如何部署Docker VSFTP?

Docker

1 基础知识

2 最佳实践

2.1 部署Docker集群

如果你尚未部署Docker集群环境,请参阅如下章节部署,

如何部署Docker生产环境?

2.2 部署前的准备

2.2.1 准备MySQL镜像

In docker01

cd /data/docker/images/
docker load -i mysql_5.6.34.tar
docker tag mysql:5.6.34 docker01.cmdschool.org:5000/mysql:5.6.34
docker push docker01.cmdschool.org:5000/mysql:5.6.34
docker image rm mysql:5.6.34

另外,安装包的离线下载请在能上网的docker环境的机器上使用如下命令,

docker pull mysql:5.6.34
docker save mysql:5.6.34 -o mysql_5.6.34.tar

另外,其他版本请从以下链接下载,
https://hub.docker.com/_/mysql

2.2.2 准备adminer镜像

In docker01

cd /data/docker/images/
docker load -i adminer_4.7.7.tar
docker tag adminer:4.7.7 docker01.cmdschool.org:5000/adminer:4.7.7
docker push docker01.cmdschool.org:5000/adminer:4.7.7
docker image rm adminer:4.7.7

另外,安装包的离线下载请在能上网的docker环境的机器上使用如下命令,

docker pull adminer:4.7.7
docker save adminer:4.7.7 -o adminer_4.7.7.tar

https://hub.docker.com/_/adminer

2.2.2 准备vsftp镜像

In docker01

docker tag build/centos7x-vsftp:latest docker01.cmdschool.org:5000/centos7x-vsftp:latest
docker push docker01.cmdschool.org:5000/centos7x-vsftp:latest
docker image rm build/centos7x-vsftp:latest

另外,此镜像为自己制作,无法直接从网络上直接载入,详细请参考以下文章,

如何打包Docker VSFTP?

2.3 部署VSFTP

In docker01

2.3.1 创建服务配置文件

vim /data/docker/yml/vsftp-stack.yml

加入如下配置,

# Use root/example as user/password credentials
version: '3.1'

services:

  db:
    image: docker01.cmdschool.org:5000/mysql:5.6.34
    volumes:
      - /data/docker/service/vsftp-mysql/data:/var/lib/mysql
      - /data/docker/service/vsftp-mysql/conf:/etc/mysql
    command: --default-authentication-plugin=mysql_native_password
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: mysqlpwd
      TZ: Asia/Shanghai
    deploy:
      replicas: 1
      placement:
        constraints: [node.labels.vsftp-mysql == true]
    logging:
      driver: "json-file"
      options:
        max-size: "100m"
        max-file: "5"
  adminer:
    image: docker01.cmdschool.org:5000/adminer:4.7.7
    restart: always
    environment:
      TZ: Asia/Shanghai
    ports:
      - 8080:8080
    deploy:
      replicas: 1
      placement:
        constraints: [node.labels.vsftp-adminer == true]
    logging:
      driver: "json-file"
      options:
        max-size: "100m"
        max-file: "5"
  vsftpd:
    image: docker01.cmdschool.org:5000/centos7x-vsftp:latest
    volumes:
      - /data/docker/service/vsftp-vsftpd/conf/vsftpd.conf:/etc/vsftpd/vsftpd.conf
      - /data/docker/service/vsftp-vsftpd/log/vsftpd.log:/var/log/vsftpd.log
      - /data/docker/service/vsftp-vsftpd/log/xferlog.log:/var/log/xferlog.log
      - /data/docker/service/vsftp-vsftpd/data:/data
    restart: always
    environment:
      TZ: Asia/Shanghai
      MYSQL_HOST: db
      MYSQL_USER: vsftpd
      MYSQL_PASSWORD: vsftpdpwd
      MYSQL_DB: vsftpd
      MYSQL_TABLE: users
      MYSQL_USERCOLUMN: name
      MYSQL_PASSWDCOLUMN: passwd
      MYSQL_CRYPT: 2
    ports:
      - target: 20
        published: 20
        protocol: tcp
        mode: host
      - target: 21
        published: 21
        protocol: tcp
        mode: host
    deploy:
      replicas: 1
      placement:
        constraints: [node.labels.vsftp-vsftpd == true]
    logging:
      driver: "json-file"
      options:
        max-size: "100m"
        max-file: "5"

根据配置需求创建数据存放目录,
In docker01

mkdir -p /data/docker/service/vsftp-vsftpd/data
mkdir -p /data/docker/service/vsftp-vsftpd/conf
mkdir -p /data/docker/service/vsftp-vsftpd/log
touch /data/docker/service/vsftp-vsftpd/log/vsftpd.log
touch /data/docker/service/vsftp-vsftpd/log/xferlog.log
chown 1000:docker -R /data/docker/service/vsftp-*
chown root:root /data/docker/service/vsftp-vsftpd/log/*.log

In docker02

mkdir -p /data/docker/service/vsftp-mysql/data
mkdir -p /data/docker/service/vsftp-mysql/conf/conf.d/
chown 1000:docker -R /data/docker/service/vsftp-*

根据配置需求创建MySQL主配置文件,

vim /data/docker/service/vsftp-mysql/conf/my.cnf

加入如下配置,

[mysqld]
skip-host-cache
skip-name-resolve

# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA

#
# The MySQL Community Server configuration file.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html

[client]
port            = 3306
socket          = /var/run/mysqld/mysqld.sock

[mysqld_safe]
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
nice            = 0

[mysqld]
user            = mysql
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
port            = 3306
basedir         = /usr
datadir         = /var/lib/mysql
tmpdir          = /tmp
lc-messages-dir = /usr/share/mysql
explicit_defaults_for_timestamp

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address   = 127.0.0.1

#log-error      = /var/log/mysql/error.log

# Recommended in standard MySQL setup
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

# * IMPORTANT: Additional settings that can override those from this file!
#   The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

根据MySQL的主配置文件创建子目录配置,

vim /data/docker/service/vsftp-mysql/conf/conf.d/docker.cnf

加入如下配置,

[mysqld]
skip-host-cache
skip-name-resolve

根据配置的需求设置运行标记,
In docker01

docker node update --label-add vsftp-mysql=true docker02.cmdschool.org
docker node update --label-add vsftp-adminer=true docker01.cmdschool.org
docker node update --label-add vsftp-vsftpd=true docker01.cmdschool.org

根据配置需求修改VSFTP配置,

vim /data/docker/service/vsftp-vsftpd/conf/vsftpd.conf

根据部署的服务器IP地址声明修改以下参数,

background=NO
listen=YES
listen_port=21
anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
connect_from_port_20=YES
ftp_data_port=20
pam_service_name=vsftpd
pasv_address=10.168.0.210
guest_enable=YES
guest_username=root
chroot_local_user=YES
allow_writeable_chroot=YES
user_sub_token=$USER
local_root=/data/$USER
hide_ids=YES
dual_log_enable=YES
xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/xferlog.log
vsftpd_log_file=/var/log/vsftpd.log
local_umask=022

然后,你需要修改此配置文件的权限,否则可能会运行出错,

chown root:root /data/docker/service/vsftp-vsftpd/conf/*.conf

2.3.2 部署服务

docker stack deploy -c /data/docker/yml/vsftp-stack.yml vsftp

2.3.3 测试MySQL服务

In docker02

docker exec -it `docker container ls | grep 'vsftp_db' | cut -d" " -f1 ` bash

然后,我们使用如下命令登录数据库,

mysql -uroot -pmysqlpwd

可使用如下命令查看当前的库,

show databases;

2.3.4 测试adminer服务

http://10.168.0.210:8080/
可见如下界面,

可通过之前定义的密码登录,详细如下,
adminuser:root
password:mysqlpwd

2.3.5 测试vsftp服务

In docker01

docker exec -it `docker container ls | grep 'vsftp_vsftpd' | cut -d" " -f1 ` bash

然后,我们使用如下命令查看服务的端口,

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      6/vsftpd
[...]

2.4 配置VSFTP

In docker02

3.4.1 创建验证数据库

mysql -uroot -p
create database vsftpd;

3.4.2 创建验证数据表

use vsftpd;
create table users (
  id int auto_increment not null,
  name char(20) not null unique key,
  passwd char(48) not null,
  primary key(id)
);

3.4.3 添加测试数据

insert into vsftpd.users(name,passwd) values ('test1',password('123456'));

查询数据库中的账号:

select * from vsftpd.users;

3.4.4 配置验证账号

grant select on vsftpd.* to vsftpd@'%' identified by 'vsftpdpwd';
flush privileges;

3.4.5 测试验证账号

mysql -uvsftpd -pvsftpdpwd

2.5 客户端测试

yum install -y lftp

安装完软件后,可以使用如下命令测试,

# lftp 10.168.0.210
lftp test@10.168.0.210:~> user test1 123456
lftp test@10.168.0.210:~> dir

参阅文档
=====================

官方参阅
————
https://hub.docker.com/_/mysql
https://hub.docker.com/_/adminer

文件兼容性参考
————–
https://docs.docker.com/compose/compose-file/

没有评论

发表评论

Docker
如何打包Docker Nginx?

1 前言 一个问题,一篇文章,一出故事。 由于docker hub原版本的nginx镜像过于精简,于 …

Docker
如何打包Docker MAC-Telnet?

1 基础知识 一款可以使用MikroTik RouterOS MAC-Telnet协议连接Mikro …

Docker
如何部署Docker Unifi-WiFi?

1 前言 一个问题,一篇文章,一出故事。 笔者Unifi-WiFi想要迁移至docker环境,于是产 …