Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
технология_docker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
технология_docker [2024/02/14 14:19]
val 		технология_docker [2024/05/01 17:02] (current)
val [Микросервисы]
Line 82: Line 82:
 </​code>​ </​code>​
  
-==== Копирование файлов ​и подключение к контейнеру ====+==== Копирование файлов ​в контейнер ====
  
 <​code>​ <​code>​
-root@webinar.corp13.un:~# docker cp ca.crt greenlight-v3:/​ +root@webinar:​~#​ docker cp ca.crt greenlight-v3:​/​usr/​local/​share/​ca-certificates/ 
-root@webinar.corp13.un:~# docker exec -ti greenlight-v3 ​bash + 
-2054aaa9468e:/​usr/​src/​app#​ cp /ca.crt /​usr/​local/​share/​ca-certificates/​ +root@webinar:​~#​ docker exec -ti greenlight-v3 /​usr/​sbin/​update-ca-certificates 
-2054aaa9468e:/​usr/​src/​app# ​/​usr/​sbin/​update-ca-certificates + 
-2054aaa9468e:/​usr/​src/​app# wget -O /dev/null https://​keycloak.corp13.un+root@webinar:~docker exec greenlight-v3 ​wget -O /dev/null https://​keycloak.corp13.un 
 + 
 +root@webinar:​~#​ docker commit greenlight-v3 bigbluebutton/​greenlight:​v3
 </​code>​ </​code>​
  
Line 151: Line 153:
  
   * [[Сервис TACACS+]]   * [[Сервис TACACS+]]
-  * [[Средства программирования shell#Web сервер на shell]] 
  
 <​code>​ <​code>​
-server# mkdir /root/webd/ && cd /root/webd/+server# mkdir -p /root/webd/ && cd /root/webd/
   или   или
 gitlab-runner@server:​~$ mkdir -p ~/​webd/​webd/​ && cd ~/​webd/​webd/​ gitlab-runner@server:​~$ mkdir -p ~/​webd/​webd/​ && cd ~/​webd/​webd/​
Line 160: Line 161:
 server# cp /​usr/​local/​sbin/​webd . server# cp /​usr/​local/​sbin/​webd .
  
 +или
 +</​code>​
 +  * [[Средства программирования shell#Web сервер на shell]]
 +<​code>​
 gitlab-runner@server:​~/​webd/​webd$ nano webd      # добавляем закомментированные строки gitlab-runner@server:​~/​webd/​webd$ nano webd      # добавляем закомментированные строки
  
Line 183: Line 188:
 #FROM debian:​buster #FROM debian:​buster
 FROM debian:​bullseye FROM debian:​bullseye
 +#FROM debian:​bookworm
  
 RUN cp /​usr/​share/​zoneinfo/​Etc/​GMT-3 /​etc/​localtime \ RUN cp /​usr/​share/​zoneinfo/​Etc/​GMT-3 /​etc/​localtime \
Line 253: Line 259:
  
   * [[Технология cgroup]]   * [[Технология cgroup]]
 +  * [[https://​www.baeldung.com/​ops/​docker-memory-limit|Setting Memory And CPU Limits In Docker]]
 +  * [[https://​stackoverflow.com/​questions/​72185669/​what-is-the-real-memory-available-in-docker-container|What is the real memory available in Docker container?​]]
   * [[Технология namespaces]]   * [[Технология namespaces]]
 +
  
 <​code>​ <​code>​
Line 262: Line 271:
  
 server# cat /​proc/<​PID>/​cgroup server# cat /​proc/<​PID>/​cgroup
- 
 server# systemd-cgls server# systemd-cgls
  
-server# cat /​sys/​fs/​cgroup/​memory/​docker/​NNNNNNNNNNNNNNNNNNNNNNNNNNNNN/​memory.max_usage_in_bytes+cgroup-v1# cat /​sys/​fs/​cgroup/​memory/​docker/​NNNNNNNNNNNNNNNNNNNNNNNNNNNNN/​memory.max_usage_in_bytes 
 +cgroup-v2# cat /​sys/​fs/​cgroup/​system.slice/​docker-NNNNNNNNNNNNNNNNNNNNNNNNNNNNN.scope/​memory.max
  
 server# docker stats server# docker stats
Line 345: Line 354:
  
 # docker stop sftp01 # docker stop sftp01
 +
 +# docker rm sftp01
 </​code>​ </​code>​
  
Line 480: Line 491:
  
 ==== Secure Private Registry ==== ==== Secure Private Registry ====
 +
 +  * [[Пакет OpenSSL#​Импорт сертификата центра сертификации]]
 +
 <​code>​ <​code>​
-docker ​login gitlab.bmstu.ru:5050 +docker ​pull server.corp13.un:5050/student/gowebd 
-docker tag gowebd gitlab.bmstu.ru:5050/val/gowebd + 
-docker ​push gitlab.bmstu.ru:5050/val/gowebd+docker ​login server.corp13.un:5050
 </​code>​ </​code>​
 ==== Использование образа Docker Registry и on-premise CA ==== ==== Использование образа Docker Registry и on-premise CA ====
Line 511: Line 525:
 } }
 </​code>​ </​code>​
 +
 +===== Дополнительная информация =====
 +
 +==== Приложение apwebd ====
 +
 +<​code>​
 +~/apwebd$ cat Dockerfile
 +</​code><​code>​
 +FROM debian:​bookworm
 +
 +RUN cp /​usr/​share/​zoneinfo/​Etc/​GMT-3 /​etc/​localtime \
 +    && apt-get update \
 +    && apt-get install -y findutils gettext-base apache2 libapache2-mod-auth-openidc \
 +    && apt-get clean \
 +    && a2enmod cgid \
 +    && a2enmod auth_openidc
 +
 +COPY rootfs/ /
 +
 +EXPOSE 80
 +
 +ENTRYPOINT ["/​start.sh"​]
 +</​code><​code>​
 +~/apwebd$ find rootfs/ -type f | xargs tail -n +1
 +</​code><​code>​
 +==> rootfs/​var/​www/​html/​index.html.apwebd-template <==
 +</​code><​code>​
 +<​HTML>​
 +  <​HEAD>​
 +    <META HTTP-EQUIV="​Refresh"​ CONTENT="​10;​URL=/​cgi-bin/​apwebd/">​
 +  </​HEAD>​
 +  <BODY text="​blue">​
 +    <​H1><​A HREF=/​cgi-bin/​apwebd/>​Login to ${APWEBD_HOSTNAME}</​A></​H1>​
 +    Version: 1.2
 +  </​BODY>​
 +</​HTML>​
 +</​code><​code>​
 +==> rootfs/​start.sh <==
 +</​code><​code>​
 +#!/bin/sh
 +
 +[ "​$APWEBD_HOSTNAME"​ ] || { echo Please set env APWEBD_HOSTNAME;​ exit; }
 +[ "​$KEYCLOAK_HOSTNAME"​ ] || { echo Please set env KEYCLOAK_HOSTNAME;​ exit; }
 +[ "​$REALM_NAME"​ ] || { echo Please set env REALM_HOSTNAME;​ exit; }
 +
 +find / -type f -name '​*.apwebd-template'​ | while read -r FILE; do envsubst < "​$FILE"​ > "​${FILE%.apwebd-template}";​ done
 +
 +/​etc/​init.d/​apache2 start
 +
 +tail -f /​var/​log/​apache2/​error.log -f /​var/​log/​apache2/​access.log
 +
 +</​code><​code>​
 +==> rootfs/​etc/​apache2/​conf-available/​serve-cgi-bin.conf.apwebd-template <==
 +</​code><​code>​
 +<​IfModule mod_alias.c>​
 +        <​IfModule mod_cgi.c>​
 +                Define ENABLE_USR_LIB_CGI_BIN
 +        </​IfModule>​
 +
 +        <​IfModule mod_cgid.c>​
 +                Define ENABLE_USR_LIB_CGI_BIN
 +        </​IfModule>​
 +
 +        <​IfDefine ENABLE_USR_LIB_CGI_BIN>​
 +
 +                OIDCSSLValidateServer Off
 +                OIDCProviderMetadataURL https://​${KEYCLOAK_HOSTNAME}/​realms/​${REALM_NAME}/​.well-known/​openid-configuration
 +                OIDCRedirectURI http://​${APWEBD_HOSTNAME}/​cgi-bin/​apwebd
 +                OIDCClientID any-client
 +                OIDCCryptoPassphrase anystring
 +
 +                ScriptAlias /cgi-bin/ /​usr/​lib/​cgi-bin/​
 +                <​Directory "/​usr/​lib/​cgi-bin">​
 +                        AllowOverride None
 +                        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 +#                       ​Require all granted
 +                        AuthType openid-connect
 +                        Require valid-user
 +                </​Directory>​
 +        </​IfDefine>​
 +</​IfModule>​
 +</​code><​code>​
 +==> rootfs/​usr/​lib/​cgi-bin/​apwebd <==
 +</​code><​code>​
 +#!/bin/sh
 +
 +echo Content-type:​ text/html
 +echo
 +
 +echo "<​h1 style=\"​color:​blue;​\">​Hello ${OIDC_CLAIM_preferred_username}</​h1>"​
 +
 +echo "<​pre>";​ env; echo "</​pre>"​
 +</​code><​code>​
 +~/apwebd$ docker build -t server.corp13.un:​5000/​student/​apwebd:​ver1.2 .
 +
 +~/apwebd$ docker run -e APWEBD_HOSTNAME=apwebd.corp13.un -e KEYCLOAK_HOSTNAME=keycloak.corp13.un -e REALM_NAME=corp13 -itd --rm -P server.corp13.un:​5000/​student/​apwebd:​ver1.2
 +
 +~/apwebd$ docker run -e APWEBD_HOSTNAME=apwebd.corp13.un -e KEYCLOAK_HOSTNAME=keycloak.corp13.un -e REALM_NAME=corp13 -itd --entrypoint bash server.corp13.un:​5000/​student/​apwebd:​ver1.2
 +
 +~/apwebd$ docker push server.corp13.un:​5000/​student/​apwebd:​ver1.2
 +</​code>​
 +
  
 ===== Старая версия ===== ===== Старая версия =====
технология_docker.1707909561.txt.gz · Last modified: 2024/02/14 14:19 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki