Core
# 更新内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
# 安装 ML 版本
yum --enablerepo=elrepo-kernel install kernel-ml-devel kernel-ml -y
# 设置内核启动顺序
grub2-set-default 0
# 重启并查看版本
reboot
uname -sr
Install
# 这里安装的是 v20.10.17
# 卸载系统自带的docker版本
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 更新yum包
yum update -y && yum install -y yum-utils device-mapper-persistent-data lvm2
# 配置yum源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 查看仓库中所有的docker版本
yum list docker-ce --showduplicates | sort -r
# 安装docker的最新版本,不指定版本号即默认安装
# 如果要指定版本号安装可以输入命令:yum install -y docker-ce-18.09* ,此时指定的就是docker-ce-18.09的版本
yum install -y docker-ce
# 设置开机自启
systemctl restart docker && systemctl enable docker
# 查看版本
docker --version
# 配置docker daemon的守护进程,添加如下配置信息:
cat > /etc/docker/daemon.json << EOF
{
"exec-opts":["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts":{
"max-size": "100m"
},
"storage-driver":"overlay2",
"registry-mirrors":["https://giuzc4qh.mirror.aliyuncs.com"]
}
EOF
##################################################################################
# 配置docker服务端
cat > /usr/lib/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target
Wants=network-online.target containerd.service
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
# ADD
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
TimeoutStartSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
EOF
##################################################################################
# 重新加载守护进程
systemctl daemon-reload
# 查看Docker运行状态
systemctl restart docker && docker info && systemctl status docker
# 问题:https://blog.51cto.com/u_15127685/4724496
[root@localhost ~]# docker pull docker.io/eclipse-mosquitto
Using default tag: latest
Trying to pull repository docker.io/library/eclipse-mosquitto ...
toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
[root@localhost ~]#
# 原因:
DockerHub 从 2020 年 11 月 2 日,正式开始限制非付费用户的拉取频率:
匿名用户,每 6 小时只允许 pull 100 次
已登录用户,每 6 小时只允许 pull 200 次
# 解决办法:更换镜像配置、绕过限制,也可以用docker login 登录账号
Azure: https://dockerhub.azk8s.cn
中科大: https://ustc-edu-cn.mirror.aliyuncs.com
网易: https://hub-mirror.c.163.com
vi /etc/docker/daemon.json
{
"registry-mirrors": [
"https://dockerhub.azk8s.cn",
"https://ustc-edu-cn.mirror.aliyuncs.com",
"https://hub-mirror.c.163.com",
"https://1nj0zren.mirror.aliyuncs.com",
"https://docker.mirrors.ustc.edu.cn",
"http://f1361db2.m.daocloud.io",
"https://registry.docker-cn.com"
]
}
# 重启服务
systemctl daemon-reload && systemctl restart docker
Comand
# 停止所有容器
docker stop $(docker ps -q)
# # 删除全部容器
docker rm $(docker ps -aq)
# 删除所有镜像
docker rmi $(docker images -q)
# 一条命令实现停用并删除容器
docker stop $(docker ps -q) & docker rm $(docker ps -aq)
# 展示指定列
docker ps --format "{{.IMAGE}} {{.STATUS}} {{.PORTS}}"
CentOS
docker run -dit \
-h centos \
--name centos \
-p 8090:8000 \
-v $PWD/alita:/project/alita \
-v $PWD/log:/project/log \
centos:centos7
MySQL
# 先创建相关文件夹
mkdir dockers && cd dockers && mkdir mysql && cd mysql && mkdir data conf logs files
# 启动MySQL
docker run -dit \
-h mysql \
--name mysql \
-p 13306:3306 \
-e MYSQL_ROOT_PASSWORD=UhW@a^DjU9RgWV98MZ2023 \
-v $PWD/conf:/etc/mysql/conf.d \
-v $PWD/data:/var/lib/mysql \
-v $PWD/logs:/var/log \
-v $PWD/files:/files \
--restart=on-failure \
mysql:8.0
# 5.7版本
docker run -dit \
-h mysql \
--name mysql-5.7 \
-p 13307:3306 \
-e MYSQL_ROOT_PASSWORD=Root1234 \
-v $PWD/conf:/etc/mysql/conf.d \
-v $PWD/data:/var/lib/mysql \
-v $PWD/logs:/var/log \
-v $PWD/files:/files \
--restart=on-failure \
mysql:5.7
Redis
# 先创建相关文件夹
mkdir redis && cd redis && mkdir data && touch redis.conf && mkdir redisview
# 启动Redis
docker run -dit \
--name redis \
-h redis \
-p 16379:6379 \
-v $PWD/redis.conf:/etc/redis/redis.conf \
-v $PWD/data:/data \
--restart=on-failure \
redis:6.2.0 \
redis-server /etc/redis/redis.conf \
--appendonly yes
# 启动可视化
docker run -d \
--name redisview \
-h redis-view
-v $PWD/redisview/:/db \
-p 8001:8001 \
-u root \
redislabs/redisview:latest
Nginx
# 创建文件夹
mkdir nginx && cd nginx
# 启动Nginx
docker run -dit \
--name nginx \
-h nginx \
-p 80:80 \
-v $PWD/nginx.conf:/etc/nginx/cond.f/nginx.conf \
--restart=on-failure \
nginx:latest
ELK
# 拉取ELK镜像
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.15.0
docker pull docker.elastic.co/logstash/logstash:7.15.0
docker pull docker.elastic.co/kibana/kibana:7.15.0
# 创建一个新的网络,以便ELK容器之间可以相互通信:
# 这里创建的网路是什么用处?
docker network create elk-network
# 启动Elasticsearch==> http://localhost:9200
docker run -dit \
--name es \
--network elk-network \
-p 9200:9200 \
-p 9300:9300 \
elasticsearch:7.15.0
docker run -dit \
--name es \
-p 9200:9200 \
-p 9300:9300 \
elasticsearch:7.15.0
# 启动Logstash
docker run -dit \
--name logstash \
--network elk-network \
-p 5044:5044 \
-e "xpack.monitoring.enabled=true" \
-e "xpack.monitoring.elasticsearch.hosts=http://localhost:9200" \
logstash:7.15.0
# 启动Kibana==> http://localhost:5601
docker run -dit \
--name kibana \
--network elk-network \
-p 5601:5601 \
-e "ELASTICSEARCH_URL=http://localhost:9200" \
kibana:7.15.0
Portainer
# partainer
docker search portainer
docker pull portainer/portainer
docker volume create portainer_data
# 配置:宿主8090:docker镜像的8090
docker run -dit \
-h docker-view \
-p 8090:8090 \
--name portainer \
--restart always \
-v portainer_data:/data \
-v /var/run/docker.sock:/var/run/docker.sock \
portainer/portainer
GitLab
安装
# 下载镜像
docker pull gitlab/gitlab-ce:latest
# 查看日志运行详情
docker logs -f docker-name
# 创建并后台启动容器
docker run -dit \
-h gitlab \
-p 443:443 \
-p 8000:80 \
-p 222:22 \
--name gitlab \
--restart=always \
-v $PWD/conf:/etc/gitlab \
-v $PWD/logs:/var/log/gitlab \
-v $PWD/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
修改密码
# 如果使用容器安装,先进入容器
docker exec -it gitlab /bin/bash
# docker stop gitlab && docker rm gitlab
# 进入gitlab后台
gitlab-rails console -e production
# 指定user对象
user = User.where(id:1).first
# 修改user的密码,密码不能简单,否则会报错
user.password=12345678
# 保存
user.save!
# 退出
quit
GitLab-Runner
# 下载镜像
docker pull gitlab/gitlab-runner:latest
# 创建并启动
docker run -dit \
--name gitlab-runner \
--restart=always \
-v $PWD/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest
# 注册runner
docker run --rm -v /root/dev/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register --non-interactive --executor "docker" --docker-image alpine:latest --url "http://172.16.23.3:8000/" --registration-token "xon9QPnDEDz_7gAxPdw9" --description "first-register-runner" --tag-list "test-cicd1,dockercicd1" --run-untagged="true" --locked="false" --access-level="not_protected"
# 这里的url和registration-token, 是从GitLab中获取的
# Runtime platform arch=amd64 os=linux pid=8 revision=c1edb478 version=14.0.1
# Running in system-mode.
# Registering runner... succeeded runner=xon9QPnD
# Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Jenkins
# 更新
sudo apt-get -y upgrade
sudo apt-get -y update
# 安装Docker
sudo apt-get install -y curl
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88 # 检验
sudo vim /etc/apt/sources.list
# 添加到 文件最后一行
deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/debian jessie stable
sudo apt-get update
sudo apt-get install -y docker-ce
# 将登陆用户加入到 docker 用户组中
sudo gpasswd -a $USER docker
# 更新用户组
newgrp docker
# 下载镜像
docker pull jenkinsci/blueocean
# 打包、解压镜像
docker save -o jenkins.tar jenkinsci/blueocean:latest
docker load -i jenkins.tar
# 运行容器
docker run -u root --rm -d -p 8080:8080 -p 50000:50000 -v jenkins-data:/var/jenkins_home -v /var/run/docker.sock:/var/run/docker.sock jenkinsci/blueocean
# 进入Docker中查看密码
docker exec -it lucid_khorana bash
cat /var/jenkins_home/secrets/initialAdminPassword
Harbor
docker-compose
# 更新
sudo apt-get -y upgrade
sudo apt-get -y update
sudo apt update
# 安装Docker
sudo apt-get install -y curl
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88 # 检验
sudo vim /etc/apt/sources.list
deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/debian jessie stable
sudo apt-get update
sudo apt-get install -y docker-ce
# 更改权限
sudo gpasswd -a $USER docker
newgrp docker
# 安装Docker-Compose
sudo curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docekr-harbor
# 打包、加载所有镜像
docker save $(docker images | grep -v REPOSITORY | awk 'BEGIN{OFS=":";ORS=" "}{print $1,$2}') -o all_harbor.tar
# 准备好镜像文件(300M)、harbor压缩包
docker load -i harbor.tar
tar zxvf harbor-offline-installer-v2.3.0.tgz
cd harbor
# 修改harbor.yml的配置文件
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
# 准备环境
./prepare
# 开始安装
./install.sh
# 启动所有的容器命令
docker start $(docker ps -a | awk '{ print $1}' | tail -n +2)
# 关闭所有的容器命令
docker stop $(docker ps -a | awk '{ print $1}' | tail -n +2)
# 删除所有的容器命令
docker rm $(docker ps -a | awk '{ print $1}' | tail -n +2)
# 删除所有的镜像
docker rmi $(docker images | awk '{print $3}' |tail -n +2)
修改配置文件
# 修改的本机IP
hostname: 172.26.209.51
# HTTPS 设置
# http:
# port: 80
# https:
# port: 443
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# 密码
harbor_admin_password: Harbor12345
database:
password: root123
max_idle_conns: 100
max_open_conns: 900
data_volume: /data
trivy:
ignore_unfixed: false
skip_update: false
insecure: false
jobservice:
max_job_workers: 10
notification:
webhook_job_max_retry: 10
chart:
absolute_url: disabled
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 2.3.0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
评论区