Docker生产实践

Posted shhnwangjian

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Docker生产实践相关的知识,希望对你有一定的参考价值。

镜像构建思路

思路:分层设计

最底层:系统层,构建自己适用的不同操作系统镜像;

中间层:根据运行环境,如php、java、python等,构建业务基础运行环境层镜像;

最上层:根据具体的业务模块,构建应用服务层镜像。

目录构建树结构

案例1:centos 7系统镜像构建

cd /root
mkdir -p /root/docker/system/centos
cd /root/docker/system/centos
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo  # 下载阿里RHEL 7 epel源
cp /etc/yum.repos.d/epel.repo epel.repo

创建镜像文件

vim Dockerfile
# This Dockerfile
 
# Base image
FROM centos
 
# Who
MAINTAINER shhnwangjian xxx@163.com
 
# EPEL
ADD epel.repo /etc/yum.repos.d/

# Base pkg
RUN yum install -y wget supervisor git tree net-tools sudo psmisc mysql-devel && yum clean all

构建镜像

docker build -t shhnwangjian/centos:base .

 

案例2:基于案例1的centos系统镜像,构建python运行环境镜像

mkdir -p /root/docker/runtime/python
cd /root/docker/runtime/python

创建镜像文件

vim Dockerfile
# Base image
FROM shhnwangjian/centos:base

# Who
MAINTAINER shhnwangjian xxx@163.com

# Python env
RUN yum install -y python-devel python-pip supervisor

# Upgrade pip
RUN pip install --upgrade pip

构建镜像

docker build -t shhnwangjian/python .

 

案例3:构建带SSH功能的centos 7系统镜像

mkdir -p /root/docker/system/centos-ssh
cd /root/docker/system/centos-ssh
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo  # 下载阿里RHEL 7 epel源
cp /etc/yum.repos.d/epel.repo epel.repo

创建镜像文件

# Docker for CentOS

# Base image
FROM centos
 
# Who
MAINTAINER shhnwangjian xxx@163.com
 
# EPEL
ADD epel.repo /etc/yum.repos.d/

# Base pkg
RUN yum install -y openssh-clients openssl-devel openssh-server wget supervisor git tree net-tools sudo psmisc mysql-devel && yum clean all

# For SSHD
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
RUN echo "root:123456" | chpasswd

构建镜像

docker build -t shhnwangjian/centos-ssh .

 

案例4:基于案例3的centos-ssh系统镜像,构建python-ssh运行环境镜像

mkdir -p /root/docker/runtime/python-ssh
cd /root/docker/runtime/python-ssh

创建镜像文件

# Base image
FROM shhnwangjian/centos-ssh

# Who
MAINTAINER shhnwangjian xxx@163.com

# Python env
RUN yum install -y python-devel python-pip supervisor

# Upgrade pip
RUN pip install --upgrade pip

构建镜像

docker build -t shhnwangjian/python-ssh .

 

案例5:基于案例4的python-ssh镜像,构建app应用服务镜像

mkdir -p /root/docker/app/web-app
cd /root/docker/app/web-app

应用程序文件app.py

from flask import Flask

app = Flask(__name__)

@app.route(\'/\')
def hello():
        return "Hello World!"

if __name__ == "__main__":
        app.run(host="0.0.0.0", debug=True)

python依赖包文件requirements.txt

Flask

supervisor配置文件app-supervisor.ini

[program:web-api]
command=/usr/bin/python2.7 /opt/app.py
process_name=%(program_name)s
autostart=true
user=www
stdout_logfile=/tmp/app.log
stderr_logfile=/tmp/app.error

[program:sshd]
command=/usr/sbin/sshd -D
process_name=%(program_name)s
autostart=true

在宿主机上安装supervisor,将默认生成的supervisord.conf放入docker构建环境目录下

; Sample supervisor config file.

[unix_http_server]
file=/var/run/supervisor/supervisor.sock   ; (the path to the socket file)
;chmod=0700                 ; sockef file mode (default 0700)
;chown=nobody:nogroup       ; socket file uid:gid owner
;username=user              ; (default is no username (open server))
;password=123               ; (default is no password (open server))

;[inet_http_server]         ; inet (TCP) server disabled by default
;port=127.0.0.1:9001        ; (ip_address:port specifier, *:port for all iface)
;username=user              ; (default is no username (open server))
;password=123               ; (default is no password (open server))

[supervisord]
logfile=/var/log/supervisor/supervisord.log  ; (main log file;default $CWD/supervisord.log)
logfile_maxbytes=50MB       ; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10          ; (num of main logfile rotation backups;default 10)
loglevel=info               ; (log level;default info; others: debug,warn,trace)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
nodaemon=true             ; (start in foreground if true;default false)
minfds=1024                 ; (min. avail startup file descriptors;default 1024)
minprocs=200                ; (min. avail process descriptors;default 200)
;umask=022                  ; (process file creation umask;default 022)
;user=chrism                 ; (default is current user, required if root)
;identifier=supervisor       ; (supervisord identifier, default is \'supervisor\')
;directory=/tmp              ; (default is not to cd during start)
;nocleanup=true              ; (don\'t clean up tempfiles at start;default false)
;childlogdir=/tmp            ; (\'AUTO\' child log dir, default $TEMP)
;environment=KEY=value       ; (key value pairs to add to environment)
;strip_ansi=false            ; (strip ansi escape codes in logs; def. false)

; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL  for a unix socket
;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
;username=chris              ; should be same as http_username if set
;password=123                ; should be same as http_password if set
;prompt=mysupervisor         ; cmd line prompt (default "supervisor")
;history_file=~/.sc_history  ; use readline history if available

; The below sample program section shows all possible program subsection values,
; create one or more \'real\' program: sections to be able to control them under
; supervisor.

;[program:theprogramname]
;command=/bin/cat              ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1                    ; number of processes copies to start (def 1)
;directory=/tmp                ; directory to cwd to before exec (def no cwd)
;umask=022                     ; umask for process (default None)
;priority=999                  ; the relative start priority (default 999)
;autostart=true                ; start at supervisord start (default: true)
;autorestart=true              ; retstart at unexpected quit (default: true)
;startsecs=10                  ; number of secs prog must stay running (def. 1)
;startretries=3                ; max # of serial start failures (default 3)
;exitcodes=0,2                 ; \'expected\' exit codes for process (default 0,2)
;stopsignal=QUIT               ; signal used to kill process (default TERM)
;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
;user=chrism                   ; setuid to this UNIX account to run the program
;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
;stdout_capture_maxbytes=1MB   ; number of bytes in \'capturemode\' (default 0)
;stdout_events_enabled=false   ; emit events on stdout writes (default false)
;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10     ; # of stderr logfile backups (default 10)
;stderr_capture_maxbytes=1MB   ; number of bytes in \'capturemode\' (default 0)
;stderr_events_enabled=false   ; emit events on stderr writes (default false)
;environment=A=1,B=2           ; process environment additions (def no adds)
;serverurl=AUTO                ; override serverurl computation (childutils)

; The below sample eventlistener section shows all possible
; eventlistener subsection values, create one or more \'real\'
; eventlistener: sections to be able to handle event notifications
; sent by supervisor.

;[eventlistener:theeventlistenername]
;command=/bin/eventlistener    ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1                    ; number of processes copies to start (def 1)
;events=EVENT                  ; event notif. types to subscribe to (req\'d)
;buffer_size=10                ; event buffer queue size (default 10)
;directory=/tmp                ; directory to cwd to before exec (def no cwd)
;umask=022                     ; umask for process (default None)
;priority=-1                   ; the relative start priority (default -1)
;autostart=true                ; start at supervisord start (default: true)
;autorestart=unexpected        ; restart at unexpected quit (default: unexpected)
;startsecs=10                  ; number of secs prog must stay running (def. 1)
;startretries=3                ; max # of serial start failures (default 3)
;exitcodes=0,2                 ; \'expected\' exit codes for process (default 0,2)
;stopsignal=QUIT               ; signal used to kill process (default TERM)
;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
;user=chrism                   ; setuid to this UNIX account to run the program
;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
;stdout_events_enabled=false   ; emit events on stdout writes (default false)
;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups        ; # of stderr logfile backups (default 10)
;stderr_events_enabled=false   ; emit events on stderr writes (default false)
;environment=A=1,B=2           ; process environment additions
;serverurl=AUTO                ; override serverurl computation (childutils)

; The below sample group section shows all possible group values,
; create one or more \'real\' group: sections to create "heterogeneous"
; process groups.

;[group:thegroupname]
;programs=progname1,progname2  ; each refers to \'x\' in [program:x] definitions
;priority=999                  ; the relative start priority (default 999)

; The [include] section can just contain the "files" setting.  This
; setting can list multiple files (separated by whitespace or
; newlines).  It can also contain wildcards.  The filenames are
; interpreted as relative to this file.  Included files *cannot*
; include files themselves.

[include]
files = supervisord.d/*.ini
conf

备注:nodaemon=true ,前台启动

创建镜像文件

# Base image
FROM shhnwangjian/python-ssh

# Who
MAINTAINER shhnwangjian xxx@163.com

# ADD user www
RUN useradd -s /sbin/nologin -M www

# ADD file
ADD app.py /opt/app.py
ADD requirements.txt /opt/
ADD supervisord.conf /etc/supervisord.conf
ADD app-supervisor.ini /etc/supervisord.d/

# Pip install
RUN /usr/bin/pip2.7 install -r /opt/requirements.txt

# Port
EXPOSE 22 5000

# CMD
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

构建镜像

docker build -t shhnwangjian/web-api .

启动容器

docker run --name web-api -d -p 88:5000 -p 8022:22 shhnwangjian/web-api

 

以上是关于Docker生产实践的主要内容,如果未能解决你的问题,请参考以下文章

Docker容器生产实践1——永远设置容器内存限制

19 条 Node.js 生产环境中的最佳实践

在生产环境使用Docker部署应用

Docker容器日志管理实践

docker开发实践

生产环境中使用Docker Swarm的一些建议