2014 年 11 月 28 日 by admin

hi,docker (in el7)

00搭建docker 仓库-配置docker-registry

[root@selinuxplus02 os]# mkdir docker
[root@selinuxplus02 os]# cd docker/
[root@selinuxplus02 docker]# ls
[root@selinuxplus02 docker]# git clone https://github.com/dotcloud/docker-registry.git
Initialized empty Git repository in /var/www/html/os/docker/docker-registry/.git/
remote: Counting objects: 5196, done.
remote: Compressing objects: 100% (23/23), done.
remote: Total 5196 (delta 6), reused 0 (delta 0)
Receiving objects: 100% (5196/5196), 1.13 MiB | 496 KiB/s, done.
Resolving deltas: 100% (3175/3175), done.
[root@selinuxplus02 docker]# ls
docker-registry
[root@selinuxplus02 docker]# cd docker-registry/
[root@selinuxplus02 docker-registry]# ls
ADVANCED.md   CONTRIBUTING.md  LICENSE       setup.cfg
AUTHORS       depends          MANIFEST.in   setup.py
CHANGELOG.md  Dockerfile       README.md     tests
config        docker_registry  requirements  tox.ini
contrib       FAQ.md           scripts
[root@selinuxplus02 docker-registry]# find ./ -name *.yml
./.travis.yml
./depends/docker-registry-core/.travis.yml
./config/config_mirror.yml
./config/config_sample.yml
[root@selinuxplus02 docker-registry]# cd config/
[root@selinuxplus02 config]# ls
boto.cfg  config_mirror.yml  config_sample.yml
[root@selinuxplus02 config]# cp config_sample.yml  config.yml

[root@selinuxplus02 docker-registry]# pip install .
Unpacking /var/www/html/os/docker/docker-registry
  Running setup.py egg_info for package from file:///var/www/html/os/docker/docker-registry
Downloading/unpacking docker-registry-core>=2,<3 (from docker-registry==0.9.0)

01 配置apache，启动服务

[root@selinuxplus02 conf.d]# cat docker.conf 
<VirtualHost *:8080>
      ServerAdmin test@example.com
        ServerName registry.selinuxplus.com
        #SSLEngine on
        #SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt
        #SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key

        #Header set Host "registry.selinuxplus.com"
        #RequestHeader set X-Forwarded-Proto "https"

        ProxyRequests     off
        ProxyPreserveHost on
        ProxyPass         / http://127.0.0.1:5000/
        ProxyPassReverse  / http://127.0.0.1:5000/

        ErrorLog /etc/httpd/logs/registry-error.log
        LogLevel warn
        CustomLog /etc/httpd/logs/registry-access.log combined
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

         <Location />
                Order deny,allow
                Allow from all
        </Location>

</VirtualHost>

启动

/usr/bin/gunicorn --debug -k gevent -b 0.0.0.0:5000 -w 8 docker_registry.wsgi:application

http://192.168.9.167:8080/
"\"docker-registry server\""

02 生成母版系统
使用mkimage-yum文件

#!/usr/bin/env bash
#
# Create a base CentOS Docker image.
#
# This script is useful on systems with yum installed (e.g., building
# a CentOS image on CentOS).  See contrib/mkimage-rinse.sh for a way
# to build CentOS images on other systems.

usage() {
    cat <<EOOPTS
$(basename $0) [OPTIONS] <name>
OPTIONS:
  -y <yumconf>  The path to the yum config to install packages from. The
                default is /etc/yum.conf.
EOOPTS
    exit 1
}

# option defaults
yum_config=/etc/yum.conf
while getopts ":y:h" opt; do
    case $opt in
        y)
            yum_config=$OPTARG
            ;;
        h)
            usage
            ;;
        \?)
            echo "Invalid option: -$OPTARG"
            usage
            ;;
    esac
done
shift $((OPTIND - 1))
name=$1

if [[ -z $name ]]; then
    usage
fi

#--------------------

target=$(mktemp -d --tmpdir $(basename $0).XXXXXX)

set -x

mkdir -m 755 "$target"/dev
mknod -m 600 "$target"/dev/console c 5 1
mknod -m 600 "$target"/dev/initctl p
mknod -m 666 "$target"/dev/full c 1 7
mknod -m 666 "$target"/dev/null c 1 3
mknod -m 666 "$target"/dev/ptmx c 5 2
mknod -m 666 "$target"/dev/random c 1 8
mknod -m 666 "$target"/dev/tty c 5 0
mknod -m 666 "$target"/dev/tty0 c 4 0
mknod -m 666 "$target"/dev/urandom c 1 9
mknod -m 666 "$target"/dev/zero c 1 5

yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
    --setopt=group_package_types=mandatory -y groupinstall Core
yum -c "$yum_config" --installroot="$target" -y clean all

cat > "$target"/etc/sysconfig/network <<EOF
NETWORKING=yes
HOSTNAME=localhost.localdomain
EOF

# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb
# --keep-services "$target".  Stolen from mkimage-rinse.sh
#  locales
rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
#  docs
rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
#  cracklib
rm -rf "$target"/usr/share/cracklib
#  i18n
rm -rf "$target"/usr/share/i18n
#  sln
rm -rf "$target"/sbin/sln
#  ldconfig
rm -rf "$target"/etc/ld.so.cache
rm -rf "$target"/var/cache/ldconfig/*

version=
if [ -r "$target"/etc/redhat-release ]; then
    version="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' "$target"/etc/redhat-release)"
fi

if [ -z "$version" ]; then
    echo >&2 "warning: cannot autodetect OS version, using '$name' as tag"
    version=$name
fi

tar --numeric-owner -c -C "$target" . | docker import - $name:$version
docker run -i -t $name:$version echo success

rm -rf "$target"

03 push到服务器

[docker@localhost ~]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
qfong                7                   ea62dfcc4278        8 minutes ago       277.6 MB
[docker@localhost ~]$  docker tag ea62dfcc4278  192.168.9.167:8080/plus/qfong
[docker@localhost ~]$  docker push 192.168.9.167:8080/plus/qfong
The push refers to a repository [192.168.9.167:8080/plus/qfong] (len: 1)
Sending image list
Pushing repository 192.168.9.167:8080/plus/qfong (1 tags)
ea62dfcc4278: Image successfully pushed 
Pushing tag for rev [ea62dfcc4278] on {http://192.168.9.167:8080/v1/repositories/plus/qfong/tags/latest}

http://192.168.9.167:8080/v1/search
{"num_results": 1, "query": "", "results": [{"description": "", "name": "plus/qfong"}]}

04 docker for ssh server

RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
RUN sed -i 's/UsePrivilegeSeparation\ssandbox/UsePrivilegeSeparation no/g' /etc/ssh/sshd_config 
RUN sed  -i 's/UsePAM\syes/UsePAM no/g' /etc/ssh/sshd_config 
RUN ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key （-N 是取消交互）
RUN ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -q -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key

05 可以让tomcat和postsql在不同容器内，然后让容器进行关联

[root@localhost postgre]# docker run -d -t -p 80:8080 --name tomcatuvm --link focused_davinci3:topgsql qfong/tomcat
44c31f1390b66afcd08185537f063f80ca2982eb29042e00b1a5322fef841e40
[root@localhost postgre]# docker ps -a
CONTAINER ID        IMAGE                COMMAND                CREATED             STATUS                     PORTS                                            NAMES
44c31f1390b6        qfong/tomcat:latest   /usr/bin/supervisord   5 seconds ago       Up 4 seconds               22/tcp, 80/tcp, 0.0.0.0:80->8080/tcp             tomcatuvm                            
63d9b7e1c293        qfong/pgsql:latest    /usr/bin/supervisord   9 minutes ago       Up 13 seconds              0.0.0.0:2202->2202/tcp, 0.0.0.0:5432->5432/tcp   focused_davinci3,tomcatuvm/topgsql   
1722a53a031e        qfong/tomcat:latest   /usr/bin/supervisord   3 days ago          Exited (0) 7 minutes ago                                                    distracted_hopper3  
[root@ed9581f614ab ~]#psql -h 172.17.0.44 -p 5432 -U docker
Password for user docker: 
psql (9.2.7)
Type "help" for help.

Published by admin

View all posts by admin

发表评论取消回复