docker孤立卷 | 数据卷容器-静态数据 | 私有仓库 | DOCKER-COMPOSE整合服务实现负载均衡 | SWARM集群及负载均衡应用,可视化监控

孤立卷

如果不指定挂载地点,那么默认挂载点在哪?

示例一

[root@28 ~]# docker run -it --name vm1 -v /data1 ubuntu

我们可以用df和mount命令查看

[root@28 ~]# docker inspect vm1 | grep vol

                "Type": "volume",

                "Source": "/var/lib/docker/volumes/2aaeb29bdcb93026012c49f895224b38c51a03b857e5021284bdf9511c97114c/_data",

其实挂载在真机的此目录下

[root@28 ~]# cd /var/lib/docker/volumes/2aaeb29bdcb93026012c49f895224b38c51a03b857e5021284bdf9511c97114c/_data

[root@28 _data]# ls

[root@28 _data]# cp /etc/passwd .    # 上传文件到此目录

[root@28 _data]# ls

passwd

root@7d268de7b7ac:/# cd /data1/

root@7d268de7b7ac:/data1# ls

passwd    # 指定挂载点有此文件

示例二:

[root@28 ~]# docker run -d --name vm2 -v /usr/share/nginx/html nginx

937f47c7f94c8f6bfc632f6cd9edae533038d636f1c1802c92c768d376520677

[root@28 ~]# docker inspect vm2 | grep vol

                "Type": "volume",

                "Source": "/var/lib/docker/volumes/722f5438c70d18523fbb4bf50b569652ca20356f64f21e763753d6b5c6b8033c/_data",

[root@28 ~]# cd /var/lib/docker/volumes/722f5438c70d18523fbb4bf50b569652ca20356f64f21e763753d6b5c6b8033c/_data

[root@28 _data]# ls    # 这是默认发布目录

50x.html  index.html

如果我们停掉这个容器

[root@28 _data]# docker stop vm2

vm2

[root@28 _data]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES

937f47c7f94c        nginx               "nginx -g 'daemon ..."   3 minutes ago       Exited (0) 7 seconds ago                       vm2

7d268de7b7ac        ubuntu              "/bin/bash"              18 minutes ago      Up 18 minutes                                  vm1

[root@28 ~]# cd /var/lib/docker/volumes/722f5438c70d18523fbb4bf50b569652ca20356f64f21e763753d6b5c6b8033c/_data

[root@28 _data]# ls   # 静态数据还在

50x.html  index.html

这些已经被停掉的服务占用的数据卷就叫做孤立卷,这些卷需要手动删除,必须要先删除服务,然后才能删除数据卷

[root@28 ~]# docker rm -f vm2

vm2

[root@28 ~]# docker volume rm 722f5438c70d18523fbb4bf50b569652ca20356f64f21e763753d6b5c6b8033c

722f5438c70d18523fbb4bf50b569652ca20356f64f21e763753d6b5c6b8033c

或者使用-v参数

 -v, --volumes   Remove the volumes associated with the container

[root@28 ~]# docker rm -vf vm1

vm1

[root@28 ~]# docker volume ls

DRIVER              VOLUME NAME

local               2f3dafb40d7b6d34761fd1edc66bf7269a16d6b78b6229377aca4cc1ff0f7f77

local               cc354578cccef91c06444a01fa4cfa16062d0e02221b9435589ce0ecffcc5373

删除这些的孤立卷

[root@28 ~]# docker volume rm `docker volume ls -q`

2f3dafb40d7b6d34761fd1edc66bf7269a16d6b78b6229377aca4cc1ff0f7f77

cc354578cccef91c06444a01fa4cfa16062d0e02221b9435589ce0ecffcc5373

 

数据卷容器---静态数据

1,创建Dockerfile

[root@foundation28 docker]# pwd

/tmp/docker

[root@foundation28 docker]# cd test/

[root@foundation28 test]# vim Dockerfile

FROM rhel7

ADD html.tar /usr/share

VOLUME [“/usr/share/nginx/html”]  

# VOLUME 将apache 访问的日志数据存储到宿主机可以访问的数据卷中

# ADD 命令支持添加本地的 tar 压缩包到容器中指定目录,压缩包会被自动解压为目录

2,创建tar包

[root@foundation28 test]# mkdir nginx

[root@foundation28 test]# cd nginx/

[root@foundation28 nginx]# echo www.westos.org > index.html # 建立index.html

[root@foundation28 nginx]# ls

index.html

[root@foundation28 nginx]# cd ..

[root@foundation28 test]# tar cf html.tar nginx/  

[root@foundation28 test]# tar tf html.tar  # -t 用分档形式列出文件内容

nginx/

nginx/html/

nginx/html/index.html

3,生成镜像

[root@foundation28 test]# docker build -t rhel7:v4 .  # 注意路径

5,创建一个数据卷容器vol

[root@foundation28 test]# docker create --name vol rhel7:v4 bash

# 这个bash可以不加,因为对于一个数据卷容器来说,不进行数据的修改,不用bash交互操作

6,应用,这个vol是一个静态的封装好的容器,一旦生成就不要修改,这个数据卷可以供其他的很多容器使用,只需要在创建时用--volumes-from

[root@foundation28 test]# docker run -d --name vm1 --volumes-from vol nginx

8034f9b5b64ec63e25fae16c5f16fa5fe0c92a444444cb18dd2eb3330bf9787c

7,测试

[root@foundation28 test]# curl 172.17.0.2

www.westos.org

 

私有仓库

1,建立用户认证目录目录,创建用户

[root@foundation28 ~]# cd /tmp/docker/

[root@foundation28 docker]# mkdir auth

[root@foundation28 docker]# cd auth/

[root@foundation28 docker]# docker run --entrypoint htpasswd registry:2.3.1 -Bbn zm westos  > auth/htpasswd   # 这里>表示重定向,如果还要添加,需要用>>,否则会覆盖之前的

--entrypoint 覆盖镜像默认的ENTRYPOINT,之前我们说过,ENTRYPOINT是不可以被覆盖的,如果实在要覆盖需要使用此参数

-B 强制密码加密

-b 使用命令行中的密码而不是提示输入密码

-n 不更新加密文件,只将加密后的用户名密码显示在屏幕上

-m:默认采用MD5算法对密码进行加密

[root@foundation28 docker]# cat auth/htpasswd

zm:$2y$05$SgzB4hTwhwxgWj2UcNU15eIN63MPTp06C0utgRsSLplvDFrB1bDcy

[root@foundation28 docker]# docker run --entrypoint htpasswd registry:2.3.1 -Bbn redhat westos  >> auth/htpasswd

[root@foundation28 docker]# cat auth/htpasswd

zm:$2y$05$SgzB4hTwhwxgWj2UcNU15eIN63MPTp06C0utgRsSLplvDFrB1bDcy

redhat:$2y$05$zfb1S921.PG0DUNCVsPpF.2FoLEsW7IBx/8Lr311zLy/qblPgP1/i

2,创建私有仓库

[root@foundation28 docker]# pwd

/tmp/docker

[root@foundation28 docker]# docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -p 443:443 registry:2.3.1

certs下是获取的密钥和证书

-e 表示设置环境变量

dcbc104556debe7c7c35a141568b6763dc39ddf8df58d872af7e59460fe2ab7c

[root@foundation28 docker]# docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                            NAMES

dcbc104556de        registry:2.3.1      "/bin/registry /et..."   8 seconds ago       Up 6 seconds        0.0.0.0:443->443/tcp, 5000/tcp   registry

3,测试,用密钥登录

westos.org需要提前做好解析

[root@foundation28 ~]# docker login -u zm -p westos westos.org

Login Succeeded

[root@foundation28 ~]# cd .docker/

[root@foundation28 .docker]# ls

config.json

[root@foundation28 .docker]# cat config.json

{

       "auths": {

              "westos.org": {

                     "auth": "em06d2VzdG9z"

              }

       }

}

4,测试上传镜像

[root@foundation28 .docker]# docker push westos.org/nginx

 

DOCKER-COMPOSE整合服务实现负载均衡

服务(service):一个应用容器,实际上可以运行多个相同镜像的实例。Compose 面向项目进行管理

haproxy调度apache和nginx

首先建立apache镜像(Dockerfile生成)和nginx镜像

apache rhel7:v1

1,建立整合.yml文件

[root@foundation28 ~]# docker rm -f `docker ps -aq`

[root@foundation28 ~]# cd /tmp/docker/

[root@foundation28 docker]# make compose/

[root@foundation28 compose]# cat docker-compose.yml

apache:

    image: rhel7:v1  # 如果没有镜像,需要搭建

    expose:

        - 80

    volumes:

        - ./web:/var/www/html   # 这个目录必须要有,默认发布目录挂载点



nginx:

    image: nginx

    expose:

        - 80      # nginx有自己的默认发布页面

haproxy:

    image: haproxy

    volumes:

        - ./haproxy:/usr/local/etc/haproxy   # 做负载均衡需要修改配置文件,我们直接挂载,方便修改

    links:

        - apache  # 整合

        - nginx

    ports:

        - "8080:80"  # 暴露80端口,把容器的80端口映射为真机的8080端口,不做映射也行,需要关闭真机的nginx或httpd服务,防止端口冲突

    expose:

        - 80

2,导入haproxy包,创建调度文件haproxy.cfg

[root@foundation28 compose]# docker load -i /var/ftp/pub/haproxy.tar

[root@foundation28 compose]# mkdir web

[root@foundation28 compose]# cp ../web/index.html web/

[root@foundation28 compose]# mkdir haproxy

[root@foundation28 compose]# ls

docker-compose.yml  haproxy  web

[root@foundation28 compose]# cd haproxy

[root@foundation28 haproxy]# vim haproxy.cfg

[root@foundation28 haproxy]# cat haproxy.cfg

global

       log 127.0.0.1 local0

       log 127.0.0.1 local1 notice

defaults

       log global

       mode http

       option httplog

       option dontlognull

       timeout connect 5000ms

       timeout client 50000ms

       timeout server 50000ms

       stats uri /status

frontend balancer

       bind 0.0.0.0:80

       default_backend web_backends

backend web_backends

       balance roundrobin

       server web1 apache:80 check 

       server web2 nginx:80 check

# 注意:之前我们写调度器写的是ip或者域名,这里我们要写实例名,yml文件中定义的,这就是容器之前的通信

3,docker-compose整合管理

获取二进制文件并赋予可执行权限,做软链接(/user/local/bin)

必须在compose目录下执行此命令

[root@foundation28 compose]# docker-compose up  # 整合输出所有容器的输出

Starting compose_nginx_1    ... done

Recreating compose_apache_1 ... done

Recreating compose_haproxy_1 ... done

Ctrl+c结束

[root@foundation28 compose]# docker-compose start  # 开启

4,调度测试

访问真机的8080端口

F5刷新测试

apache宕机

此时不再调度

 

SWARM集群及负载均衡应用

sevrer1: 172.25.28.1

server2: 172.25.28.2

server3: 172.25.28.3

服务(service):一个应用容器,实际上可以运行多个相同镜像的实例。

一,SWARM集群

1,虚拟机都安装并启动docker

[root@server1 ~]# ls

docker-engine-17.03.1.ce-1.el7.centos.x86_64.rpm

docker-engine-selinux-17.03.1.ce-1.el7.centos.noarch.rpm

[root@server1 ~]# yum install -y *

[root@server1 ~]# systemctl start docker

2,server1创建集群

[root@server1 ~]# yum install -y bash-*    #  swarm工具,rhel集成,自行安装

注意:安装后退出shell然后重新登录,可以tab补出swarm命令

[root@server1 ~]# docker swarm init

Swarm initialized: current node (25vifx5bp0u5crspu1pw9lr3a) is now a manager.



To add a worker to this swarm, run the following command:



    docker swarm join \

    --token SWMTKN-1-459d8ja4d7vjj6k17p6xmaun5t0jq2j4hnpo119dha00pp2dhq-83osmvdkkeq42or27qusyor74 \

    172.25.28.1:2377



To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

3,server2,server3加入集群

[root@server2 ~]#  docker swarm join     --token SWMTKN-1-459d8ja4d7vjj6k17p6xmaun5t0jq2j4hnpo119dha00pp2dhq-83osmvdkkeq42or27qusyor74     172.25.28.1:2377

4,server1查看集群

[root@server1 ~]# docker node ls

ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS

25vifx5bp0u5crspu1pw9lr3a *  server1   Ready   Active        Leader

5v95kf02pqwc431pi0vlmgfyl    server2   Ready   Active       

rtwm7lkuoly2gcte2pfy9smzk    server3   Ready   Active       

二,docker负载均衡

1,真机搭建一个公共仓库,给三个虚拟机使用

[root@foundation28 compose]# docker-compose stop

[root@foundation28 ~]# tail -n 1 /etc/hosts

172.25.254.28 westos.org

[root@foundation28 ~]# cd /tmp/docker/

[root@foundation28 docker]# cd certs/

[root@foundation28 certs]# ls

domain.crt  domain.key

[root@foundation28 certs]# rm -rf *

[root@foundation28 certs]# cd ..

# 获取证书和密钥

[root@foundation28 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt

Generating a 4096 bit RSA private key   # 这里不进行htpasswd用户加密,公共仓库

....................................................................................................................................................++

......................++

writing new private key to 'certs/domain.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:cn

State or Province Name (full name) []:shaanxi

Locality Name (eg, city) [Default City]:xi'an

Organization Name (eg, company) [Default Company Ltd]:westos

Organizational Unit Name (eg, section) []:linux

Common Name (eg, your name or your server's hostname) []:westos.org

Email Address []:root@westos.org



[root@foundation28 docker]# cd certs/

[root@foundation28 certs]# ls

domain.crt  domain.key

[root@foundation28 certs]# pwd

/tmp/docker/certs

# 创建并启动仓库

[root@foundation28 docker]# docker run -d --restart=always --name registry  -v `pwd`/certs:/certs  -e REGISTRY_HTTP_ADDR=0.0.0.0:443  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key  -p 443:443 registry:2.3.1

87fbd6adbfdd6336cf7ca4102e29f7227d7be6aa7b5d95658519da8a6a61c569

# 复制证书,上传测试时需要用到

[root@foundation28 registry]# cd /etc/docker/

[root@foundation28 docker]# cd certs.d/      # 没有就建立

[root@foundation28 certs.d]# cd westos.org/     # 没有就建立

[root@foundation28 westos.org]# cp /tmp/docker/certs/domain.crt ca.crt

2,上传测试

[root@foundation28 westos.org]# docker push westos.org/nginx

The push refers to a repository [westos.org/nginx]

08d25fa0442e: Pushed

a8c4aeeaa045: Pushed

cdb3f9544e4c: Pushed

latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948

3,给三个虚拟机上传证书

[root@foundation28 ~]# cd /etc/docker/

[root@foundation28 docker]# scp -r certs.d/ root@172.25.28.1:/etc/docker/

[root@foundation28 docker]# scp -r certs.d/ root@172.25.28.2:/etc/docker/

[root@foundation28 docker]# scp -r certs.d/ root@172.25.28.3:/etc/docker/

4,三个虚拟机都做解析解析

[root@server1 ~]# tail -n1 /etc/hosts

172.25.28.250 westos.org

6,管理节点server1创建容器

[root@server1 ~]# docker service create --name nginx --publish 80:80 --replicas 3 westos.org/nginx          # --publish 80:80 端口映射,最后只需要访问server1的80端口,--replicas 3 是三个任务,负载均衡,每个节点一个

o4arvg4a3o9ircn9799v49hh9

[root@server1 ~]# docker service ls  # 查看拉取状态

[root@server1 ~]# docker service ps nginx

[root@server1 ~]# docker service scale nginx=6  # 负载均衡,每个虚拟机2个服务

[root@server1 ~]# docker service ps nginx  

[root@server1 ~]# docker service scale nginx=3

7,此时访问任意虚拟机的ip地址都可以得到

访问server1的节点时,刷新页面会负载均衡,只不过都一样,为了清楚,每个节点加一个默认发布页面

[root@server1 ~]# echo server1 > index.html 

[root@server1 ~]# docker cp  index.html  nginx.3.q5l2hslqvbniotn1f0f934h2e:/usr/share/nginx/html

注意:如果是6个nginx服务,要给每个节点的两个nignx容器都要设置发布页面。如果直接改为6个任务,不给新增加的容器设置默认发布页面,这样页面会有问题,因为创建的名字是随机的,之前创建的发布页面可能不会对应

[root@foundation28 docker]# for i in {1..10}; do curl 172.25.28.1; done

server2

server3

server1

server2

server3

server1

server2

server3

server1

server2

https://github.com/dockersamples/docker-swarm-visualizer

三,可视化管理页面

1,导入可视化监控界面并上传到仓库

[root@foundation28 pub]# docker load -i visualizer.tar

[root@foundation28 pub]# docker tag dockersamples/visualizer westos.org/visualizer

[root@foundation28 pub]# docker push westos.org/visualizer

2,管理节点创建westos.org/visualizer实例

[root@server1 ~]# docker service create \

>   --name=viz \

>   --publish=8080:8080/tcp \

>   --constraint=node.role==manager \

>   --mount=type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \

>   westos.org/visualizer

2i51duq2sbmg66mbc1zxx7vmg

[root@server1 ~]# docker ps

CONTAINER ID        IMAGE                                                                                      COMMAND                  CREATED             STATUS              PORTS               NAMES

b656b459fb2b        westos.org/nginx@sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f   "nginx -g 'daemon ..."   9 minutes ago       Up 9 minutes        80/tcp              nginx.6.xnuxacav8g1fo5kxcsqc5jau7

2468f243050e        westos.org/nginx@sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f   "nginx -g 'daemon ..."   9 minutes ago       Up 9 minutes        80/tcp              nginx.2.w4gsubfi2oitq0vc8wcrj21rw

[root@server1 ~]# docker service ls   # 刷新 比较慢

ID            NAME   MODE        REPLICAS  IMAGE

2i51duq2sbmg  viz    replicated  0/1       westos.org/visualizer:latest

o4arvg4a3o9i  nginx  replicated  3/3       westos.org/nginx:latest

[root@server1 ~]# docker service ls

ID            NAME   MODE        REPLICAS  IMAGE

2i51duq2sbmg  viz    replicated  1/1       westos.org/visualizer:latest

o4arvg4a3o9i  nginx  replicated  3/3       westos.org/nginx:latest

3,查看监控

[root@server1 ~]# docker service scale nginx=6

如果server3机宕机,那么就只剩server1和server2调度,并且server3上的服务会迁移到别的主机,server3服务重新启动也不会迁移回来

 

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值