docker 6.1测试
https://www.cnblogs.com/xiugeng/p/10193333.html#_label1
1.设置重启策略
[root@docker ~]# cat /etc/docker/daemon.json
{
"live-restore":true
}
测试重启策略
[root@docker ~]# docker run --rm -d -p 8080:80 httpd
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1fe86710d030 httpd "httpd-foreground" 5 seconds ago Up 3 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp affectionate_mclean
[root@docker ~]#
杀死进程容器仍在运行
[root@docker ~]# ps -e | grep dockerd
1588 ? 00:00:07 dockerd
[root@docker ~]# kill -SIGHUP 1588
[root@docker ~]# curl 127.0.0.1:8080
<html><body><h1>It works!</h1></body></html>
[root@docker ~]#
在容器中使用supervisord管理PHP和Nginx服务
创建文件编写dockerfile
mkdir web-supervisord
cd web-supervisord/
[root@docker web-supervisord]# cat Dockerfile
FROM centos:7
MAINTAINER mqy@163.com
COPY CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo
COPY nginx_install.sh /tmp/nginx_install.sh
RUN sh /tmp/nginx_install.sh; \rm -rf /usr/local/src/*
RUN sed -i -e '/worker_processes/a daemon off;' /usr/local/nginx/conf/nginx.conf;
COPY jdk-8u152-linux-x64.tar.gz /usr/local/src/jdk-8u152-linux-x64.tar.gz
COPY tomcat_install.sh /tmp/tomcat_install.sh
RUN sh /tmp/tomcat_install.sh; \rm -rf /usr/local/src/*
COPY supervisor_install.sh /tmp/supervisor_install.sh
COPY supervisord.conf /etc/supervisord.conf
COPY start_tomcat.sh /usr/local/tomcat/bin/mystart.sh
RUN sh /tmp/supervisor_install.sh; \rm -rf /tmp/*.sh
更改yum源地址
[root@docker ~]# cat /web-supervisord/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
baseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.163.com/centos/$releasever/updates/$basearch/
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.163.com/centos/$releasever/extras/$basearch/
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://mirrors.163.com/centos/$releasever/centosplus/$basearch/
gpgcheck=0
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
准备nginx脚本
[root@docker web-supervisord]# cat nginx_install.sh
yum install -y wget tar gcc gcc-c++ make pcre pcre-devel zlib zlib-devel openssl openssl-devel
cd /usr/local/src
wget 'http://nginx.org/download/nginx-1.12.2.tar.gz'
tar -zxvf nginx-1.12.2.tar.gz
cd nginx-1.12.2
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-stream --with-stream_ssl_module
make
make install
exit 0
准备tomcat脚本
[root@docker web-supervisord]# cat tomcat_install.sh
yum install -y wget tar
cd /usr/local/src/
tar -zxvf jdk-8u152-linux-x64.tar.gz
mv jdk1.8.0_152 /usr/local/
配置java环境变量
[root@docker web-supervisord]# echo 'JAVA_HOME=/usr/local/jdk1.8.0_152/' >>/etc/profile
[root@docker web-supervisord]# echo 'PATH=$PATH:$JAVA_HOME/bin' >>/etc/profile
[root@docker web-supervisord]# echo 'CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH' >>/etc/profile
[root@docker web-supervisord]# source /etc/profile
获取tomcat
wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.78/bin/apache-tomcat-8.5.78.tar.gz
tar -zxvf apache-tomcat-8.5.38.tar.gz
mv apache-tomcat-8.5.38 /usr/local/tomca
上传jdk
[root@docker web-supervisord]# ls
apache-tomcat-8.5.78.tar.gz jdk-8u152-linux-x64.tar.gz supervisord.conf
CentOS-Base.repo nginx_install.sh supervisor_install.sh
Dockerfile start_tomcat.sh tomcat_install.sh
准备supervisor安装脚本
vi supervisor_install.sh
yum -y install epel-release
yum -y install python2-pip
pip install supervisor
准备supervisor配置文件
vi supervisord.conf
[unix_http_server]
file=/tmp/supervisor.sock ; the path to the socket file
[supervisord]
logfile=/tmp/supervisord.log ; # 日志
logfile_maxbytes=50MB ; # 最大50M日志
logfile_backups=10 ; # 轮循日志备份10个
loglevel=info ; # 日志等级记录info的
pidfile=/tmp/supervisord.pid ;pid
nodaemon=true ; # 在前台启动
minfds=102400 ; # 文件描述符限制
minprocs=2000 ; # 进程数
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
[program:nginx]
command=/usr/local/nginx/sbin/nginx ; # 前台启动nginx
autostart=true ; # 随着supervisor自动启动
startsecs=10 ; # 启动10s后算正常启动
autorestart=true ; # 程序退出后自动重启
startretries=3 ; # 启动失败自动重试次数
stdout_logfile_maxbytes=20MB ;stdout # 日志文件大小最大20Mb
stdout_logfile=/usr/local/nginx/logs/out.log
[program:tomcat]
command=sh /usr/local/tomcat/bin/mystart.sh ; # 前台启动tomcat
autostart=true ; # 随着supervisor自动启动
startsecs=10 ; # 启动10s后算正常启动
autorestart=true ; #程序退出后自动重启
startretries=3 ; # 启动失败自动重试次数
stdout_logfile_maxbytes=20MB ;stdout 日志文件大小最大20Mb
stdout_logfile=/usr/local/tomcat/logs/catalina.out
9.tomcat启动脚本准备
由于supervisor无法使用source,需要编写个脚本来启动
[root@hecs-hqs-01 web-supervisord]# vi start_tomcat.sh
source /etc/profile
/usr/local/tomcat/bin/catalina.sh run
构建镜像
docker build -t web-supervisor .
启动容器
docker run -d web-supervisor /bin/bash -c 'supervisord -c /etc/supervisord.conf'
Step 11/14 : COPY supervisord.conf /etc/supervisord.conf
---> Using cache
---> 9c67a01652a7
Step 12/14 : COPY start_tomcat.sh /usr/local/tomcat/bin/mystart.sh
---> Using cache
---> dbf34e7080d6
Step 13/14 : COPY apache-tomcat-8.5.78.tar.gz apache-tomcat-8.5.78.tar.gz
---> Using cache
---> b74cf8c7864d
Step 14/14 : RUN sh /tmp/supervisor_install.sh; \rm -rf /tmp/*.sh
---> Using cache
---> 94cdb52e263b
Successfully built 94cdb52e263b
Successfully tagged web-supervisor:latest
[root@docker web-supervisord]#
使用docker top
[root@docker tomcat]# docker top dfec7ef8cf423e9dd
UID PID PPID C STIME TTY TIME CMD
root 10963 10943 0 17:45 ? 00:00:00 httpd -DFOREGROUND
33 10994 10963 0 17:45 ? 00:00:00 httpd -DFOREGROUND
33 10995 10963 0 17:45 ? 00:00:00 httpd -DFOREGROUND
33 10996 10963 0 17:45 ? 00:00:00 httpd -DFOREGROUND
[root@docker tomcat]#
使用docker stats
docker stats xxxx
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
dfec7ef8cf42 loving_lewin 0.00% 24.93MiB / 3.84GiB 0.63% 656B / 0B 2.73MB / 0B 82
使用cAdvisor案例
[root@docker tomcat]# docker run --rm -d --name redis redis
7e704959de96d942a5e03d4e8518e7394a91d7409ce260b19d33146e8b321880
[root@docker tomcat]# docker run --rm -d --name myweb -p 80:80 httpd
70086c61a85820d34f8bb04908bf9d1b86de7a8ff4e3f0cd4299247454319e8c
[root@docker tomcat]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
70086c61a858 httpd "httpd-foreground" 2 seconds ago Up 1 second 0.0.0.0:80->80/tcp, :::80->80/tcp myweb
7e704959de96 redis "docker-entrypoint.s…" 4 seconds ago Up 4 seconds 6379/tcp redis
[root@docker tomcat]#
拉取镜像
[root@docker tomcat]# docker pull google/cadvisor
Using default tag: latest
latest: Pulling from google/cadvisor
ff3a5c916c92: Pull complete
44a45bb65cdf: Pull complete
0bbe1a2fe2a6: Pull complete
Digest: sha256:815386ebbe9a3490f38785ab11bda34ec8dacf4634af77b8912832d4f85dca04
Status: Downloaded newer image for google/cadvisor:latest
docker.io/google/cadvisor:latest
[root@docker tomcat]#
启动容器
[root@docker tomcat]# docker run --privileged \
> --volume /:/rootfs:ro --volume /var/run:/var/run:rw \
> --volume /sys:/sys:ro --volume /var/lib/docker/:/var/lib/docker:ro \
> --publish 8080:8080 --detach --name cadvisor google/cadvisor:latest
a8101914262cbd398d512d520f4af6966d39a63f86f3407bc2968d2a96b740de
[root@docker tomcat]#
启动容器,查看限制
[root@docker tomcat]# docker run -m 300M --memory-swap 500M --memory-reservation 200M -c 512 -tid ubuntu
4ca6f26a402a91c21260da7a9f18b2acdd1c4b9803c8b306564c1b11888fa9cc
进入web 查看容器情况
http://192.168.3.131:8080/containers/
Weave Scope
上传scope
[root@docker ~]# chmod a+x scope
[root@docker ~]# ls
anaconda-ks.cfg docker-hello mqy.easy test
axe hello.c mqy.heihei web-supervisord
CentOS-Base.repo jdk-8u152-linux-x64.tar.gz scope
[root@docker ~]# scp scope /usr/local/bin/
[root@docker ~]# scope launch
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec619e6f4cd0 weaveworks/scope:1.13.2 "/home/weave/entrypo…" About a minute ago Up About a minute weavescope
[root@docker ~]#
使用docker logs
[root@docker ~]# docker logs ec619e
warning: I'm not PID 1, I'm PID 13262
/sbin/runsvdir started
<app> INFO: 2022/06/01 10:16:00.818444 app starting, version 1.13.2, ID 478733b882d27ef1
<app> INFO: 2022/06/01 10:16:00.818502 command line args: --mode=app --probe.docker=true
<app> INFO: 2022/06/01 10:16:00.818809 Basic authentication disabled
time="2022-06-01T10:16:00Z" level=info msg="publishing to: 127.0.0.1:4040"
<probe> INFO: 2022/06/01 10:16:00.819600 Basic authentication disabled
<probe> INFO: 2022/06/01 10:16:00.820484 command line args: --mode=probe --probe.docker=true
配置日志驱动
[root@docker ~]# docker run --rm -d --log-driver none --name redis redis
9aa4286b3e8902882aeed4aa5260aebc28662ccd801e825d1693deed082fd69a
[root@docker ~]# docker inspect -f='{{.HostConfig.LogConfig.Type}}' redis
none
[root@docker ~]# docker run --rm -d --log-driver syslog --log-opt env=os,customer --log-opt labels='test' --name redis02 redis
edf59ae2516cbf005d54bdf5009ef1a9723b30c71f1841cd4ce771c918c2ded9
[root@docker ~]# docker inspect -f='{{.HostConfig.LogConfig.Type}}-{{.HostConfig.LogConfig.Config}}' redis02
syslog-map[env:os,customer labels:test]
[root@docker ~]#
容器日志清理
[root@docker ~]# chmod a+x abc
[root@docker ~]# bash abc
[root@docker ~]# cat abc
#!/bin/sh
logs=$(find /var/lib/docker/containers/ -name *-json.log)
for log in $logs
do
echo "clean logs : $log"
cat /dev/null > $log
done
[root@docker ~]#
将容器的日志重定向到Linux日志系统
从Docker守护进程获取实时事件
使用dockerd
[root@docker ~]# systemctl stop docker
Warning: Stopping docker.service, but it can still be activated by:
docker.socket
[root@docker ~]# dockerd
INFO[2022-06-01T18:34:36.108607493+08:00] Starting up
INFO[2022-06-01T18:34:36.111402427+08:00] parsed scheme: "unix" module=grpc
INFO[2022-06-01T18:34:36.111421117+08:00] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2022-06-01T18:34:36.111443196+08:00] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>} module=grpc
