docker部署安装
#安装国内阿里源;
mkdir -p /data/download/docker
cd /data/download/docker
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#检查一下下载的docker-ce.repo 文件没有问题之后
cp /data/download/docker/docker-ce.repo /etc/yum.repos.d/docker-ce.repo
yum clean expire-cache
#安装Docker-CE版本;
yum install docker-ce -y
#查Docker版本是否安装;
rpm -qa|grep -E "docker"
#启动Docker引擎服务;
systemctl daemon-reload && systemctl restart docker
#查看Docker服务进程;
ps -ef|grep docker
Docker仓库源更新
二选一
vim /etc/docker/daemon.json
.................................................
cat>/etc/docker/daemon.json<<EOF
{
"registry-mirrors":["https://docker.m.daocloud.io"]
}
EOF
..................................
cat daemon.json
systemctl daemon-reload && systemctl restart docker
ps -ef|grep docker
验证docker源下载速度
docker pull tomcat
查看dockers容器镜像
docker image
删除docker容器镜像
docker rmi tomcat
如果删除容器镜像报错,先停止再删除
docker stop tomcat
从Docker仓库下载nginx镜像;
docker pull docker.io/nginx
#从Docker仓库下载tomcat镜像;
docker pull docker.io/tomcat
基于docker run启动nginx镜像,并且启动到/bin/bash解释器;
docker run -itd docker.io/nginx
-i表示:interactive交互;
-t表示:tty终端;
d表示:daemon后台启动;
#基于docker run启动nginx镜像,启动到/bin/bash解释器,同时映射本地80端口至容器80端口;替代了docker原有的命令,或者docker原来就没有启动命令,并不是所有的都可以替代
docker run -p 80:80 -itd docker.io/nginx /bin/bash
#-p端口映射,第一个80宿主机监听端口,第二个80端口为容器监听;
#浏览器输入宿主机IP+80端口,即可访问容器中的80端口所在服务;
#查看当前正在运行中的容器;
docker ps
#查看当前Linux系统所有容器,包括运行和已经停止、其他容器(所有容器)
docker ps -a
#查看容器详细信息;
docker inspect 55e339c80051
#查看容器详细信息,并且从信息中过滤IP地址;
docker inspect 55e339c80051|grep -i ipaddr
#在Docker中容器运行指令:df -h;
docker exec 55e339c80051 df -h
#在Docker中容器/tmp目录创建jfedu.txt文件;
docker exec 55e339c80051 touch /tmp/test.txt
#进入Docker容器/bin/bash终端,然后执行df -h指令;
docker exec -it 55e339c80051 /bin/bash
#退出容器
exit
#基于stop停止正在运行中的容器;
docker stop 55e339c80051
#基于start启动已经停止的容器;
docker start 55e339c80051
#Kill掉正在运行中某个容器;
docker kill 55e339c80051
#删除某个指定的已经停止Docker容器;
docker rm dc455c12ca7d
#强制删除某个指定的正在运行中的Docker容器;
docker rm -f 55e339c80051
#从Docker images列表中删除某个镜像;
docker rmi 78b258e36eed
#从Docker images列表中删除多个镜像;
docker rmi e81eb098537d 415381a6cb81
Docker-Compose部署安装
mkdir -p /data/docker-compose
curl -L "https://github.com/docker/compose/releases/download/v2.17.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose (如下载失败,可重复多次)
#查看下载文件;
cd /usr/local/bin/
ls -la
#添加脚本x权限
chmod +x /usr/local/bin/docker-compose
查看其版本信息;
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
基于docker-compose构建Nginx容器
mkdir -p /data/docker-compose
vi docker-compose.yml
..................................
version: "3"
services:
nginx:
container_name: www-nginx
image: nginx:latest
restart: always
ports:
- 80:80
volumes:
- /data/webapps/www/:/usr/share/nginx/html/
..............................................
创建发布目录:/data/webapps/www/
mkdir -p /data/webapps/www/
echo "<h1>www.hefang.net Nginx Test pages.</h1>" >>/data/webapps/www/index.html
docker-compose up -d
docker ps
docker exec -it www-nginx /bin/bash
root@4528f7b12b43:/# exit
exit
启动和关闭
docker-compose stop
docker-ompose start
验证网络nginx
curl 192.168.63.210
测试后,删除nginx
docker-compose stop
docker-compose rm
Docker Harbo仓库
cd /data/download/
wget -c https://github.com/goharbor/harbor/releases/download/v2.7.1/harbor-offline-installer-v2.7.1.tgz
ls -la
tar -xzf harbor-offline-installer-v2.7.1.tgz
cd /data/download/harbor
cp harbor.yml.tmpl harbor.yml
修改Habor配置文件harbor.yml,修改hostname为本机IP地址,同时注释掉https部分
vi harbor.yml............................
.........................
安装
./install.sh
ls -la (安装成功后,生成docker-compose.yml文件,如果遇到问题,例如端口被占用,解决问题之后,回到当前目录 docker-compose stop && docker-compose start
)
登陆Habor WEB平台,默认用户名:admin,默认密码:Harbor12345
登陆Harbor WEB控制台,可以进行进一步配置
创建私有仓库用户名hefang,并且设置密码Harbor12345,并且绑定library仓库;
默认访问Docker仓库使用443端口,要修改为80端口仓库地址
vim /etc/docker/daemon.json
.............................................
{
"registry-mirrors":["https://docker.m.daocloud.io"],
"insecure-registries":["192.168.63.210"]
}
...........................................
systemctl daemon-reload && systemctl restart docker
cd /data/download/harbor
systemctl restart docker
docker-compose restart
登录私有仓库
docker login 192.168.63.210
- 进入后台查看操作命令提示
docker images
按照提示标记镜像
docker tag nginx:latest 192.168.63.210/library/nginx:v1
docker images
通过docker push将镜像上传至Harbor仓库
docker push 192.168.63.210/library/nginx:v1
在仓库中,查看上传的镜像
docker stats查看所有运行的容器的资源
docker stats+容器ID查看指定容器的资源
docker stats a698c13c985e
docker stats 容器id,--nostream非流式查看容器资源
docker stats a698c13c985e --no-stream
获取容器CPU的信息;
docker stats a698c13c985e --no-stream|awk 'NR>1 {print $1,"CPU:"$3}'
获取容器MEM的信息;
docker stats a698c13c985e --no-stream|awk 'NR>1 {print $1,"MEM:"$4}'
获取容器IO读写的信息;
docker stats a698c13c985e --no-stream|awk 'NR>1 {print $1,"IO:"$(NF-1)}'
部署CAdvisor监控
下载cadvisor镜像,命令如下:
docker pull google/cadvisor
基于镜像启动cadvisor容器,命令如下:
docker run -v /var/run:/var/run:rw -v /sys:/sys:ro -v /var/lib/docker:/var/lib/docker:ro -p 8080:8080 -d --name cadvisor google/cadvisor
通过浏览器访问cadviosr 8080端口,如图所示:
http://192.168.63.210:8080/containers/
Cadvisor+InfluxDB+Grafana部署
单独方式比较繁琐,此处采用Docker-compose方式部署,首先编写compose.yml文件,然后启动compose相关容器服务即可
先停止删除cadviosr
docker stop cadvisor
docker rm cadvisor
docker ps
cd /data/download/harbor
systemctl restart docker
docker-compose restart
docker ps
vim /etc/docker/daemon.json
.............................................
{
"registry-mirrors":["https://docker.1ms.run",
"https://docker.m.daocloud.io",
"https://docker.xuanyuan.me",
"https://mirror.tuna.tsinghua.edu.cn"],
"insecure-registries":["192.168.63.210"]
}
...........................................
systemctl daemon-reload && systemctl restart docker
mkdir -p /data/cadvisor
cd /data/cadvisor
vim docker-compose.yml
...........................................
version: '3.8'
services:
influxdb:
image: influxdb:1.8.10
container_name: influxdb
restart: unless-stopped
environment:
INFLUXDB_DB: cadvisor
INFLUXDB_ADMIN_USER: admin
INFLUXDB_ADMIN_PASSWORD: admin_pass
ports:
- "8083:8083"
- "8086:8086"
volumes:
- influxdbData:/var/lib/influxdb
logging:
driver: "json-file"
options:
max-size: "100m"
grafana:
image: grafana/grafana:9.5.15
container_name: grafana
restart: unless-stopped
ports:
- "3000:3000"
environment:
GF_SECURITY_ADMIN_USER: admin
GF_SECURITY_ADMIN_PASSWORD: admin_pass
GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-piechart-panel"
volumes:
- grafanaData:/var/lib/grafana
depends_on:
- influxdb
cadvisor:
image: docker.1ms.run/google/cadvisor
container_name: cadvisor
ports:
- "8080:8080"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/healthz"]
interval: 30s
timeout: 5s
retries: 3
restart: unless-stopped
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /tmp:rw,size=100M
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
volumes:
influxdbData:
grafanaData:
................................................
启动Docker-compose,命令如下:
docker-compose up -d
docker images -a
docker ps
看下docker volume ls
docker volume inspect cadvisor_influxdbData
Docker-compose默认会启动三个类别容器,分别为:grafana、cadvisor、influxdb,对外访问IP+端口如下:
-
Grafana:http://192.168.63.210:3000
-
Cadvisor:http://192.168.63.210:8080
-
Influxdb:http://192.168.63.210:8086
浏览器访问Grafana WEB界面,默认用户名和密码:admin/admin,然后选择add-database source,填写Influxdb数据库的IP和端口,数据库名:cadvisor,用户名和密码:admin/admin_pass,如图所示:http://192.168.63.210:3000/login
或者从home-connections-connect data搜索数据源
添加新的数据源
可以修改名称并填写Influxdb数据库的IP和端口
数据库名:cadvisor
创建Grafana图像,设置监控项目,例如添加MEM内存使用监控
创建Grafana图像,设置监控项目,例如添加CPU使用监控
