Docker
1 基础知识
2 最佳实践
2.1 部署Docker集群
如果你尚未部署Docker集群环境,请参阅如下章节部署,
2.2 部署前的准备
2.2.1 准备MySQL镜像
In docker01
cd /data/docker/images/ docker load -i mysql_5.6.34.tar docker tag mysql:5.6.34 docker01.cmdschool.org:5000/mysql:5.6.34 docker push docker01.cmdschool.org:5000/mysql:5.6.34 docker image rm mysql:5.6.34
另外,安装包的离线下载请在能上网的docker环境的机器上使用如下命令,
docker pull mysql:5.6.34 docker save mysql:5.6.34 -o mysql_5.6.34.tar
另外,其他版本请从以下链接下载,
https://hub.docker.com/_/mysql
2.2.2 准备adminer镜像
In docker01
cd /data/docker/images/ docker load -i adminer_4.7.7.tar docker tag adminer:4.7.7 docker01.cmdschool.org:5000/adminer:4.7.7 docker push docker01.cmdschool.org:5000/adminer:4.7.7 docker image rm adminer:4.7.7
另外,安装包的离线下载请在能上网的docker环境的机器上使用如下命令,
docker pull adminer:4.7.7 docker save adminer:4.7.7 -o adminer_4.7.7.tar
https://hub.docker.com/_/adminer
2.2.2 准备vsftp镜像
In docker01
docker tag build/centos7x-vsftp:latest docker01.cmdschool.org:5000/centos7x-vsftp:latest docker push docker01.cmdschool.org:5000/centos7x-vsftp:latest docker image rm build/centos7x-vsftp:latest
另外,此镜像为自己制作,无法直接从网络上直接载入,详细请参考以下文章,
2.3 部署VSFTP
In docker01
2.3.1 创建服务配置文件
vim /data/docker/yml/vsftp-stack.yml
加入如下配置,
# Use root/example as user/password credentials
version: '3.1'
services:
db:
image: docker01.cmdschool.org:5000/mysql:5.6.34
volumes:
- /data/docker/service/vsftp-mysql/data:/var/lib/mysql
- /data/docker/service/vsftp-mysql/conf:/etc/mysql
command: --default-authentication-plugin=mysql_native_password
restart: always
environment:
MYSQL_ROOT_PASSWORD: mysqlpwd
TZ: Asia/Shanghai
deploy:
replicas: 1
placement:
constraints: [node.labels.vsftp-mysql == true]
logging:
driver: "json-file"
options:
max-size: "100m"
max-file: "5"
adminer:
image: docker01.cmdschool.org:5000/adminer:4.7.7
restart: always
environment:
TZ: Asia/Shanghai
ports:
- 8080:8080
deploy:
replicas: 1
placement:
constraints: [node.labels.vsftp-adminer == true]
logging:
driver: "json-file"
options:
max-size: "100m"
max-file: "5"
vsftpd:
image: docker01.cmdschool.org:5000/centos7x-vsftp:latest
volumes:
- /data/docker/service/vsftp-vsftpd/conf/vsftpd.conf:/etc/vsftpd/vsftpd.conf
- /data/docker/service/vsftp-vsftpd/log/vsftpd.log:/var/log/vsftpd.log
- /data/docker/service/vsftp-vsftpd/log/xferlog.log:/var/log/xferlog.log
- /data/docker/service/vsftp-vsftpd/data:/data
restart: always
environment:
TZ: Asia/Shanghai
MYSQL_HOST: db
MYSQL_USER: vsftpd
MYSQL_PASSWORD: vsftpdpwd
MYSQL_DB: vsftpd
MYSQL_TABLE: users
MYSQL_USERCOLUMN: name
MYSQL_PASSWDCOLUMN: passwd
MYSQL_CRYPT: 2
ports:
- target: 20
published: 20
protocol: tcp
mode: host
- target: 21
published: 21
protocol: tcp
mode: host
deploy:
replicas: 1
placement:
constraints: [node.labels.vsftp-vsftpd == true]
logging:
driver: "json-file"
options:
max-size: "100m"
max-file: "5"
根据配置需求创建数据存放目录,
In docker01
mkdir -p /data/docker/service/vsftp-vsftpd/data mkdir -p /data/docker/service/vsftp-vsftpd/conf mkdir -p /data/docker/service/vsftp-vsftpd/log touch /data/docker/service/vsftp-vsftpd/log/vsftpd.log touch /data/docker/service/vsftp-vsftpd/log/xferlog.log chown 1000:docker -R /data/docker/service/vsftp-* chown root:root /data/docker/service/vsftp-vsftpd/log/*.log
In docker02
mkdir -p /data/docker/service/vsftp-mysql/data mkdir -p /data/docker/service/vsftp-mysql/conf/conf.d/ chown 1000:docker -R /data/docker/service/vsftp-*
根据配置需求创建MySQL主配置文件,
vim /data/docker/service/vsftp-mysql/conf/my.cnf
加入如下配置,
[mysqld] skip-host-cache skip-name-resolve # Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # The MySQL Community Server configuration file. # # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html [client] port = 3306 socket = /var/run/mysqld/mysqld.sock [mysqld_safe] pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql explicit_defaults_for_timestamp # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1 #log-error = /var/log/mysql/error.log # Recommended in standard MySQL setup sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # * IMPORTANT: Additional settings that can override those from this file! # The files must end with '.cnf', otherwise they'll be ignored. # !includedir /etc/mysql/conf.d/
根据MySQL的主配置文件创建子目录配置,
vim /data/docker/service/vsftp-mysql/conf/conf.d/docker.cnf
加入如下配置,
[mysqld] skip-host-cache skip-name-resolve
根据配置的需求设置运行标记,
In docker01
docker node update --label-add vsftp-mysql=true docker02.cmdschool.org docker node update --label-add vsftp-adminer=true docker01.cmdschool.org docker node update --label-add vsftp-vsftpd=true docker01.cmdschool.org
根据配置需求修改VSFTP配置,
vim /data/docker/service/vsftp-vsftpd/conf/vsftpd.conf
根据部署的服务器IP地址声明修改以下参数,
background=NO listen=YES listen_port=21 anonymous_enable=NO local_enable=YES virtual_use_local_privs=YES write_enable=YES connect_from_port_20=YES ftp_data_port=20 pam_service_name=vsftpd pasv_address=10.168.0.210 guest_enable=YES guest_username=root chroot_local_user=YES allow_writeable_chroot=YES user_sub_token=$USER local_root=/data/$USER hide_ids=YES dual_log_enable=YES xferlog_enable=YES xferlog_std_format=YES xferlog_file=/var/log/xferlog.log vsftpd_log_file=/var/log/vsftpd.log local_umask=0007
然后,你需要修改此配置文件的权限,否则可能会运行出错,
chown root:root /data/docker/service/vsftp-vsftpd/conf/*.conf
2.3.2 部署服务
docker stack deploy -c /data/docker/yml/vsftp-stack.yml vsftp
2.3.3 测试MySQL服务
In docker02
docker exec -it `docker container ls | grep 'vsftp_db' | cut -d" " -f1 ` bash
然后,我们使用如下命令登录数据库,
mysql -uroot -pmysqlpwd
可使用如下命令查看当前的库,
show databases;
2.3.4 测试adminer服务
http://10.168.0.210:8080/
可见如下界面,
可通过之前定义的密码登录,详细如下,
adminuser:root
password:mysqlpwd
2.3.5 测试vsftp服务
In docker01
docker exec -it `docker container ls | grep 'vsftp_vsftpd' | cut -d" " -f1 ` bash
然后,我们使用如下命令查看服务的端口,
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 6/vsftpd [...]
2.4 配置VSFTP
In docker02
3.4.1 创建验证数据库
mysql -uroot -p create database vsftpd;
3.4.2 创建验证数据表
use vsftpd; create table users ( id int auto_increment not null, name char(20) not null unique key, passwd char(48) not null, primary key(id) );
3.4.3 添加测试数据
insert into vsftpd.users(name,passwd) values ('test1',password('123456'));
查询数据库中的账号:
select * from vsftpd.users;
3.4.4 配置验证账号
grant select on vsftpd.* to vsftpd@'%' identified by 'vsftpdpwd'; flush privileges;
3.4.5 测试验证账号
mysql -uvsftpd -pvsftpdpwd
2.5 客户端测试
yum install -y lftp
安装完软件后,可以使用如下命令测试,
# lftp 10.168.0.210 lftp test@10.168.0.210:~> user test1 123456 lftp test@10.168.0.210:~> dir
参阅文档
=====================
官方参阅
————
https://hub.docker.com/_/mysql
https://hub.docker.com/_/adminer
文件兼容性参考
————–
https://docs.docker.com/compose/compose-file/
没有评论