This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
технология_docker [2023/12/10 11:43] val [Использование образа Docker Registry и on-premise CA] |
технология_docker [2024/04/30 16:47] val [Запуск в режиме демона и подключение к контейнеру] |
||
---|---|---|---|
Line 57: | Line 57: | ||
* [[https://www.baeldung.com/ops/docker-image-layers-sizes|Finding the Layers and Layer Sizes for a Docker Image]] | * [[https://www.baeldung.com/ops/docker-image-layers-sizes|Finding the Layers and Layer Sizes for a Docker Image]] | ||
+ | * [[https://docs.docker.com/engine/reference/commandline/system_prune/|docker system prune - Remove unused data]] | ||
* [[Сервис Grafana]] | * [[Сервис Grafana]] | ||
==== Обзор и удаление ==== | ==== Обзор и удаление ==== | ||
Line 75: | Line 76: | ||
# docker rmi -f $(docker images -aq) | # docker rmi -f $(docker images -aq) | ||
+ | |||
+ | # docker system prune | ||
# docker system prune -a --volumes | # docker system prune -a --volumes | ||
</code> | </code> | ||
+ | ==== Копирование файлов в контейнер ==== | ||
+ | |||
+ | <code> | ||
+ | root@webinar:~# docker cp ca.crt greenlight-v3:/usr/local/share/ca-certificates/ | ||
+ | |||
+ | root@webinar:~# docker exec -ti greenlight-v3 /usr/sbin/update-ca-certificates | ||
+ | |||
+ | root@webinar:~# docker exec greenlight-v3 wget -O /dev/null https://keycloak.corp13.un | ||
+ | |||
+ | root@webinar:~# docker commit greenlight-v3 bigbluebutton/greenlight:v3 | ||
+ | </code> | ||
Line 139: | Line 153: | ||
* [[Сервис TACACS+]] | * [[Сервис TACACS+]] | ||
- | * [[Средства программирования shell#Web сервер на shell]] | ||
<code> | <code> | ||
- | server# mkdir /root/webd/ && cd /root/webd/ | + | server# mkdir -p /root/webd/ && cd /root/webd/ |
или | или | ||
gitlab-runner@server:~$ mkdir -p ~/webd/webd/ && cd ~/webd/webd/ | gitlab-runner@server:~$ mkdir -p ~/webd/webd/ && cd ~/webd/webd/ | ||
Line 148: | Line 161: | ||
server# cp /usr/local/sbin/webd . | server# cp /usr/local/sbin/webd . | ||
+ | или | ||
+ | </code> | ||
+ | * [[Средства программирования shell#Web сервер на shell]] | ||
+ | <code> | ||
gitlab-runner@server:~/webd/webd$ nano webd # добавляем закомментированные строки | gitlab-runner@server:~/webd/webd$ nano webd # добавляем закомментированные строки | ||
Line 171: | Line 188: | ||
#FROM debian:buster | #FROM debian:buster | ||
FROM debian:bullseye | FROM debian:bullseye | ||
+ | #FROM debian:bookworm | ||
RUN cp /usr/share/zoneinfo/Etc/GMT-3 /etc/localtime \ | RUN cp /usr/share/zoneinfo/Etc/GMT-3 /etc/localtime \ | ||
Line 250: | Line 268: | ||
server# cat /proc/<PID>/cgroup | server# cat /proc/<PID>/cgroup | ||
- | |||
server# systemd-cgls | server# systemd-cgls | ||
- | server# cat /sys/fs/cgroup/memory/docker/NNNNNNNNNNNNNNNNNNNNNNNNNNNNN/memory.max_usage_in_bytes | + | cgroup-v1# cat /sys/fs/cgroup/memory/docker/NNNNNNNNNNNNNNNNNNNNNNNNNNNNN/memory.max_usage_in_bytes |
+ | cgroup-v2# cat /sys/fs/cgroup/system.slice/docker-NNNNNNNNNNNNNNNNNNNNNNNNNNNNN.scope/memory.stat | ||
server# docker stats | server# docker stats | ||
Line 306: | Line 324: | ||
server# docker stop webd01 && docker rm webd01 | server# docker stop webd01 && docker rm webd01 | ||
</code> | </code> | ||
+ | |||
==== Микросервисы ==== | ==== Микросервисы ==== | ||
Line 467: | Line 486: | ||
==== Secure Private Registry ==== | ==== Secure Private Registry ==== | ||
+ | |||
+ | * [[Пакет OpenSSL#Импорт сертификата центра сертификации]] | ||
+ | |||
<code> | <code> | ||
- | docker login gitlab.bmstu.ru:5050 | + | # docker pull server.corp13.un:5050/student/gowebd |
- | docker tag gowebd gitlab.bmstu.ru:5050/val/gowebd | + | |
- | docker push gitlab.bmstu.ru:5050/val/gowebd | + | # docker login server.corp13.un:5050 |
</code> | </code> | ||
==== Использование образа Docker Registry и on-premise CA ==== | ==== Использование образа Docker Registry и on-premise CA ==== | ||
Line 498: | Line 520: | ||
} | } | ||
</code> | </code> | ||
+ | |||
+ | ===== Дополнительная информация ===== | ||
+ | |||
+ | ==== Приложение apwebd ==== | ||
+ | |||
+ | <code> | ||
+ | ~/apwebd$ cat Dockerfile | ||
+ | </code><code> | ||
+ | FROM debian:bookworm | ||
+ | |||
+ | RUN cp /usr/share/zoneinfo/Etc/GMT-3 /etc/localtime \ | ||
+ | && apt-get update \ | ||
+ | && apt-get install -y findutils gettext-base apache2 libapache2-mod-auth-openidc \ | ||
+ | && apt-get clean \ | ||
+ | && a2enmod cgid \ | ||
+ | && a2enmod auth_openidc | ||
+ | |||
+ | COPY rootfs/ / | ||
+ | |||
+ | EXPOSE 80 | ||
+ | |||
+ | ENTRYPOINT ["/start.sh"] | ||
+ | </code><code> | ||
+ | ~/apwebd$ find rootfs/ -type f | xargs tail -n +1 | ||
+ | </code><code> | ||
+ | ==> rootfs/var/www/html/index.html.apwebd-template <== | ||
+ | </code><code> | ||
+ | <HTML> | ||
+ | <HEAD> | ||
+ | <META HTTP-EQUIV="Refresh" CONTENT="10;URL=/cgi-bin/apwebd/"> | ||
+ | </HEAD> | ||
+ | <BODY text="blue"> | ||
+ | <H1><A HREF=/cgi-bin/apwebd/>Login to ${APWEBD_HOSTNAME}</A></H1> | ||
+ | Version: 1.2 | ||
+ | </BODY> | ||
+ | </HTML> | ||
+ | </code><code> | ||
+ | ==> rootfs/start.sh <== | ||
+ | </code><code> | ||
+ | #!/bin/sh | ||
+ | |||
+ | [ "$APWEBD_HOSTNAME" ] || { echo Please set env APWEBD_HOSTNAME; exit; } | ||
+ | [ "$KEYCLOAK_HOSTNAME" ] || { echo Please set env KEYCLOAK_HOSTNAME; exit; } | ||
+ | [ "$REALM_NAME" ] || { echo Please set env REALM_HOSTNAME; exit; } | ||
+ | |||
+ | find / -type f -name '*.apwebd-template' | while read -r FILE; do envsubst < "$FILE" > "${FILE%.apwebd-template}"; done | ||
+ | |||
+ | /etc/init.d/apache2 start | ||
+ | |||
+ | tail -f /var/log/apache2/error.log -f /var/log/apache2/access.log | ||
+ | |||
+ | </code><code> | ||
+ | ==> rootfs/etc/apache2/conf-available/serve-cgi-bin.conf.apwebd-template <== | ||
+ | </code><code> | ||
+ | <IfModule mod_alias.c> | ||
+ | <IfModule mod_cgi.c> | ||
+ | Define ENABLE_USR_LIB_CGI_BIN | ||
+ | </IfModule> | ||
+ | |||
+ | <IfModule mod_cgid.c> | ||
+ | Define ENABLE_USR_LIB_CGI_BIN | ||
+ | </IfModule> | ||
+ | |||
+ | <IfDefine ENABLE_USR_LIB_CGI_BIN> | ||
+ | |||
+ | OIDCSSLValidateServer Off | ||
+ | OIDCProviderMetadataURL https://${KEYCLOAK_HOSTNAME}/realms/${REALM_NAME}/.well-known/openid-configuration | ||
+ | OIDCRedirectURI http://${APWEBD_HOSTNAME}/cgi-bin/apwebd | ||
+ | OIDCClientID any-client | ||
+ | OIDCCryptoPassphrase anystring | ||
+ | |||
+ | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | ||
+ | <Directory "/usr/lib/cgi-bin"> | ||
+ | AllowOverride None | ||
+ | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | ||
+ | # Require all granted | ||
+ | AuthType openid-connect | ||
+ | Require valid-user | ||
+ | </Directory> | ||
+ | </IfDefine> | ||
+ | </IfModule> | ||
+ | </code><code> | ||
+ | ==> rootfs/usr/lib/cgi-bin/apwebd <== | ||
+ | </code><code> | ||
+ | #!/bin/sh | ||
+ | |||
+ | echo Content-type: text/html | ||
+ | echo | ||
+ | |||
+ | echo "<h1 style=\"color:blue;\">Hello ${OIDC_CLAIM_preferred_username}</h1>" | ||
+ | |||
+ | echo "<pre>"; env; echo "</pre>" | ||
+ | </code><code> | ||
+ | ~/apwebd$ docker build -t server.corp13.un:5000/student/apwebd:ver1.2 . | ||
+ | |||
+ | ~/apwebd$ docker run -e APWEBD_HOSTNAME=apwebd.corp13.un -e KEYCLOAK_HOSTNAME=keycloak.corp13.un -e REALM_NAME=corp13 -itd --rm -P server.corp13.un:5000/student/apwebd:ver1.2 | ||
+ | |||
+ | ~/apwebd$ docker run -e APWEBD_HOSTNAME=apwebd.corp13.un -e KEYCLOAK_HOSTNAME=keycloak.corp13.un -e REALM_NAME=corp13 -itd --entrypoint bash server.corp13.un:5000/student/apwebd:ver1.2 | ||
+ | |||
+ | ~/apwebd$ docker push server.corp13.un:5000/student/apwebd:ver1.2 | ||
+ | </code> | ||
+ | |||
===== Старая версия ===== | ===== Старая версия ===== |