need to add this parameter to the boot parameters of docker daemon. Configuration steps:
1. Docker 1.7 Solutions
1. Configure and save the DOCKER_OPTS parameter
docker pull registry:2.6.0(2) Modify the launch item
docker pull registry:2.6.03 Restart docker and verify the pull function
[root@123 ] # service docker restart(4) Other methods
Without so much effort, just modify the launcher, the principle and result are the same, and then restart dockerdaemon
docker pull registry:2.6.0
2. Docker CE version
Check for daemon/etc docker directory. json file, if there is no is created, or directly vi etc/docker/daemon json finish modify in: wq.
[root@123 ] # vi /etc/docker/daemon.json
## add
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries" : ["ip:port","ip:port"]
}
Restart the docker service when the addition is complete
service docker restart