TL; DR: Nkhani yachidule - chiwongolero chofananizira malo ogwiritsira ntchito m'mitsuko. Kuthekera kwa Docker ndi machitidwe ena ofanana adzaganiziridwa.
Mbiri yochepa ya komwe izo zonse zinachokera
ΠΡΡΠΎΡΠΈΡ
Njira yoyamba yodziwika bwino yodzipatula pulogalamu ndi chroot. Kuyimba kwadongosolo kwa dzina lomwelo kumapereka kusintha kwa chikwatu cha mizu - motero kupatsa mwayi pulogalamu yomwe idayitcha, kupeza mafayilo okha mkati mwa bukhuli. Koma ngati pulogalamuyo ipatsidwa ufulu wa superuser mkati, imatha "kuthawa" kuchokera ku chroot ndikupeza mwayi wogwiritsa ntchito makina akuluakulu. Komanso, kuwonjezera pa kusintha chikwatu cha mizu, zinthu zina (RAM, purosesa), komanso mwayi wopezera maukonde, sizochepa.
Njira yotsatira ndikuyambitsa makina ogwiritsira ntchito mokwanira mkati mwa chidebecho, pogwiritsa ntchito makina a kernel. Njirayi imatchedwa mosiyana m'machitidwe osiyanasiyana opangira, koma kwenikweni ndi chimodzimodzi - kuyendetsa machitidwe angapo odziimira okhaokha, omwe amayendetsa pa kernel yomwe imayendetsa makina opangira opaleshoni. Izi zikuphatikiza Mandende a FreeBSD, Zone za Solaris, OpenVZ, ndi LXC ya Linux. Kudzipatula kumaperekedwa osati kwa malo a disk, komanso pazinthu zina, makamaka, chidebe chilichonse chikhoza kukhala ndi zoletsa pa nthawi ya purosesa, RAM, bandwidth network. Poyerekeza ndi chroot, kusiya chidebecho kumakhala kovuta kwambiri, popeza superuser mu chidebe amatha kulowa mkati mwa chidebecho, komabe, chifukwa cha kufunikira kosunga makina opangira mkati mwa chidebecho mpaka pano komanso kugwiritsa ntchito kernel yakale. mitundu (yoyenera ku Linux, pamlingo wocheperako FreeBSD), pali mwayi woti "kuthyola" kernel kudzipatula ndikupeza njira yoyendetsera ntchito yayikulu.
M'malo moyambitsa makina ogwiritsira ntchito m'chidebe (chokhala ndi makina oyambira, woyang'anira phukusi, ndi zina), mapulogalamu amatha kukhazikitsidwa nthawi yomweyo, chinthu chachikulu ndikupereka mwayi uwu (kukhalapo kwa malaibulale ofunikira mafayilo ena). Lingaliro ili lidakhala ngati maziko ogwiritsira ntchito makina ogwiritsira ntchito, woyimilira wodziwika kwambiri yemwe ndi Docker. Poyerekeza ndi machitidwe am'mbuyomu, njira zosinthira zodzipatula, kuphatikiza zothandizira ma netiweki pafupifupi pakati pa zotengera ndi kukhazikika kwa ntchito mkati mwa chidebe, zidapangitsa kuti athe kupanga malo amodzi okhazikika kuchokera ku ma seva ambiri omwe amayendetsa zotengera - popanda kufunikira kwa kasamalidwe kazinthu zamanja.
Docker
Docker ndiye pulogalamu yodziwika bwino yopangira zida. Zolembedwa m'chinenero cha Go, zimagwiritsa ntchito mphamvu zokhazikika za Linux kernel - magulu, malo a mayina, luso, ndi zina zotero, komanso mafayilo a Aufs ndi ena ofanana kusunga disk space.
Gwero: wikimedia
zomangamanga
Asanayambe mtundu wa 1.11, Docker ankagwira ntchito ngati ntchito imodzi yomwe imagwira ntchito zonse ndi zotengera: kutsitsa zithunzi zazitsulo, kuyambitsa zotengera, kukonza zopempha za API. Kuyambira mtundu wa 1.11, Docker idagawika m'magawo angapo omwe amalumikizana wina ndi mnzake: zosungidwa, kuti azitha kutengera nthawi yonse ya zotengera (kugawa malo a disk, kutsitsa zithunzi, ma network, kukhazikitsa, kukhazikitsa ndi kuyang'anira zomwe zili) ndi runC. , nthawi zoyendetsera chidebe, kutengera kugwiritsa ntchito magulu ndi zina za Linux kernel. Ntchito ya docker yokha imakhalabe, koma tsopano imangogwira ntchito zopempha za API kuti ziulutsidwe.
Kuyika ndi kukonza
Njira yanga yomwe ndimakonda kukhazikitsa docker ndi makina a docker, omwe, kuwonjezera pa kukhazikitsa mwachindunji ndi kukonza docker pa ma seva akutali (kuphatikiza mitambo yosiyanasiyana), amakulolani kuti mugwire ntchito ndi mafayilo amaseva akutali, komanso mutha kuyendetsanso malamulo osiyanasiyana.
Komabe, kuyambira 2018, pulojekitiyi sinakhazikitsidwe, kotero tidzayiyika mwachizolowezi pamagawidwe ambiri a Linux - powonjezera posungira ndikuyika ma phukusi ofunikira.
Njirayi imagwiritsidwanso ntchito pakuyika makina, mwachitsanzo, kugwiritsa ntchito Ansible kapena machitidwe ena ofanana, koma sindingaganizire m'nkhaniyi.
Kuyika kudzachitika pa Centos 7, ndigwiritsa ntchito makina enieni ngati seva, kukhazikitsa, kungoyendetsa malamulo omwe ali pansipa:
# yum install -y yum-utils
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install docker-ce docker-ce-cli containerd.ioPambuyo kukhazikitsa, muyenera kuyambitsa ntchitoyo, ndikuyiyika mu autoload:
# systemctl enable docker
# systemctl start docker
# firewall-cmd --zone=public --add-port=2377/tcp --permanentKuphatikiza apo, mutha kupanga gulu la docker, lomwe ogwiritsa ntchito azitha kugwira ntchito ndi docker popanda sudo, kukhazikitsa mitengo, kuthandizira kupeza API kuchokera kunja, musaiwale kukonza bwino firewall (chilichonse chomwe sichiloledwa ndichotheka. zoletsedwa mu zitsanzo pamwambapa ndi pansipa - ndinasiya izi kuti zikhale zosavuta komanso zowonera), koma sindipita mwatsatanetsatane apa.
Zina
Kuphatikiza pa makina opangira docker omwe ali pamwambapa, palinso kaundula wa docker, chida chosungiramo zithunzi za zotengera, komanso kupanga docker - chida chodziwikiratu kutumizidwa kwa mapulogalamu m'mitsuko, mafayilo a YAML amagwiritsidwa ntchito pomanga ndi kukonza zotengera ndi zida. zinthu zina zofananira (mwachitsanzo, maukonde, ma fayilo osalekeza osunga deta).
Itha kugwiritsidwanso ntchito kukonza mapaipi a CICD. Chinthu china chochititsa chidwi chikugwira ntchito mumagulu amagulu, omwe amatchedwa "swarm mode" (pambuyo pa 1.12 ankadziwika kuti docker swarm), yomwe imakupatsani mwayi wosonkhanitsa maziko amodzi kuchokera ku maseva angapo kuti muyendetse zotengera. Pali chithandizo cha netiweki yowoneka bwino pamwamba pa ma seva onse, pali chowerengera chojambulira, komanso kuthandizira zinsinsi zamabokosi.
Mafayilo a YAML ochokera ku docker compose atha kugwiritsidwa ntchito pamagulu otere omwe ali ndi zosintha zazing'ono, ndikuwongolera kwathunthu timagulu tating'ono ndi apakatikati pazolinga zosiyanasiyana. Pamagulu akulu, Kubernetes ndi yabwino chifukwa mitengo yokonza ma modesedwe ambiri imatha kuposa ya Kubernetes. Kuphatikiza pa runC, monga malo opangira zida, mutha kukhazikitsa, mwachitsanzo
Kugwira ntchito ndi Docker
Pambuyo pokhazikitsa ndikusintha, tidzayesa kupanga gulu lomwe tidzatumiza GitLab ndi Docker Registry ku gulu lachitukuko. Monga ma seva, ndigwiritsa ntchito makina atatu omwe ndimagwiritsanso ntchito GlusterFS yogawidwa FS, ndidzagwiritsa ntchito ngati malo osungiramo ma docker, mwachitsanzo, kuyendetsa ndondomeko yolephera ya registry ya docker. Zida zazikulu zomwe muyenera kuyendetsa: Docker Registry, Postgresql, Redis, GitLab mothandizidwa ndi GitLab Runner pamwamba pa Swarm. Postgresql idzayambitsidwa ndi magulu , kotero simuyenera kugwiritsa ntchito GlusterFS kusunga deta ya Postgresql. Zina zonse zofunika zidzasungidwa pa GlusterFS.
Kuti mutumize GlusterFS pa maseva onse (amatchedwa node1, node2, node3), muyenera kukhazikitsa phukusi, yambitsani firewall, pangani zolemba zofunika:
# yum -y install centos-release-gluster7
# yum -y install glusterfs-server
# systemctl enable glusterd
# systemctl start glusterd
# firewall-cmd --add-service=glusterfs --permanent
# firewall-cmd --reload
# mkdir -p /srv/gluster
# mkdir -p /srv/docker
# echo "$(hostname):/docker /srv/docker glusterfs defaults,_netdev 0 0" >> /etc/fstabPambuyo kukhazikitsa, ntchito yokonza GlusterFS iyenera kupitilizidwa kuchokera ku mfundo imodzi, mwachitsanzo node1:
# gluster peer probe node2
# gluster peer probe node3
# gluster volume create docker replica 3 node1:/srv/gluster node2:/srv/gluster node3:/srv/gluster force
# gluster volume start dockerKenako muyenera kukweza voliyumu yomwe ikubwera (lamulo liyenera kuyendetsedwa pa ma seva onse):
# mount /srv/dockerSwarm mode imakonzedwa pa imodzi mwa ma seva, omwe adzakhala Mtsogoleri, ena onse adzayenera kujowina gululo, kotero zotsatira za kuyendetsa lamulo pa seva yoyamba ziyenera kukopera ndi kuchitidwa pa ena onse.
Kukhazikitsa masango koyambirira, ndimayendetsa lamulo pa node1:
# docker swarm init
Swarm initialized: current node (a5jpfrh5uvo7svzz1ajduokyq) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0c5mf7mvzc7o7vjk0wngno2dy70xs95tovfxbv4tqt9280toku-863hyosdlzvd76trfptd4xnzd xx.xx.xx.xx:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
# docker swarm join-token managerLembani zotsatira za lamulo lachiwiri, perekani pa node2 ndi node3:
# docker swarm join --token SWMTKN-x-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxx xx.xx.xx.xx:2377
This node joined a swarm as a manager.Izi zimamaliza kukonzanso koyambirira kwa ma seva, tiyeni tiyambe kukonza mautumiki, malamulo oti aphedwe adzakhazikitsidwa kuchokera ku node1, pokhapokha atafotokozedwa.
Choyamba, tiyeni tipange maukonde a zotengera:
# docker network create --driver=overlay etcd
# docker network create --driver=overlay pgsql
# docker network create --driver=overlay redis
# docker network create --driver=overlay traefik
# docker network create --driver=overlay gitlabKenako timayika ma seva, izi ndizofunikira kumangirira mautumiki ena ku maseva:
# docker node update --label-add nodename=node1 node1
# docker node update --label-add nodename=node2 node2
# docker node update --label-add nodename=node3 node3Kenako, timapanga maupangiri osungira etcd data, KV yosungirako yomwe Traefik ndi Stolon amafunikira. Zofanana ndi Postgresql, izi zidzakhala zida zomangika ku maseva, chifukwa chake timachita izi pa maseva onse:
# mkdir -p /srv/etcdKenako, pangani fayilo kuti muyike etcd ndikuyiyika:
00etcd.yml
version: '3.7'
services:
etcd1:
image: quay.io/coreos/etcd:latest
hostname: etcd1
command:
- etcd
- --name=etcd1
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd1:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd1:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd1vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
etcd2:
image: quay.io/coreos/etcd:latest
hostname: etcd2
command:
- etcd
- --name=etcd2
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd2:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd2:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd2vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
etcd3:
image: quay.io/coreos/etcd:latest
hostname: etcd3
command:
- etcd
- --name=etcd3
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd3:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd3:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd3vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
volumes:
etcd1vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd2vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd3vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
networks:
etcd:
external: true# docker stack deploy --compose-file 00etcd.yml etcdPatapita kanthawi, timayang'ana kuti etcd cluster yawuka:
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl member list
ade526d28b1f92f7: name=etcd1 peerURLs=http://etcd1:2380 clientURLs=http://etcd1:2379 isLeader=false
bd388e7810915853: name=etcd3 peerURLs=http://etcd3:2380 clientURLs=http://etcd3:2379 isLeader=false
d282ac2ce600c1ce: name=etcd2 peerURLs=http://etcd2:2380 clientURLs=http://etcd2:2379 isLeader=true
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl cluster-health
member ade526d28b1f92f7 is healthy: got healthy result from http://etcd1:2379
member bd388e7810915853 is healthy: got healthy result from http://etcd3:2379
member d282ac2ce600c1ce is healthy: got healthy result from http://etcd2:2379
cluster is healthyPangani zolemba za Postgresql, perekani lamulo pa ma seva onse:
# mkdir -p /srv/pgsqlKenako, pangani fayilo kuti mukonze Postgresql:
01pgsql.yml
version: '3.7'
services:
pgsentinel:
image: sorintlab/stolon:master-pg10
command:
- gosu
- stolon
- stolon-sentinel
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
- --log-level=debug
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: pause
pgkeeper1:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper1
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper1
- --pg-repl-username=replica
- --uid=pgkeeper1
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper1:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
pgkeeper2:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper2
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper2
- --pg-repl-username=replica
- --uid=pgkeeper2
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper2:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
pgkeeper3:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper3
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper3
- --pg-repl-username=replica
- --uid=pgkeeper3
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper3:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
postgresql:
image: sorintlab/stolon:master-pg10
command: gosu stolon stolon-proxy --listen-address 0.0.0.0 --cluster-name stolon-cluster --store-backend=etcdv3 --store-endpoints http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: rollback
volumes:
pgkeeper1:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper2:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper3:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
secrets:
pgsql:
file: "/srv/docker/postgres"
pgsql_repl:
file: "/srv/docker/replica"
networks:
etcd:
external: true
pgsql:
external: trueTimapanga zinsinsi, gwiritsani ntchito fayilo:
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/replica
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/postgres
# docker stack deploy --compose-file 01pgsql.yml pgsqlPatapita nthawi (onani zotsatira za lamulo utumiki wa docker lskuti ntchito zonse zawuka) yambitsani gulu la Postgresql:
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 initKuwona kukonzekera kwa gulu la Postgresql:
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 status
=== Active sentinels ===
ID LEADER
26baa11d false
74e98768 false
a8cb002b true
=== Active proxies ===
ID
4d233826
9f562f3b
b0c79ff1
=== Keepers ===
UID HEALTHY PG LISTENADDRESS PG HEALTHY PG WANTEDGENERATION PG CURRENTGENERATION
pgkeeper1 true pgkeeper1:5432 true 2 2
pgkeeper2 true pgkeeper2:5432 true 2 2
pgkeeper3 true pgkeeper3:5432 true 3 3
=== Cluster Info ===
Master Keeper: pgkeeper3
===== Keepers/DB tree =====
pgkeeper3 (master)
ββpgkeeper2
ββpgkeeper1
Timakonza traefik kuti titsegule zotengera kuchokera kunja:
03traefik.yml
version: '3.7'
services:
traefik:
image: traefik:latest
command: >
--log.level=INFO
--providers.docker=true
--entryPoints.web.address=:80
--providers.providersThrottleDuration=2
--providers.docker.watch=true
--providers.docker.swarmMode=true
--providers.docker.swarmModeRefreshSeconds=15s
--providers.docker.exposedbydefault=false
--accessLog.bufferingSize=0
--api=true
--api.dashboard=true
--api.insecure=true
networks:
- traefik
ports:
- 80:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
replicas: 3
placement:
constraints:
- node.role == manager
preferences:
- spread: node.id
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`traefik.example.com`)
- traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.docker.network=traefik
networks:
traefik:
external: true# docker stack deploy --compose-file 03traefik.yml traefikTimayamba Redis Cluster, chifukwa cha izi timapanga chikwatu chosungira pama node onse:
# mkdir -p /srv/redis05redis.yml
version: '3.7'
services:
redis-master:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379:6379'
environment:
- REDIS_REPLICATION_MODE=master
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: global
restart_policy:
condition: any
volumes:
- 'redis:/opt/bitnami/redis/etc/'
redis-replica:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379'
depends_on:
- redis-master
environment:
- REDIS_REPLICATION_MODE=slave
- REDIS_MASTER_HOST=redis-master
- REDIS_MASTER_PORT_NUMBER=6379
- REDIS_MASTER_PASSWORD=xxxxxxxxxxx
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: replicated
replicas: 3
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: any
redis-sentinel:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '16379'
depends_on:
- redis-master
- redis-replica
entrypoint: |
bash -c 'bash -s <<EOF
"/bin/bash" -c "cat <<EOF > /opt/bitnami/redis/etc/sentinel.conf
port 16379
dir /tmp
sentinel monitor master-node redis-master 6379 2
sentinel down-after-milliseconds master-node 5000
sentinel parallel-syncs master-node 1
sentinel failover-timeout master-node 5000
sentinel auth-pass master-node xxxxxxxxxxx
sentinel announce-ip redis-sentinel
sentinel announce-port 16379
EOF"
"/bin/bash" -c "redis-sentinel /opt/bitnami/redis/etc/sentinel.conf"
EOF'
deploy:
mode: global
restart_policy:
condition: any
volumes:
redis:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: "/srv/redis"
networks:
redis:
external: true# docker stack deploy --compose-file 05redis.yml redisOnjezani Docker Registry:
06registry.yml
version: '3.7'
services:
registry:
image: registry:2.6
networks:
- traefik
volumes:
- registry_data:/var/lib/registry
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.registry.rule=Host(`registry.example.com`)
- traefik.http.services.registry.loadbalancer.server.port=5000
- traefik.docker.network=traefik
volumes:
registry_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/registry"
networks:
traefik:
external: true# mkdir /srv/docker/registry
# docker stack deploy --compose-file 06registry.yml registryNdipo potsiriza - GitLab:
08gitlab-runner.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
networks:
- pgsql
- redis
- traefik
- gitlab
ports:
- 22222:22
environment:
GITLAB_OMNIBUS_CONFIG: |
postgresql['enable'] = false
redis['enable'] = false
gitlab_rails['registry_enabled'] = false
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "XXXXXXXXXXX"
gitlab_rails['db_host'] = "postgresql"
gitlab_rails['db_port'] = "5432"
gitlab_rails['db_database'] = "gitlab"
gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'utf8'
gitlab_rails['redis_host'] = 'redis-master'
gitlab_rails['redis_port'] = '6379'
gitlab_rails['redis_password'] = 'xxxxxxxxxxx'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.yandex.ru"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = "xxxxxxxxx"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
external_url 'http://gitlab.example.com/'
gitlab_rails['gitlab_shell_ssh_port'] = 22222
volumes:
- gitlab_conf:/etc/gitlab
- gitlab_logs:/var/log/gitlab
- gitlab_data:/var/opt/gitlab
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.gitlab.rule=Host(`gitlab.example.com`)
- traefik.http.services.gitlab.loadbalancer.server.port=80
- traefik.docker.network=traefik
gitlab-runner:
image: gitlab/gitlab-runner:latest
networks:
- gitlab
volumes:
- gitlab_runner_conf:/etc/gitlab
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
gitlab_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/conf"
gitlab_logs:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/logs"
gitlab_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/data"
gitlab_runner_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/runner"
networks:
pgsql:
external: true
redis:
external: true
traefik:
external: true
gitlab:
external: true# mkdir -p /srv/docker/gitlab/conf
# mkdir -p /srv/docker/gitlab/logs
# mkdir -p /srv/docker/gitlab/data
# mkdir -p /srv/docker/gitlab/runner
# docker stack deploy --compose-file 08gitlab-runner.yml gitlabMkhalidwe womaliza wamagulu ndi ntchito:
# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
lef9n3m92buq etcd_etcd1 replicated 1/1 quay.io/coreos/etcd:latest
ij6uyyo792x5 etcd_etcd2 replicated 1/1 quay.io/coreos/etcd:latest
fqttqpjgp6pp etcd_etcd3 replicated 1/1 quay.io/coreos/etcd:latest
hq5iyga28w33 gitlab_gitlab replicated 1/1 gitlab/gitlab-ce:latest *:22222->22/tcp
dt7s6vs0q4qc gitlab_gitlab-runner replicated 1/1 gitlab/gitlab-runner:latest
k7uoezno0h9n pgsql_pgkeeper1 replicated 1/1 sorintlab/stolon:master-pg10
cnrwul4r4nse pgsql_pgkeeper2 replicated 1/1 sorintlab/stolon:master-pg10
frflfnpty7tr pgsql_pgkeeper3 replicated 1/1 sorintlab/stolon:master-pg10
x7pqqchi52kq pgsql_pgsentinel replicated 3/3 sorintlab/stolon:master-pg10
mwu2wl8fti4r pgsql_postgresql replicated 3/3 sorintlab/stolon:master-pg10
9hkbe2vksbzb redis_redis-master global 3/3 bitnami/redis:latest *:6379->6379/tcp
l88zn8cla7dc redis_redis-replica replicated 3/3 bitnami/redis:latest *:30003->6379/tcp
1utp309xfmsy redis_redis-sentinel global 3/3 bitnami/redis:latest *:30002->16379/tcp
oteb824ylhyp registry_registry replicated 1/1 registry:2.6
qovrah8nzzu8 traefik_traefik replicated 3/3 traefik:latest *:80->80/tcp, *:443->443/tcpNdi chiyani chinanso chomwe chingawongoleredwe? Onetsetsani kuti mwakonza Traefik kuti azigwira ntchito ndi zotengera za https, onjezani tls encryption ya Postgresql ndi Redis. Koma zambiri, mutha kuzipereka kale kwa opanga ngati PoC. Tiyeni tsopano tiwone njira zina zopangira Docker.
pansi
Injini ina yodziwika bwino yoyendetsa zotengera zomwe zili m'magulumagulu (pods, magulu a zotengera zomwe zayikidwa palimodzi). Mosiyana ndi Docker, sizifuna ntchito iliyonse kuyendetsa zotengera, ntchito zonse zimachitika kudzera mu library ya libpod. Zolembedwanso mu Go, zimafunikira nthawi yoyendera ya OCI kuti muyendetse zotengera ngati runC.
Kugwira ntchito ndi Podman nthawi zambiri kumafanana ndi Docker, mpaka momwe mungathere motere (zonenedwa ndi ambiri omwe ayesapo, kuphatikizapo wolemba nkhaniyi):
$ alias docker=podmanndipo mukhoza kupitiriza kugwira ntchito. Nthawi zambiri, momwe zinthu ziliri ndi Podman ndizosangalatsa kwambiri, chifukwa ngati Mabaibulo oyambirira a Kubernetes adagwira ntchito ndi Docker, ndiye kuyambira cha 2015, atatha kukhazikitsa dziko lachidebe (OCI - Open Container Initiative) ndikugawa Docker kukhala chotengera ndi runC, m'malo mwake. Docker ikupangidwa kuti iziyenda ku Kubernetes: CRI-O. Podman pankhaniyi ndi njira ina ya Docker, yomangidwa pa mfundo za Kubernetes, kuphatikiza magulu a ziwiya, koma cholinga chachikulu cha polojekiti ndikuyendetsa zotengera zamtundu wa Docker popanda ntchito zina. Pazifukwa zodziwikiratu, palibe gulu lamasewera, popeza opanga amanena momveka bwino kuti ngati mukufuna gulu, tengani Kubernetes.
kolowera
Kuti muyike pa Centos 7, ingoyambitsani zosungirako Zowonjezera, ndiyeno yikani chirichonse ndi lamulo:
# yum -y install podmanZina
Podman imatha kupanga mayunitsi a systemd, motero kuthetsa vuto loyambitsa zida pambuyo poyambiranso seva. Kuphatikiza apo, systemd imanenedwa kuti ikugwira ntchito moyenera ngati pid 1 mumtsuko. Kuti mupange zotengera, pali chida chosiyana cha buildah, palinso zida za chipani chachitatu - zofananira za docker-compose, zomwe zimapanganso mafayilo osinthika a Kubernetes, kotero kuti kusintha kuchokera ku Podman kupita ku Kubernetes ndikosavuta momwe mungathere.
Kugwira ntchito ndi Podman
Popeza palibe gulu lankhondo (likuyenera kusinthira ku Kubernetes ngati gulu likufunika), tidzasonkhanitsa muzotengera zosiyana.
Ikani podman-compose:
# yum -y install python3-pip
# pip3 install podman-composeChotsatira chotsatira fayilo ya podman ndi yosiyana pang'ono, monga mwachitsanzo tinayenera kusuntha gawo la voliyumu yosiyana molunjika ku gawo la mautumiki.
gitlab-podman.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
hostname: gitlab.example.com
restart: unless-stopped
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
ports:
- "80:80"
- "22222:22"
volumes:
- /srv/podman/gitlab/conf:/etc/gitlab
- /srv/podman/gitlab/data:/var/opt/gitlab
- /srv/podman/gitlab/logs:/var/log/gitlab
networks:
- gitlab
gitlab-runner:
image: gitlab/gitlab-runner:alpine
restart: unless-stopped
depends_on:
- gitlab
volumes:
- /srv/podman/gitlab/runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
networks:
- gitlab
networks:
gitlab:# podman-compose -f gitlab-runner.yml -d upZotsatira za ntchito:
# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
da53da946c01 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab-runner_1
781c0103c94a docker.io/gitlab/gitlab-ce:latest /assets/wrapper About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab_1Tiyeni tiwone zomwe zidzapangire systemd ndi kubernetes, chifukwa cha izi tiyenera kudziwa dzina kapena id ya pod:
# podman pod ls
POD ID NAME STATUS CREATED # OF CONTAINERS INFRA ID
71fc2b2a5c63 root Running 11 minutes ago 3 db40ab8bf84bKubernetes:
# podman generate kube 71fc2b2a5c63
# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-1.6.4
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2020-07-29T19:22:40Z"
labels:
app: root
name: root
spec:
containers:
- command:
- /assets/wrapper
env:
- name: PATH
value: /opt/gitlab/embedded/bin:/opt/gitlab/bin:/assets:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
value: gitlab.example.com
- name: container
value: podman
- name: GITLAB_OMNIBUS_CONFIG
value: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
- name: LANG
value: C.UTF-8
image: docker.io/gitlab/gitlab-ce:latest
name: rootgitlab1
ports:
- containerPort: 22
hostPort: 22222
protocol: TCP
- containerPort: 80
hostPort: 80
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /var/opt/gitlab
name: srv-podman-gitlab-data
- mountPath: /var/log/gitlab
name: srv-podman-gitlab-logs
- mountPath: /etc/gitlab
name: srv-podman-gitlab-conf
workingDir: /
- command:
- run
- --user=gitlab-runner
- --working-directory=/home/gitlab-runner
env:
- name: PATH
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
- name: container
value: podman
image: docker.io/gitlab/gitlab-runner:alpine
name: rootgitlab-runner1
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /etc/gitlab-runner
name: srv-podman-gitlab-runner
- mountPath: /var/run/docker.sock
name: var-run-docker.sock
workingDir: /
volumes:
- hostPath:
path: /srv/podman/gitlab/runner
type: Directory
name: srv-podman-gitlab-runner
- hostPath:
path: /var/run/docker.sock
type: File
name: var-run-docker.sock
- hostPath:
path: /srv/podman/gitlab/data
type: Directory
name: srv-podman-gitlab-data
- hostPath:
path: /srv/podman/gitlab/logs
type: Directory
name: srv-podman-gitlab-logs
- hostPath:
path: /srv/podman/gitlab/conf
type: Directory
name: srv-podman-gitlab-conf
status: {}systemd:
# podman generate systemd 71fc2b2a5c63
# pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
Documentation=man:podman-generate-systemd(1)
Requires=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Before=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
ExecStop=/usr/bin/podman stop -t 10 db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
ExecStop=/usr/bin/podman stop -t 10 da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
ExecStop=/usr/bin/podman stop -t 10 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3/userdata/conmon.pid
[Install]
WantedBy=multi-user.targetTsoka ilo, kupatula kuyambitsa zotengera, gawo lopangidwa la systemd silichita china chilichonse (mwachitsanzo, kuyeretsa zotengera zakale mukayambiranso ntchito), ndiye kuti muyenera kuwonjezera zinthu zotere nokha.
M'malo mwake, Podman ndiyokwanira kuyesa zomwe muli nazo, kusamutsa masinthidwe akale a docker-compose, kenako kupita ku Kubernetes, ngati kuli kofunikira, pagulu, kapena kupeza njira yosavuta kugwiritsa ntchito ku Docker.
rkt
Ntchitoyi pafupifupi miyezi isanu ndi umodzi yapitayo chifukwa chakuti RedHat anagula izo, kotero ine sindidzakhazikika pa izo mwatsatanetsatane. Kawirikawiri, idasiya malingaliro abwino kwambiri, koma poyerekeza ndi Docker, ndipo makamaka ku Podman, ikuwoneka ngati kuphatikiza. Panalinso kugawa kwa CoreOS komwe kunamangidwa pamwamba pa rkt (ngakhale kuti poyamba anali ndi Docker), koma izi zinatha pambuyo pogula RedHat.
Phula
Zambiri , wolemba zomwe ankangofuna kumanga ndi kuyendetsa zotengera. Poyang'ana zolemba ndi code, wolembayo sanatsatire miyezo, koma anangoganiza zolemba kukhazikitsa kwake, zomwe, makamaka, adazichita.
anapezazo
Zomwe zili ndi Kubernetes ndizosangalatsa kwambiri: mbali imodzi, ndi Docker, mutha kusonkhanitsa gulu (munjira yamagulu), yomwe mutha kuyendetsanso malo opangira makasitomala, izi ndizowona makamaka kwamagulu ang'onoang'ono (anthu 3-5). ), kapena ndi katundu wochepa wathunthu , kapena kusowa kwa chikhumbo chofuna kumvetsetsa zovuta kukhazikitsa Kubernetes, kuphatikizapo katundu wambiri.
Podman sapereka kuyanjana kwathunthu, koma ali ndi mwayi umodzi wofunikira - kuyanjana ndi Kubernetes, kuphatikiza zida zowonjezera (buildah ndi ena). Chifukwa chake, ndiyandikira kusankha kwa chida chogwirira ntchito motere: kwa magulu ang'onoang'ono, kapena ndi bajeti yochepa - Docker (yokhala ndi gulu lotheka), kuti ndidzipangire ndekha pamunthu wamba - abwenzi a Podman, ndi ena onse. - Kubernetes.
Sindikutsimikiza kuti zinthu ndi Docker sizisintha m'tsogolomu, pambuyo pake, iwo ndi apainiya, ndipo amakhalanso okhazikika pang'onopang'ono sitepe ndi sitepe, koma Podman, ndi zofooka zake zonse (zimagwira ntchito pa Linux zokha, palibe kugwirizanitsa. , msonkhano ndi zochita zina ndizosankha za chipani chachitatu) tsogolo liri lomveka bwino, choncho ndikupempha aliyense kuti akambirane zomwe apeza mu ndemanga.
PS Pa Ogasiti 3 tikukhazikitsa "kumene mungaphunzire zambiri za ntchito yake. Tisanthula zida zake zonse: kuyambira pazoyambira mpaka magawo a netiweki, ma nuances ogwirira ntchito ndi machitidwe osiyanasiyana opangira ndi zilankhulo zamapulogalamu. Mudzadziwa ukadaulo ndikumvetsetsa komwe mungagwiritse ntchito Docker komanso momwe mungagwiritsire ntchito bwino. Tidzagawananso machitidwe abwino kwambiri.
Mtengo woyitanitsa musanatulutsidwe: 5000 rubles. Pulogalamu ya "Docker Video Course" imapezeka .
Source: www.habr.com