Build docker service from scratch

Docker is an open source virtualization deployment tool that can free people from complicated project deployment and management

Docker from entry to practice

Previously, the company used all manual background startup, including internal services and components (mysql, redis, etc.). After the environment became more difficult to manage, there were many pain points. Later decided to use docker to change the status quo.

Tools needed

1. docker
2. docker-compose, for the deployment and management of multi-container applications, it will be more convenient to use

Install docker and docker-compose

sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo curl -L 'https://github.com/docker/compose/releases/download/1.23.2/docker-compose-Linux-x86_64' -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

执行sudo docker run hello-world成功说明docker安装成功
执行docker-compose version成功说明docker-compose安装成功

遇到问题可尝试重启网络服务：service network restart

docker默认安装路径：/var/lib/docker 注：镜像和容器也在这里
docker-compose安装路径：/usr/local/bin/docker-compose

Docker error create override mount to invalid parameter

Mirror container storage path configuration

As mentioned above, the default storage location of docker images and containers is /var/lib/docker, but the disk may be full, which may cause many errors, such as:
E138: Can't write viminfo file /root/.viminfo!
[35381] INTERNAL ERROR: cannot create temporary directory!

To avoid this abnormal situation, you can choose to modify the storage location of the docker image and container, take /home/docker/lib as an example

1. 停止docker服务   systemctl stop docker
2. mkdir -p /home/docker/lib
3. 如果之前已经有数据在/var/lib/docker，则mv /var/lib/docker/* /home/docker/lib/，否则不用此操作
4. 修改docker配置 vim /usr/lib/systemd/system/docker.service	
   ExecStart=/usr/bin/dockerd --graph /home/docker/lib
5. 重新enable 一下docker 服务 重新进行软连接 以及进行一次 daemon-reload
   systemctl disable docker
   systemctl enable docker
   systemctl daemon-reload
   systemctl start docker
6. 查看docker info信息

centos uninstall docker

yum list installed|grep docker
yum -y remove  docker.x86_64   docker-client.x86_64  docker-common.x86_64
rm -rf  /var/lib/docker   #删除已存在的镜像和容器（以实际情况docker配置路径而定）

Uninstall docker-compose

sudo rm /usr/local/bin/docker-compose  #删除二进制文件即可

Implementation process

1. Build a private enterprise-level docker warehouse

As an enterprise's internal docker service, considering the security and transmission speed reliability, it is necessary to build a private docker warehouse to store the internal image files of the enterprise.
There are currently two docker warehouses on the market to choose from: docker registry and docker harbor
docker registry is officially provided by docker, and docker harbor is vmware open source, providing ui interface

In comparison, docker registry is lighter and easier to deploy.

Official docker example: ( start docker registry through docker native start )

Here is a yml started by docker-compose

version: "3"

services:
  registry:
    image: registry:2
    restart: always
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
    volumes:
      - /etc/localtime:/ect/localtime:ro
      - /var/lib/registry:/var/lib/registry
      - /var/lib/registry/auth:/auth
    expose:
      - 5000
    ports:
      - '5000:5000'

Take the test environment as an example, the production environment is used to add certificates, etc. See official documents

Configure password

docker run --entrypoint htpasswd registry:2.7.0 -Bbn testuser testpassword > /var/lib/registry/auth/htpasswd
重新启动服务:docker-compose up -d

ontainer_linux.go:349: starting container process caused "exec: “htpasswd”: executable file not found报错详解

After configuring the password, you cannot directly view which mirrors are in the warehouse on the server through curl -XGET 127.0.0.1:5000/v2/_catalog,
but you can log in and view through browser access

View the list of image versions: curl -XGET 127.0.0.1:5000/v2/image_name/tags/list

2. Mirror the service

Dockerfile example:

FROM ubuntu:16.04

MAINTAINER xxx "[email protected]"

# add project source code
RUN mkdir /code
ADD ./hqhttp /code   #hqhttp是运行的二进制文件

WORKDIR /code

EXPOSE 8821   

ENTRYPOINT ["./hqhttp"]

Example makefile:

version ?= test
date_str=`date +%Y-%m-%d\ %H:%M:%S`
code_ver=`git log --oneline -n1 | cut -f1 -d ' '`


.PHONY: all clean push

all:
	go build
	sudo docker build . -t hqht-hqhttp:$(version)

clean:
	-sudo docker rmi hqht-hqhttp:$(version)

push:
	sudo docker push hqht-hqhttp:$(version)

External access

First, you need to configure the private registry address

vim /etc/docker/daemon.json

{
    
    
    "insecure-registries": [
        "hub.docker.jiankunking.io:5000"
    ]
}
//多个私服写法，逗号分隔即可
{
    
    
    "insecure-registries": [
        "test.docker.jiankunking.io:5000", 
        "hub.docker.jiankunking.io:5000"   #优先级从前到后
    ]
}

The certificate configuration
is not considered here. If the private registry sets a password, you need to log in first

docker login ip：port

Reference materials:

Solution to error when docker deletes mirror

Docker official documentation includes registry

Docker-from entry to practice

Docker registry build and configure user authentication

ontainer_linux.go:349: starting container process caused "exec: “htpasswd”: executable file not fo

Detailed explanation of the restart strategy of Docker containers and the --restart option of docker run