Docker
1 基础知识
本章节需要你先掌握Linux系统的Clamav编译部署,如你尚未具备此知识,烦请参阅如下章节熟悉,
2 最佳实践
2.1 部署前的准备
2.1.1 部署Docker环境
本章使用如下Docker环境部署,参阅本章建议你先搭建以下Docker集群环境并熟悉,
2.1.2 准备系统镜像
In docker01
cd /data/docker/images/ docker load -i centos_centos7.3.1611.tar docker tag centos:centos7.3.1611 docker01.cmdschool.org:5000/centos:centos7.3.1611 docker push docker01.cmdschool.org:5000/centos:centos7.3.1611 docker image rm centos:centos7.3.1611
另外,安装包的离线下载请在能上网的docker环境的机器上使用如下命令,
docker pull centos:centos7.3.1611 docker save centos:centos7.3.1611 -o centos_centos7.3.1611.tar
另外,其他版本请从以下链接下载,
https://hub.docker.com/_/centos
2.1.3 下载Clamav源码包
cd ~ wget http://www.clamav.net/downloads/production/clamav-0.102.3.tar.gz
注,另外其他版本请从以下链接下载(含二进制安装包,如rpm包),
http://www.clamav.net/download/
2.1.4 下载curl源码包
cd ~ wget https://curl.haxx.se/download/curl-7.65.3.tar.gz
注意:其他版本请从以下目录下载,
https://curl.haxx.se/download/
2.2 创建Clamav镜像
2.2.1 创建镜像项目文件夹
cd ~ mkdir ~/imageProject-clamav-0.102.3
2.2.2 创建Dockerfile
vim ~/imageProject-clamav-0.102.3/Dockerfile
加入如下配置,
FROM docker01.cmdschool.org:5000/centos:centos7.3.1611
MAINTAINER will@cmdschool.org
# Install Tools
RUN yum -y install net-tools telnet crontabs
RUN yum -y install gcc gcc-c++ make expat-devel
# Make Before
COPY clamav-0.102.3.tar.gz /root
COPY curl-7.65.3.tar.gz /root
WORKDIR /root
RUN tar -xf clamav-0.102.3.tar.gz
RUN tar -xf curl-7.65.3.tar.gz
RUN yum install -y libnghttp2-devel openssl-devel
WORKDIR /root/curl-7.65.3
RUN ./configure --prefix=/usr/local/curl-7.65.3 \
--with-nghttp2 \
--with-ssl
RUN make
RUN make install
# Install the required packages for make
RUN yum install -y check-devel sendmail-devel libcurl-devel
RUN rm -rf /var/cache/yum/*
# Make Clamav
WORKDIR /root/clamav-0.102.3
RUN ./configure '--build=x86_64-redhat-linux-gnu' \
'--host=x86_64-redhat-linux-gnu' \
'--target=x86_64-redhat-linux-gnu' \
'--prefix=/usr' \
'--bindir=/usr/bin' \
'--sbindir=/usr/sbin' \
'--libexecdir=/usr/libexec' \
'--sysconfdir=/etc' \
'--localstatedir=/var' \
'--libdir=/usr/lib64' \
'--includedir=/usr/include' \
'--datadir=/usr/share' \
'--infodir=/usr/share/info' \
'--localedir=/usr/share/locale' \
'--mandir=/usr/share/man' \
'--docdir=/usr/share/doc/clamav-0.102.3' \
'--exec-prefix=/usr' \
'--sharedstatedir=/var/lib' \
'--program-prefix=' \
'--enable-milter' \
'--disable-clamav' \
'--disable-static' \
'--disable-zlib-vcheck' \
'--disable-unrar' \
'--enable-id-check' \
'--enable-dns' \
'--with-dbdir=/var/lib/clamav' \
'--with-group=clamav' \
'--with-user=clamav' \
'--with-zlib=/usr' \
'--enable-ltdl-convenience' \
'--enable-check' \
'--with-systemdsystemunitdir=no' \
'build_alias=x86_64-redhat-linux-gnu' \
'host_alias=x86_64-redhat-linux-gnu' \
'target_alias=x86_64-redhat-linux-gnu' \
'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
'LDFLAGS= -Wl,-z,relro' \
'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \
'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' \
'--with-libcurl=/usr/local/curl-7.65.3'
RUN make
RUN make install
RUN rm -rf /root/clamav-0.102.3*
RUN rm -rf /root/curl-7.65.3*
COPY clamd.conf /etc/clamd.conf
COPY freshclam.conf /etc/freshclam.conf
RUN groupadd -g 498 clamav
RUN useradd -u 498 -g 498 -d /var/lib/clamav -s /sbin/nologin -c "Clam Anti Virus Checker" clamav
RUN mkdir -p /var/log/clamav /var/run/clamav
RUN chown clamav:clamav /var/lib/clamav /var/log/clamav /var/run/clamav
RUN chmod 775 -R /var/lib/clamav/ /var/log/clamav
RUN /usr/bin/freshclam --quiet
RUN echo '47 * * * * /usr/bin/freshclam --quiet' >> /var/spool/cron/root
RUN echo '#!/bin/bash' > /root/start.sh
RUN echo 'echo "Starting Clamav Server...";' >> /root/start.sh
RUN echo '/usr/sbin/clamd -F -c /etc/clamd.conf' >> /root/start.sh
RUN chmod +x /root/start.sh
EXPOSE 3310
WORKDIR /root
CMD ["/bin/bash","./start.sh"]
“FROM”指令声明基于“centos7.3.1611”镜像打包
“COPY”指令声明复制当前目录的具体文件到打包的镜像
“ENV”指令声明JAVA JDK或Tigase所需的环境变量
“RUN”指令声明容器环境执行的命令
“EXPOSE ”指令声明容器使用的端口
“WORKDIR”指令声明切换容器内部的某个目录
“CMD”指令声明启动容器执行的启动服务命令
所以我们需要根据定义的文件准备需要复制的文件,
cd ~ cp curl-7.65.3.tar.gz imageProject-clamav-0.102.3/ cp clamav-0.102.3.tar.gz ~/imageProject-clamav-0.102.3/
然后,我们需要预先准备clamav的数据库更新工具配置,
vim ~/imageProject-clamav-0.102.3/freshclam.conf
加入如下配置,
# Example DatabaseDirectory /var/lib/clamav UpdateLogFile /var/log/clamav/freshclam.log LogSyslog yes DatabaseOwner clamav DatabaseMirror database.clamav.net
然后,我们需要预先准备clamav的配置文件,
vim ~/imageProject-clamav-0.102.3/clamd.conf
加入如下配置,
# Example LogFile /var/log/clamav/clamd.log LogFileMaxSize 0 LogTime yes LogSyslog yes PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamav/clamd.sock FixStaleSocket yes TCPSocket 3310 TCPAddr 0.0.0.0 MaxConnectionQueueLength 30 MaxThreads 50 ReadTimeout 300 User clamav ScanPE yes ScanELF yes ScanOLE2 yes ScanMail yes ScanArchive yes ArchiveBlockEncrypted no
确认所需的文件存在,
ls ~/imageProject-clamav-0.102.3
可见如下显示,
clamav-0.102.3.tar.gz clamd.conf curl-7.65.3.tar.gz Dockerfile freshclam.conf
2.2.3 执行打包操作
cd ~/imageProject-clamav-0.102.3 docker build -t clamav:0.102.3 .
以上“.”指当前目录为编译目录,编译程序会自动加载“Dockerfile”文件定义,可见如下显示,
Sending build context to Docker daemon 382.2MB Step 1/31 : FROM docker01.cmdschool.org:5000/centos:centos7.3.1611 ---> c5d48e81b986 [...] Successfully built 81175d1c3e79 Successfully tagged clamav:0.102.3
如果镜像集群公用,还需要执行以下命令,
docker tag clamav:0.102.3 docker01.cmdschool.org:5000/clamav:0.102.3 docker push docker01.cmdschool.org:5000/clamav:0.102.3 docker image rm clamav:0.102.3
完成后,可使用如下命令查看镜像,
docker images
可见如下显示,
REPOSITORY TAG IMAGE ID CREATED SIZE docker01.cmdschool.org:5000/clamav 0.102.3 0f81aac745b6 25 minutes ago 1.24GB
2.2.4 测试软件运行
docker run -d --name clamav -p 3310:3310 docker01.cmdschool.org:5000/clamav:0.102.3
以上运行容器环境后,我们使用以下命令登录容器虚拟机,
docker exec -it `docker container ls | grep 'clamav' | cut -d" " -f1 ` /bin/bash
可使用如下命令查看软件倾听的端口,
netstat -antp
可见如下显示,
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN -
测试完成后可使用如下命令退出容器虚拟机,
exit
另外,你可以使用如下命令查询当前运行的container,
docker ps -a
可见如下显示,
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 62b7a201dc4d docker01.cmdschool.org:5000/clamav:0.102.3 "/bin/bash ./start.sh" 5 minutes ago Up 5 minutes 0.0.0.0:3310->3310/tcp clamav [...]
然后可以使用如下命令停止并删除,
docker container stop 62b7a201dc4d docker container rm 62b7a201dc4d
参阅文档
====================
没有评论