Docker is an open source virtualization deployment tool that can free people from complicated project deployment and management
Previously, the company used all manual background startup, including internal services and components (mysql, redis, etc.). After the environment became more difficult to manage, there were many pain points. Later decided to use docker to change the status quo.
Tools needed
- docker
- docker-compose, for the deployment and management of multi-container applications, it will be more convenient to use
Install docker and docker-compose
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo curl -L 'https://github.com/docker/compose/releases/download/1.23.2/docker-compose-Linux-x86_64' -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
执行sudo docker run hello-world成功说明docker安装成功
执行docker-compose version成功说明docker-compose安装成功
遇到问题可尝试重启网络服务:service network restart
docker默认安装路径:/var/lib/docker 注:镜像和容器也在这里
docker-compose安装路径:/usr/local/bin/docker-compose
Docker error create override mount to invalid parameter
Mirror container storage path configuration
As mentioned above, the default storage location of docker images and containers is /var/lib/docker
, but the disk may be full, which may cause many errors, such as:
E138: Can't write viminfo file /root/.viminfo!
[35381] INTERNAL ERROR: cannot create temporary directory!
To avoid this abnormal situation, you can choose to modify the storage location of the docker image and container, take /home/docker/lib as an example
1. 停止docker服务 systemctl stop docker
2. mkdir -p /home/docker/lib
3. 如果之前已经有数据在/var/lib/docker,则mv /var/lib/docker/* /home/docker/lib/,否则不用此操作
4. 修改docker配置 vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --graph /home/docker/lib
5. 重新enable 一下docker 服务 重新进行软连接 以及进行一次 daemon-reload
systemctl disable docker
systemctl enable docker
systemctl daemon-reload
systemctl start docker
6. 查看docker info信息
centos uninstall docker
yum list installed|grep docker
yum -y remove docker.x86_64 docker-client.x86_64 docker-common.x86_64
rm -rf /var/lib/docker #删除已存在的镜像和容器(以实际情况docker配置路径而定)
Uninstall docker-compose
sudo rm /usr/local/bin/docker-compose #删除二进制文件即可
Implementation process
- Build a private enterprise-level docker warehouse
As an enterprise's internal docker service, considering the security and transmission speed reliability, it is necessary to build a private docker warehouse to store the internal image files of the enterprise.
There are currently two docker warehouses on the market to choose from: docker registry and docker harbor
docker registry is officially provided by docker, and docker harbor is vmware open source, providing ui interface
In comparison, docker registry is lighter and easier to deploy.
Official docker example: ( start docker registry through docker native start )
Here is a yml started by docker-compose
version: "3"
services:
registry:
image: registry:2
restart: always
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /etc/localtime:/ect/localtime:ro
- /var/lib/registry:/var/lib/registry
- /var/lib/registry/auth:/auth
expose:
- 5000
ports:
- '5000:5000'
Take the test environment as an example, the production environment is used to add certificates, etc. See official documents
Configure password
docker run --entrypoint htpasswd registry:2.7.0 -Bbn testuser testpassword > /var/lib/registry/auth/htpasswd
重新启动服务:docker-compose up -d
After configuring the password, you cannot directly view which mirrors are in the warehouse on the server through curl -XGET 127.0.0.1:5000/v2/_catalog,
but you can log in and view through browser access
View the list of image versions: curl -XGET 127.0.0.1:5000/v2/image_name/tags/list
- Mirror the service
Dockerfile example:
FROM ubuntu:16.04
MAINTAINER xxx "[email protected]"
# add project source code
RUN mkdir /code
ADD ./hqhttp /code #hqhttp是运行的二进制文件
WORKDIR /code
EXPOSE 8821
ENTRYPOINT ["./hqhttp"]
Example makefile:
version ?= test
date_str=`date +%Y-%m-%d\ %H:%M:%S`
code_ver=`git log --oneline -n1 | cut -f1 -d ' '`
.PHONY: all clean push
all:
go build
sudo docker build . -t hqht-hqhttp:$(version)
clean:
-sudo docker rmi hqht-hqhttp:$(version)
push:
sudo docker push hqht-hqhttp:$(version)
External access
First, you need to configure the private registry address
vim /etc/docker/daemon.json
{
"insecure-registries": [
"hub.docker.jiankunking.io:5000"
]
}
//多个私服写法,逗号分隔即可
{
"insecure-registries": [
"test.docker.jiankunking.io:5000",
"hub.docker.jiankunking.io:5000" #优先级从前到后
]
}
The certificate configuration
is not considered here. If the private registry sets a password, you need to log in first
docker login ip:port
Reference materials:
Solution to error when docker deletes mirror
Docker official documentation includes registry
Docker registry build and configure user authentication
ontainer_linux.go:349: starting container process caused "exec: “htpasswd”: executable file not fo