项目团队成员对docker不是很熟悉,所以整理了一下docker打包的过程,方便大家在后面的快速部署打包上能有比较高的效率。
总体流程有以下几个步骤:
准备两台机器:
192.168.0.54(镜像仓库服务器)
192.168.0.55(微服务应用服务器)
- 支撑环境的安装
- 安装私有镜像仓库(harbor)
在192.168.0.54服务器中安装docker环境和harbor私有镜像仓库,安装过程参考网络文章即可。
同时开通 tcp://192.168.0.54:2375 连接
开通方式(docker 开启2375端口,提供外部访问docker):
vi /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
重启服务
systemctl daemon-reload // 1,加载docker守护线程
systemctl restart docker // 2,重启docker
安装后,浏览器访问如下图:
登录环境,可自行创建
- 安装docker环境及docker-compose服务
在192.168.0.55 安装docker和dokcer-compose,安装过程参考网络文章即可。
- IDEA配置相环境
- 配置idea环境Docker
- 配置私有镜像仓库docker registry
配置私有镜像仓库
- 通过IDEA 构建打包镜像
配置docker执行文件,选择打包环境,选择已经写好的Dockerfile脚本文件,写好镜像名称,勾选掉运行容器按钮,不让它运行,确认即可。
执行此运行配置,即可打包docker镜像。
- 把已经打好的镜像推送到私有镜像仓库(192.168.0.54)中。
其中:
Registry :配置的镜像仓库地址
Repository:程仓库地址,如:192.168.0.54/ts-common-lib/ts-base
tag:版本标记 如:0.0.1
- 微服务docker脚本的编写
本次一共需要安装以下几个微服务服务:注册中心、配置中心、网关服务、鉴权服务、业务支撑、BI服务。
需要安装应用服务:nginx
其中redis和数据库为外部提供,因此不需要在容器中安装。
- 安装服务前,安装ts-base基础依赖包,依赖包中包含:centos+jdk环境,这样做的目的统一依赖环境。可以把每个微服务都需要的一些依赖打到这个包中,但要注意的事情,它会影响镜像的容量大小。
# 执行构建程序。
FROM centos:7.5.1804
MAINTAINER by bask (jli@tsingsoft.com.cn)
#添加jdk安装包
ADD ./jdk-8u121-linux-x64.tar.gz /usr/local/
# 只有通过ENV 环境变量才会生效,通过写/etc/profile的方式不行。
ENV JAVA_HOME /usr/local/jdk1.8.0_121
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV PATH $PATH:$JAVA_HOME/bin
如图:
- 注册中心脚本
FROM 192.168.0.54/ts-common-lib/ts-base:0.0.1
MAINTAINER by bask (jli@tsingsoft.com.cn)
VOLUME /tmp
ADD ts-eureka-0.0.1.jar eureka.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-Duser.timezone=GMT+08","-jar","/eureka.jar"]
EXPOSE 1002
- 配置中心
FROM 192.168.0.54/ts-common-lib/ts-base:0.0.1
MAINTAINER by bask (jli@tsingsoft.com.cn)
VOLUME /tmp
ADD ts-config-0.0.1.jar config.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-Duser.timezone=GMT+08","-jar","/config.jar"]
EXPOSE 2002
- 网关服务
FROM 192.168.0.54/ts-common-lib/ts-base:0.0.1
VOLUME /tmp
ADD ts-gateway-0.0.1.jar gateway.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-Duser.timezone=GMT+08","-jar","/gateway.jar"]
EXPOSE 3002
- 鉴权服务
FROM 192.168.0.54/ts-common-lib/ts-base:0.0.1
VOLUME /tmp
ADD ts-auth-0.0.1.jar auth.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-Duser.timezone=GMT+08","-jar","/auth.jar"]
EXPOSE 4002
- 业务支撑
FROM 192.168.0.54/ts-common-lib/ts-base:0.0.1
VOLUME /tmp
ADD ts-biz-support-0.0.1-SNAPSHOT.jar support.jar
COPY Apache_OpenOffice_4.1.6_Linux_x86-64_install-rpm_zh-CN.tar.gz Apache_OpenOffice_4.1.6_Linux_x86-64_install-rpm_zh-CN.tar.gz
#安装OpenOffice
RUN tar -xvf Apache_OpenOffice*.tar.gz && \
yum install -y zh-CN/RPMS/*.rpm && \
yum groupinstall -y "X Window System" && \
#清除yum缓存
yum clean all && \
#删除压缩包
rm -f Apache_OpenOffice_4.1.6_Linux_x86-64_install-rpm_zh-CN.tar.gz&& \
#删除解压缩的文件
rm -Rf zh-CN
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-Duser.timezone=GMT+08","-jar","/support.jar"]
EXPOSE 6002
- BI服务
FROM 192.168.0.54/ts-common-lib/ts-base:0.0.1
VOLUME /tmp
ADD ts-bi-0.0.1-SNAPSHOT.jar bi.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/bi.jar"]
EXPOSE 5002
- 一健部署脚本的编写
version: "3"
services:
ts-nginx:
image: 192.168.0.54/ts-common-lib/ts-nginx:1.10.1
ports:
- 80:80
- 443:443
privileged: true #修改容器权限,给容器加特权
volumes:
- /data/nginx/html:/usr/local/nginx/html:rw
- /data/nginx/conf/nginx.conf:/usr/local/nginx/conf/nginx.conf
- /data/nginx/logs:/usr/local/nginx/logs:rw
- /data/nginx/cert:/usr/local/nginx/cert:rw
command: /bin/bash -c "exec nginx -g 'daemon off;'"
ts-center:
image: 192.168.0.54/hb-trade-center/ts-center:0.0.2
ports:
- "1002:1002"
hostname: ts-center
restart: always
ts-config:
image: 192.168.0.54/hb-trade-center/ts-config:0.0.1
ports:
- "2002:2002"
hostname: ts-config
environment:
- "eureka_client_serviceUrl_defaultZone=http://tsingsoft:Tsingsoft2018@192.168.0.55:1002/eureka"
restart: always
depends_on:
- ts-center
ts-gateway:
image: 192.168.0.54/hb-trade-center/ts-gateway:0.0.2
ports:
- "3002:3002"
hostname: ts-gateway
restart: always
depends_on:
- ts-center
- ts-config
environment:
- "spring_profiles_active=hb-test"
- "eureka_client_serviceUrl_defaultZone=http://tsingsoft:Tsingsoft2018@192.168.0.55:1002/eureka"
ts-biz-support:
image: 192.168.0.54/hb-trade-center/ts-biz-support:0.0.2
ports:
- "6002:6002"
hostname: ts-biz-support
restart: always
depends_on:
- ts-center
- ts-config
environment:
- "spring_profiles_active=hb-test"
- "eureka_client_serviceUrl_defaultZone=http://tsingsoft:Tsingsoft2018@192.168.0.55:1002/eureka"
ts-auth:
image: 192.168.0.54/hb-trade-center/ts-auth:0.0.1
ports:
- "4002:4002"
hostname: ts-auth
restart: always
depends_on:
- ts-center
- ts-config
environment:
- "spring_profiles_active=hb-test"
- "eureka_client_serviceUrl_defaultZone=http://tsingsoft:Tsingsoft2018@192.168.0.55:1002/eureka"
ts-bi:
image: 192.168.0.54/hb-trade-center/ts-bi:0.0.1
ports:
- "5002:5002"
hostname: ts-bi
restart: always
depends_on:
- ts-center
- ts-config
environment:
- "spring_profiles_active=hb-test"
- "eureka_client_serviceUrl_defaultZone=http://tsingsoft:Tsingsoft2018@192.168.0.55:1002/eureka"
nginx.conf 主配置参考:
user nginx nginx;
worker_processes 1;
#daemon off;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 65535;
multi_accept on;
}
http {
fastcgi_connect_timeout 1200;
fastcgi_send_timeout 1200;
fastcgi_read_timeout 1200;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
client_max_body_size 20M;
#add_header Access-Control-Allow-Origin *;
#add_header Access-Control-Allow-Headers X-Requested-With;
#add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
#gzip_http_version 1.0;
gzip_comp_level 8;
gzip_types text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
server {
listen 80;
server_name 192.168.0.55;
charset utf-8;
root /usr/local/nginx/html;
#access_log logs/host.access.log main;
location /{
index index.html index.htm;
if ( $request_uri = "/" ) {
rewrite "/" http://192.168.0.55/trade/index break;
}
alias /usr/local/nginx/html/trade;
}
location /power {
try_files $uri $uri/ /power/index.html;
index index.html index.htm;
root /usr/local/nginx/html;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
}
location /trade {
try_files $uri $uri/ /trade/index.html;
index index.html index.htm;
root /usr/local/nginx/html;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
}
location /trade/login {
try_files $uri $uri/ /trade/index.html;
index index.html index.htm;
root /usr/local/nginx/html;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
}
location /auth {
try_files $uri $uri/ /auth/index.html;
index index.html index.htm;
root /usr/local/nginx/html;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
}
location /api/ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Accept";
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
# /api
proxy_pass http://192.168.0.55:3002/;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
location /file {
alias file;
}
location /ws/ {
# /ws
proxy_pass http://192.168.0.55:3002;
proxy_http_version 1.1;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Upgrade websocket;
proxy_set_header Connection "Upgrade";
proxy_connect_timeout 1200;
proxy_send_timeout 1200;
proxy_read_timeout 1200;
send_timeout 1200;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
}
# include /etc/nginx/dev-conf/*.conf;
}
- docker的相关命令
1 优化命令
1.1 清理命令
docker image prune -a # 清理没有用到的镜像
1.2 删除前应该停止所有的容器:
docker stop $(docker ps -a -q)
1.3 批量删除tag为"<none>"镜像可以采用如下方法(下面两种方式均可以):
docker rmi $(docker images | grep "^<none>" | awk "{print $3}")
docker images | grep none | awk '{print $3}'| xargs docker rmi
1.4 删除所有停止的容器:
docker rm $(docker ps -a -q)
1.5 强制删除所有的镜像:
docker rmi -f $(docker images -q)
2 容器相关
docker run -d -p 91:80 nginx :在后台运行nginx,若没有镜像则先*载下**,并将容器的80端口映射为宿主机的91端口。
-d:后台运行
-P:随机端口映射
-p:指定端口映射
-net:网络模式
docker ps:列出运行中的容器
docker ps -a :列出所有的容器
docker stop 容器id:停止容器
docker kill 容器id:强制停止容器
docker start 容器id:启动已停止的容器
docker inspect 容器id:查看容器的所有信息
docker container logs 容器id:查看容器日志
docker top 容器id:查看容器里的进程
docker exec -it 容器id /bin/bash:进入容器
exit:退出容器
docker rm 容器id:删除已停止的容器
docker rm -f 容器id:删除正在运行的容器
构建镜像
确定镜像模板:如java、nginx
新建Dockerfile文件
使用Dockerfile的指令完善Dockerfile的内容
在Dockerfile文件的所在路径执行docker build -t imageName:tag .,-t指定镜像名称,末尾的点标识Dockerfile文件的路径
执行docker run -d -p 92:80 imageName:tag即可
- 如何调试查错。
docker logs 【containerId】 # 查看日志
docker exec -it 【containerId】 bin/bash # 进入容器内部
docker生态还有很多内容,等待大家去发现。
作者:程序员,晒太阳