" name="sm-site-verification"/>
侧边栏壁纸
博主头像
PySuper博主等级

千里之行,始于足下

  • 累计撰写 203 篇文章
  • 累计创建 14 个标签
  • 累计收到 1 条评论

目 录CONTENT

文章目录

Docker常用命令

PySuper
2024-06-02 / 0 评论 / 1 点赞 / 37 阅读 / 13467 字
温馨提示:
所有牛逼的人都有一段苦逼的岁月。 但是你只要像SB一样去坚持,终将牛逼!!! ✊✊✊

Core

# 更新内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available

# 安装 ML 版本
yum --enablerepo=elrepo-kernel install  kernel-ml-devel kernel-ml -y

# 设置内核启动顺序
grub2-set-default 0

# 重启并查看版本
reboot
uname -sr

Install

# 这里安装的是 v20.10.17

# 卸载系统自带的docker版本
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine

# 更新yum包
yum update -y && yum install -y yum-utils device-mapper-persistent-data lvm2

# 配置yum源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# 查看仓库中所有的docker版本
yum list docker-ce --showduplicates | sort -r

# 安装docker的最新版本,不指定版本号即默认安装
# 如果要指定版本号安装可以输入命令:yum install -y docker-ce-18.09* ,此时指定的就是docker-ce-18.09的版本
yum install -y docker-ce

# 设置开机自启
systemctl restart docker && systemctl enable docker

# 查看版本
docker --version

# 配置docker daemon的守护进程,添加如下配置信息:
cat > /etc/docker/daemon.json << EOF
{
  "exec-opts":["native.cgroupdriver=systemd"],
  "log-driver":"json-file",
  "log-opts":{
    "max-size": "100m"
  },
  "storage-driver":"overlay2",
  "registry-mirrors":["https://giuzc4qh.mirror.aliyuncs.com"]
}
EOF

##################################################################################
# 配置docker服务端
cat > /usr/lib/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target
Wants=network-online.target containerd.service
Requires=docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID

# ADD
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT

TimeoutStartSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target

EOF
##################################################################################

# 重新加载守护进程
systemctl daemon-reload

# 查看Docker运行状态
systemctl restart docker && docker info && systemctl status docker

# 问题:https://blog.51cto.com/u_15127685/4724496
[root@localhost ~]# docker pull docker.io/eclipse-mosquitto
Using default tag: latest
Trying to pull repository docker.io/library/eclipse-mosquitto ... 
toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
[root@localhost ~]# 

# 原因:
DockerHub 从 2020 年 11 月 2 日,正式开始限制非付费用户的拉取频率:
匿名用户,每 6 小时只允许 pull 100 次
已登录用户,每 6 小时只允许 pull 200 次

# 解决办法:更换镜像配置、绕过限制,也可以用docker login 登录账号
Azure:  https://dockerhub.azk8s.cn
中科大: https://ustc-edu-cn.mirror.aliyuncs.com
网易:   https://hub-mirror.c.163.com

vi /etc/docker/daemon.json 
{
  "registry-mirrors": [
        "https://dockerhub.azk8s.cn",
        "https://ustc-edu-cn.mirror.aliyuncs.com",
        "https://hub-mirror.c.163.com",
        "https://1nj0zren.mirror.aliyuncs.com",
      	"https://docker.mirrors.ustc.edu.cn",
        "http://f1361db2.m.daocloud.io",
        "https://registry.docker-cn.com"
  ]
}

# 重启服务
systemctl daemon-reload && systemctl restart docker

Comand

# 停止所有容器
docker stop $(docker ps -q)

# # 删除全部容器
docker rm $(docker ps -aq)

# 删除所有镜像
docker rmi $(docker images -q)

# 一条命令实现停用并删除容器
docker stop $(docker ps -q) & docker rm $(docker ps -aq)

# 展示指定列
docker ps --format "{{.IMAGE}} {{.STATUS}} {{.PORTS}}"

CentOS

docker run -dit \
-h centos \
--name centos \
-p 8090:8000 \
-v $PWD/alita:/project/alita \
-v $PWD/log:/project/log \
centos:centos7

MySQL

# 先创建相关文件夹
mkdir dockers && cd dockers && mkdir mysql && cd mysql && mkdir data conf logs files

# 启动MySQL
docker run -dit \
-h mysql \
--name mysql \
-p 13306:3306 \
-e MYSQL_ROOT_PASSWORD=UhW@a^DjU9RgWV98MZ2023 \
-v $PWD/conf:/etc/mysql/conf.d \
-v $PWD/data:/var/lib/mysql \
-v $PWD/logs:/var/log \
-v $PWD/files:/files \
--restart=on-failure \
mysql:8.0

# 5.7版本
docker run -dit \
-h mysql \
--name mysql-5.7 \
-p 13307:3306 \
-e MYSQL_ROOT_PASSWORD=Root1234 \
-v $PWD/conf:/etc/mysql/conf.d \
-v $PWD/data:/var/lib/mysql \
-v $PWD/logs:/var/log \
-v $PWD/files:/files \
--restart=on-failure \
mysql:5.7

Redis

# 先创建相关文件夹
mkdir redis && cd redis && mkdir data && touch redis.conf && mkdir redisview

# 启动Redis
docker run -dit \
--name redis \
-h redis \
-p 16379:6379 \
-v $PWD/redis.conf:/etc/redis/redis.conf \
-v $PWD/data:/data \
--restart=on-failure \
redis:6.2.0 \
redis-server /etc/redis/redis.conf \
--appendonly yes

# 启动可视化
docker run -d \
--name redisview \
-h redis-view
-v $PWD/redisview/:/db \
-p 8001:8001 \
-u root \
redislabs/redisview:latest

Nginx

# 创建文件夹
mkdir nginx && cd nginx

# 启动Nginx
docker run -dit \
--name nginx \
-h nginx \
-p 80:80 \
-v $PWD/nginx.conf:/etc/nginx/cond.f/nginx.conf \
--restart=on-failure \
nginx:latest

ELK

# 拉取ELK镜像
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.15.0
docker pull docker.elastic.co/logstash/logstash:7.15.0
docker pull docker.elastic.co/kibana/kibana:7.15.0

# 创建一个新的网络,以便ELK容器之间可以相互通信:
# 这里创建的网路是什么用处?
docker network create elk-network

# 启动Elasticsearch==> http://localhost:9200
docker run -dit \
--name es \
--network elk-network \
-p 9200:9200 \
-p 9300:9300 \
elasticsearch:7.15.0


docker run -dit \
--name es \
-p 9200:9200 \
-p 9300:9300 \
elasticsearch:7.15.0

# 启动Logstash
docker run -dit \
--name logstash \
--network elk-network \
-p 5044:5044 \
-e "xpack.monitoring.enabled=true" \
-e "xpack.monitoring.elasticsearch.hosts=http://localhost:9200" \
logstash:7.15.0

# 启动Kibana==> http://localhost:5601
docker run -dit \
--name kibana \
--network elk-network \
-p 5601:5601 \
-e "ELASTICSEARCH_URL=http://localhost:9200" \
kibana:7.15.0

Portainer

# partainer
docker search portainer
docker pull portainer/portainer
docker volume create portainer_data

# 配置:宿主8090:docker镜像的8090
docker run -dit \
-h docker-view \
-p 8090:8090 \
--name portainer \
--restart always \
-v portainer_data:/data \
-v /var/run/docker.sock:/var/run/docker.sock \
portainer/portainer

GitLab

安装

# 下载镜像
docker pull gitlab/gitlab-ce:latest

# 查看日志运行详情
docker logs -f docker-name

# 创建并后台启动容器
docker run -dit \
-h gitlab \
-p 443:443 \
-p 8000:80 \
-p 222:22 \
--name gitlab \
--restart=always \
-v $PWD/conf:/etc/gitlab \
-v $PWD/logs:/var/log/gitlab \
-v $PWD/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest

修改密码

# 如果使用容器安装,先进入容器
docker exec -it gitlab /bin/bash

# docker stop gitlab && docker rm gitlab

# 进入gitlab后台
gitlab-rails console -e production

# 指定user对象
user = User.where(id:1).first

# 修改user的密码,密码不能简单,否则会报错
user.password=12345678

# 保存
user.save!

# 退出
quit

GitLab-Runner

# 下载镜像
docker pull gitlab/gitlab-runner:latest

# 创建并启动
docker run -dit \
--name gitlab-runner \
--restart=always \
-v $PWD/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest

# 注册runner
docker run --rm -v /root/dev/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register --non-interactive --executor "docker" --docker-image alpine:latest --url "http://172.16.23.3:8000/" --registration-token "xon9QPnDEDz_7gAxPdw9" --description "first-register-runner" --tag-list "test-cicd1,dockercicd1" --run-untagged="true" --locked="false" --access-level="not_protected"

# 这里的url和registration-token, 是从GitLab中获取的
# Runtime platform	arch=amd64 os=linux pid=8 revision=c1edb478 version=14.0.1
# Running in system-mode.

# Registering runner... succeeded	runner=xon9QPnD
# Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Jenkins

# 更新
sudo apt-get -y upgrade
sudo apt-get -y update

# 安装Docker
sudo apt-get install -y curl
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88    # 检验
sudo vim /etc/apt/sources.list

# 添加到 文件最后一行
deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/debian jessie stable

sudo apt-get update
sudo apt-get install -y docker-ce

# 将登陆用户加入到 docker 用户组中
sudo gpasswd -a $USER docker

# 更新用户组
newgrp docker

# 下载镜像
docker pull jenkinsci/blueocean

# 打包、解压镜像
docker save -o jenkins.tar jenkinsci/blueocean:latest
docker load -i jenkins.tar

# 运行容器
docker run -u root --rm -d -p 8080:8080 -p 50000:50000 -v jenkins-data:/var/jenkins_home -v /var/run/docker.sock:/var/run/docker.sock jenkinsci/blueocean 

# 进入Docker中查看密码
docker exec -it lucid_khorana bash
cat /var/jenkins_home/secrets/initialAdminPassword

Harbor

docker-compose

# 更新
sudo apt-get -y upgrade
sudo apt-get -y update
sudo apt update

# 安装Docker
sudo apt-get install -y curl
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88    # 检验
sudo vim /etc/apt/sources.list
deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/debian jessie stable
sudo apt-get update
sudo apt-get install -y docker-ce

# 更改权限
sudo gpasswd -a $USER docker
newgrp docker

# 安装Docker-Compose
sudo curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

docekr-harbor

# 打包、加载所有镜像
docker save $(docker images | grep -v REPOSITORY | awk 'BEGIN{OFS=":";ORS=" "}{print $1,$2}') -o all_harbor.tar

# 准备好镜像文件(300M)、harbor压缩包
docker load -i harbor.tar
tar zxvf harbor-offline-installer-v2.3.0.tgz

cd harbor

# 修改harbor.yml的配置文件
cp harbor.yml.tmpl harbor.yml
vim harbor.yml

# 准备环境
./prepare

# 开始安装
./install.sh

# 启动所有的容器命令
docker start $(docker ps -a | awk '{ print $1}' | tail -n +2)

# 关闭所有的容器命令
docker stop $(docker ps -a | awk '{ print $1}' | tail -n +2)

# 删除所有的容器命令
docker rm $(docker ps -a | awk '{ print $1}' | tail -n +2)

# 删除所有的镜像
docker rmi $(docker images | awk '{print $3}' |tail -n +2)

修改配置文件

# 修改的本机IP
hostname: 172.26.209.51

# HTTPS 设置
# http:
#   port: 80
# https:
#   port: 443
#   certificate: /your/certificate/path
#   private_key: /your/private/key/path

# 密码
harbor_admin_password: Harbor12345

database:
  password: root123
  max_idle_conns: 100
  max_open_conns: 900

data_volume: /data

trivy:
  ignore_unfixed: false
  skip_update: false
  insecure: false

jobservice:
  max_job_workers: 10

notification:
  webhook_job_max_retry: 10

chart:
  absolute_url: disabled

log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor

_version: 2.3.0

proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - trivy

1
  1. 支付宝打赏

    qrcode alipay
  2. 微信打赏

    qrcode weixin

评论区