# apt install docker.io
# apt install ca-certificates curl gnupg lsb-release # curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg # echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list # apt update # apt install docker-ce docker-ce-cli containerd.io
# systemctl status docker # docker info # docker run hello-world
# usermod -aG docker gitlab-runner # su - gitlab-runner
# docker images # docker ps -a # docker container ls -a # docker start -i NNNNNNNNNNN # docker rm $(docker ps -aq) # docker rm $(docker ps -q -f status=exited) # docker rmi hello-world # docker rmi -f $(docker images -aq) # docker system prune -a --volumes
server# docker run -it --name webd --hostname webd debian bash webd# apt update && apt install file procps nano
webd/# cat start.sh
#!/bin/sh /etc/init.d/inetutils-inetd start bash
server# docker ps -a server# docker diff webd
server# docker start webd server# docker attach webd root@webd:/# chmod +x start.sh
server# docker commit webd test/webd gitlab-runner@server:~$ docker images
server# mkdir /root/webd/ && cd /root/webd/ или gitlab-runner@server:~$ mkdir -p ~/webd/webd/ && cd ~/webd/webd/ server# cp /usr/local/sbin/webd . gitlab-runner@server:~/webd/webd$ nano webd # добавляем закомментированные строки server# ###tar -cvzf www.tgz -C /var/ www/ server# cat start.sh
#!/bin/sh /etc/init.d/inetutils-inetd start touch /var/log/webd.log #chown 10003 /var/www/ if [ "$MYMODE" = 'TEST' ]; then bash # not work in k8s else tail -f /var/log/webd.log fi
server# cat Dockerfile
#FROM debian:buster FROM debian:bullseye RUN cp /usr/share/zoneinfo/Etc/GMT-3 /etc/localtime \ && apt-get update \ && apt-get install -y inetutils-inetd file \ && apt-get clean \ && echo 'www stream tcp nowait root /usr/local/sbin/webd webd' > /etc/inetd.conf COPY start.sh / COPY webd /usr/local/sbin/webd ### ADD www.tgz /var/ ### for helm readiness/liveness Probe ### COPY index.html /var/www/ EXPOSE 80 #ENV MYMODE=TEST ENTRYPOINT ["/start.sh"]
# docker build -t test/webd . # docker history test/webd
student@client1:~/gowebd$ cat Dockerfile
FROM golang #FROM golang as builder WORKDIR /build COPY . . RUN test -e go.mod || go mod init gowebd #ENV CGO_ENABLED=0 RUN go build -o /gowebd #FROM alpine #COPY --from=builder /gowebd /gowebd ENTRYPOINT ["/gowebd"]
student@client1:~/gowebd$ docker images student@client1:~/gowebd$ time docker build -t gowebd . real 6m2.564s student@client1:~/gowebd$ docker run -d -p 8080:80 --rm gowebd
1-й пример - запуск образа сделанного “вручную”, можно запустить несколько экземпляров с -p 80 выяснить назначенные порты, настроить keepalived и провести нагрузочное тестирование
server# docker run --name webd01 --hostname webd01 -itd -v /var/www/:/var/www/ -p 8000:80 test/webd /start.sh
2-й пример - через Dockerfile задан entrypoint и expose, ключ –rm для удаления контейнера после остановки, добавить, при необходимости, -v
server# docker run --name webd01 -e MYMODE=TEST -itd --rm -P test/webd
3-й раз - запустить несколько экземпляров, указав параметры для подключения внешнего каталога /var/www/, выяснить назначенные порты, настроить keepalived, по журналам определять какой контейнер используется
server# docker top webd01 server# ps axw | grep inetd server# ps axw | grep start.sh server# cat /proc/<PID>/cgroup server# systemd-cgls server# cat /sys/fs/cgroup/memory/docker/NNNNNNNNNNNNNNNNNNNNNNNNNNNNN/memory.max_usage_in_bytes server# docker stats server# lsns | grep start.sh
server# docker inspect webd01 server# docker inspect webd01 -f {{.NetworkSettings.IPAddress}} server# wget -qO - http://172.17.0.2/ server$ curl --noproxy '*' http://172.17.0.2/ server# docker port webd01 server# docker logs webd01 node1# docker logs webd01 -f server# wget -qO - http://localhost:8000/ server$ curl http://localhost:8000 server$ curl http://localhost:8000/not_exit_file host browser -> http://server.corpX.un:8000/ server# docker attach webd01 server# docker exec -it webd01 bash webd01# ps ax или webd01# ls /proc/ webd01# cat /proc/1/cmdline Ctrl+P, Q(still holding Ctrl) server# docker stop webd01 server# docker inspect webd01 server# docker start webd01 host browser -> http://server.corpX.un:8000/ server# docker stop webd01 && docker rm webd01
# docker search sftp # chown -R 10003 /var/www # docker run --name sftp01 -v /var/www:/home/user3/www -p 2222:22 -d atmoz/sftp user3:password3:10003 # docker exec -it sftp01 bash
Ctrl+D
# docker top sftp01 # sftp -P 2222 user3@localhost
# docker logs sftp01 # docker stop sftp01
# apt install docker-compose debian11# service docker start # cat docker-compose.yml
version: "3" services: webd: image: test/webd build: webd/ ports: - "8000:80" # - "80" volumes: - /var/www/:/var/www/ # - vol1:/var/www/ # environment: # - MYMODE=TEST # stdin_open: true tty: true sftp: image: atmoz/sftp ports: - "2222:22" volumes: - /var/www/:/home/user3/www # - vol1:/home/user3/www command: user3:password3:10003 #volumes: # vol1:
# docker-compose build # docker-compose up -d # docker-compose stop # docker-compose start # docker-compose down # docker-compose rm # docker volume rm root_vol1 gitlab-runner@server:~/webd$ docker-compose up -d --scale webd=N gitlab-runner@server:~/webd$ docker ps gitlab-runner@server:~/webd$ docker-compose down
gitlab-runner@server:~/webd$ cat docker-compose.yml
version: "3" services: webd: image: server.corpX.un:5000/student/webd:ver1.N ports: - "80" volumes: - /var/www/:/var/www/ deploy: mode: replicated replicas: 3
node1,2,3# docker-compose --compatibility up -d node1,2,3# docker-compose --compatibility down node1,2,3# docker ps -q | xargs -l docker port | sort -n
# cat /etc/docker/daemon.json
{ "insecure-registries" : ["server.corpX.un:5000"] }
# service docker restart gitlab-runner@server:~$ docker login http://server.corpX.un:5000 gitlab-runner@server:~$ less ~/.docker/config.json
{ "auths": { "server.corpX.un:5000": { "auth": "c3R1ZGVudDpQYSQkdzByZA==" } } }
gitlab-runner@server:~$ docker images gitlab-runner@server:~$ docker tag test/webd server.corpX.un:5000/student/webd gitlab-runner@server:~$ docker tag test/webd server.corpX.un:5000/student/webd:1.1 gitlab-runner@server:~$ docker images gitlab-runner@server:~$ docker push server.corpX.un:5000/student/webd gitlab-runner@server:~$ docker push server.corpX.un:5000/student/webd:1.1 ... node1_2_3# docker run --name webd01 --hostname webd01 -itd --rm -p 8000:80 server.corpX.un:5000/student/webd node1_2_3# docker run --name webd0N --hostname webd0N -itd --rm -P -v /var/www/:/var/www/ server.corpX.un:5000/student/webd
docker login gitlab.bmstu.ru:5050 docker tag gowebd gitlab.bmstu.ru:5050/val/gowebd docker push gitlab.bmstu.ru:5050/val/gowebd
gate# docker run -d -p 5000:5000 -v /root:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/gate.crt -e REGISTRY_HTTP_TLS_KEY=/certs/gate.key --name registry registry:2 node1# cp ~vagrant/gate.crt /etc/docker/certs.d/gate.corp13.un\:5000/ca.crt node1# service docker restart node1# docker tag val/webd:latest gate.corp13.un:5000/webd node1# docker push gate.corp13.un:5000/webd node1# curl --insecure -X GET https://gate.corp13.un:5000/v2/_catalog {"repositories":["webd"]}
# docker search debian # docker pull debian # docker images # docker commit debian_cont_01 debian_img_01 # docker rmi debian_img_01
# docker create -i -t --name debian_cont_01 debian # docker ps -a # docker container ls -a # docker update --restart=always debian_cont_01 # docker start debian_cont_01 # docker ps # docker container ls # docker inspect debian_cont_01 # docker top debian_cont_01 # docker attach debian_cont_01 :/# apt update :/# apt install iputils-ping :/# ping -c1 ya.ru Ctrl+P, Q(still holding Ctrl) # docker stop debian_cont_01 # docker rm debian_cont_01 # docker rm $(docker ps -aq)
# docker network ls # docker network create --subnet=192.168.200+X.0/24 corpX_dmz # docker run -h mail.corpX.un --net corpX_dmz --ip 192.168.200+X.10 -i -t --name debian_cont_01 debian # docker network inspect corpX_dmz
Использование bridge
Использование nat/dnat
# ip addr add 172.16.1.100+X dev eth2 # iptables -t nat -A POSTROUTING -o eth2 -s 192.168.100+X.10 -j SNAT --to-source 172.16.1.100+X # iptables -t nat -A PREROUTING -i eth2 --destination 172.16.1.100+X -j DNAT --to-destination 192.168.100+X.10
nodeN# cat haresources
node1.corpX.un drbddisk Filesystem::/dev/drbd0::/disk2::ext4 docker