一.准备环境
构建最小java环境的docker镜像
下载jre包:
https://www.java.com/en/download/manual.jsp
解压压缩包 :
tar -xvcf jre-8u181-linux-x64.tar.gz
进入jre目录:
cd jre1.8.0_251
删除无用文件:
rm -rf COPYRIGHT LICENSE README release THIRDPARTYLICENSEREADME-JAVAFX.txt THIRDPARTYLICENSEREADME.txt Welcome.html
rm -rf lib/plugin.jar \
lib/ext/jfxrt.jar \
bin/javaws \
lib/javaws.jar \
lib/desktop \
plugin \
lib/deploy* \
lib/*javafx* \
lib/*jfx* \
lib/amd64/libdecora_sse.so \
lib/amd64/libprism_*.so \
lib/amd64/libfxplugins.so \
lib/amd64/libglass.so \
lib/amd64/libgstreamer-lite.so \
lib/amd64/libjavafx*.so \
lib/amd64/libjfx*.so
重新打包:
tar -zcvf jre8.tar.gz jre1.8.0_251
新建DockerFile用来构建JRE镜像:
FROM docker.io/jeanblanchard/alpine-glibc
MAINTAINER dzt
# A streamlined jre
ADD jre8.tar.gz /usr/java/jdk/
# set env
ENV JAVA_HOME /usr/java/jdk/jre1.8.0_251
ENV PATH ${PATH}:${JAVA_HOME}/bin
# run container with base path:/opt
WORKDIR /opt
开始构建:
docker build -t dzt/java8:1.0 .
至此成功生成最小jre镜像
docker配置远程可访问
开放2375端口
开放aliyun安全组及服务器防火墙端口
打开 docker 配置文件
vi /lib/systemd/system/docker.service
找到ExecStart=/usr/bin/dockerd所在行,在后面追加
-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
重启 docker 服务
systemctl daemon-reload
systemctl restart docker.service
使用 netstat 查看端口
netstat -nptl
访问/info,确定端口正常开放
curl http://127.0.0.1:2375/info
二.服务配置
maven插件配置docker
在微服务pom.xml文件中添加docker插件及 配置
<plugin>
<groupId>com.spotify</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>1.0.0</version>
<configuration>
<imageName>dzt/${project.artifactId}:latest</imageName>
<dockerDirectory>${project.basedir}/src/main/docker</dockerDirectory>
<dockerHost>http://39.105.14.252:2375</dockerHost>
<resources>
<resource>
<targetPath>/</targetPath>
<directory>${project.build.directory}</directory>
<include>${project.build.finalName}.jar</include>
</resource>
</resources>
</configuration>
</plugin>
对应的/src/main/docker/目录下的dockerfile文件 Dockerfile
FROM dzt/java8:1.0 #基础镜像
VOLUME /temp #映射临时目录
ADD mx-share-eureka.jar /eureka.jar #将本项目的jar加入并更名为eureka.jar
ENV TZ=Asia/Shanghai #设置时区
RUN sh -c 'touch /eureka.jar' && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
ENTRYPOINT ["java","-jar","/eureka.jar"]
打包构建镜像并推送至对应的docker仓库
mvn clean package docker:build -DskipTests
三.启动镜像
docker run -d --name eureka -p 8091:8091 -v /data/log/boot/eureka:/data/log/boot/eureka dzt/mx-share-eureka
docker run:启动
-d: 后台运行
–name 定义容器的名字
-v: 宿主机与容器之间的路径映射
-p: 宿主机与容器之间的端口映射
四.推送至阿里云镜像仓库
配置maven中的server标签
<servers>
<server>
<!--maven的pom中可以根据这个id找到这个server节点的配置-->
<id>docker-aliyun</id>
<!--这里是在阿里云注册的账号-->
<username>dzt_winner</username>
<!--这里是在阿里云注册的密码-->
<password>1314youni</password>
<configuration>
<email>18666735017@163.com</email>
</configuration>
</server>
</servers>
配置项目的pom文件:
<properties>
<docker.repository.url>registry.cn-beijing.aliyuncs.com</docker.repository.url>
<docker.repository.namespace>dzt_win</docker.repository.namespace>
<docker.repository.serverId>docker-aliyun</docker.repository.serverId>
</properties>
<plugins>
<plugin>
<groupId>com.spotify</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>1.0.0</version>
<configuration>
<forceTags>true</forceTags>
<pushImage>true</pushImage> #打包后无需多余命令自动推送
<buildArgs>
<JAR_FILE>${project.build.finalName}.jar</JAR_FILE>
</buildArgs>
<imageName>${docker.repository.url}/${docker.repository.namespace}/${project.artifactId}:${project.version}</imageName>
<serverId>${docker.repository.serverId}</serverId>
<registryUrl>${docker.repository.url}</registryUrl>
<dockerDirectory>src/main/docker</dockerDirectory>
<dockerHost>http://39.105.14.252:2375</dockerHost>
<resources>
<resource>
<targetPath>/</targetPath>
<directory>${project.build.directory}</directory>
<include>${project.build.finalName}.jar</include>
</resource>
</resources>
</configuration>
</plugin>
</plugins>
配置src/main/docker目录下的DockerFile文件
FROM dzt/java8:1.0
VOLUME /temp
ADD mx-share-gateway.jar /appGateway.jar
ENV TZ=Asia/Shanghai
RUN sh -c 'touch /appGateway.jar' && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
ENTRYPOINT ["java","-jar","/appGateway.jar"]
打包构建镜像并推送至对应的docker仓库和 推送至配置的阿里云仓库
mvn clean package -Pqinghai docker:build -DpushImage
五.Docker Compose编排分布式服务
Docker Compose是一个编排多容器分布式部署的工具,提供命令集管理容器化应用的完整开发周期,包括服务构建,启动和停止。
Compose 中有两个重要的概念:
- 服务 ( service ):一个应用的容器,实际上可以包括若干运行相同镜像的容器实例
- 项目 ( project ):由一组关联的应用容器组成的一个完整业务单元,在 dockercompose.yml 文件中定义。
Compose 的默认管理对象是项目,通过子命令对项目中的一组容器进行便捷地生命周期管理。可见,一个项目可以由多个服务(容器)关联而成, Compose 面向项目进行管理
centos7安装docker compose
检查linux有没有安装python-pip包
pip -V
没有安装python-pip执行下面命令
yum -y install epel-release
执行成功之后,再次执行下面的命令
yum -y install python-pip
对安装好的pip进行升级
pip install --upgrade pip
安装docker compose
pip install docker-compose
检查安装的docker compose版本
docker-compose -version
安装compose命令补全工具
``
命令:
启动: docker-compose up -d
两种使用方式:
1.在项目中选择使用直接将项目构建成镜像并推送至docker中
编写docker-compose.yml文件:
version: "3"
services:
#注册中心
cloudEureka:
image: 192.168.181.242/nssa_cloud/mx-cloud-eureka:0.0.1-SNAPSHOT
ports:
- 8091:8091
volumes:
- /data/logs/eureka:/opt/logs/eureka
restart: always
#配置中心
mx-nssa-config:
image: 192.168.181.242/nssa_cloud/mx-nssa-config:0.0.1-SNAPSHOT
ports:
- 10007:10007
volumes:
- /data/config:/data/config
- /data/logs/nssa-config:/opt/logs/nssa-config
- "./entrypoint.sh:/entrypoint.sh"
depends_on:
- cloudEureka
entrypoint: sh /entrypoint.sh -d 'cloudEureka:8091' -c 'java -jar /opt/mx-nssa-config.jar'
restart: always
#鉴权中心
cloudAuth:
image: 192.168.181.242/nssa_cloud/mx-cloud-auth-server:0.0.1-SNAPSHOT
volumes:
- /data/logs/auth:/opt/logs/auth-server
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-cloud-auth-server.jar'
restart: always
#网关
cloudGateway:
image: 192.168.181.242/nssa_cloud/mx-cloud-gateway:0.0.1-SNAPSHOT
ports:
- 10011:10011
volumes:
- /data/logs/gateway:/opt/logs/cloud-gateway
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- mx-nssa-config
entrypoint: sh /entrypoint.sh -d mx-nssa-config:10007 -c 'java -jar /opt/mx-cloud-gateway.jar'
restart: always
#rbac权限服务
cloudRbac:
image: 192.168.181.242/nssa_cloud/mx-security-rbac:0.0.1-SNAPSHOT
volumes:
- /data/logs/rbac:/opt/logs/security-rbac
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-cloud-security-rbac.jar'
restart: always
#前端
cloudWeb:
image: 192.168.181.242/nssa_cloud/mx-nssa-web-beta:0.0.1-SNAPSHOT
ports:
- 8088:8088
volumes:
- /data/logs/web:/opt/logs/web
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-nssa-web-beta.war'
restart: always
#option工具服务
cloudOption:
image: 192.168.181.242/nssa_cloud/mx-cloud-option:0.0.1-SNAPSHOT
volumes:
- /data/logs/option:/opt/logs/option
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-cloud-option.jar'
restart: always
#用户行为日志服务
cloudLogStock:
image: 192.168.181.242/nssa_cloud/mx-boot-logstock:0.0.1-SNAPSHOT
volumes:
- /data/logs/logstock:/opt/logs/logstock
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-boot-logstock.jar'
restart: always
#资产服务
cloudAssets:
image: 192.168.181.242/nssa_cloud/mx-cloud-assets-service:0.0.1-SNAPSHOT
volumes:
- /data/logs/assets:/opt/logs/assets
- /data/assets:/data/assets
- /data/file:/data/file
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-cloud-assets-service.jar'
restart: always
#资产详情服务skserver
cloudSkserver:
image: 192.168.181.242/nssa_cloud/mx-cloud-skserver:0.0.1-SNAPSHOT
volumes:
- /data/logs/skserver:/opt/logs/skserver
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-cloud-skserver.jar'
restart: always
#漏洞服务
cloudVuln:
image: 192.168.181.242/nssa_cloud/mx-cloud-vuln:0.0.1-SNAPSHOT
volumes:
- /data/logs/vuln:/opt/logs/vuln
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-cloud-vuln.jar'
restart: always
#大屏服务
cloudSituation:
image: 192.168.181.242/nssa_cloud/mx-cloud-situation:0.0.1-SNAPSHOT
volumes:
- /data/logs/situation:/opt/logs/situation
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-cloud-situation.jar'
restart: always
#email微服务
cloudEmail:
image: 192.168.181.242/nssa_cloud/mx-boot-email:0.0.1-SNAPSHOT
volumes:
- /data/logs/email:/opt/logs/email
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-boot-email.jar'
restart: always
#文件微服务
cloudExport:
image: 192.168.181.242/nssa_cloud/mx-boot-export:1.0.0-SNAPSHOT
volumes:
- /data/logs/export:/opt/logs/export
- /data/file:/data/file
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-boot-export.jar'
restart: always
#清查引擎pro
blackPro:
image: 192.168.181.242/nssa_cloud/mx-blackhawk-producer:0.0.1-SNAPSHOT
volumes:
- /data/logs/blackhawk-producer:/opt/logs/blackhawk-producer
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-boot-blackhawk.jar'
restart: always
#清查引擎con
blackCon:
image: 192.168.181.242/nssa_cloud/mx-blackhawk-consumer:0.0.1-SNAPSHOT
volumes:
- /data/logs/blackhawk-consumer:/opt/logs/blackhawk-consumer
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-blackhawk-consumer.jar'
restart: always
#openvas生产者
openCon:
image: 192.168.181.242/nssa_cloud/mx-blackhawk-consumer:0.0.1-SNAPSHOT
volumes:
- /data/logs/blackhawk-consumer:/opt/logs/blackhawk-consumer
- ./entrypoint.sh:/entrypoint.sh
depends_on:
- cloudGateway
entrypoint: sh /entrypoint.sh -d cloudGateway:10011 -c 'java -jar /opt/mx-blackhawk-consumer.jar'
restart: always
在docker-compose.yml文件所在目录执行启动命令:
docker-compose -f xxx.yml up -d
关闭命令:
docker-compose down
启动并指定文件
docker-compose -f 文件名 up -d
2.将jar包和dockerfile上传到服务器上,由运维人员在docker-compose中通过build命令构建镜像,最后启动
version:’2’
services:
eureka-server:
image: eureka510:1.0
build:
context: ./eureka
dockerfile:Dockerfile
ports:
“58881:1111”
container_name: eureka510
networks:
net009
build:便是构建的命令,在当前目录下的eureka目录中一定存在着jar和dockerfile文件