TL; DR: Yekutarisa chinyorwa-gwaro rekuenzanisa nharaunda dzekumhanyisa maapplication mumidziyo. Iko kugona kweDocker nemamwe masisitimu akafanana anozotariswa.
Kanhoroondo kadiki kuti zvakabva kupi
История
Nzira yekutanga inozivikanwa yekuparadzanisa application ndeye chroot. Iyo system yekufona yezita rimwe chete inoshandura dhairekitori remidzi, nekudaro ichipa chirongwa chakaidaidza nekuwana chete kune mafaera mukati meiyi dhairekitori. Asi kana chirongwa chiri mukati chakapihwa superuser kodzero, chinogona "kupukunyuka" kubva kuchroot uye kuwana mukana weiyo huru yekushandisa system. Zvakare, kunze kwekuchinja dhairekitori remidzi, zvimwe zviwanikwa (RAM, processor) uye network yekuwana haina kuganhurirwa.
Nzira inotevera ndeyekushandisa system yekushandisa yakazara mukati memudziyo, uchishandisa nzira dzekernel dzesystem yekushandisa. Nzira iyi ine mazita akasiyana mumasystem akasiyana ekushanda, asi chinhu chakakosha chakafanana: kushandisa masisitimu akawanda ekushanda akazvimiririra, imwe neimwe ichishandisa kernel imwechete nesystem huru yekushandisa. Izvi zvinosanganisira FreeBSD Jails, Solaris Zones, OpenVZ, uye LXC ye LinuxKupatsanura hakungopiwi chete nedhisiki, asiwo nezvimwe zviwanikwa; kunyanya, mudziyo wega wega unogona kuva nemiganho yenguva yeCPU, RAM, uye bandwidth yenetwork. Zvichienzaniswa nechroot, kubuda mumudziyo kwakaoma, sezvo superuser iri mumudziyo inokwanisa kuwana chete zvinhu zvemukati zvemudziyo. Zvisinei, nekuda kwekudiwa kwekuchengetedza sisitimu yekushandisa iri mukati memudziyo ichivandudzwa uye kushandiswa kweshanduro dzekare dzekernel (dzakakodzera kune Linux, kusvika padiki FreeBSD) pane mukana wekuti "upfuure" system yekubvisa kernel wowana mukana wekushandisa main operating system.
Panzvimbo yekumhanyisa yakazara-yakazara sisitimu yekushandisa mumudziyo (ine yekutanga system, package maneja, nezvimwewo), unogona kumhanya zvikumbiro zvakananga, chinhu chikuru ndechekupa zvikumbiro nekugona uku (kuvapo kweraibhurari inodiwa uye mamwe mafaera). Pfungwa iyi yakashanda sehwaro hwemudziyo virtualization yezvikumbiro, mumiriri ane mukurumbira uye anozivikanwa anove Docker. Kuenzaniswa neyakapfuura masisitimu, mamwe anochinjika ekuzviparadzanisa nevamwe masisitimu, pamwe neakavakirwa-mukati tsigiro kune chaiwo network pakati pemidziyo uye kuteedzera mamiriro ekushandisa mukati memudziyo, zvakakonzera kugona kuvaka imwe chete, yakabatanidzwa nharaunda kubva kunhamba huru yemasevha emuviri ekumhanyisa midziyo - pasina kudiwa kwemanyorero ekugadzirisa zviwanikwa.
Docker
Docker ndiyo software inozivikanwa zvikuru yekuisa maapplication containerization. Yakanyorwa mumutauro weGo uye inoshandisa hunyanzvi hwe kernel hwemuno. Linux — ma cgroup, nzvimbo dzemazita, kugona, nezvimwewo, pamwe chete nema Aufs file systems nezvimwe zvakafanana kuchengetedza nzvimbo yedhisiki.
Kunobva: wikimedia
akitekicha
Pamberi pevhezheni 1.11, Docker yaishanda sesevhisi imwe chete yaibata mabasa ese emumagaba: kurodha pasi mifananidzo yemumagaba, kuvhura magaba, uye kubata zvikumbiro zveAPI. Kutanga nevhezheni 1.11, Docker yakakamurwa kuita zvikamu zvakasiyana-siyana: contained, iyo inobata hupenyu hwese hwemugaba (kugoverwa kwedhisiki, kurodha pasi mifananidzo, networking, kuvhura, kuisa, uye kutarisa mamiriro emugaba), uye runC, nzvimbo yekumhanya kwemugaba yakavakirwa pamapoka emugaba nezvimwe zvinhu zvekernel. LinuxBasa reDocker pacharo richiripo, asi ikozvino rinongoshanda chete kugadzirisa zvikumbiro zveAPI zvinotumirwa ku container.
Kuiswa uye kumisikidzwa
Nzira yangu yandinofarira yekuisa docker ndeye docker-muchina, iyo, pamusoro pekuisa zvakananga nekugadzirisa docker pamaseva ari kure (kusanganisira makore akasiyana), inokutendera kuti ushande nemafaira masisitimu emaseva ari kure, uye anogona zvakare kumhanya akasiyana mirairo.
Zvisinei, kubvira muna 2018 chirongwa ichi hachina kunyatsogadzirwa, saka tichachiisa tichishandisa nzira yakajairika yekugovera zvakawanda. Linux nzira - nekuwedzera nzvimbo yekuchengetedza uye kuisa mapakeji anodiwa.
Iyi nzira inoshandiswawo pakugadzika otomatiki, semuenzaniso kushandisa Ansible kana mamwe masisitimu akafanana, asi ini handisi kuzozviona mune ino chinyorwa.
Kuiswa kwacho kuchaitwa musi wa Centos 7, ndichashandisa muchina chaiwo seseva, pakuisirwa zvakakwana kuti ndimhanye mirairo iri pazasi:
# yum install -y yum-utils
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install docker-ce docker-ce-cli containerd.ioMushure mekuisa, unofanirwa kutanga sevhisi uye kuimisa kuti itange:
# systemctl enable docker
# systemctl start docker
# firewall-cmd --zone=public --add-port=2377/tcp --permanentPamusoro pezvo, iwe unogona kugadzira boka remadocker, iro vashandisi vachakwanisa kushanda nedocker pasina sudo, kumisikidza matanda, gonesa yekunze API kuwana, uye usakanganwa kumisikidza yakanyatsojeka firewall (zvese zvisingabvumirwe zvinorambidzwa mumienzaniso iri pamusoro uye pazasi - ini ndakasiya izvi kuti zvive nyore uye zvakajeka), asi ini handisi kuzopinda mune zvakadzama pano.
Zvimwe zvinhu
Pamusoro pemuchina wedocker wataurwa pamusoro apa, kune zvakare docker registry, chishandiso chekuchengetera mifananidzo yemidziyo, pamwe nedocker composer, chishandiso che automating kuendesa zvikumbiro mumidziyo, uchishandisa YAML mafaera kuvaka nekugadzirisa midziyo nezvimwe zvinhu zvine hukama (semuenzaniso, network, inoenderera faira masisitimu ekuchengetedza data).
Inogona zvakare kushandiswa kuronga mapaipi eCICD. Chimwe chinhu chinonakidza chiri kushanda mune cluster modhi, iyo inonzi swarm modhi (isati yasvika vhezheni 1.12 yaizivikanwa se docker swarm), iyo inokutendera iwe kuunganidza imwechete sisitimu yekumhanyisa midziyo kubva kune akati wandei maseva. Iko kune kutsigirwa kweiyo chaiyo network pamusoro pese maseva, kune yakavakirwa-mukati mitoro balancer, pamwe nerutsigiro rwezvakavanzika zvemidziyo.
YAML mafaera kubva kudocker anoumba ane madiki magadzirirwo anogona kushandiswa kune akadaro masumbu, zvizere otomatiki kuchengetedza kwediki uye epakati masumbu nezvinangwa zvakasiyana. Kune masumbu akakura, Kubernetes inodiwa, sezvo mutengo wekugadzirisa weswarm modhi unogona kudarika iwo eKubernetes. Mukuwedzera kune runC, unogona kuisa, semuenzaniso,
Kushanda neDocker
Mushure mekuisa uye kugadzirisa, isu tichaedza kuunganidza sumbu umo isu tichaisa GitLab uye Docker Registry yechikwata chekusimudzira. Ini ndichashandisa matatu chaiwo machina semasevha, pandichawedzera kuendesa yakagoverwa GlusterFS faira system, ini ndichaishandisa se docker mavhoriyamu ekuchengetedza, semuenzaniso, kuvhura vhezheni inoshivirira yedocker registry. Zvinhu zvakakosha zvekutanga: Docker Registry, Postgresql, Redis, GitLab ine GitLab Runner rutsigiro pamusoro peSwarm. Isu tichavhura Postgresql nekubatanidza , saka hapana chikonzero chekushandisa GlusterFS kuchengetedza Postgresql data. Mamwe ese akakosha data achachengetwa paGlusterFS.
Kuisa GlusterFS pamaseva ese (anonzi node1, node2, node3), unofanirwa kuisa mapakeji, kugonesa firewall, uye kugadzira madhairekitori anodiwa:
# yum -y install centos-release-gluster7
# yum -y install glusterfs-server
# systemctl enable glusterd
# systemctl start glusterd
# firewall-cmd --add-service=glusterfs --permanent
# firewall-cmd --reload
# mkdir -p /srv/gluster
# mkdir -p /srv/docker
# echo "$(hostname):/docker /srv/docker glusterfs defaults,_netdev 0 0" >> /etc/fstabMushure mekuisa, basa rekugadzirisa GlusterFS rinofanira kuenderera mberi kubva kune imwe node, semuenzaniso node1:
# gluster peer probe node2
# gluster peer probe node3
# gluster volume create docker replica 3 node1:/srv/gluster node2:/srv/gluster node3:/srv/gluster force
# gluster volume start dockerIpapo iwe unofanirwa kukwidza vhoriyamu inoguma (iyo murairo unofanirwa kuitiswa pamaseva ese):
# mount /srv/dockerIyo swarm mode inogadziriswa pane imwe yemaseva, inova Mutungamiriri, vamwe vese vachafanira kujoinha sumbu, saka mhedzisiro yekuita murairo pane yekutanga server ichafanirwa kukopwa uye kuurayiwa kune vamwe.
Kwekutanga cluster setup, ndinomhanyisa rairo pane node1:
# docker swarm init
Swarm initialized: current node (a5jpfrh5uvo7svzz1ajduokyq) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0c5mf7mvzc7o7vjk0wngno2dy70xs95tovfxbv4tqt9280toku-863hyosdlzvd76trfptd4xnzd xx.xx.xx.xx:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
# docker swarm join-token managerIsu tinotevedzera mhedzisiro yemurairo wechipiri uye toita pane node2 uye node3:
# docker swarm join --token SWMTKN-x-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxx xx.xx.xx.xx:2377
This node joined a swarm as a manager.Izvi zvinopedzisa yekutanga server setup, ngatienderere mberi nekumisikidza masevhisi, mirairo yekuuraya ichatangwa kubva node1, kunze kwekunge yatsanangurwa neimwe nzira.
Chekutanga, ngatigadzire manetwork emidziyo:
# docker network create --driver=overlay etcd
# docker network create --driver=overlay pgsql
# docker network create --driver=overlay redis
# docker network create --driver=overlay traefik
# docker network create --driver=overlay gitlabIpapo tinomaka maseva, izvi zvinodikanwa kusunga mamwe masevhisi kumaseva:
# docker node update --label-add nodename=node1 node1
# docker node update --label-add nodename=node2 node2
# docker node update --label-add nodename=node3 node3Tevere, tinogadzira madhairekitori ekuchengetedza etcd data, KV kuchengetedza, inodiwa kuTraefik neStolon. Zvakafanana nePostgresql, izvi zvichave midziyo yakasungirirwa kumaseva, saka isu tinomhanyisa uyu murairo pane ese maseva:
# mkdir -p /srv/etcdTevere, isu tinogadzira faira kugadzirisa etcd uye kuishandisa:
00etcd.yml
version: '3.7'
services:
etcd1:
image: quay.io/coreos/etcd:latest
hostname: etcd1
command:
- etcd
- --name=etcd1
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd1:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd1:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd1vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
etcd2:
image: quay.io/coreos/etcd:latest
hostname: etcd2
command:
- etcd
- --name=etcd2
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd2:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd2:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd2vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
etcd3:
image: quay.io/coreos/etcd:latest
hostname: etcd3
command:
- etcd
- --name=etcd3
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd3:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd3:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd3vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
volumes:
etcd1vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd2vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd3vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
networks:
etcd:
external: true# docker stack deploy --compose-file 00etcd.yml etcdMushure mechinguva, tinotarisa kuti etcd cluster yatanga:
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl member list
ade526d28b1f92f7: name=etcd1 peerURLs=http://etcd1:2380 clientURLs=http://etcd1:2379 isLeader=false
bd388e7810915853: name=etcd3 peerURLs=http://etcd3:2380 clientURLs=http://etcd3:2379 isLeader=false
d282ac2ce600c1ce: name=etcd2 peerURLs=http://etcd2:2380 clientURLs=http://etcd2:2379 isLeader=true
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl cluster-health
member ade526d28b1f92f7 is healthy: got healthy result from http://etcd1:2379
member bd388e7810915853 is healthy: got healthy result from http://etcd3:2379
member d282ac2ce600c1ce is healthy: got healthy result from http://etcd2:2379
cluster is healthyIsu tinogadzira madhairekitori ePostgresql, isu tinoita murairo pane ese maseva:
# mkdir -p /srv/pgsqlTevere, isu tinogadzira faira kugadzirisa Postgresql:
01pgsql.yml
version: '3.7'
services:
pgsentinel:
image: sorintlab/stolon:master-pg10
command:
- gosu
- stolon
- stolon-sentinel
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
- --log-level=debug
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: pause
pgkeeper1:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper1
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper1
- --pg-repl-username=replica
- --uid=pgkeeper1
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper1:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
pgkeeper2:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper2
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper2
- --pg-repl-username=replica
- --uid=pgkeeper2
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper2:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
pgkeeper3:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper3
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper3
- --pg-repl-username=replica
- --uid=pgkeeper3
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper3:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
postgresql:
image: sorintlab/stolon:master-pg10
command: gosu stolon stolon-proxy --listen-address 0.0.0.0 --cluster-name stolon-cluster --store-backend=etcdv3 --store-endpoints http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: rollback
volumes:
pgkeeper1:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper2:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper3:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
secrets:
pgsql:
file: "/srv/docker/postgres"
pgsql_repl:
file: "/srv/docker/replica"
networks:
etcd:
external: true
pgsql:
external: trueIsu tinogadzira zvakavanzika, shandisa iyo faira:
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/replica
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/postgres
# docker stack deploy --compose-file 01pgsql.yml pgsqlMushure menguva yakati (tarisa pane yekuraira kubuda docker service ls, kuti masevhisi ese ari kumusoro) isu tinotanga iyo Postgresql cluster:
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 initKutarisa kugadzirira kwePostgresql cluster:
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 status
=== Active sentinels ===
ID LEADER
26baa11d false
74e98768 false
a8cb002b true
=== Active proxies ===
ID
4d233826
9f562f3b
b0c79ff1
=== Keepers ===
UID HEALTHY PG LISTENADDRESS PG HEALTHY PG WANTEDGENERATION PG CURRENTGENERATION
pgkeeper1 true pgkeeper1:5432 true 2 2
pgkeeper2 true pgkeeper2:5432 true 2 2
pgkeeper3 true pgkeeper3:5432 true 3 3
=== Cluster Info ===
Master Keeper: pgkeeper3
===== Keepers/DB tree =====
pgkeeper3 (master)
├─pgkeeper2
└─pgkeeper1
Gadzirisa traefik kuvhura kupinda kune midziyo kubva kunze:
03traefik.yml
version: '3.7'
services:
traefik:
image: traefik:latest
command: >
--log.level=INFO
--providers.docker=true
--entryPoints.web.address=:80
--providers.providersThrottleDuration=2
--providers.docker.watch=true
--providers.docker.swarmMode=true
--providers.docker.swarmModeRefreshSeconds=15s
--providers.docker.exposedbydefault=false
--accessLog.bufferingSize=0
--api=true
--api.dashboard=true
--api.insecure=true
networks:
- traefik
ports:
- 80:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
replicas: 3
placement:
constraints:
- node.role == manager
preferences:
- spread: node.id
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`traefik.example.com`)
- traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.docker.network=traefik
networks:
traefik:
external: true# docker stack deploy --compose-file 03traefik.yml traefikIsu tinotangisa Redis Cluster, nekuda kweizvi tinogadzira dhairekitori rekuchengetedza pane ese node:
# mkdir -p /srv/redis05redis.yml
version: '3.7'
services:
redis-master:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379:6379'
environment:
- REDIS_REPLICATION_MODE=master
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: global
restart_policy:
condition: any
volumes:
- 'redis:/opt/bitnami/redis/etc/'
redis-replica:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379'
depends_on:
- redis-master
environment:
- REDIS_REPLICATION_MODE=slave
- REDIS_MASTER_HOST=redis-master
- REDIS_MASTER_PORT_NUMBER=6379
- REDIS_MASTER_PASSWORD=xxxxxxxxxxx
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: replicated
replicas: 3
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: any
redis-sentinel:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '16379'
depends_on:
- redis-master
- redis-replica
entrypoint: |
bash -c 'bash -s <<EOF
"/bin/bash" -c "cat <<EOF > /opt/bitnami/redis/etc/sentinel.conf
port 16379
dir /tmp
sentinel monitor master-node redis-master 6379 2
sentinel down-after-milliseconds master-node 5000
sentinel parallel-syncs master-node 1
sentinel failover-timeout master-node 5000
sentinel auth-pass master-node xxxxxxxxxxx
sentinel announce-ip redis-sentinel
sentinel announce-port 16379
EOF"
"/bin/bash" -c "redis-sentinel /opt/bitnami/redis/etc/sentinel.conf"
EOF'
deploy:
mode: global
restart_policy:
condition: any
volumes:
redis:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: "/srv/redis"
networks:
redis:
external: true# docker stack deploy --compose-file 05redis.yml redisWedzera Docker Registry:
06registry.yml
version: '3.7'
services:
registry:
image: registry:2.6
networks:
- traefik
volumes:
- registry_data:/var/lib/registry
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.registry.rule=Host(`registry.example.com`)
- traefik.http.services.registry.loadbalancer.server.port=5000
- traefik.docker.network=traefik
volumes:
registry_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/registry"
networks:
traefik:
external: true# mkdir /srv/docker/registry
# docker stack deploy --compose-file 06registry.yml registryUye pakupedzisira, GitLab:
08gitlab-runner.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
networks:
- pgsql
- redis
- traefik
- gitlab
ports:
- 22222:22
environment:
GITLAB_OMNIBUS_CONFIG: |
postgresql['enable'] = false
redis['enable'] = false
gitlab_rails['registry_enabled'] = false
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "XXXXXXXXXXX"
gitlab_rails['db_host'] = "postgresql"
gitlab_rails['db_port'] = "5432"
gitlab_rails['db_database'] = "gitlab"
gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'utf8'
gitlab_rails['redis_host'] = 'redis-master'
gitlab_rails['redis_port'] = '6379'
gitlab_rails['redis_password'] = 'xxxxxxxxxxx'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.yandex.ru"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "noreply@example.com"
gitlab_rails['smtp_password'] = "xxxxxxxxx"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['gitlab_email_from'] = 'noreply@example.com'
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
external_url 'http://gitlab.example.com/'
gitlab_rails['gitlab_shell_ssh_port'] = 22222
volumes:
- gitlab_conf:/etc/gitlab
- gitlab_logs:/var/log/gitlab
- gitlab_data:/var/opt/gitlab
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.gitlab.rule=Host(`gitlab.example.com`)
- traefik.http.services.gitlab.loadbalancer.server.port=80
- traefik.docker.network=traefik
gitlab-runner:
image: gitlab/gitlab-runner:latest
networks:
- gitlab
volumes:
- gitlab_runner_conf:/etc/gitlab
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
gitlab_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/conf"
gitlab_logs:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/logs"
gitlab_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/data"
gitlab_runner_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/runner"
networks:
pgsql:
external: true
redis:
external: true
traefik:
external: true
gitlab:
external: true# mkdir -p /srv/docker/gitlab/conf
# mkdir -p /srv/docker/gitlab/logs
# mkdir -p /srv/docker/gitlab/data
# mkdir -p /srv/docker/gitlab/runner
# docker stack deploy --compose-file 08gitlab-runner.yml gitlabMamiriro ekupedzisira emasumbu nemasevhisi:
# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
lef9n3m92buq etcd_etcd1 replicated 1/1 quay.io/coreos/etcd:latest
ij6uyyo792x5 etcd_etcd2 replicated 1/1 quay.io/coreos/etcd:latest
fqttqpjgp6pp etcd_etcd3 replicated 1/1 quay.io/coreos/etcd:latest
hq5iyga28w33 gitlab_gitlab replicated 1/1 gitlab/gitlab-ce:latest *:22222->22/tcp
dt7s6vs0q4qc gitlab_gitlab-runner replicated 1/1 gitlab/gitlab-runner:latest
k7uoezno0h9n pgsql_pgkeeper1 replicated 1/1 sorintlab/stolon:master-pg10
cnrwul4r4nse pgsql_pgkeeper2 replicated 1/1 sorintlab/stolon:master-pg10
frflfnpty7tr pgsql_pgkeeper3 replicated 1/1 sorintlab/stolon:master-pg10
x7pqqchi52kq pgsql_pgsentinel replicated 3/3 sorintlab/stolon:master-pg10
mwu2wl8fti4r pgsql_postgresql replicated 3/3 sorintlab/stolon:master-pg10
9hkbe2vksbzb redis_redis-master global 3/3 bitnami/redis:latest *:6379->6379/tcp
l88zn8cla7dc redis_redis-replica replicated 3/3 bitnami/redis:latest *:30003->6379/tcp
1utp309xfmsy redis_redis-sentinel global 3/3 bitnami/redis:latest *:30002->16379/tcp
oteb824ylhyp registry_registry replicated 1/1 registry:2.6
qovrah8nzzu8 traefik_traefik replicated 3/3 traefik:latest *:80->80/tcp, *:443->443/tcpChii chimwe chinogona kuvandudzwa? Izvo zvinodikanwa kugadzirisa Traefik kumhanya midziyo pamusoro pe https, wedzera TLS encryption yePostgresql uye Redis. Asi kazhinji, inogona kutopihwa kune vanogadzira sePoC. Ngatitarisei dzimwe nzira dzeDocker.
podman
Imwe injini inozivikanwa kwazvo yekumhanyisa midziyo yakaunganidzwa nemapods (mapoka emidziyo akaiswa pamwechete). Kusiyana neDocker, hazvidi chero sevhisi yekumhanyisa midziyo; basa rose rinoitwa kuburikidza ne libpod raibhurari. Zvakare zvakanyorwa muGo, zvinoda OCI-inoenderana nguva yekumhanyisa kumhanyisa midziyo, senge runC.
Kushanda naPodman kazhinji kwakafanana nekushanda neDocker, kusvika pakuti unogona kuzviita sezvizvi (sezvakataurwa nevakawanda vakazviedza, kusanganisira munyori wechinyorwa chino):
$ alias docker=podmanuye unogona kuramba uchishanda. Kazhinji, mamiriro ezvinhu nePodman anonakidza, nekuti kana shanduro dzekutanga dzeKubernetes dzakashanda naDocker, saka kubva munenge muna 2015, mushure mekumisikidzwa kwenyika yemidziyo (OCI - Open Container Initiative) uye kupatsanurwa kweDocker mumudziyo uye runC, imwe nzira yeDocker yekumhanya muKubernetes yanga ichigadzira: CRI-O. Podman mune izvi ndeimwe nzira yeDocker, yakavakirwa pamisimboti yeKubernetes, kusanganisira kurongedza midziyo, asi chinangwa chikuru chepurojekiti ndechekumhanyisa midziyo muDocker maitiro pasina mamwe masevhisi. Nezvikonzero zviri pachena, hapana swarm mode, sezvo vagadziri vanotaura zvakajeka kuti kana iwe uchida sumbu, tora Kubernetes.
Kuiswa
Yekuiswa mukati Centos 7, ingo tangazve iyo Extras repository wobva waisa zvese uchishandisa murairo:
# yum -y install podmanZvimwe zvinhu
Podman inogona kugadzira zvikamu zve systemd, nekudaro kugadzirisa dambudziko rekutanga midziyo mushure mekutangazve sevha. Pamusoro pezvo, iko iko kushanda kwe systemd se pid 1 mumudziyo kunoziviswa. Chishandiso chakasiyana chekuvaka chinoshandiswa kugadzira midziyo, kune zvakare zvechitatu-bato maturusi - analog e-docker-compose, ayo anogadzira, pakati pezvimwe zvinhu, mafaera ekugadzirisa anoenderana neKubernetes, saka shanduko kubva kuPodman kuenda Kubernetes inorerutswa zvakanyanya sezvinobvira.
Kushanda naPodman
Sezvo pasina swarm mode (inofungidzirwa kuti tichachinja kuKubernetes kana tichida sumbu), tichaivaka mumidziyo yakasiyana.
Isa podman-compose:
# yum -y install python3-pip
# pip3 install podman-composeIyo inoguma yekumisikidza faira yepodman yakasiyana zvishoma, semuenzaniso, ini ndaifanira kufambisa yakaparadzana mavhoriyamu chikamu zvakananga kuchikamu chebasa.
gitlab-podman.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
hostname: gitlab.example.com
restart: unless-stopped
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
ports:
- "80:80"
- "22222:22"
volumes:
- /srv/podman/gitlab/conf:/etc/gitlab
- /srv/podman/gitlab/data:/var/opt/gitlab
- /srv/podman/gitlab/logs:/var/log/gitlab
networks:
- gitlab
gitlab-runner:
image: gitlab/gitlab-runner:alpine
restart: unless-stopped
depends_on:
- gitlab
volumes:
- /srv/podman/gitlab/runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
networks:
- gitlab
networks:
gitlab:# podman-compose -f gitlab-runner.yml -d upMhedzisiro yebasa:
# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
da53da946c01 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab-runner_1
781c0103c94a docker.io/gitlab/gitlab-ce:latest /assets/wrapper About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab_1Ngationei kuti inogadzira chii systemd uye kubernetes, nekuda kweizvi tinoda kuziva zita kana id yepodhi:
# podman pod ls
POD ID NAME STATUS CREATED # OF CONTAINERS INFRA ID
71fc2b2a5c63 root Running 11 minutes ago 3 db40ab8bf84bKubernetes:
# podman generate kube 71fc2b2a5c63
# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-1.6.4
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2020-07-29T19:22:40Z"
labels:
app: root
name: root
spec:
containers:
- command:
- /assets/wrapper
env:
- name: PATH
value: /opt/gitlab/embedded/bin:/opt/gitlab/bin:/assets:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
value: gitlab.example.com
- name: container
value: podman
- name: GITLAB_OMNIBUS_CONFIG
value: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
- name: LANG
value: C.UTF-8
image: docker.io/gitlab/gitlab-ce:latest
name: rootgitlab1
ports:
- containerPort: 22
hostPort: 22222
protocol: TCP
- containerPort: 80
hostPort: 80
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /var/opt/gitlab
name: srv-podman-gitlab-data
- mountPath: /var/log/gitlab
name: srv-podman-gitlab-logs
- mountPath: /etc/gitlab
name: srv-podman-gitlab-conf
workingDir: /
- command:
- run
- --user=gitlab-runner
- --working-directory=/home/gitlab-runner
env:
- name: PATH
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
- name: container
value: podman
image: docker.io/gitlab/gitlab-runner:alpine
name: rootgitlab-runner1
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /etc/gitlab-runner
name: srv-podman-gitlab-runner
- mountPath: /var/run/docker.sock
name: var-run-docker.sock
workingDir: /
volumes:
- hostPath:
path: /srv/podman/gitlab/runner
type: Directory
name: srv-podman-gitlab-runner
- hostPath:
path: /var/run/docker.sock
type: File
name: var-run-docker.sock
- hostPath:
path: /srv/podman/gitlab/data
type: Directory
name: srv-podman-gitlab-data
- hostPath:
path: /srv/podman/gitlab/logs
type: Directory
name: srv-podman-gitlab-logs
- hostPath:
path: /srv/podman/gitlab/conf
type: Directory
name: srv-podman-gitlab-conf
status: {}Systemd:
# podman generate systemd 71fc2b2a5c63
# pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
Documentation=man:podman-generate-systemd(1)
Requires=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Before=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
ExecStop=/usr/bin/podman stop -t 10 db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
ExecStop=/usr/bin/podman stop -t 10 da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
ExecStop=/usr/bin/podman stop -t 10 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3/userdata/conmon.pid
[Install]
WantedBy=multi-user.targetNehurombo, kunze kwekuvhura midziyo, iyo yakagadzirwa unit ye systemd haina chimwe chinhu (semuenzaniso, kuchenesa midziyo yekare kana uchitangazve sevhisi yakadai), saka zvinhu zvakadaro zvinofanirwa kunyorwa zvakazvimirira.
Mumusimboti, Podman inokwana kuti uedze kuti midziyo chii, fambisa zvigadziriso zvekare zvedocker-compose, wobva waenda kuKubernetes kana iwe uchida cluster, kana kuwana imwe nzira iri nyore kushandisa kuDocker.
rkt
Iyo purojekiti inenge hafu yegore rapfuura nokuti yakatengwa neRedHat, saka ini handisi kuzogara pairi zvakadzama. Pakazara, yakasiya fungidziro yakanaka, asi ichienzaniswa neDocker uye kunyanya Podman, inoita senge musanganiswa. Paive zvakare neCoreOS yekugovera yakavakirwa parkt (kunyangwe ivo pakutanga vaive neDocker), asi rutsigiro rwayo rwakaperawo mushure mekutengwa kweRedHat.
Flash
Zvimwe , munyori aingoda kuvaka nekumhanyisa midziyo. Tichifunga nezvezvinyorwa uye kodhi, munyori haana kutevedzera zviyero, asi akangofunga kunyora ake kuita, izvo ndizvo chaizvo zvaakaita.
zvakawanikwa
Mamiriro ezvinhu neKubernetes anonakidza kwazvo: kune rimwe divi, neDocker, unogona kuunganidza sumbu (mune swarm mode), iyo iwe yaunogona kunyange kuvhura nzvimbo dzekugadzira kune vatengi, izvi zvinonyanya kukosha kune zvikwata zvidiki (3-5 vanhu), kana nediki rose mutoro, kana kushaikwa kwechido chekunzwisisa kuomarara kwekumisikidza Kubernetes, kusanganisira kune yakakwira mitoro.
Podman haina kupa kuenderana kwakazara, asi ine imwe yakakosha mukana - kuenderana neKubernetes, kusanganisira mamwe maturusi (buildah nevamwe). Naizvozvo, ini ndichaswedera kusarudzo yechishandiso chebasa seizvi: kuzvikwata zvidiki, kana nebhajeti shoma - Docker (ine inogoneka swarm mode), yekuzvigadzira iwe pachako pane yako wega localhost - Podman nevamwe, uye kune wese wese - Kubernetes.
Handina chokwadi chekuti mamiriro ezvinhu naDocker haazochinje mune ramangwana, mushure mezvose, ivo mapiyona, uye nhanho nhanho vari kuva vakajairwa zvishoma nezvishoma, asi Podman, pasinei nekushaikwa kwayo kwese (inoshanda chete pa Linux, hapana kuungana, kuunganidza nezvimwe zviito zvinoitwa nemhinduro dzevamwe) ramangwana rakajeka, saka ndinokumbira munhu wese kuti akurukure zvakawanikwa izvi mumashoko.
PS Musi wa3 Nyamavhuvhu tinovhura "", kwaunogona kudzidza zvakawanda nezvebasa rayo. Tichaongorora maturusi ayo ese: kubva kune yekutanga abstractions kune network parameters, nuances yekushanda neakasiyana OS uye programming mitauro. Iwe uchajairana nehunyanzvi uye unonzwisisa kupi uye sei zvakanakisisa kushandisa Docker. Tichagoverawo zvakanakisisa maitiro ekuita maitiro.
Pre-oda mutengo usati waburitswa: 5000 RUR Unogona kutarisa chirongwa che "Vhidhiyo Kosi paDocker" .
Source: www.habr.com
