• Docker生产实践(六)


    镜像构建思路

    思路:分层设计

    最底层:系统层,构建自己适用的不同操作系统镜像;

    中间层:根据运行环境,如php、java、python等,构建业务基础运行环境层镜像;

    最上层:根据具体的业务模块,构建应用服务层镜像。

    目录构建树结构

    案例1:centos 7系统镜像构建

    cd /root
    mkdir -p /root/docker/system/centos
    cd /root/docker/system/centos
    wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo  # 下载阿里RHEL 7 epel源
    cp /etc/yum.repos.d/epel.repo epel.repo
    

    创建镜像文件

    vim Dockerfile
    # This Dockerfile
     
    # Base image
    FROM centos
     
    # Who
    MAINTAINER shhnwangjian xxx@163.com
     
    # EPEL
    ADD epel.repo /etc/yum.repos.d/
    
    # Base pkg
    RUN yum install -y wget supervisor git tree net-tools sudo psmisc mysql-devel && yum clean all
    

    构建镜像

    docker build -t shhnwangjian/centos:base .
    

    案例2:基于案例1的centos系统镜像,构建python运行环境镜像

    mkdir -p /root/docker/runtime/python
    cd /root/docker/runtime/python
    

    创建镜像文件

    vim Dockerfile
    # Base image
    FROM shhnwangjian/centos:base
    
    # Who
    MAINTAINER shhnwangjian xxx@163.com
    
    # Python env
    RUN yum install -y python-devel python-pip supervisor
    
    # Upgrade pip
    RUN pip install --upgrade pip
    

    构建镜像

    docker build -t shhnwangjian/python .
    

    案例3:构建带SSH功能的centos 7系统镜像

    mkdir -p /root/docker/system/centos-ssh
    cd /root/docker/system/centos-ssh
    wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo  # 下载阿里RHEL 7 epel源
    cp /etc/yum.repos.d/epel.repo epel.repo
    

    创建镜像文件

    # Docker for CentOS
    
    # Base image
    FROM centos
     
    # Who
    MAINTAINER shhnwangjian xxx@163.com
     
    # EPEL
    ADD epel.repo /etc/yum.repos.d/
    
    # Base pkg
    RUN yum install -y openssh-clients openssl-devel openssh-server wget supervisor git tree net-tools sudo psmisc mysql-devel && yum clean all
    
    # For SSHD
    RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
    RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
    RUN echo "root:123456" | chpasswd
    

    构建镜像

    docker build -t shhnwangjian/centos-ssh .
    

    案例4:基于案例3的centos-ssh系统镜像,构建python-ssh运行环境镜像

    mkdir -p /root/docker/runtime/python-ssh
    cd /root/docker/runtime/python-ssh

    创建镜像文件

    # Base image
    FROM shhnwangjian/centos-ssh
    
    # Who
    MAINTAINER shhnwangjian xxx@163.com
    
    # Python env
    RUN yum install -y python-devel python-pip supervisor
    
    # Upgrade pip
    RUN pip install --upgrade pip
    

    构建镜像

    docker build -t shhnwangjian/python-ssh .
    

    案例5:基于案例4的python-ssh镜像,构建app应用服务镜像

    mkdir -p /root/docker/app/web-app
    cd /root/docker/app/web-app
    

    应用程序文件app.py

    from flask import Flask
    
    app = Flask(__name__)
    
    @app.route('/')
    def hello():
            return "Hello World!"
    
    if __name__ == "__main__":
            app.run(host="0.0.0.0", debug=True)
    

    python依赖包文件requirements.txt

    Flask
    

    supervisor配置文件app-supervisor.ini

    [program:web-api]
    command=/usr/bin/python2.7 /opt/app.py
    process_name=%(program_name)s
    autostart=true
    user=www
    stdout_logfile=/tmp/app.log
    stderr_logfile=/tmp/app.error
    
    [program:sshd]
    command=/usr/sbin/sshd -D
    process_name=%(program_name)s
    autostart=true
    

    在宿主机上安装supervisor,将默认生成的supervisord.conf放入docker构建环境目录下

    ; Sample supervisor config file.
    
    [unix_http_server]
    file=/var/run/supervisor/supervisor.sock   ; (the path to the socket file)
    ;chmod=0700                 ; sockef file mode (default 0700)
    ;chown=nobody:nogroup       ; socket file uid:gid owner
    ;username=user              ; (default is no username (open server))
    ;password=123               ; (default is no password (open server))
    
    ;[inet_http_server]         ; inet (TCP) server disabled by default
    ;port=127.0.0.1:9001        ; (ip_address:port specifier, *:port for all iface)
    ;username=user              ; (default is no username (open server))
    ;password=123               ; (default is no password (open server))
    
    [supervisord]
    logfile=/var/log/supervisor/supervisord.log  ; (main log file;default $CWD/supervisord.log)
    logfile_maxbytes=50MB       ; (max main logfile bytes b4 rotation;default 50MB)
    logfile_backups=10          ; (num of main logfile rotation backups;default 10)
    loglevel=info               ; (log level;default info; others: debug,warn,trace)
    pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
    nodaemon=true             ; (start in foreground if true;default false)
    minfds=1024                 ; (min. avail startup file descriptors;default 1024)
    minprocs=200                ; (min. avail process descriptors;default 200)
    ;umask=022                  ; (process file creation umask;default 022)
    ;user=chrism                 ; (default is current user, required if root)
    ;identifier=supervisor       ; (supervisord identifier, default is 'supervisor')
    ;directory=/tmp              ; (default is not to cd during start)
    ;nocleanup=true              ; (don't clean up tempfiles at start;default false)
    ;childlogdir=/tmp            ; ('AUTO' child log dir, default $TEMP)
    ;environment=KEY=value       ; (key value pairs to add to environment)
    ;strip_ansi=false            ; (strip ansi escape codes in logs; def. false)
    
    ; the below section must remain in the config file for RPC
    ; (supervisorctl/web interface) to work, additional interfaces may be
    ; added by defining them in separate rpcinterface: sections
    [rpcinterface:supervisor]
    supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
    
    [supervisorctl]
    serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL  for a unix socket
    ;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
    ;username=chris              ; should be same as http_username if set
    ;password=123                ; should be same as http_password if set
    ;prompt=mysupervisor         ; cmd line prompt (default "supervisor")
    ;history_file=~/.sc_history  ; use readline history if available
    
    ; The below sample program section shows all possible program subsection values,
    ; create one or more 'real' program: sections to be able to control them under
    ; supervisor.
    
    ;[program:theprogramname]
    ;command=/bin/cat              ; the program (relative uses PATH, can take args)
    ;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
    ;numprocs=1                    ; number of processes copies to start (def 1)
    ;directory=/tmp                ; directory to cwd to before exec (def no cwd)
    ;umask=022                     ; umask for process (default None)
    ;priority=999                  ; the relative start priority (default 999)
    ;autostart=true                ; start at supervisord start (default: true)
    ;autorestart=true              ; retstart at unexpected quit (default: true)
    ;startsecs=10                  ; number of secs prog must stay running (def. 1)
    ;startretries=3                ; max # of serial start failures (default 3)
    ;exitcodes=0,2                 ; 'expected' exit codes for process (default 0,2)
    ;stopsignal=QUIT               ; signal used to kill process (default TERM)
    ;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
    ;user=chrism                   ; setuid to this UNIX account to run the program
    ;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
    ;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
    ;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
    ;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
    ;stdout_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
    ;stdout_events_enabled=false   ; emit events on stdout writes (default false)
    ;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
    ;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
    ;stderr_logfile_backups=10     ; # of stderr logfile backups (default 10)
    ;stderr_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
    ;stderr_events_enabled=false   ; emit events on stderr writes (default false)
    ;environment=A=1,B=2           ; process environment additions (def no adds)
    ;serverurl=AUTO                ; override serverurl computation (childutils)
    
    ; The below sample eventlistener section shows all possible
    ; eventlistener subsection values, create one or more 'real'
    ; eventlistener: sections to be able to handle event notifications
    ; sent by supervisor.
    
    ;[eventlistener:theeventlistenername]
    ;command=/bin/eventlistener    ; the program (relative uses PATH, can take args)
    ;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
    ;numprocs=1                    ; number of processes copies to start (def 1)
    ;events=EVENT                  ; event notif. types to subscribe to (req'd)
    ;buffer_size=10                ; event buffer queue size (default 10)
    ;directory=/tmp                ; directory to cwd to before exec (def no cwd)
    ;umask=022                     ; umask for process (default None)
    ;priority=-1                   ; the relative start priority (default -1)
    ;autostart=true                ; start at supervisord start (default: true)
    ;autorestart=unexpected        ; restart at unexpected quit (default: unexpected)
    ;startsecs=10                  ; number of secs prog must stay running (def. 1)
    ;startretries=3                ; max # of serial start failures (default 3)
    ;exitcodes=0,2                 ; 'expected' exit codes for process (default 0,2)
    ;stopsignal=QUIT               ; signal used to kill process (default TERM)
    ;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
    ;user=chrism                   ; setuid to this UNIX account to run the program
    ;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
    ;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
    ;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
    ;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
    ;stdout_events_enabled=false   ; emit events on stdout writes (default false)
    ;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
    ;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
    ;stderr_logfile_backups        ; # of stderr logfile backups (default 10)
    ;stderr_events_enabled=false   ; emit events on stderr writes (default false)
    ;environment=A=1,B=2           ; process environment additions
    ;serverurl=AUTO                ; override serverurl computation (childutils)
    
    ; The below sample group section shows all possible group values,
    ; create one or more 'real' group: sections to create "heterogeneous"
    ; process groups.
    
    ;[group:thegroupname]
    ;programs=progname1,progname2  ; each refers to 'x' in [program:x] definitions
    ;priority=999                  ; the relative start priority (default 999)
    
    ; The [include] section can just contain the "files" setting.  This
    ; setting can list multiple files (separated by whitespace or
    ; newlines).  It can also contain wildcards.  The filenames are
    ; interpreted as relative to this file.  Included files *cannot*
    ; include files themselves.
    
    [include]
    files = supervisord.d/*.ini
    conf

    备注:nodaemon=true ,前台启动

    创建镜像文件

    # Base image
    FROM shhnwangjian/python-ssh
    
    # Who
    MAINTAINER shhnwangjian xxx@163.com
    
    # ADD user www
    RUN useradd -s /sbin/nologin -M www
    
    # ADD file
    ADD app.py /opt/app.py
    ADD requirements.txt /opt/
    ADD supervisord.conf /etc/supervisord.conf
    ADD app-supervisor.ini /etc/supervisord.d/
    
    # Pip install
    RUN /usr/bin/pip2.7 install -r /opt/requirements.txt
    
    # Port
    EXPOSE 22 5000
    
    # CMD
    CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
    

    构建镜像

    docker build -t shhnwangjian/web-api .
    

    启动容器

    docker run --name web-api -d -p 88:5000 -p 8022:22 shhnwangjian/web-api
    

  • 相关阅读:
    eval()一个有意思的PHP函数
    PHP error_reporting() 函数
    网络编程基础--协程--greenlet切换---gevent自动识别 IO ---
    网络编程基础--多线程---concurrent.futures 模块---事件Event---信号量Semaphore---定时器Timer---死锁现象 递归锁----线程队列queue
    rpm -qa 查找文件
    Linux Gvim shell 创建第一个shell脚本
    centos7修改网卡名称为eth0-技术流ken
    pxe+kickstart自动化批量安装系统详解-技术流ken
    cobbler单台服务器实现批量自动化安装不同版本系统-技术流ken
    cobbler批量安装系统使用详解-技术流ken
  • 原文地址:https://www.cnblogs.com/shhnwangjian/p/6308548.html
Copyright © 2020-2023  润新知