docker 部署笔记

发表于 | 更新于 | 分类于

docker 部署笔记

docker指定私有库

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

[root@cloudsa ~]# vi /etc/docker/daemon.json
{
    "registry-mirror":["http://192.168.106.117"],
    "insecure-registries":["192.168.106.117"]
}
[root@cloudsa ~]# systemctl daemon-reload
[root@cloudsa ~]# systemctl stop docker
[root@cloudsa ~]# systemctl start docker
[root@cloudsa ~]# systemctl status docker
[root@cloudsa ~]# docker login 192.168.106.117
[root@cloudsa ~]# cat /root/.docker/config.json 
{
        "auths": {
                "192.168.106.117": {
                        "auth": "YWRtaW46SGFyYm9yMTIzNDU="
                }
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/19.03.0 (linux)"
        }
}
上面把密码拷贝到其他机器中
下面是上传文件测试
[root@managementa harbor]# docker tag centos 192.168.106.117/library/centos:latest
[root@managementa harbor]# docker push 192.168.106.117/library/centos:latest

离线redis制作

1
2
3
4
从docker.io拉取
[root@managementa harbor]# docker pull redis:3.2.9  
[root@managementa local]# docker tag redis:3.2.9 192.168.106.117/library/redis:3.2.9
[root@managementa local]# docker push 192.168.106.117/library/redis:3.2.9

redis主备

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
192.168.106.103
[root@managementa local]# cat cd /home/redis_copy/docker/redis-master.conf
#master
port 6379
bind 0.0.0.0
#daemonize yes 不能后台执行,后台执行docker会一直重启
logfile "redis6500.log"
pidfile "6500.pid"
#cluster-enabled yes
#cluster-config-file nodes_7000.conf
#cluster-node-timeout 15000
#appendonly yes
masterauth "123456"
requirepass "123456"
#slave-read-only no
timeout 0
rdbcompression yes
dbfilename "redis.rdb"
dir "/data"
maxmemory 50gb
maxmemory-policy noeviction
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Generated by CONFIG REWRITE

notify-keyspace-events "gxE"

[root@localhost testworkdir]# pwd
/root/testworkdir
[root@localhost testworkdir]# vi compose-redis-master.yaml
version: '3'
services:
  # 主节点的容器
  redis-master:
    image: 192.168.106.117/library/redis:3.2.9
    container_name: redis-master
    restart: always
    ports:
      - 6500:6379
    networks:
      redis-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.100.2
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/redis_copy/6500/redis-master.conf:/usr/local/etc/redis/redis.conf
      - /home/redis_copy/6500/data:/data
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'
    command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
networks:
  redis-cluster:
    # IP Address Management
    ipam:
      config:
        # 为容器分配一个独立的子网,用来方便为容器指定静态IP
        # 使用独立的子网可以避免IP地址冲突的问题
        - subnet: 10.1.100.0/16

[root@localhost testworkdir]# docker-compose -f compose-redis-master.yaml up -d


192.168.106.130从结点
[root@localhost testworkdir]# vi compose-redis-slave.yaml 
version: '3.5'
services:
  # 主节点的容器
  redis-slave:
    image: 192.168.106.117/library/redis:3.2.9
    container_name: redis-slave
    restart: always
    ports:
      - 6500:6379
    networks:
      redis-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.100.3
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/redis_copy/6500/redis-slave.conf:/usr/local/etc/redis/redis.conf
      - /home/redis_copy/6500/data:/data
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'
    command: ["redis-server","/usr/local/etc/redis/redis.conf"]
networks:
  redis-cluster:
    # IP Address Management
    ipam:
      config:
        # 为容器分配一个独立的子网,用来方便为容器指定静态IP
        # 使用独立的子网可以避免IP地址冲突的问题
        - subnet: 10.1.0.0/16

[root@localhost testworkdir]# cat /home/redis_copy/6500/redis-slave.conf
port 6379
bind 0.0.0.0
#daemonize yes
logfile "redis6500.log"
pidfile "6500.pid"
#cluster-enabled yes
#cluster-config-file nodes_7000.conf
#cluster-node-timeout 15000
#appendonly yes
masterauth "123456"
requirepass "123456"

slave-read-only yes
slave-priority 100

timeout 0
rdbcompression yes
dbfilename "redis.rdb"
dir "/data"
maxmemory 50gb
maxmemory-policy noeviction
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
slaveof 10.1.100.2 6379
# Generated by CONFIG REWRITE

[root@localhost testworkdir]# docker-compose -f compose-redis-slave.yaml up -d


10.1.100.2与10.1.100.3结点通信
ovs
192.168.106.103配置
[root@localhost ~]# ovs-vsctl add-br redis-br0
[root@localhost ~]# ovs-vsctl add-port redis-br0 redis-gre0 -- set interface redis-gre0 type=gre options:remote_ip=192.168.106.130
[root@localhost ~]# ip link add redis-veth0 type veth peer name redis-veth1
[root@localhost ~]# ovs-vsctl add-port redis-br0 redis-veth1
[root@localhost ~]# ip l set redis-veth0 master br-b1b46f782738
[root@localhost ~]# ip l set redis-veth0 up 
[root@localhost ~]# ip l set redis-veth1 up  
192.168.106.130配置
[root@localhost ~]# ovs-vsctl add-br redis-br0
[root@localhost ~]# ovs-vsctl add-port redis-br0 redis-gre0 -- set interface redis-gre0 type=gre options:remote_ip=192.168.106.103
[root@localhost ~]# ip link add redis-veth0 type veth peer name redis-veth1
[root@localhost ~]# ovs-vsctl add-port redis-br0 redis-veth1
[root@localhost ~]# ip l set redis-veth0 master br-3d50b82c9cb2
[root@localhost ~]# ip l set redis-veth0 up 
[root@localhost ~]# ip l set redis-veth1 up  


3台机器之间通信的配置

[root@cloudsa ~]# ovs-vsctl add-br tomcat-br0
[root@cloudsa ~]# ovs-vsctl add-port tomcat-br0 tomcat-gre0 -- set interface tomcat-gre0 type=gre options:remote_ip=192.168.106.103
[root@cloudsa ~]# ovs-vsctl add-port tomcat-br0 tomcat-gre1 -- set interface tomcat-gre1 type=gre options:remote_ip=192.168.106.130
[root@cloudsa ~]# ip link add tomcat-veth0 type veth peer name tomcat-veth1
[root@cloudsa ~]# ovs-vsctl add-port tomcat-br0 tomcat-veth1 
[root@cloudsa ~]# ip l set tomcat-veth0 master br-44322cf93398
[root@cloudsa ~]# ip l set tomcat-veth0 up
[root@cloudsa ~]# ip l set tomcat-veth1 up


192.168.106.118执行
[root@cloudsa ~]#ovs-vsctl add-port tomcat-br0 tomcat-gre0 -- set interface tomcat-gre0 type=gre options:remote_ip=192.168.106.103


192.168.106.130,192.168.106.103执行
[root@cloudsa ~]#ovs-vsctl add-port redis-br0 redis-gre1 -- set interface redis-gre1 type=gre options:remote_ip=192.168.106.118

192.168.106.118执行
ovs-vsctl set Bridge tomcat-br0 stp_enable=true
192.168.106.130,192.168.106.103执行
ovs-vsctl set Bridge redis-br0 stp_enable=true



**重启docker会重载iptables配置**


哨兵配置192.168.106.130
[root@localhost testworkdir]# mkdir -p /home/redis_copy/6600/data
[root@localhost testworkdir]# cd /home/redis_copy/6600/
[root@localhost 6600]# vi sentinel.conf
port 6379
#daemonize yes
protected-mode no
logfile "sentinel.log"
dir "/data"
sentinel myid bf64f29ff9578fb293d5d90ec85d083e2ae03725
sentinel monitor mymaster 10.1.100.2 6379 1
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 18000
sentinel auth-pass mymaster 123456
# Generated by CONFIG REWRITE
sentinel config-epoch mymaster 7105
sentinel leader-epoch mymaster 8690
sentinel known-slave mymaster 10.1.100.3 6379
sentinel current-epoch 8690


[root@localhost 6600]# cd /root/testworkdir/

[root@localhost testworkdir]# vi compose-redis-slave.yaml
只提取下面的service放到文件compose-redis-slave.yaml的service下
version: '3.5'
services:
  # 主节点的容器
  redis-sentinel:
    image: 192.168.106.117/library/redis:3.2.9
    container_name: redis-sentinel
    restart: always
    ports:
      - 6600:6379
    networks:
      redis-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.100.4
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/redis_copy/6600/sentinel.conf:/usr/local/etc/redis/redis.conf
      - /home/redis_copy/6600/data:/data
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'
    command: ["redis-sentinel","/usr/local/etc/redis/redis.conf"]
networks:
  redis-cluster:
    # IP Address Management
    ipam:
      config:
        # 为容器分配一个独立的子网,用来方便为容器指定静态IP
        # 使用独立的子网可以避免IP地址冲突的问题
        - subnet: 10.1.0.0/16
[root@localhost testworkdir]# docker-compose -f compose-redis-slave.yaml up -d redis-sentinel
[root@localhost testworkdir]# docker-compose -f compose-redis-slave.yaml ps
     Name                   Command               State           Ports         
--------------------------------------------------------------------------------
redis-sentinel   docker-entrypoint.sh redis ...   Up      0.0.0.0:6600->6379/tcp
redis-slave      docker-entrypoint.sh redis ...   Up      0.0.0.0:6500->6379/tcp


[root@localhost testworkdir]# cat compose-redis-slave.yaml 
version: '3.5'
services:
  # 主节点的容器
  redis-slave:
    image: 192.168.106.117/library/redis:3.2.9
    container_name: redis-slave
    restart: always
    ports:
      - 6500:6379
    networks:
      redis-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.100.3
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/redis_copy/6500/redis-slave.conf:/usr/local/etc/redis/redis.conf
      - /home/redis_copy/6500/data:/data
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'
    command: ["redis-server","/usr/local/etc/redis/redis.conf"]
  redis-sentinel:
    image: 192.168.106.117/library/redis:3.2.9
    container_name: redis-sentinel
    restart: always
    ports:
      - 6600:6379
    networks:
      redis-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.100.4
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/redis_copy/6600/sentinel.conf:/usr/local/etc/redis/redis.conf
      - /home/redis_copy/6600/data:/data
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'
    command: ["redis-sentinel","/usr/local/etc/redis/redis.conf"]
networks:
  redis-cluster:
    # IP Address Management
    ipam:
      config:
        # 为容器分配一个独立的子网,用来方便为容器指定静态IP
        # 使用独立的子网可以避免IP地址冲突的问题
        - subnet: 10.1.0.0/16

离线tomcat

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@managementa harbor]# docker pull tomcat:8.5.35
[root@managementa harbor]# docker tag tomcat:8.5.35 192.168.106.117/library/tomcat:8.5.35
[root@managementa harbor]# docker push 192.168.106.117/library/tomcat:8.5.35
The push refers to repository [192.168.106.117/library/tomcat]
a836e69a477e: Pushed 
fb14b3adeb79: Pushed 
ab42adfb0c2b: Pushed 
704398ab3f1e: Pushed 
d4397eab7439: Pushed 
e8995be06405: Pushed 
586032a40815: Pushing [==================================================>]  316.9MB
86becce36874: Pushed 
360cf37035a0: Pushed 
1850621c23b2: Pushed 
8f7ee6d76fd9: Pushed 
c23711a84ad4: Pushed 
90d1009ce6fe: Pushed

tomcat服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
192.168.106.118配置
[root@cloudsa ~]# mkdir testworkdir
[root@cloudsa ~]# cd testworkdir/
[root@cloudsa testworkdir]# vi compose-tomcat.yaml
version: '3.5'
services:
  tomcat-infomanagesystem:
    image: 192.168.106.117/library/tomcat:8.5.35
    container_name: tomcat-infomanagesystem
    restart: always
    ports:
      - 28009:8080
    networks:
      tomcat-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.101.2
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/cetc54/InforManageSystem/apache-tomcat-8.5.35/webapps:/usr/local/tomcat/webapps
      - /home/cetc54/InforManageSystem/apache-tomcat-8.5.35/logs:/usr/local/tomcat/logs
      - /home/cetc54/InfoVeriManageSystem/apache-tomcat-8.5.35/guns-logs:/usr/local/tomcat/guns-logs
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'

  tomcat-infoverisystem:
    image: 192.168.106.117/library/tomcat:8.5.35
    container_name: tomcat-infoverisystem
    restart: always
    ports:
      - 8000:8080
    networks:
      tomcat-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.101.3
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/cetc54/InfoVeriManageSystem/apache-tomcat-8.5.35/webapps:/usr/local/tomcat/webapps
      - /home/cetc54/InfoVeriManageSystem/apache-tomcat-8.5.35/logs:/usr/local/tomcat/logs
      - /home/cetc54/InfoVeriManageSystem/apache-tomcat-8.5.35/guns-logs:/usr/local/tomcat/guns-logs
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'

  tomcat-infoverisynsystem:
    image: 192.168.106.117/library/tomcat:8.5.35
    container_name: tomcat-infoverisynsystem
    restart: always
    ports:
      - 9000:8080
    networks:
      tomcat-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.101.4
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/cetc54/infoVeriSyncService/apache-tomcat-8.5.35/webapps:/usr/local/tomcat/webapps
      - /home/cetc54/infoVeriSyncService/apache-tomcat-8.5.35/logs:/usr/local/tomcat/logs
      - /home/cetc54/infoVeriSyncService/apache-tomcat-8.5.35/guns-logs:/usr/local/tomcat/guns-logs
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'



networks:
  tomcat-cluster:
    # IP Address Management
    ipam:
      config:
        # 为容器分配一个独立的子网,用来方便为容器指定静态IP
        # 使用独立的子网可以避免IP地址冲突的问题
        - subnet: 10.1.0.0/16
[root@cloudsa testworkdir]# docker-compose -f compose-tomcat.yaml up -d




192.168.106.119配置
[root@cloudsa ~]# mkdir testworkdir
[root@cloudsa ~]# cd testworkdir/
[root@cloudsa testworkdir]# vi compose-tomcat.yaml
version: '3.5'
services:
  tomcat-infoverisystem:
    image: 192.168.106.117/library/tomcat:8.5.35
    container_name: tomcat-infoverisystem
    restart: always
    ports:
      - 8000:8080
    networks:
      tomcat-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.101.3
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/cetc54/InfoVeriManageSystem/apache-tomcat-8.5.35/webapps:/usr/local/tomcat/webapps
      - /home/cetc54/InfoVeriManageSystem/apache-tomcat-8.5.35/logs:/usr/local/tomcat/logs
      - /home/cetc54/InfoVeriManageSystem/apache-tomcat-8.5.35/guns-logs:/usr/local/tomcat/guns-logs
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'

  tomcat-infoverisynsystem:
    image: 192.168.106.117/library/tomcat:8.5.35
    container_name: tomcat-infoverisynsystem
    restart: always
    ports:
      - 9000:8080
    networks:
      tomcat-cluster:
        # 为容器指定一个静态IP,指定redis网络为10.1.100.0/24
        ipv4_address: 10.1.101.4
    environment:
      TZ: "Asia/Shanghai"
    volumes:
      # 映射配置文件和数据目录
      - /home/cetc54/infoVeriSyncService/apache-tomcat-8.5.35/webapps:/usr/local/tomcat/webapps
      - /home/cetc54/infoVeriSyncService/apache-tomcat-8.5.35/logs:/usr/local/tomcat/logs
      - /home/cetc54/infoVeriSyncService/apache-tomcat-8.5.35/guns-logs:/usr/local/tomcat/guns-logs
    sysctls:
      # 必要的内核参数
      net.core.somaxconn: '511'



networks:
  tomcat-cluster:
    # IP Address Management
    ipam:
      config:
        # 为容器分配一个独立的子网,用来方便为容器指定静态IP
        # 使用独立的子网可以避免IP地址冲突的问题
        - subnet: 10.1.0.0/16
[root@cloudsa testworkdir]# docker-compose -f compose-tomcat.yaml up -d