一、关闭firewall,永久关闭,使用iptables防火墙
systemctl stop firewalld.service #停止firewall systemctl disable firewalld.service #禁止firewall开机启动 firewall-cmd --state #查看默认防火墙状态(关闭后显示notrunning,开启后显示running) yum install iptables-services -y # 安装防火墙
systemctl restart iptables.service # 重启防火墙
二、安装docker
要求centos7版本
yum install docker -y 安装 docker -v 查看版本 Docker version 1.12.6, build 3e8e77d/1.12.6
systemctl start docker 启动docker
ps -ef|grep docker 查看是否有docker进程
systemctl enable docker 设置docker开机自启动
三、下载打包好镜像文件
1)本地镜像制作过程
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES da67831689e3 docker.io/nginx "/bin/bash" 17 seconds ago Up 16 seconds 0.0.0.0:80->80/tcp cocky_aryabhata [root@localhost ~]# [root@localhost ~]# docker commit da67831689e3 test sha256:783e5f357a7fec72303b88fd4a6a97268ea3481fc2433331a23a59e4552ff1ed [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE test latest 783e5f357a7f 6 seconds ago 109 MB docker.io/nginx latest 7042885a156a 12 days ago 109 MB [root@localhost ~]# [root@localhost ~]# docker save test > new_nginx.tar [root@localhost ~]# ls anaconda-ks.cfg new_nginx.tar [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE test latest 783e5f357a7f 6 minutes ago 109 MB docker.io/nginx latest 7042885a156a 12 days ago 109 MB [root@localhost ~]# cat new_nginx.tar |docker import - new-nginx sha256:8e1deabb4ca699ac12196e09b2bd3742f6dc6eb2f5df5f64ee4487634d7ddf41 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE new-nginx latest 8e1deabb4ca6 3 seconds ago 113 MB test latest 783e5f357a7f 7 minutes ago 109 MB docker.io/nginx latest 7042885a156a 12 days ago 109 MB
1)上传打包好的镜像文件
[root@Squid ~]# docker images 查看本地镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
# 上传打包好的镜像包lamp-zabbix.tar
[root@Squid ~]# ll lamp-zabbix.tar
-rw-r--r--. 1 root root 1323229696 2月 10 14:27 lamp-zabbix.tar
[root@Squid ~]# cat lamp-zabbix.tar |docker import - lamp-zabbix:v1
sha256:8c4e625c0b2806330b8e974283dfaf7987305c428bb63152c3532f38bf0f728d
[root@Squid ~]# docker images # 有文件说明导入docker成功
REPOSITORY TAG IMAGE ID CREATED SIZE
lamp-zabbix v1 8c4e625c0b28 About a minute ago 1.302 GB
四、运行lamp-zabbix容器
[root@Squid ~]# docker run --name zabbix_server -t -i -p 88:80 8c4e625c0b28 /bin/bash
# 将容器的web 80端口映射到容器外部80端口上 [root@7d17cdcaf9bd /]# /etc/init.d/httpd start [root@7d17cdcaf9bd /]# /etc/init.d/mysqld start [root@7d17cdcaf9bd /]# /etc/init.d/zabbix_server start
[root@7d17cdcaf9bd /]# exit 退出容器
[root@Squid ~]# vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 88 -j ACCEPT
[root@Squid ~]# docker start zabbix_server
五、慎用的操作的恢复
[root@7d17cdcaf9bd /]# exit 退出容器,即停止容器。容器的业务都将停止 [root@Squid ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@Squid ~]# docker start 7d17cdcaf9bd 再次进入容器 iptables: No chain/target/match by that name. 报错 [root@Squid ~]# docker start 7d17cdcaf9bd # 重启docker 7d17cdcaf9bd [root@Squid ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7d17cdcaf9bd 8c4e625c0b28 "/bin/bash" 27 minutes ago Up 10 seconds 0.0.0.0:88->80/tcp zabbix_server # 容器已经启动 [root@Squid ~]# docker exec -ti 7d17cdcaf9bd /bin/bash [root@7d17cdcaf9bd /]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
六、对于zabbix超级用户密码的修改
1)知道密码的情况下进行修改
2)忘记密码的情况下进行修改
登录数据库修改
# mysql -uroot -p #登陆数据库 mysql> show databases; mysql> use zabbix; mysql> show tables; | triggers | | users | | users_groups | | usrgrp | | valuemaps | +----------------------------+ 127 rows in set (0.00 sec) =====》users表就是存放用户密码的表,而ID为1就是超级管理员的账号密码 mysql> select * from users; # 查看表里的字段,admin对应的ID是1 mysql> select userid,passwd from users; +--------+----------------------------------+ | userid | passwd | +--------+----------------------------------+ | 1 | a9eead793bcab362333108a451447758 | | 2 | d41d8cd98f00b204e9800998ecf8427e | +--------+----------------------------------+ 2 rows in set (0.00 sec) =====》密码是经过md5加密的 重新开个终端,生成一个MD5加密的密码,这里密码设置的是RedHat [root@localhost ~]# echo -n redhat|openssl md5 #-n就表示不输入回车符,不加-n,否则就不是这个结果了。 (stdin)= e2798af12a7a0f4f70b4d69efbc25f4d 接着上面的为admin用户设定一个密码 mysql> update users set passwd='e2798af12a7a0f4f70b4d69efbc25f4d' where userid = '1'; #或者直接使用update users set passwd=md5("redhat") where userid='1'; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql> flush privileges; mysql> quit
七、docker启动错误
[root@Squid ~]# docker start c6c3b185f2ce Error response from daemon: devmapper: Error mounting '/dev/mapper/docker-253:0-35197283-f75fa419830cf84b0dbc1d1d06e9bc67de6fc41789b5abd3ef221c291222f47a' on '/var/lib/docker/devicemapper/mnt/f75fa419830cf84b0dbc1d1d06e9bc67de6fc41789b5abd3ef221c291222f47a'. fstype=xfs options=nouuid,context="system_u:object_r:svirt_sandbox_file_t:s0:c34,c941": invalid argument <6>[ 111.172763] IPv6: ADDRCONF(NETDEV_UP): docker0: link is not ready <4>[ 130.630581] sched: RT throttling activated <4>[ 238.455112] XFS (dm-3): unknown mount option [context="system_u:object_r:svirt_sandbox_file_t:s0:c34]. Error: failed to start containers: c6c3b185f2ce
修复方法主要有两种:
- 可以将selinux重新置为enable,然后重启物理机,即可修复。
- 修改容器的配置。比如我的容器的配置是
/var.lib/docker/containers/e7ef71494940ba293be4b3f74198bf34835c35537810053b051d9a6c33adbd32/config.v2.json
文件。将其中的"MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c12,c257", "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c12,c257"
重修修改为"MountLabel": "", "ProcessLabel": ""
,然后重新启动docker daemon,容器即可修复。