1.Dockerfile生产实践
分层设计:
根据Docker的分层理念及公司业务环境,生产中使用分层设计Dockerfile并使用git来管理,可以大大提高应用部署效率,同时可以使用docker-compose来编排启动容器,swarm管理规模不大的docker集群,有条件的公司也可使用k8s、mesos来管理。
2.Docker registry v2私有镜像库构建
compose.yml
data:
image: ubuntu
entrypoint: /bin/true
volumes:
- /var/lib/registry
main:
image: registry:2
ports:
- "5000:5000"
volumes_from:
- data
volumes:
- /tmp:/tmp
(操作系统为ubuntu16.04)
DOCKER_OPTS='--label=host=test --insecure-registry="XX.XX.XX.XX/24" --registry-mirror="https://docker.mirrors.ustc.edu.cn"'
构建需要证书密码认证的私有库可参考以下网址:
https://docs.docker.com/registry/deploying/ (官网)
http://blog.gesha.net/archives/613/
http://www.zimug.com/317.html
http://www.jianshu.com/p/141855241f2d
3.使用Supervisor管理容器里的进程
构建系统和运行环境镜像
[root@linux-node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
anzhihe/python-ssh latest 300930eba086 20 minutes ago 471 MB
anzhihe/centos-ssh latest c8bf0da93a76 24 minutes ago 319.5 MB
构建应用镜像
shop-api #应用镜像目录
├── app.py #使用官网docker-compose的演示小程序
├── app-supervisor.ini #supervisor的配置信息
├── Dockerfile #构建演示容器的Dockerfile
├── requirements.txt #Python环境的依赖文件定义
└── supervisord.conf #supervisord的默认配置文件,可自行修改
[root@linux-node1 ~/docker/app/shop-api]# cat requirements.txt
flask #演示程序依赖flask框架
[root@linux-node1 ~/docker/app/shop-api]# cat Dockerfile
#Base image
FROM anzhihe/python-ssh #指定基础镜像
#Maintainer
MAINTAINER Zhihe An xxx@gmail.com
# Add www user
RUN useradd -s /sbin/nologin -M www #添加www用户用于启动app.py
# ADD file
ADD app.py /opt/app.py #添加演示小程序app.py到容器里
ADD requirements.txt /opt/
ADD supervisord.conf /etc/supervisord.conf #添加supervisord默认配置文件,修改nodaemon=true让其在前台启动
ADD app-supervisor.ini /etc/supervisord.d/ #添加supervisord启动服务配置
# pip
RUN /usr/bin/pip2.7 install -r /opt/requirements.txt
#加载Python环境运行依赖
# Port
EXPOSE 22 5000 #对外暴露22和5000端口
#CMD
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] #启动supervisor服务
构建演示镜像
[root@linux-node1 ~/docker/app/shop-api]# docker build -t anzhihe/shop-api .
[root@linux-node1 ~/docker/app/shop-api]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
anzhihe/shop-api latest 3ff4d9b8ca35 5 seconds ago 476.6 MB
anzhihe/python-ssh latest 300930eba086 37 minutes ago 471 MB
anzhihe/centos-ssh latest c8bf0da93a76 41 minutes ago 319.5 MB
[root@linux-node1 ~/docker/app/shop-api]# docker run --name shop-api -d -p 88:5000 -p 8022:22 anzhihe/shop-api
a206c241de403f44c68fa3647be2f75d0d23f281e301ea33f13a90d16f8c6d1d
[root@linux-node1 ~/docker/app/shop-api]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a206c241de40 anzhihe/shop-api "/usr/bin/supervisord" 4 seconds ago Up 2 seconds 0.0.0.0:8022->22/tcp, 0.0.0.0:88->5000/tcp shop-api
[root@linux-node1 ~/docker/app/shop-api]# docker exec shop-api ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.5 0.3 117260 14780 ? Ss 19:45 0:00 /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
root 8 0.0 0.0 82472 3568 ? S 19:45 0:00 /usr/sbin/sshd -D
www 9 0.4 0.4 119768 17332 ? S 19:45 0:00 /usr/bin/python2.7 /opt/app.py
www 14 0.7 0.4 196048 17932 ? Sl 19:45 0:00 /usr/bin/python2.7 /opt/app.py
root 20 0.0 0.0 47432 1668 ? Rs 19:46 0:00 ps aux
效果演示
[root@a206c241de40 ~]# kill -9 8 #杀掉sshd
[root@a206c241de40 ~]# ps aux #sshd马上就重启了
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.3 117260 14780 ? Ss 19:45 0:00 /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
www 9 0.0 0.4 119768 17332 ? S 19:45 0:00 /usr/bin/python2.7 /opt/app.py
www 14 0.2 0.4 196048 18376 ? Sl 19:45 0:01 /usr/bin/python2.7 /opt/app.py
root 25 0.0 0.1 141404 5444 ? Ss 19:54 0:00 sshd: root@pts/0
root 27 0.0 0.0 11772 1864 pts/0 Ss 19:54 0:00 -bash
root 41 0.0 0.0 82472 3564 ? S 19:55 0:00 /usr/sbin/sshd -D
root 42 0.0 0.0 47432 1668 pts/0 R+ 19:55 0:00 ps aux
◎注意:
生产中要先在测试环境中调通再封装docker镜像,请提前踩坑,哈哈~~!
