This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
технология_docker [2023/01/07 11:40] val [Создание контейнера для приложения вручную] |
технология_docker [2024/04/30 16:47] val [Запуск в режиме демона и подключение к контейнеру] |
||
---|---|---|---|
Line 51: | Line 51: | ||
<code> | <code> | ||
# usermod -aG docker gitlab-runner | # usermod -aG docker gitlab-runner | ||
+ | |||
+ | # su - gitlab-runner | ||
</code> | </code> | ||
===== Работа с образами и контейнерами ===== | ===== Работа с образами и контейнерами ===== | ||
+ | * [[https://www.baeldung.com/ops/docker-image-layers-sizes|Finding the Layers and Layer Sizes for a Docker Image]] | ||
+ | * [[https://docs.docker.com/engine/reference/commandline/system_prune/|docker system prune - Remove unused data]] | ||
* [[Сервис Grafana]] | * [[Сервис Grafana]] | ||
==== Обзор и удаление ==== | ==== Обзор и удаление ==== | ||
Line 72: | Line 76: | ||
# docker rmi -f $(docker images -aq) | # docker rmi -f $(docker images -aq) | ||
+ | |||
+ | # docker system prune | ||
# docker system prune -a --volumes | # docker system prune -a --volumes | ||
</code> | </code> | ||
+ | ==== Копирование файлов в контейнер ==== | ||
+ | |||
+ | <code> | ||
+ | root@webinar:~# docker cp ca.crt greenlight-v3:/usr/local/share/ca-certificates/ | ||
+ | |||
+ | root@webinar:~# docker exec -ti greenlight-v3 /usr/sbin/update-ca-certificates | ||
+ | |||
+ | root@webinar:~# docker exec greenlight-v3 wget -O /dev/null https://keycloak.corp13.un | ||
+ | |||
+ | root@webinar:~# docker commit greenlight-v3 bigbluebutton/greenlight:v3 | ||
+ | </code> | ||
Line 128: | Line 145: | ||
<code> | <code> | ||
server# docker commit webd test/webd | server# docker commit webd test/webd | ||
+ | |||
+ | gitlab-runner@server:~$ docker images | ||
</code> | </code> | ||
Line 134: | Line 153: | ||
* [[Сервис TACACS+]] | * [[Сервис TACACS+]] | ||
- | * [[Средства программирования shell#Web сервер на shell]] | ||
<code> | <code> | ||
- | server# mkdir /root/webd/ && cd /root/webd/ | + | server# mkdir -p /root/webd/ && cd /root/webd/ |
или | или | ||
- | gitlab-runner@server:~$ mkdir -p webd/webd/ && cd webd/webd/ | + | gitlab-runner@server:~$ mkdir -p ~/webd/webd/ && cd ~/webd/webd/ |
server# cp /usr/local/sbin/webd . | server# cp /usr/local/sbin/webd . | ||
+ | |||
+ | или | ||
+ | </code> | ||
+ | * [[Средства программирования shell#Web сервер на shell]] | ||
+ | <code> | ||
+ | gitlab-runner@server:~/webd/webd$ nano webd # добавляем закомментированные строки | ||
server# ###tar -cvzf www.tgz -C /var/ www/ | server# ###tar -cvzf www.tgz -C /var/ www/ | ||
Line 164: | Line 188: | ||
#FROM debian:buster | #FROM debian:buster | ||
FROM debian:bullseye | FROM debian:bullseye | ||
+ | #FROM debian:bookworm | ||
RUN cp /usr/share/zoneinfo/Etc/GMT-3 /etc/localtime \ | RUN cp /usr/share/zoneinfo/Etc/GMT-3 /etc/localtime \ | ||
Line 175: | Line 200: | ||
### ADD www.tgz /var/ | ### ADD www.tgz /var/ | ||
- | ### for helm releases test | + | ### for helm readiness/liveness Probe |
### COPY index.html /var/www/ | ### COPY index.html /var/www/ | ||
Line 188: | Line 213: | ||
</code> | </code> | ||
- | ==== Запуск в режиме демона и подключение к контейнеру ==== | + | === Dockerfile Multistage Building === |
+ | |||
+ | * [[Язык программирования Golang]] | ||
+ | * [[https://habr.com/ru/articles/647255/|Рекомендации по работе с Docker для Golang-разработчиков (Multistage Building)]] | ||
+ | * [[https://www.docker.com/blog/containerize-your-go-developer-environment-part-2/|Containerize Your Go Developer Environment – Part 2]] | ||
<code> | <code> | ||
- | 1-й раз - запуск образа сделанного "вручную" | + | student@client1:~/gowebd$ cat Dockerfile |
+ | </code><code> | ||
+ | FROM golang | ||
+ | #FROM golang as builder | ||
- | server# docker run --name webd01 --hostname webd01 -itd -v /var/www/:/var/www/ -p 8000:80 test/webd /start.sh | + | WORKDIR /build |
+ | COPY . . | ||
+ | RUN test -e go.mod || go mod init gowebd | ||
- | 2-й раз - через Dockerfile задан entrypoint и expose, ключ --rm для удаления контейнера после остановки | + | #ENV CGO_ENABLED=0 |
+ | RUN go build -o /gowebd | ||
+ | #FROM alpine | ||
+ | #COPY --from=builder /gowebd /gowebd | ||
+ | |||
+ | ENTRYPOINT ["/gowebd"] | ||
+ | </code><code> | ||
+ | student@client1:~/gowebd$ docker images | ||
+ | |||
+ | student@client1:~/gowebd$ time docker build -t gowebd . | ||
+ | real 6m2.564s | ||
+ | |||
+ | student@client1:~/gowebd$ docker run -d -p 8080:80 --rm gowebd | ||
+ | </code> | ||
+ | ==== Запуск в режиме демона и подключение к контейнеру ==== | ||
+ | |||
+ | 1-й пример - запуск образа сделанного "вручную", можно запустить несколько экземпляров с -p 80 выяснить назначенные порты, настроить keepalived и провести нагрузочное тестирование | ||
+ | <code> | ||
+ | server# docker run --name webd01 --hostname webd01 -itd -v /var/www/:/var/www/ -p 8000:80 test/webd /start.sh | ||
+ | </code> | ||
+ | 2-й пример - через Dockerfile задан entrypoint и expose, ключ --rm для удаления контейнера после остановки, добавить, при необходимости, -v | ||
+ | <code> | ||
server# docker run --name webd01 -e MYMODE=TEST -itd --rm -P test/webd | server# docker run --name webd01 -e MYMODE=TEST -itd --rm -P test/webd | ||
</code> | </code> | ||
- | Процессы контейнера и системы | + | 3-й раз - запустить несколько экземпляров, указав параметры для подключения внешнего каталога /var/www/, выяснить назначенные порты, настроить keepalived, по журналам определять какой контейнер используется |
+ | |||
+ | === Процессы контейнера и системы === | ||
+ | |||
+ | * [[Технология cgroup]] | ||
+ | * [[Технология namespaces]] | ||
<code> | <code> | ||
server# docker top webd01 | server# docker top webd01 | ||
server# ps axw | grep inetd | server# ps axw | grep inetd | ||
+ | server# ps axw | grep start.sh | ||
server# cat /proc/<PID>/cgroup | server# cat /proc/<PID>/cgroup | ||
- | </code> | ||
- | * [[Технология cgroup]] | ||
- | <code> | ||
- | server# find /sys/fs/cgroup/ | grep NNNNNNNNNNNNNNNNNNNNNNNNNNNNN | grep memory.max | ||
- | |||
server# systemd-cgls | server# systemd-cgls | ||
+ | |||
+ | cgroup-v1# cat /sys/fs/cgroup/memory/docker/NNNNNNNNNNNNNNNNNNNNNNNNNNNNN/memory.max_usage_in_bytes | ||
+ | cgroup-v2# cat /sys/fs/cgroup/system.slice/docker-NNNNNNNNNNNNNNNNNNNNNNNNNNNNN.scope/memory.stat | ||
+ | |||
+ | server# docker stats | ||
+ | |||
+ | server# lsns | grep start.sh | ||
</code> | </code> | ||
- | Анализ параметров запуска контейнера | + | === Анализ параметров запущенного контейнера === |
<code> | <code> | ||
server# docker inspect webd01 | server# docker inspect webd01 | ||
Line 241: | Line 306: | ||
webd01# ls /proc/ | webd01# ls /proc/ | ||
webd01# cat /proc/1/cmdline | webd01# cat /proc/1/cmdline | ||
+ | |||
+ | webd01# ss -tpan | ||
+ | или | ||
+ | webd01# cat /proc/net/tcp | ||
+ | webd01# cat /proc/net/tcp6 | ||
Ctrl+P, Q(still holding Ctrl) | Ctrl+P, Q(still holding Ctrl) | ||
Line 254: | Line 324: | ||
server# docker stop webd01 && docker rm webd01 | server# docker stop webd01 && docker rm webd01 | ||
</code> | </code> | ||
+ | |||
==== Микросервисы ==== | ==== Микросервисы ==== | ||
Line 286: | Line 357: | ||
* [[https://habr.com/ru/company/ruvds/blog/450312/|Руководство по Docker Compose для начинающих]] | * [[https://habr.com/ru/company/ruvds/blog/450312/|Руководство по Docker Compose для начинающих]] | ||
* [[https://stackoverflow.com/questions/39663096/docker-compose-creating-multiple-instances-for-the-same-image|docker-compose creating multiple instances for the same image]] | * [[https://stackoverflow.com/questions/39663096/docker-compose-creating-multiple-instances-for-the-same-image|docker-compose creating multiple instances for the same image]] | ||
+ | |||
+ | * [[Инструмент GitLab#Установка через docker-compose]] GitLab | ||
+ | * Установка через [[Сервис Keycloak#docker-compose]] Keycloak | ||
+ | |||
<code> | <code> | ||
Line 335: | Line 410: | ||
# docker volume rm root_vol1 | # docker volume rm root_vol1 | ||
+ | |||
+ | gitlab-runner@server:~/webd$ docker-compose up -d --scale webd=N | ||
+ | |||
+ | gitlab-runner@server:~/webd$ docker ps | ||
+ | |||
+ | gitlab-runner@server:~/webd$ docker-compose down | ||
</code><code> | </code><code> | ||
gitlab-runner@server:~/webd$ cat docker-compose.yml | gitlab-runner@server:~/webd$ cat docker-compose.yml | ||
Line 341: | Line 422: | ||
services: | services: | ||
webd: | webd: | ||
- | image: server.corpX.un:5000/student/webd:1.1 | + | image: server.corpX.un:5000/student/webd:ver1.N |
ports: | ports: | ||
- "80" | - "80" | ||
Line 350: | Line 431: | ||
replicas: 3 | replicas: 3 | ||
</code><code> | </code><code> | ||
- | node1,2,3# docker-compose up -d --scale webd=3 | ||
- | |||
- | или | ||
- | |||
node1,2,3# docker-compose --compatibility up -d | node1,2,3# docker-compose --compatibility up -d | ||
- | node1,2,3# docker-compose --compatibility down | ||
+ | node1,2,3# docker-compose --compatibility down | ||
- | node1,2,3# docker ps -q | xargs -l docker port | + | node1,2,3# docker ps -q | xargs -l docker port | sort -n |
</code> | </code> | ||
Line 384: | Line 461: | ||
"auths": { | "auths": { | ||
"server.corpX.un:5000": { | "server.corpX.un:5000": { | ||
- | "auth": "c3R1ZGVudDpwYXNzd29yZA==" | + | "auth": "c3R1ZGVudDpQYSQkdzByZA==" |
} | } | ||
} | } | ||
Line 393: | Line 470: | ||
<code> | <code> | ||
+ | gitlab-runner@server:~$ docker images | ||
+ | |||
gitlab-runner@server:~$ docker tag test/webd server.corpX.un:5000/student/webd | gitlab-runner@server:~$ docker tag test/webd server.corpX.un:5000/student/webd | ||
gitlab-runner@server:~$ docker tag test/webd server.corpX.un:5000/student/webd:1.1 | gitlab-runner@server:~$ docker tag test/webd server.corpX.un:5000/student/webd:1.1 | ||
Line 402: | Line 481: | ||
... | ... | ||
node1_2_3# docker run --name webd01 --hostname webd01 -itd --rm -p 8000:80 server.corpX.un:5000/student/webd | node1_2_3# docker run --name webd01 --hostname webd01 -itd --rm -p 8000:80 server.corpX.un:5000/student/webd | ||
+ | |||
+ | node1_2_3# docker run --name webd0N --hostname webd0N -itd --rm -P -v /var/www/:/var/www/ server.corpX.un:5000/student/webd | ||
</code> | </code> | ||
- | ==== Использование образа Docker Registry ==== | + | ==== Secure Private Registry ==== |
+ | |||
+ | * [[Пакет OpenSSL#Импорт сертификата центра сертификации]] | ||
+ | |||
+ | <code> | ||
+ | # docker pull server.corp13.un:5050/student/gowebd | ||
+ | |||
+ | # docker login server.corp13.un:5050 | ||
+ | </code> | ||
+ | ==== Использование образа Docker Registry и on-premise CA ==== | ||
* [[https://docs.docker.com/registry/|Docker Registry]] | * [[https://docs.docker.com/registry/|Docker Registry]] | ||
Line 421: | Line 511: | ||
node1# curl --insecure -X GET https://gate.corp13.un:5000/v2/_catalog | node1# curl --insecure -X GET https://gate.corp13.un:5000/v2/_catalog | ||
{"repositories":["webd"]} | {"repositories":["webd"]} | ||
+ | |||
+ | val@gitlab-vkube:~$ curl -s https://gitlab-vkube.bmstu.ru:5000/v2/postgresql/tags/list | jq | ||
+ | { | ||
+ | "name": "postgresql", | ||
+ | "tags": [ | ||
+ | "13" | ||
+ | ] | ||
+ | } | ||
</code> | </code> | ||
+ | |||
+ | ===== Дополнительная информация ===== | ||
+ | |||
+ | ==== Приложение apwebd ==== | ||
+ | |||
+ | <code> | ||
+ | ~/apwebd$ cat Dockerfile | ||
+ | </code><code> | ||
+ | FROM debian:bookworm | ||
+ | |||
+ | RUN cp /usr/share/zoneinfo/Etc/GMT-3 /etc/localtime \ | ||
+ | && apt-get update \ | ||
+ | && apt-get install -y findutils gettext-base apache2 libapache2-mod-auth-openidc \ | ||
+ | && apt-get clean \ | ||
+ | && a2enmod cgid \ | ||
+ | && a2enmod auth_openidc | ||
+ | |||
+ | COPY rootfs/ / | ||
+ | |||
+ | EXPOSE 80 | ||
+ | |||
+ | ENTRYPOINT ["/start.sh"] | ||
+ | </code><code> | ||
+ | ~/apwebd$ find rootfs/ -type f | xargs tail -n +1 | ||
+ | </code><code> | ||
+ | ==> rootfs/var/www/html/index.html.apwebd-template <== | ||
+ | </code><code> | ||
+ | <HTML> | ||
+ | <HEAD> | ||
+ | <META HTTP-EQUIV="Refresh" CONTENT="10;URL=/cgi-bin/apwebd/"> | ||
+ | </HEAD> | ||
+ | <BODY text="blue"> | ||
+ | <H1><A HREF=/cgi-bin/apwebd/>Login to ${APWEBD_HOSTNAME}</A></H1> | ||
+ | Version: 1.2 | ||
+ | </BODY> | ||
+ | </HTML> | ||
+ | </code><code> | ||
+ | ==> rootfs/start.sh <== | ||
+ | </code><code> | ||
+ | #!/bin/sh | ||
+ | |||
+ | [ "$APWEBD_HOSTNAME" ] || { echo Please set env APWEBD_HOSTNAME; exit; } | ||
+ | [ "$KEYCLOAK_HOSTNAME" ] || { echo Please set env KEYCLOAK_HOSTNAME; exit; } | ||
+ | [ "$REALM_NAME" ] || { echo Please set env REALM_HOSTNAME; exit; } | ||
+ | |||
+ | find / -type f -name '*.apwebd-template' | while read -r FILE; do envsubst < "$FILE" > "${FILE%.apwebd-template}"; done | ||
+ | |||
+ | /etc/init.d/apache2 start | ||
+ | |||
+ | tail -f /var/log/apache2/error.log -f /var/log/apache2/access.log | ||
+ | |||
+ | </code><code> | ||
+ | ==> rootfs/etc/apache2/conf-available/serve-cgi-bin.conf.apwebd-template <== | ||
+ | </code><code> | ||
+ | <IfModule mod_alias.c> | ||
+ | <IfModule mod_cgi.c> | ||
+ | Define ENABLE_USR_LIB_CGI_BIN | ||
+ | </IfModule> | ||
+ | |||
+ | <IfModule mod_cgid.c> | ||
+ | Define ENABLE_USR_LIB_CGI_BIN | ||
+ | </IfModule> | ||
+ | |||
+ | <IfDefine ENABLE_USR_LIB_CGI_BIN> | ||
+ | |||
+ | OIDCSSLValidateServer Off | ||
+ | OIDCProviderMetadataURL https://${KEYCLOAK_HOSTNAME}/realms/${REALM_NAME}/.well-known/openid-configuration | ||
+ | OIDCRedirectURI http://${APWEBD_HOSTNAME}/cgi-bin/apwebd | ||
+ | OIDCClientID any-client | ||
+ | OIDCCryptoPassphrase anystring | ||
+ | |||
+ | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | ||
+ | <Directory "/usr/lib/cgi-bin"> | ||
+ | AllowOverride None | ||
+ | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | ||
+ | # Require all granted | ||
+ | AuthType openid-connect | ||
+ | Require valid-user | ||
+ | </Directory> | ||
+ | </IfDefine> | ||
+ | </IfModule> | ||
+ | </code><code> | ||
+ | ==> rootfs/usr/lib/cgi-bin/apwebd <== | ||
+ | </code><code> | ||
+ | #!/bin/sh | ||
+ | |||
+ | echo Content-type: text/html | ||
+ | echo | ||
+ | |||
+ | echo "<h1 style=\"color:blue;\">Hello ${OIDC_CLAIM_preferred_username}</h1>" | ||
+ | |||
+ | echo "<pre>"; env; echo "</pre>" | ||
+ | </code><code> | ||
+ | ~/apwebd$ docker build -t server.corp13.un:5000/student/apwebd:ver1.2 . | ||
+ | |||
+ | ~/apwebd$ docker run -e APWEBD_HOSTNAME=apwebd.corp13.un -e KEYCLOAK_HOSTNAME=keycloak.corp13.un -e REALM_NAME=corp13 -itd --rm -P server.corp13.un:5000/student/apwebd:ver1.2 | ||
+ | |||
+ | ~/apwebd$ docker run -e APWEBD_HOSTNAME=apwebd.corp13.un -e KEYCLOAK_HOSTNAME=keycloak.corp13.un -e REALM_NAME=corp13 -itd --entrypoint bash server.corp13.un:5000/student/apwebd:ver1.2 | ||
+ | |||
+ | ~/apwebd$ docker push server.corp13.un:5000/student/apwebd:ver1.2 | ||
+ | </code> | ||
+ | |||
===== Старая версия ===== | ===== Старая версия ===== |