一、关闭firewall,永久关闭,使用iptables防火墙

systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
firewall-cmd --state #查看默认防火墙状态(关闭后显示notrunning,开启后显示running)

yum install iptables-services -y    # 安装防火墙
systemctl restart iptables.service  # 重启防火墙

二、安装docker

要求centos7版本
yum install docker -y 安装 docker -v 查看版本   Docker version 1.12.6, build 3e8e77d/1.12.6
systemctl start docker   启动docker
ps -ef|grep docker     查看是否有docker进程
systemctl enable docker   设置docker开机自启动

三、下载打包好镜像文件

1)本地镜像制作过程

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                NAMES
da67831689e3        docker.io/nginx     "/bin/bash"         17 seconds ago      Up 16 seconds       0.0.0.0:80->80/tcp   cocky_aryabhata
[root@localhost ~]# 
[root@localhost ~]# docker commit da67831689e3 test
sha256:783e5f357a7fec72303b88fd4a6a97268ea3481fc2433331a23a59e4552ff1ed
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
test                latest              783e5f357a7f        6 seconds ago       109 MB
docker.io/nginx     latest              7042885a156a        12 days ago         109 MB
[root@localhost ~]# 

[root@localhost ~]# docker save test > new_nginx.tar
[root@localhost ~]# ls
anaconda-ks.cfg  new_nginx.tar
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
test                latest              783e5f357a7f        6 minutes ago       109 MB
docker.io/nginx     latest              7042885a156a        12 days ago         109 MB
[root@localhost ~]# cat new_nginx.tar |docker import - new-nginx
sha256:8e1deabb4ca699ac12196e09b2bd3742f6dc6eb2f5df5f64ee4487634d7ddf41
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
new-nginx           latest              8e1deabb4ca6        3 seconds ago       113 MB
test                latest              783e5f357a7f        7 minutes ago       109 MB
docker.io/nginx     latest              7042885a156a        12 days ago         109 MB
View Code

1)上传打包好的镜像文件

[root@Squid ~]# docker images      查看本地镜像
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
# 上传打包好的镜像包lamp-zabbix.tar
[root@Squid ~]# ll lamp-zabbix.tar 
-rw-r--r--. 1 root root 1323229696 2月  10 14:27 lamp-zabbix.tar
[root@Squid ~]# cat lamp-zabbix.tar |docker import - lamp-zabbix:v1  
sha256:8c4e625c0b2806330b8e974283dfaf7987305c428bb63152c3532f38bf0f728d
[root@Squid ~]# docker images  # 有文件说明导入docker成功
REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
lamp-zabbix         v1                  8c4e625c0b28        About a minute ago   1.302 GB

四、运行lamp-zabbix容器

[root@Squid ~]# docker run --name zabbix_server -t -i -p 88:80 8c4e625c0b28 /bin/bash
# 将容器的web 80端口映射到容器外部80端口上 [root@7d17cdcaf9bd /]# /etc/init.d/httpd start [root@7d17cdcaf9bd /]# /etc/init.d/mysqld start [root@7d17cdcaf9bd /]# /etc/init.d/zabbix_server start
[root@7d17cdcaf9bd /]# exit 退出容器
[root@Squid ~]# vi /etc/sysconfig/iptables
  -A INPUT -p tcp -m state --state NEW -m tcp --dport 88 -j ACCEPT
[root@Squid ~]# docker start zabbix_server

五、慎用的操作的恢复

[root@7d17cdcaf9bd /]# exit 退出容器,即停止容器。容器的业务都将停止
[root@Squid ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

[root@Squid ~]# docker start 7d17cdcaf9bd   再次进入容器
iptables: No chain/target/match by that name.  报错
[root@Squid ~]# docker start 7d17cdcaf9bd    # 重启docker
7d17cdcaf9bd
[root@Squid ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                NAMES
7d17cdcaf9bd        8c4e625c0b28        "/bin/bash"         27 minutes ago      Up 10 seconds       0.0.0.0:88->80/tcp   zabbix_server
# 容器已经启动
[root@Squid ~]# docker exec -ti 7d17cdcaf9bd /bin/bash
[root@7d17cdcaf9bd /]# netstat -lntup      
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name 

六、对于zabbix超级用户密码的修改

1)知道密码的情况下进行修改

2)忘记密码的情况下进行修改

登录数据库修改

# mysql -uroot -p      #登陆数据库 
mysql> show databases;
mysql> use zabbix;
mysql> show tables;
| triggers                   |
| users                      |
| users_groups               |
| usrgrp                     |
| valuemaps                  |
+----------------------------+
127 rows in set (0.00 sec)
=====》users表就是存放用户密码的表,而ID为1就是超级管理员的账号密码
mysql> select * from users;      # 查看表里的字段,admin对应的ID是1 
mysql> select userid,passwd from users; 
+--------+----------------------------------+
| userid | passwd                           |
+--------+----------------------------------+
|      1 | a9eead793bcab362333108a451447758 |
|      2 | d41d8cd98f00b204e9800998ecf8427e |
+--------+----------------------------------+
2 rows in set (0.00 sec)
=====》密码是经过md5加密的
重新开个终端,生成一个MD5加密的密码,这里密码设置的是RedHat
[root@localhost ~]# echo -n redhat|openssl md5    #-n就表示不输入回车符,不加-n,否则就不是这个结果了。 
(stdin)= e2798af12a7a0f4f70b4d69efbc25f4d
接着上面的为admin用户设定一个密码
mysql> update users set passwd='e2798af12a7a0f4f70b4d69efbc25f4d' where userid = '1'; 
      #或者直接使用update  users set passwd=md5("redhat") where userid='1'; 
Query OK, 1 row affected (0.01 sec) 
Rows matched: 1  Changed: 1  Warnings: 0 
mysql> flush privileges; 
mysql> quit 

七、docker启动错误

[root@Squid ~]# docker start c6c3b185f2ce
Error response from daemon: devmapper: Error mounting '/dev/mapper/docker-253:0-35197283-f75fa419830cf84b0dbc1d1d06e9bc67de6fc41789b5abd3ef221c291222f47a' on '/var/lib/docker/devicemapper/mnt/f75fa419830cf84b0dbc1d1d06e9bc67de6fc41789b5abd3ef221c291222f47a'. fstype=xfs options=nouuid,context="system_u:object_r:svirt_sandbox_file_t:s0:c34,c941": invalid argument
<6>[  111.172763] IPv6: ADDRCONF(NETDEV_UP): docker0: link is not ready
<4>[  130.630581] sched: RT throttling activated
<4>[  238.455112] XFS (dm-3): unknown mount option [context="system_u:object_r:svirt_sandbox_file_t:s0:c34].
Error: failed to start containers: c6c3b185f2ce

  修复方法主要有两种:

  1. 可以将selinux重新置为enable,然后重启物理机,即可修复。
  2. 修改容器的配置。比如我的容器的配置是/var.lib/docker/containers/e7ef71494940ba293be4b3f74198bf34835c35537810053b051d9a6c33adbd32/config.v2.json文件。将其中的"MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c12,c257", "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c12,c257"重修修改为"MountLabel": "", "ProcessLabel": "",然后重新启动docker daemon,容器即可修复。
posted on 2018-08-03 10:37  可口_可乐  阅读(1452)  评论(0编辑  收藏  举报