一、环境描述
1. 宿主机
CPU:双核
内存:4 GB
硬盘:120 GB
IP地址:192.168.190.128
操作系统:CentOS 7.4 x86_64 Minimal
2. Docker
3. 基础镜像
操作系统:CentOS 6.9 x86_64
4. MySQL
版本:5.7.21
安装方式:YUM Repo
二、创建必要的文件
1. 创建服务启动脚本
当MySQL容器启动时,便会运行该脚本,启动MySQL服务。在shell中运行以下命令,创建start.sh脚本:
cat > /root/Downloads/start.sh << "EOF"
#! /bin/bash
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
exec="/usr/bin/mysqld_safe"
prog="mysqld"
# Set timeouts here so they can be overridden from /etc/sysconfig/mysqld
STARTTIMEOUT=120
# Set in /etc/sysconfig/mysqld, will be passed to mysqld_safe
MYSQLD_OPTS=
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
lockfile=/var/lock/subsys/$prog
# Support for extra options passed to mysqld
command=$1 && shift
extra_opts="$@"
# Extract value of a MySQL option from config files
# Usage: get_mysql_option OPTION DEFAULT SECTION1 SECTION2 SECTIONN
# Result is returned in $result
# We use my_print_defaults which prints all options from multiple files,
# with the more specific ones later; hence take the last match.
get_mysql_option () {
option=$1
default=$2
shift 2
result=$(/usr/bin/my_print_defaults "$@" | sed -n "s/^--${option}=//p" | tail -n 1)
if [ -z "$result" ]; then
# not found, use default
result="${default}"
fi
}
get_mysql_option datadir "/var/lib/mysql" mysqld
datadir="$result"
get_mysql_option socket "$datadir/mysql.sock" mysqld
socketfile="$result"
get_mysql_option log-error "/var/log/mysqld.log" mysqld mysqld_safe
errlogfile="$result"
get_mysql_option pid-file "/var/run/mysqld/mysqld.pid" mysqld mysqld_safe
mypidfile="$result"
case $socketfile in
/*) adminsocket="$socketfile" ;;
*) adminsocket="$datadir/$socketfile" ;;
esac
install_validate_password_sql_file () {
local initfile
initfile="$(mktemp /var/lib/mysql-files/install-validate-password-plugin.XXXXXX.sql)"
chmod a+r "$initfile"
echo "SET @@SESSION.SQL_LOG_BIN=0;" > "$initfile"
echo "INSERT INTO mysql.plugin (name, dl) VALUES ('validate_password', 'validate_password.so');" >> "$initfile"
echo "$initfile"
}
start(){
[ -x $exec ] || exit 5
# check to see if it's already running
RESPONSE=$(/usr/bin/mysqladmin --no-defaults --socket="$adminsocket" --user=UNKNOWN_MYSQL_USER ping 2>&1)
if [ $? = 0 ]; then
# already running, do nothing
action $"Starting $prog: " /bin/true
ret=0
elif echo "$RESPONSE" | grep -q "Access denied for user"
then
# already running, do nothing
action $"Starting $prog: " /bin/true
ret=0
else
# prepare for start
if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a "x$(dirname "$errlogfile")" = "x/var/log" ]; then
install /dev/null -m0640 -omysql -gmysql "$errlogfile"
fi
[ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile"
if [ ! -d "$datadir/mysql" ] ; then
# First, make sure $datadir is there with correct permissions
if [ ! -d "$datadir" -a ! -h "$datadir" -a "x$(dirname "$datadir")" = "x/var/lib" ]; then
install -d -m0751 -omysql -gmysql "$datadir" || exit 1
fi
if [ ! -h "$datadir" -a "x$(dirname "$datadir")" = "x/var/lib" ]; then
chown mysql:mysql "$datadir"
chmod 0751 "$datadir"
fi
if [ -x /sbin/restorecon ]; then
/sbin/restorecon "$datadir"
for dir in /var/lib/mysql-files /var/lib/mysql-keyring ; do
if [ -x /usr/sbin/semanage -a -d /var/lib/mysql -a -d $dir ] ; then
/usr/sbin/semanage fcontext -a -e /var/lib/mysql $dir >/dev/null 2>&1
/sbin/restorecon -r $dir
fi
done
fi
# Now create the database
initfile="$(install_validate_password_sql_file)"
action $"Initializing MySQL database: " /usr/sbin/mysqld --initialize --datadir="$datadir" --user=mysql --init-file="$initfile"
ret=$?
rm -f "$initfile"
[ $ret -ne 0 ] && return $ret
# Generate certs if needed
if [ -x /usr/bin/mysql_ssl_rsa_setup -a ! -e "${datadir}/server-key.pem" ] ; then
/usr/bin/mysql_ssl_rsa_setup --datadir="$datadir" --uid=mysql >/dev/null 2>&1
fi
fi
if [ ! -h "$datadir" -a "x$(dirname "$datadir")" = "x/var/lib" ]; then
chown mysql:mysql "$datadir"
chmod 0751 "$datadir"
fi
# Pass all the options determined above, to ensure consistent behavior.
# In many cases mysqld_safe would arrive at the same conclusions anyway
# but we need to be sure. (An exception is that we don't force the
# log-error setting, since this script doesn't really depend on that,
# and some users might prefer to configure logging to syslog.)
# Note: set --basedir to prevent probes that might trigger SELinux
# alarms, per bug #547485
$exec $MYSQLD_OPTS --datadir="$datadir" --socket="$socketfile" \
--pid-file="$mypidfile" \
--basedir=/usr --user=mysql $extra_opts >/dev/null &
safe_pid=$!
# Spin for a maximum of N seconds waiting for the server to come up;
# exit the loop immediately if mysqld_safe process disappears.
# Rather than assuming we know a valid username, accept an "access
# denied" response as meaning the server is functioning.
ret=0
TIMEOUT="$STARTTIMEOUT"
while [ $TIMEOUT -gt 0 ]; do
RESPONSE=$(/usr/bin/mysqladmin --no-defaults --socket="$adminsocket" --user=UNKNOWN_MYSQL_USER ping 2>&1) && break
echo "$RESPONSE" | grep -q "Access denied for user" && break
if ! /bin/kill -0 $safe_pid 2>/dev/null; then
echo "MySQL Daemon failed to start."
ret=1
break
fi
sleep 1
let TIMEOUT=${TIMEOUT}-1
done
if [ $TIMEOUT -eq 0 ]; then
echo "Timeout error occurred trying to start MySQL Daemon."
ret=1
fi
if [ $ret -eq 0 ]; then
action $"Starting $prog: " /bin/true
touch $lockfile
else
action $"Starting $prog: " /bin/false
fi
fi
return $ret
}
start
EOF
2. 创建MySQL配置文件
MySQL容器的配置文件存放在宿主机中,便于调整MySQL服务的配置项。在shell中运行以下命令,创建my.cnf文件:
cat > /root/Downloads/my.cnf << "EOF"
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EOF
3. 创建supervisor配置文件
supervisor是一种Linux的进程管理工具,MySQL容器会用其管理自身的后台服务。在shell中运行以下命令,创建supervisord.conf文件:
cat > /root/Downloads/supervisord.conf << "EOF"
[supervisord]
nodaemon=true
[program:mysql]
command=/bin/bash start.sh
EOF
三、制作MySQL镜像
1. 创建Dockerfile文件
在shell中运行以下命令,创建Dockerfile文件:
cat > /root/Downloads/Dockerfile << "EOF"
# 使用自建的CentOS 6.9基础镜像
FROM registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos:6.9
# 镜像维护者
MAINTAINER ghoulich@aliyun.com
# 安装MySQL
RUN rpm -ivh https://repo.mysql.com//mysql57-community-release-el6-11.noarch.rpm
RUN yum install -y mysql-community-server
COPY start.sh /
# 安装supervisor
RUN yum install -y epel-release
RUN rpm --rebuilddb && yum install -y supervisor
# 复制supervisor配置文件
RUN rm -rf /etc/supervisord.conf
COPY supervisord.conf /etc/supervisord.conf
# 清理系统
RUN yum clean all
# 开放3306端口
EXPOSE 3306
# 挂载数据、配置和日志目录
RUN rm -rf /etc/my.cnf /var/log/mysqld.log
VOLUME ["/var/lib/mysql", "/etc/my.cnf", "/var/log/mysqld.log"]
# 自启动supervisor
CMD ["/usr/bin/supervisord"]
EOF
上述文件有两点需要注意:
公开3306端口,这是MySQL的默认服务端口。
创建数据、配置和日志目录的挂载点,这样便可以通过宿主机直接编辑和查看MySQL容器的数据、配置和日志,即使删除容器,这些数据也不会丢失。
2. 创建MySQL镜像
在shell中执行以下命令,创建镜像(耗时较长):
cd /root/Downloads
docker build -t mysql:latest .
3. 查看镜像
在shell中查看镜像信息,若如下图所示,则表示镜像创建成功:
四、上传镜像
1. 登录阿里云镜像库
在shell中运行以下命令:
docker login --username=ghoulich@aliyun.com registry.cn-hangzhou.aliyuncs.com
请根据实际情况,使用真实的用户名和密码。
2. 创建镜像标签
在shell中运行以下命令:
docker tag mysql:latest registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos-6.9-mysql:5.7.21
3. 推送镜像
在shell中运行以下命令:
docker push registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos-6.9-mysql:5.7.21
五、使用方法
1. 创建目录和文件
在shell中运行以下命令,在宿主机上创建MySQL的数据、配置和日志目录,并且修改访问权限:
mkdir -p /usr/local/mysql/{data,log,config}
touch /usr/local/mysql/log/mysqld.log
cp /root/Downloads/my.cnf /usr/local/mysql/config/
chown -R 27:27 /usr/local/mysql
注意,27:27是MySQL容器中的mysql用户的UID和GID,宿主机中没有这个用户。
2. 启动容器
在shell中运行以下命令,启动MySQL容器:
docker run --detach \
--name mysql \
--hostname mysql \
--volume /usr/local/mysql/log/mysqld.log:/var/log/mysqld.log \
--volume /usr/local/mysql/config/my.cnf:/etc/my.cnf \
--volume /usr/local/mysql/data:/var/lib/mysql \
--publish 3306:3306 \
registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos-6.9-mysql:5.7.21
有几个选项需要说明:
--volume:将MySQL容器的数据、配置和日志目录映射至宿主机的相应目录;
--publish:将MySQL容器的3306端口映射至宿主机的3306端口。
3. 修改初始密码
MySQL服务初次启动时,会自动生成一个随机密码,存放在mysqld.log日志文件中。在shell中运行以下命令,首先提取初始密码,其次修改root密码,然后启用远程连接权限,最后刷新权限:
init_passwd=$(sed -rn 's/^(.*)(root@localhost: )(.*)$/\3/p' /usr/local/mysql/log/mysqld.log)
docker exec -it mysql mysql --user=root --password=${init_passwd} --connect-expired-password --execute="ALTER USER 'root'@'localhost' IDENTIFIED BY '123.Org$%^';"
docker exec -it mysql mysql --user=root --password=123.Org$%^ --execute="GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123.Org$%^' WITH GRANT OPTION;"
docker exec -it mysql mysql --user=root --password=123.Org$%^ --execute="FLUSH PRIVILEGES;"
4. 验证测试
通过telnet验证宿主机的3306端口,若结果如下图所示,则表示MySQL容器启动成功:
5. 常用命令
在修改配置文件之后,需要重启MySQL服务才能生效,可以通过以下命令启动、停止和重启容器,也能达到同样的效果:
# 启动容器
docker start mysql
# 停止容器
docker stop mysql
# 重启容器
docker restart mysql