环境
docker-ce-19.03.1-3.el7.x86_64
centos 7
一、Docker管理工具 (官方三剑客)
1、Docker Machine(学习的Openstack Heat)
Create Docker Machine主要包括三个Create过程。
(1)首先是Provider Create(libmachine/provider.go),此函数主要是在当前运行docker-machine命令主机上创建以machine name命名的文件夹,并将根证书,服务器证书以及用户证书拷贝到此文件夹。
(2)其次是Driver create(例如drivers/virtualbox/virtualbox.go)用来创建主机,
(3)最后是运行Host create(libmachine/host.go)通过SSH安装并配置Docker。目前在本地环境中使用的是boot2docker镜像,云端环境使用的是Ubuntu镜像。
其实真相是这样的:自动创建一个虚机并且安装好设置好Docker Engine.
作用:
(1)Docker Machine简化了部署的复杂度,无论是在本机的虚拟机上还是在公有云平台,只需要一条命令便可搭建好Docker主机
(2)Docker Machine提供了多平台多Docker主机的集中管理
(3)Docker Machine 使应用由本地迁移到云端变得简单,只需要修改一下环境变量即可和任意Docker主机通信部署应用
2、Swarm作为一个管理Docker集群的工具,可以单独部署于一个节点。 (抄Kubernetes)
Swarm的具体工作流程:Docker Client发送请求给Swarm;
Swarm处理请求并发送至相应的Docker Node;
Docker Node执行相应的操作并返回响应。
在某些点, Swarm将可以在主机故障时重调度容器.
Swarm可以很好地与第三方容器编配产品和运供应商提供的编配服务整合,如Mesos
3、Docker Compose (抄Kubernetes)
将所管理的容器分为三层,工程(project),服务(service)以及容器(contaienr)。
一个工程当中可包含多个服务,每个服务中定义了容器运行的镜像,参数,依赖。一个服务当中可包括多个容
器实例,Docker Compose并没有解决负载均衡的问题,因此需要借助其他工具实现服务发现及负载均衡。
Docker Compose中定义构建的镜像只存在在一台Docker Swarm主机上,无法做到多主机共享
二、Tutum(收费的)
三、Shipyard入门(开源,可用于生产)
Shipyard 是一个基于 Web 的 Docker 管理工具,支持多 host,可以把多个 Docker host 上的 containers 统一管理;可以查看 images,甚至 build images;并提供 RESTful API 等等。
Shipyard 要管理和控制 Docker host 的话需要先修改 Docker host 上的默认配置使其支持远程管理。
Shipyard官网已停止了,Githup也不更新了,使用下面脚本来下载和安装:
#!/bin/bash if [ "$1" != "" ] && [ "$1" = "-h" ]; then
echo "Shipyard Deploy uses the following environment variables:"
echo " ACTION: this is the action to use (deploy, upgrade, node, remove)"
echo " DISCOVERY: discovery system used by Swarm (only if using 'node' action)"
echo " IMAGE: this overrides the default Shipyard image"
echo " PREFIX: prefix for container names"
echo " SHIPYARD_ARGS: these are passed to the Shipyard controller container as controller args"
echo " TLS_CERT_PATH: path to certs to enable TLS for Shipyard"
echo " PORT: specify the listen port for the controller (default: 8080)"
echo " IP: specify the address at which the controller or node will be available (default: eth0 ip)"
echo " PROXY_PORT: port to run docker proxy (default: 2375)"
exit
fi if [ -z "`which docker`" ]; then
echo "You must have the Docker CLI installed on your \$PATH"
echo " See http://docs.docker.com for details"
exit
fi ACTION=${ACTION:-deploy}
IMAGE=${IMAGE:-dockerclub/shipyard:latest}
PREFIX=${PREFIX:-shipyard}
SHIPYARD_ARGS=${SHIPYARD_ARGS:-""}
TLS_CERT_PATH=${TLS_CERT_PATH:-}
CERT_PATH="/etc/shipyard"
PROXY_PORT=${PROXY_PORT:-}
SWARM_PORT=
SHIPYARD_PROTOCOL=http
SHIPYARD_PORT=${PORT:-}
SHIPYARD_IP=${IP}
DISCOVERY_BACKEND=etcd
DISCOVERY_PORT=
DISCOVERY_PEER_PORT=
ENABLE_TLS=
CERT_FINGERPRINT=""
LOCAL_CA_CERT=""
LOCAL_SSL_CERT=""
LOCAL_SSL_KEY=""
LOCAL_SSL_CLIENT_CERT=""
LOCAL_SSL_CLIENT_KEY=""
SSL_CA_CERT=""
SSL_CERT=""
SSL_KEY=""
SSL_CLIENT_CERT=""
SSL_CLIENT_KEY="" show_cert_help() {
echo "To use TLS in Shipyard, you must have existing certificates."
echo "The certs must be named ca.pem, server.pem, server-key.pem, cert.pem and key.pem"
echo "If you need to generate certificates, see https://github.com/ehazlett/certm for examples."
} check_certs() {
if [ -z "$TLS_CERT_PATH" ]; then
return
fi if [ ! -e $TLS_CERT_PATH ]; then
echo "Error: unable to find certificates in $TLS_CERT_PATH"
show_cert_help
exit
fi if [ "$PROXY_PORT" = "" ]; then
PROXY_PORT=
fi
SWARM_PORT=
SHIPYARD_PROTOCOL=https
LOCAL_SSL_CA_CERT="$TLS_CERT_PATH/ca.pem"
LOCAL_SSL_CERT="$TLS_CERT_PATH/server.pem"
LOCAL_SSL_KEY="$TLS_CERT_PATH/server-key.pem"
LOCAL_SSL_CLIENT_CERT="$TLS_CERT_PATH/cert.pem"
LOCAL_SSL_CLIENT_KEY="$TLS_CERT_PATH/key.pem"
SSL_CA_CERT="$CERT_PATH/ca.pem"
SSL_CERT="$CERT_PATH/server.pem"
SSL_KEY="$CERT_PATH/server-key.pem"
SSL_CLIENT_CERT="$CERT_PATH/cert.pem"
SSL_CLIENT_KEY="$CERT_PATH/key.pem"
CERT_FINGERPRINT=$(openssl x509 -noout -in $LOCAL_SSL_CERT -fingerprint -sha256 | awk -F= '{print $2;}') if [ ! -e $LOCAL_SSL_CA_CERT ] || [ ! -e $LOCAL_SSL_CERT ] || [ ! -e $LOCAL_SSL_KEY ] || [ ! -e $LOCAL_SSL_CLIENT_CERT ] || [ ! -e $LOCAL_SSL_CLIENT_KEY ]; then
echo "Error: unable to find certificates"
show_cert_help
exit
fi ENABLE_TLS=
} # container functions
start_certs() {
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-certs \
-v $CERT_PATH \
alpine \
sh)
if [ $ENABLE_TLS = ]; then
docker cp $LOCAL_SSL_CA_CERT $PREFIX-certs:$SSL_CA_CERT
docker cp $LOCAL_SSL_CERT $PREFIX-certs:$SSL_CERT
docker cp $LOCAL_SSL_KEY $PREFIX-certs:$SSL_KEY
docker cp $LOCAL_SSL_CLIENT_CERT $PREFIX-certs:$SSL_CLIENT_CERT
docker cp $LOCAL_SSL_CLIENT_KEY $PREFIX-certs:$SSL_CLIENT_KEY
fi
} remove_certs() {
docker rm -fv $PREFIX-certs > /dev/null >&
} get_ip() {
if [ -z "$SHIPYARD_IP" ]; then
SHIPYARD_IP=`docker run --rm --net=host alpine ip route get 8.8.8.8 | awk '{ print $7; }'`
fi
} start_discovery() {
get_ip ID=$(docker run \
-ti \
-d \
-p : \
-p : \
--restart=always \
--name $PREFIX-discovery \
microbox/etcd:latest -addr $SHIPYARD_IP:$DISCOVERY_PORT -peer-addr $SHIPYARD_IP:$DISCOVERY_PEER_PORT)
} remove_discovery() {
docker rm -fv $PREFIX-discovery > /dev/null >&
} start_rethinkdb() {
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-rethinkdb \
rethinkdb)
} remove_rethinkdb() {
docker rm -fv $PREFIX-rethinkdb > /dev/null >&
} start_proxy() {
TLS_OPTS=""
if [ $ENABLE_TLS = ]; then
TLS_OPTS="-e SSL_CA=$SSL_CA_CERT -e SSL_CERT=$SSL_CERT -e SSL_KEY=$SSL_KEY -e SSL_SKIP_VERIFY=1"
fi
# Note: we add SSL_SKIP_VERIFY= to skip verification of the client
# certificate in the proxy image. this will pass it to swarm that
# does verify. this helps with performance and avoids certificate issues
# when running through the proxy. ultimately if the cert is invalid
# swarm will fail to return.
ID=$(docker run \
-ti \
-d \
-p $PROXY_PORT:$PROXY_PORT \
--hostname=$HOSTNAME \
--restart=always \
--name $PREFIX-proxy \
-v /var/run/docker.sock:/var/run/docker.sock \
-e PORT=$PROXY_PORT \
--volumes-from=$PREFIX-certs $TLS_OPTS\
shipyard/docker-proxy:latest)
} remove_proxy() {
docker rm -fv $PREFIX-proxy > /dev/null >&
} start_swarm_manager() {
get_ip TLS_OPTS=""
if [ $ENABLE_TLS = ]; then
TLS_OPTS="--tlsverify --tlscacert=$SSL_CA_CERT --tlscert=$SSL_CERT --tlskey=$SSL_KEY"
fi EXTRA_RUN_OPTS="" if [ -z "$DISCOVERY" ]; then
DISCOVERY="$DISCOVERY_BACKEND://discovery:$DISCOVERY_PORT"
EXTRA_RUN_OPTS="--link $PREFIX-discovery:discovery"
fi
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-swarm-manager \
--volumes-from=$PREFIX-certs $EXTRA_RUN_OPTS \
swarm:latest \
m --replication --addr $SHIPYARD_IP:$SWARM_PORT --host tcp://0.0.0.0:$SWARM_PORT $TLS_OPTS $DISCOVERY)
} remove_swarm_manager() {
docker rm -fv $PREFIX-swarm-manager > /dev/null >&
} start_swarm_agent() {
get_ip if [ -z "$DISCOVERY" ]; then
DISCOVERY="$DISCOVERY_BACKEND://discovery:$DISCOVERY_PORT"
EXTRA_RUN_OPTS="--link $PREFIX-discovery:discovery"
fi
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-swarm-agent $EXTRA_RUN_OPTS \
swarm:latest \
j --addr $SHIPYARD_IP:$PROXY_PORT $DISCOVERY)
} remove_swarm_agent() {
docker rm -fv $PREFIX-swarm-agent > /dev/null >&
} start_controller() {
#-v $CERT_PATH:/etc/docker:ro \
TLS_OPTS=""
if [ $ENABLE_TLS = ]; then
TLS_OPTS="--tls-ca-cert $SSL_CA_CERT --tls-cert=$SSL_CERT --tls-key=$SSL_KEY --shipyard-tls-ca-cert=$SSL_CA_CERT --shipyard-tls-cert=$SSL_CERT --shipyard-tls-key=$SSL_KEY"
fi ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-controller \
--link $PREFIX-rethinkdb:rethinkdb \
--link $PREFIX-swarm-manager:swarm \
-p $SHIPYARD_PORT:$SHIPYARD_PORT \
--volumes-from=$PREFIX-certs \
$IMAGE \
--debug \
server \
--listen :$SHIPYARD_PORT \
-d tcp://swarm:$SWARM_PORT $TLS_OPTS $SHIPYARD_ARGS)
} wait_for_available() {
set +e
IP=$
PORT=$
echo Waiting for Shipyard on $IP:$PORT docker pull ehazlett/curl > /dev/null >& TLS_OPTS=""
if [ $ENABLE_TLS = ]; then
TLS_OPTS="-k"
fi until $(docker run --rm ehazlett/curl --output /dev/null --connect-timeout --silent --head --fail $TLS_OPTS $SHIPYARD_PROTOCOL://$IP:$PORT/ > /dev/null 2>&1); do
printf '.'
sleep
done
printf '\n'
} remove_controller() {
docker rm -fv $PREFIX-controller > /dev/null >&
} if [ "$ACTION" = "deploy" ]; then
set -e check_certs get_ip echo "Deploying Shipyard"
echo " -> Starting Database"
start_rethinkdb
echo " -> Starting Discovery"
start_discovery
echo " -> Starting Cert Volume"
start_certs
echo " -> Starting Proxy"
start_proxy
echo " -> Starting Swarm Manager"
start_swarm_manager
echo " -> Starting Swarm Agent"
start_swarm_agent
echo " -> Starting Controller"
start_controller wait_for_available $SHIPYARD_IP $SHIPYARD_PORT echo "Shipyard available at $SHIPYARD_PROTOCOL://$SHIPYARD_IP:$SHIPYARD_PORT"
if [ $ENABLE_TLS = ] && [ ! -z "$CERT_FINGERPRINT" ]; then
echo "SSL SHA-256 Fingerprint: $CERT_FINGERPRINT"
fi
echo "Username: admin Password: shipyard" elif [ "$ACTION" = "node" ]; then
set -e if [ -z "$DISCOVERY" ]; then
echo "You must set the DISCOVERY environment variable"
echo "with the discovery system used with Swarm"
exit
fi check_certs echo "Adding Node"
echo " -> Starting Cert Volume"
start_certs
echo " -> Starting Proxy"
start_proxy
echo " -> Starting Swarm Manager"
start_swarm_manager $DISCOVERY
echo " -> Starting Swarm Agent"
start_swarm_agent echo "Node added to Swarm: $SHIPYARD_IP" elif [ "$ACTION" = "upgrade" ]; then
set -e check_certs get_ip echo "Upgrading Shipyard"
echo " -> Pulling $IMAGE"
docker pull $IMAGE echo " -> Upgrading Controller"
remove_controller
start_controller wait_for_available $SHIPYARD_IP $SHIPYARD_PORT echo "Shipyard controller updated" elif [ "$ACTION" = "remove" ]; then
# ignore errors
set +e echo "Removing Shipyard"
echo " -> Removing Database"
remove_rethinkdb
echo " -> Removing Discovery"
remove_discovery
echo " -> Removing Cert Volume"
remove_certs
echo " -> Removing Proxy"
remove_proxy
echo " -> Removing Swarm Agent"
remove_swarm_agent
echo " -> Removing Swarm Manager"
remove_swarm_manager
echo " -> Removing Controller"
remove_controller echo "Done"
else
echo "Unknown action $ACTION"
exit
fi
将以上脚本保存为deploy文件,并赋予执行权限,然后执行:
[root@node105 ~]# ll
total
-rw-------. root root Aug : anaconda-ks.cfg
-rwxr-xr-x. root root Aug : deploy
drwxr-xr-x. root root Aug : nginx
[root@node105 ~]# chmod +x deploy
[root@node105 ~]# ./deploy
Deploying Shipyard
-> Starting Database
-> Starting Discovery
-> Starting Cert Volume
-> Starting Proxy
-> Starting Swarm Manager
-> Starting Swarm Agent
-> Starting Controller
Unable to find image 'dockerclub/shipyard:latest' locally
latest: Pulling from dockerclub/shipyard
4d06f2521e4f: Pulling fs layer
64100628847a: Pulling fs layer
36a170440d6d: Pulling fs layer
a823ae228c2d: Pulling fs layer
a3ed95caeb02: Pulling fs layer
a3ed95caeb02: Waiting
a823ae228c2d: Waiting
36a170440d6d: Verifying Checksum
36a170440d6d: Download complete
4d06f2521e4f: Verifying Checksum
4d06f2521e4f: Download complete
4d06f2521e4f: Pull complete
a3ed95caeb02: Download complete
64100628847a: Verifying Checksum
64100628847a: Download complete
a823ae228c2d: Verifying Checksum
a823ae228c2d: Download complete
64100628847a: Pull complete
36a170440d6d: Pull complete
a823ae228c2d: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:bd5ac58c556506012f7788db18fc6fed3bcefb294e469babbeb87ad7ef15e219
Status: Downloaded newer image for dockerclub/shipyard:latest
Waiting for Shipyard on 192.168.118.105: Shipyard available at http://192.168.118.105:8080
Username: admin Password: shipyard
参考:
四、cAdvisor入门(google)
四、cAdvisor入门(google)
cAdvisor的监控图默认1秒刷新一次,显示最近一分钟的实时数据,不显示汇聚的和历史数据,也没有阀值告警功能,此外它也无法同时监控多个Docker主机,不过由于其简单方便,并且具备很好的实时性能监控能力,所以适合特殊情况下的性能监控和问题排查。
#拉取cAdvisor镜像
[root@node105 ~]# docker pull docker.io/google/cadvisor
#启动容器
[root@node105 ~]# docker run \
> --volume=/:/rootfs:ro \
> --volume=/var/run:/var/run:rw \
> --volume=/sys:/sys:ro \
> --volume=/var/lib/docker/:/var/lib/docker:ro \
> --publish=: \
> --detach=true \
> --name=cadvisor \
> google/cadvisor:latest
7e730a8fa6d1ca0a98b471518d508a48d905b10c1418241269f33a9148ba9fb1
参考:
另外:还有portainer、docker ui