This is an old revision of the document!
# apt install docker.io
# apt install ca-certificates curl gnupg lsb-release # curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg # echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list # apt update # apt install docker-ce docker-ce-cli containerd.io
# systemctl status docker # docker info # docker run hello-world
# usermod -aG docker gitlab-runner
# docker images # docker ps -a # docker container ls -a # docker start -i NNNNNNNNNNN # docker rm $(docker ps -aq) # docker rm $(docker ps -q -f status=exited) # docker rmi hello-world # docker rmi -f $(docker images -aq) # docker system prune -a --volumes
server# docker run -it --name webd --hostname webd debian bash webd# apt update && apt install file procps nano
webd/# cat start.sh
#!/bin/sh /etc/init.d/inetutils-inetd start bash
“Забыли” сделать скрипт start.sh “выполнимым” нажали Ctrl+D
server# docker diff webd server# docker start webd server# docker attach webd root@webd:/# chmod +x start.sh
Ctrl+D
server# docker commit webd test/webd
server# mkdir /root/webd/ && cd /root/webd/ или gitlab-runner@server:~$ mkdir -p webd/webd/ && cd webd/webd/ server# mv /usr/local/sbin/webd . server# ###tar -cvzf www.tgz -C /var/ www/ server# cat start.sh
#!/bin/sh /etc/init.d/inetutils-inetd start touch /var/log/webd.log #chown 10003 /var/www/ if [ "$MYMODE" = 'TEST' ]; then bash # not work in k8s else tail -f /var/log/webd.log fi
server# cat Dockerfile
#FROM debian:buster FROM debian:bullseye RUN apt-get update && apt-get install -y inetutils-inetd file && echo 'www stream tcp nowait root /usr/local/sbin/webd webd' > /etc/inetd.conf COPY start.sh / COPY webd /usr/local/sbin/webd ### ADD www.tgz /var/ #for simple test in k8s ###COPY index.html /var/www/ #test in k8s EXPOSE 80 #ENV MYMODE=TEST ENTRYPOINT ["/start.sh"]
# docker build -t test/webd . # docker history test/webd
1-й раз - запуск образа сделанного "вручную" server# docker run --name webd01 --hostname webd01 -itd -v /var/www/:/var/www/ -p 8000:80 test/webd /start.sh 2-й раз - через Dockerfile задан entrypoint и expose, ключ --rm для удаления контейнера после остановки server# docker run --name webd01 -e MYMODE=TEST -itd --rm -P test/webd server# docker top webd01 server# ps axw | grep inetd server# cat /proc/<PID>/cgroup
server# cat /sys/fs/cgroup/system.slice/docker-NNNNNNNNNNNNNNNNNNNNNNNNNNNNN.scope/memory.max server# docker inspect webd01 server# docker inspect webd01 -f {{.NetworkSettings.IPAddress}} server# wget -qO - http://172.17.0.2/ server$ curl http://172.17.0.2/ server# docker port webd01 server# docker logs webd01 node1# docker logs webd01 -f server# wget -qO - http://localhost:8000/ server$ curl http://localhost:8000 server$ curl http://localhost:8000/not_exit_file host browser -> http://server.corpX.un:8000/ server# docker attach webd01 webd01# ps ax или webd01# ls /proc/ webd01# cat /proc/1/cmdline Ctrl+P, Q(still holding Ctrl) server# docker stop webd01 server# docker inspect webd01 server# docker start webd01 host browser -> http://server.corpX.un:8000/ server# docker stop webd01 && docker rm webd01
# docker search sftp # chown -R 10003 /var/www # docker run --name sftp01 -v /var/www:/home/user3/www -p 2222:22 -d atmoz/sftp user3:password3:10003 # docker exec -it sftp01 bash
Ctrl+D
# docker top sftp01 # sftp -P 2222 user3@localhost
# docker logs sftp01 # docker stop sftp01
# apt install docker-compose debian11# service docker start # cat docker-compose.yml
version: "3" services: webd: image: test/webd build: webd/ ports: - "8000:80" # - "80" volumes: - /var/www/:/var/www/ # - vol1:/var/www/ # environment: # - MYMODE=TEST # stdin_open: true tty: true sftp: image: atmoz/sftp ports: - "2222:22" volumes: - /var/www/:/home/user3/www # - vol1:/home/user3/www command: user3:password3:10003 #volumes: # vol1:
# docker-compose build # docker-compose up -d # docker-compose stop # docker-compose start # docker-compose down # docker-compose rm # docker volume rm root_vol1
node2_3# cat docker-compose.yml
version: "3" services: webd: image: server.corpX.un:5000/student/webd:ver1.N ports: - "80" volumes: - /var/www/:/var/www/ deploy: mode: replicated replicas: 3
node1,2,3# docker-compose up -d --scale webd=3 или node1,2,3# docker-compose --compatibility up -d node1,2,3# docker-compose --compatibility down node1,2,3# docker ps -q | xargs -l docker port
# cat /etc/docker/daemon.json
... { "insecure-registries" : ["server.corpX.un:5000"] } ...
# service docker restart gitlab-runner@server:~$ docker login http://server.corpX.un:5000 # less ~/.docker/config.json
{ "auths": { "server.corp13.un:5000": { "auth": "c3R1ZGVudDpwYXNzd29yZA==" } } }
gitlab-runner@server:~$ docker tag test/webd server.corpX.un:5000/student/webd gitlab-runner@server:~$ docker tag test/webd server.corpX.un:5000/student/webd:1.1 gitlab-runner@server:~$ docker images gitlab-runner@server:~$ docker push server.corpX.un:5000/student/webd gitlab-runner@server:~$ docker push server.corpX.un:5000/student/webd:1.1 ... node1_2_3# docker run --name webd01 --hostname webd01 -itd --rm -p 8000:80 server.corpX.un:5000/student/webd
gate# docker run -d -p 5000:5000 -v /root:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/gate.crt -e REGISTRY_HTTP_TLS_KEY=/certs/gate.key --name registry registry:2 node1# cp ~vagrant/gate.crt /etc/docker/certs.d/gate.corp13.un\:5000/ca.crt node1# service docker restart node1# docker tag val/webd:latest gate.corp13.un:5000/webd node1# docker push gate.corp13.un:5000/webd node1# curl --insecure -X GET https://gate.corp13.un:5000/v2/_catalog {"repositories":["webd"]}
# docker search debian # docker pull debian # docker images # docker commit debian_cont_01 debian_img_01 # docker rmi debian_img_01
# docker create -i -t --name debian_cont_01 debian # docker ps -a # docker container ls -a # docker update --restart=always debian_cont_01 # docker start debian_cont_01 # docker ps # docker container ls # docker inspect debian_cont_01 # docker top debian_cont_01 # docker attach debian_cont_01 :/# apt update :/# apt install iputils-ping :/# ping -c1 ya.ru Ctrl+P, Q(still holding Ctrl) # docker stop debian_cont_01 # docker rm debian_cont_01 # docker rm $(docker ps -aq)
# docker network ls # docker network create --subnet=192.168.200+X.0/24 corpX_dmz # docker run -h mail.corpX.un --net corpX_dmz --ip 192.168.200+X.10 -i -t --name debian_cont_01 debian # docker network inspect corpX_dmz
Использование bridge
Использование nat/dnat
# ip addr add 172.16.1.100+X dev eth2 # iptables -t nat -A POSTROUTING -o eth2 -s 192.168.100+X.10 -j SNAT --to-source 172.16.1.100+X # iptables -t nat -A PREROUTING -i eth2 --destination 172.16.1.100+X -j DNAT --to-destination 192.168.100+X.10
nodeN# cat haresources
node1.corpX.un drbddisk Filesystem::/dev/drbd0::/disk2::ext4 docker